Author Topic: infected (Read 5577 times)

glathem40 · « **on:** January 12, 2016, 01:32:15 AM »

Family member downloaded PDF from unknown site. Win 7 Home premium HP desktop p6320f.
# AdwCleaner v5.029 - Logfile created 12/01/2016 at 00:22:04
# Updated 11/01/2016 by Xplode
# Database : 2016-01-11.4 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : LATHEM - LATHEM-PC
# Running from : C:\Users\LATHEM\Desktop\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\rei
[-] Folder Deleted : C:\Program Files\Faster Web
[-] Folder Deleted : C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
[-] Folder Deleted : C:\Users\LATHEM\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\LATHEM\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\rush\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai

***** [ Files ] *****

[-] File Deleted : C:\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekjmlcgpmcjigljdiagaibfjfaideal
[-] File Deleted : C:\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlmebkoiahbppacaicbgncnjhbpdfkcc_0.localstorage
[-] File Deleted : C:\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_laepcenmlgcckdeaaagimgokkbbfemee_0.localstorage
[-] File Deleted : C:\Users\LATHEM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\MF
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A63B48E9-1EC7-413E-9C48-3404BBF87BF3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FED6A736-129B-49C7-857E-25FC91E87DB3}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A63B48E9-1EC7-413E-9C48-3404BBF87BF3}
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\DownloadAdmin
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\SoftSuma
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SmartDNS
[-] Key Deleted : HKLM\SOFTWARE\SUNNYDAY
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\324B4B70AD4E1D7438725B98BEB4BE85
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\324B4B70AD4E1D7438725B98BEB4BE85
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\324B4B70AD4E1D7438725B98BEB4BE85
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{317CA5B5-2466-4976-83F5-4809D3A9B916}

***** [ Web browsers ] *****

[-] [C:\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\prefs.js] [Preference] Deleted : user_pref("browser.search.param.yahoo-fr", "chr-greentree_ff&ilc=12&type=293224");
[-] [C:\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\prefs.js] [Preference] Deleted : user_pref("[email protected]", "{f989850a-0053-4f12-a7ab-0438e440b877}");
[-] [C:\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\prefs.js] [Preference] Deleted : user_pref("[email protected]", "2014-12-27");
[-] [C:\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\prefs.js] [Preference] Deleted : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1402481537);
[-] [C:\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\prefs.js] [Preference] Deleted : user_pref("valueApps.storage.mam_gk_userId", "65323365323336632D653337652D346463652D6 23436662D343266626236386262656362");
[-] [C:\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : astromenda.com
[-] [C:\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\rush\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\rush\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner[R3].txt - [1417 bytes] - [03/09/2012 07:17:12]
C:\AdwCleaner[R4].txt - [1408 bytes] - [17/09/2012 23:05:43]
C:\AdwCleaner[R5].txt - [3680 bytes] - [18/09/2012 19:55:01]
C:\AdwCleaner[R6] dec.txt - [11666 bytes] - [19/12/2012 12:14:37]
C:\AdwCleaner[R6].txt - [11666 bytes] - [19/12/2012 12:14:04]
C:\AdwCleaner[R7].txt - [1514 bytes] - [20/12/2012 12:29:18]
C:\AdwCleaner[R8].txt - [1574 bytes] - [20/12/2012 12:40:19]
C:\AdwCleaner[S1].txt - [18955 bytes] - [03/09/2012 06:47:20]
C:\AdwCleaner[S2].txt - [3865 bytes] - [18/09/2012 19:55:18]
C:\AdwCleaner[S3].txt - [12023 bytes] - [19/12/2012 12:14:50]
C:\AdwCleaner[S4].txt - [1634 bytes] - [20/12/2012 12:40:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C30].txt - [10494 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/11/2016
Scan Time: 11:37 PM
Logfile: infection.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.12.02
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: LATHEM

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 453723
Time Elapsed: 14 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 8 Update 45
Java 8 Update 60
Adobe Flash Player 20.0.0.267
Adobe Reader XI
Mozilla Firefox (43.0.4)
Google Chrome (47.0.2526.106)
Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent````````[/u]
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

SuperDave · « **Reply #1 on:** January 12, 2016, 07:33:01 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

glathem40 · « **Reply #2 on:** January 12, 2016, 09:03:25 PM »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by LATHEM (Administrator) on Tue 01/12/2016 at 21:54:58.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 136

Successfully deleted: C:\ProgramData\Start Menu\Programs\knctr (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\cre (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Roaming\itibiti (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\extensions\[email protected]\search.xml (File)
Successfully deleted: C:\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\searchplugins\aol-search.xml (File)
Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\053LWEW1 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06U3ATV3 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BP4WFH7 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F4292Q8 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V9CLT5B (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15C26IVG (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BGPU7HV (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H5CSTVV (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KLVVW7Q (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VKC9JXY (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XFERE39 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2255TQFC (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2WHKX9T1 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FPYY3NK (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPVD9LJ (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4J1JZQPN (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UM9UCIE (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZV9VY8Z (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\541BZE2W (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5BAS1P0C (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5CTSNLCM (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MLAPMXJ (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NXJSFTC (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OWK824Y (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5UO1O974 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6805Z4AY (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6J1HT2A6 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MK18DP4 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N412CXG (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RIN54QR (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\743A2CJP (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\76DK8X09 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7R4KES9O (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TETRDPP (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811HM5QW (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RDSRQ18 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TY3MCAS (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8XLR0UW1 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\932V6OA7 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PDBBZZ4 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VYMWUFU (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADRUF1FB (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AG1X3A9R (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKSGQL58 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AP8XWR6R (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARPXELUM (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AX6ROKSC (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXCTJQOS (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZYOW1VQ (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC7XN4SV (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKDGWEID (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL0XOR8X (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C00MK9YF (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C37P5XK1 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5H24J52 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVJGV70P (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2Y8OLZY (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBTRSLR3 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGM31182 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKA8OVRX (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E14M2629 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5LUSWCQ (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EH3PDWI4 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV4890XH (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F12KBUDA (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FEPAT7EQ (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FH2KGUXK (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FL7ILJT7 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6PZJZVO (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE1JJO26 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZBW8ZKM (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKEOZ7N9 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IUPW5LDQ (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JN5UQW9K (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JO4O8R5D (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8DQV5CA (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1ATOO1V (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDMTT1DH (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP8IP9OR (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6NI3VH3 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBVST2VE (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGHW0NRI (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MT1Q7IU1 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7PXX09Q (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N86M0Z87 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NEETXWVY (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQ8141IG (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKB4TWRD (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OR4YGWNM (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVL2JJBD (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OYLUN1QZ (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZYHNEDU (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5WP27AR (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PPD605W2 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRVWGPQP (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2P0GP7D (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QAY4S7MQ (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNQJ91MN (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYQ5D6KK (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8QXHARM (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SA1FCZQD (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SH3CPE23 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHL9M3JV (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SXRYXAM3 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZH5GJW0 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\THRYUB0B (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI3JKM0P (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TV57XZCP (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U2LJQ9Q1 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UI2PPUMM (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VAX243BZ (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VI0YC6JK (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIHOFL9Q (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WAUT9XW7 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WR1LQ9E2 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSUV2WEE (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2A2YNUC (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDB4ABOP (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDD6ORU6 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIBXXWI5 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVKR3WQ3 (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWV1N7QT (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z66AQ9HU (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6IK903L (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9VOVOAX (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGVXBYSI (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJQ7KAAY (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQB4L1JW (Folder)
Successfully deleted: C:\Users\LATHEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZYBGMA6V (Folder)

Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4ADAD35C-A17F-4169-AC82-83AEE8BEFF3C} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7806CD96-7BE7-4F46-8094-56EFA2D423F8} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7DE7FE29-589E-482B-945C-EA406388C9F5} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/12/2016 at 21:58:39.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SuperDave · « **Reply #3 on:** January 13, 2016, 07:33:35 AM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

glathem40 · « **Reply #4 on:** January 13, 2016, 01:48:43 PM »

C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\LanguageSelect.exe.vir   a variant of Win32/ReImageRepair.B potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageRepair.exe.vir   a variant of Win32/ReImageRepair.A potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Communication.dll.vir   Win32/Systweak.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.com.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.exe.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\firefox.com.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.exe.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppLow\AppLow-buttonutil.dll.vir   a variant of Win32/Toolbar.CrossRider.AZ potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppLow\Uninstall.exe.vir   a variant of Win32/Toolbar.CrossRider.BP potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir   a variant of Win32/Techsnab.B potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\tasks.dll.vir   a variant of Win32/Tasks.A potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iMesh Applications\iMesh\InstallHelper.dll.vir   Win32/Toolbar.SearchSuite.Y potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\CleanSchedule.exe.vir   Win32/Systweak.O potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\RCPUninstall.exe.vir   a variant of Win32/Systweak.Q potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\RegCleanPro.exe.vir   a variant of Win32/Systweak potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\wse_astromenda\uninstall.exe.vir   a variant of Win32/InstallCore.ADB potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\wse_astromenda\BRS\brs.exe.vir   a variant of Win32/AdWare.Agent.NNW application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3307181\UninstallerUI.exe.vir   a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application   deleted
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3307181\UninstallerUI.exe.vir   a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application   deleted
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Conduit\Chrome\CT3307181\UninstallerUI.exe.vir   a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application   deleted
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\extensionData\plugins\14_CrossriderUtils.js.vir   JS/Toolbar.Crossrider.O potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\extensionData\plugins\19_CHAppAPIWrapper.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\extensionData\plugins\1_base.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\extensionData\plugins\21_debug.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\extensionData\plugins\28_initializer.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\extensionData\plugins\47_resources_background.js.vir   JS/Toolbar.Crossrider.M potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\extensionData\plugins\64_appApiMessage.js.vir   JS/Toolbar.Crossrider.P potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\extensionData\plugins\97_resourceApiWrapper.js.vir   JS/Toolbar.Crossrider.N potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\background.js.vir   JS/Toolbar.Crossrider.E potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\api\chrome.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\api\cookie.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\api\message.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\lib\bg_app_api.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\lib\cookie_store.js.vir   JS/Toolbar.Crossrider.H potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\lib\crossriderAPI.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\lib\events.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\lib\onBGDocumentLoad.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\lib\reports.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\lib\util.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.10_0\js\lib\xhr.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\extensionData\plugins\14_CrossriderUtils.js.vir   JS/Toolbar.Crossrider.O potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\extensionData\plugins\19_CHAppAPIWrapper.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\extensionData\plugins\1_base.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\extensionData\plugins\21_debug.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\extensionData\plugins\28_initializer.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\extensionData\plugins\47_resources_background.js.vir   JS/Toolbar.Crossrider.M potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\extensionData\plugins\64_appApiMessage.js.vir   JS/Toolbar.Crossrider.P potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\extensionData\plugins\97_resourceApiWrapper.js.vir   JS/Toolbar.Crossrider.N potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\background.js.vir   JS/Toolbar.Crossrider.E potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\api\chrome.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\api\cookie.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\api\message.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\lib\bg_app_api.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\lib\cookie_store.js.vir   JS/Toolbar.Crossrider.H potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\lib\crossriderAPI.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\lib\events.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\lib\onBGDocumentLoad.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\lib\reports.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\lib\util.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp\1.26.13_0\js\lib\xhr.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\torch\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\torch\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Local\torch\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Roaming\GetPrivate\gp_upd.exe.vir   a variant of Win32/Techsnab.B potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Roaming\GetPrivate\tasks.dll.vir   a variant of Win32/Tasks.A potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\Extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\chrome\content\core\xhr.js.vir   JS/Toolbar.Crossrider.G potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\Extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\14_CrossriderUtils.js.vir   JS/Toolbar.Crossrider.O potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\Extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\1_base.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\Extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\21_debug.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\Extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\28_initializer.js.vir   JS/Toolbar.Crossrider.F potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\Extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\47_resources_background.js.vir   JS/Toolbar.Crossrider.M potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Roaming\Mozilla\Firefox\Profiles\yku2xx3p.default\Extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com\extensionData\plugins\64_appApiMessage.js.vir   JS/Toolbar.Crossrider.P potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\LATHEM\AppData\Roaming\wse_astromenda\UpdateProc\UpdateTask.exe.vir   a variant of Win32/DealPly.S potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\rush\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\rush\AppData\Local\Chromatic Browser\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\rush\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\rush\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\rush\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\rush\AppData\Local\torch\User Data\Default\Extensions\ajlapneccalecgbfplaehofamoigoiel\3.9\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\rush\AppData\Local\torch\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\rush\AppData\Local\torch\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js.vir   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir   a variant of Win64/Systweak.A potentially unwanted application   cleaned by deleting
C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir   Win64/AdvancedSystemProtector.A potentially unwanted application   cleaned by deleting
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\106\content.js   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\Users\LATHEM\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe   a variant of Win32/AdkDLLWrapper.A potentially unwanted application   cleaned by deleting
C:\Users\LATHEM\Music\FRENCHIE\SetupNow.exe   multiple threats   cleaned by deleting
C:\Users\rush\AppData\Local\Google\Chrome\User Data\Default\Extensions\laepcenmlgcckdeaaagimgokkbbfemee\2.1\content.js   JS/Chromex.Agent.L trojan   cleaned by deleting
C:\Windows\SysWOW64\tasks.dll   a variant of Win32/Tasks.A potentially unwanted application   cleaned by deleting

SuperDave · « **Reply #5 on:** January 14, 2016, 10:54:54 AM »

How's your computer running now?

glathem40 · « **Reply #6 on:** January 15, 2016, 03:20:16 AM »

All systems go ! Thank you very much SuperDave !

SuperDave · « **Reply #7 on:** January 15, 2016, 10:13:55 AM »

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************
This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create Registry backup
Purge System Restore Points
Re-set system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
********************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

glathem40 · « **Reply #8 on:** January 15, 2016, 09:41:02 PM »

# DelFix v1.011 - Logfile created 15/01/2016 at 22:36:27
# Updated 18/08/2015 by Xplode
# Username : LATHEM - LATHEM-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Rooter$
Deleted : C:\AdwCleaner[R3].txt
Deleted : C:\AdwCleaner[R4].txt
Deleted : C:\AdwCleaner[R5].txt
Deleted : C:\AdwCleaner[R6] dec.txt
Deleted : C:\AdwCleaner[R6].txt
Deleted : C:\AdwCleaner[R7].txt
Deleted : C:\AdwCleaner[R8].txt
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\AdwCleaner[S2].txt
Deleted : C:\AdwCleaner[S3].txt
Deleted : C:\AdwCleaner[S4].txt
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.2.8.8.0_16.09.2012_12.57.57_log.txt
Deleted : C:\TDSSKiller.2.8.8.0_16.09.2012_13.00.26_log.txt
Deleted : C:\TDSSKiller.2.8.8.0_16.09.2012_13.01.12_log.txt
Deleted : C:\TDSSKiller.2.8.8.0_16.09.2012_14.27.17_log.txt
Deleted : C:\Users\LATHEM\Desktop\HijackThis.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

########## - EOF - ##########

SuperDave · « **Reply #9 on:** January 16, 2016, 10:35:56 AM »

Ok, we're done.

Computer Hope Forum

News:

Author Topic: infected (Read 5577 times)

glathem40

infected

SuperDave

Re: infected

glathem40

Re: infected

SuperDave

Re: infected

glathem40

Re: infected

SuperDave

Re: infected

glathem40

Re: infected

SuperDave

Re: infected

glathem40

Re: infected

SuperDave

Re: infected