Computer Hope

Software => Computer viruses and spyware => Topic started by: renatinha2018 on November 20, 2018, 11:17:26 PM

Title: AdwCleanner detect adware
Post by: renatinha2018 on November 20, 2018, 11:17:26 PM

Hello, I have a problem with my machine, it is slow, so I decided to download and run adwCleanner and it reported the following infections to me. I deleted but I noticed that some mentioned files remain in the directory and were not deleted. What should I do?

***** [ Tasks ] *****

Deleted       C:\Windows\Tasks\Online Application V2G5.job
Deleted       C:\Windows\Tasks\Online Application V2G4.job
Deleted       C:\Windows\Tasks\Online Application V2G6.job
Deleted       C:\Windows\System32\Tasks\c486adfb4a29c5ec7892b1f03b80162b
Deleted       C:\Windows\System32\Tasks\ErrorFixKIT
Deleted       C:\Windows\Tasks\Online Application V2G2.job
Deleted       C:\Windows\Tasks\Online Application V2G3.job
Deleted       C:\Windows\Tasks\Online Application V2G1.job
Deleted       C:\Windows\Tasks\Updater_Online_Application.job
Deleted       C:\Windows\System32\Tasks\Updater_Online_Application

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted       HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted       HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted       HKLM\Software\Wow6432Node\Microleaves
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD51A354-6FD4-4745-98A7-106F94A30B96}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD51A354-6FD4-4745-98A7-106F94A30B96}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12A60691-24DA-497B-9D4B-23B6D6DE88EF}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12A60691-24DA-497B-9D4B-23B6D6DE88EF}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3069DE66-30A2-4812-BFE3-48738E8C05D3}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3069DE66-30A2-4812-BFE3-48738E8C05D3}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c486adfb4a29c5ec7892b1f03b80162b
Deleted       HKCU\Software\Microsoft\BigTime
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2608E6E1-03D5-47F4-8598-585BCC87EB8A}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShadowsocksS
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B597A0A-1735-4330-8C01-3256831A6E07}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaCieS
Deleted       HKLM\Software\Wow6432Node\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted       HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet
Deleted       HKLM\Software\ErrorFixKIT
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7AFF413-F6A2-45A7-B95C-D66F57952A78}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ErrorFixKIT
Deleted       HKCU\Software\EpicNet Inc.
Deleted       HKCU\Software\csastats
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Plumbytes Anti-Malware
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CommonToolkitTray_Solvusoft
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|CommonToolkitTray_Solvusoft
Deleted       HKLM\Software\Microsoft\DMunversion
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{396BFFBE-20E6-4026-B19D-DB957681453D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E57FCA0A-052E-4EC2-AA7D-6C8AA5C4E52D}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4FC6F45-CCC6-4A55-8C2B-4E8DB832BC6C}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4FC6F45-CCC6-4A55-8C2B-4E8DB832BC6C}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52B76188-DBE7-4BBF-9C09-4E43B5D2EC32}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52B76188-DBE7-4BBF-9C09-4E43B5D2EC32}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5204C58-E652-4180-A3DE-E7130AB21942}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5204C58-E652-4180-A3DE-E7130AB21942}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pandasecurity.mystart.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystart.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Deleted       HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15F72B59-D3ED-49AC-813D-E9E79DBFEF7D}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15F72B59-D3ED-49AC-813D-E9E79DBFEF7D}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted       HKLM\Software\Plumbytes Software
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\Solvusoft
Deleted       HKLM\Software\Wow6432Node\Solvusoft
Deleted       HKLM\Software\Solvusoft
Deleted       HKLM\SOFTWARE\CLASSES\APPLICATIONS\SolvusoftTray.exe
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\WinThruster.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinThruster.exe
Deleted       HKCU\Software\System Healer
Deleted       HKCU\Software\MICROSOFT\wewewe
Deleted       HKLM\Software\Wow6432Node\SrcAAAesom Browser Enhancer
Deleted       HKLM\Software\SrcAAAesom Browser Enhancer
Deleted       HKCU\Software\WajIEnhance
Deleted       HKLM\Software\Wow6432Node\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted       HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted       HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted       HKLM\Software\Microsoft\PrIncub
Deleted       HKLM\Software\Microsoft\MPrForShutT
Deleted       HKLM\Software\Microsoft\PrAmNP
Deleted       HKLM\Software\Microsoft\NSaveA
Deleted       HKLM\Software\Microsoft\APreSam
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{773A8CA8-3876-4AA1-AB78-EECA231BFF3A}
Deleted       HKLM\Software\Common Toolkit Suite
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8AC8A37767831AA4BA87EEAC32B1FFA3
Deleted       HKLM\Software\Classes\Installer\Products\8AC8A37767831AA4BA87EEAC32B1FFA3
Deleted       HKLM\Software\Classes\Installer\Features\8AC8A37767831AA4BA87EEAC32B1FFA3
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5556309623D8EAC478D3B24F6A68D7B0
Deleted       HKLM\Software\Classes\Installer\UpgradeCodes\5556309623D8EAC478D3B24F6A68D7B0

***** [ Chromium (and derivatives) ] *****

Deleted       Chrome Cleaner Pro
Deleted       Chrome Cleaner Pro
Deleted       MSN Homepage & Bing Search Engine
Deleted       MSN Homepage & Bing Search Engine
Deleted       Panda Safe Web
Deleted       Panda Safe Web
Deleted       Search Manager

***** [ Chromium URLs ] *****

Deleted       Ask Brasil
Deleted       Ask Brasil
Deleted       Ask Brasil
Deleted       http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
Deleted       http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
Deleted       http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
Deleted       http://www.delta-homes.com/?type=hp&ts=1402566861&from=wpm0612&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
Deleted       http://www.sweet-page.com/?type=hp&ts=1413550733&from=cor&uid=ST9750420AS_6WS2E9EJXXXX6WS2E9EJ
Deleted       https://bucetas.blog/categoria/brasileirinhas/
***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Deleted       http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_728_181119


*************************

• Delete Tracing Keys
• Reset Winsock

*************************

AdwCleaner[S00].txt - [16218 octets] - [21/11/2018 03:56:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Thank you any advanced

Title: Re: AdwCleanner detect adware
Post by: SuperDave on November 21, 2018, 10:35:53 AM

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Download and install: Please download Malwarebytes' scanner (http://downloads.malwarebytes.org/file/mbam) to your desktop.
Double Click mbam-setup.exe to install the application.

• It should update automatically if the computer is connected to the internet.
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)

*************************************************
Download Security Check by screen317 from the following link and save it to your desktop.

Security Check (http://www.bleepingcomputer.com/download/securitycheck/)

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************
Please run AdwCleaner again and post the log.

Title: Re: AdwCleanner detect adware
Post by: renatinha2018 on November 21, 2018, 01:04:08 PM

Thank you for your prompt response and attention. It follows the malwarebytes log it encountered 116 threats form all quarantined.


Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 21/11/2018
Hora da análise: 17:38
Arquivo de registro: f6750f92-edc4-11e8-ac91-3497f68ea388.json

-Informação do software-
Versão: 3.6.1.2711
Versão de componentes: 1.0.482
Versão do pacote de definições: 1.0.7959
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 10 (Build 14393.2608)
CPU: x64
Sistema de arquivos: NTFS
Usuário: DESKTOP-7UU2GVM\---------\u00c3\u00a3o

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 373716
Ameaças detectadas: 116
Ameaças em quarentena: 116
Tempo decorrido: 2 min, 30 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 18
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A9A5E827-F7ED-4987-8243-DC3B2A93E37C}_is1, Quarentena, [567], [485109],1.0.7959
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarentena, [475], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarentena, [6385], [425124],1.0.7959
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\TASKENG.EXE, Quarentena, [6385], [425125],1.0.7959
PUP.Optional.InstallCore, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\CSASTATS\ic, Quarentena, [408], [586068],1.0.7959
Adware.Tuto4PC, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\SOFTWARE\MICROSOFT\EWMON, Quarentena, [2782], [411543],1.0.7959
PUP.Optional.InstallCore, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\PRODUCTSETUP, Quarentena, [408], [481004],1.0.7959
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XnrW3hoDOzjF Updater, Quarentena, [3159], [494177],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MPrForWeathI, Quarentena, [2782], [572664],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_B, Quarentena, [2782], [572665],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_Qn, Quarentena, [2782], [572666],1.0.7959
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Quarentena, [433], [518476],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreAm, Quarentena, [2782], [572667],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreIc, Quarentena, [2782], [572668],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreJ, Quarentena, [2782], [572669],1.0.7959
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreShM, Quarentena, [2782], [572670],1.0.7959
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MjNkYWU, Quarentena, [4874], [580236],1.0.7959
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\YzYwODk5MWEwMDI5N, Quarentena, [475], [488914],1.0.7959

Valor de registro: 16
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-1100052066-766834226-2942838772-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
PUP.Optional.SLOWPCfighter, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEASSOCIATION\NOSTARTPAGEAPPUSERMODELIDS|FIGHTERS.SLOW-PCFIGHTER.UNINSTALL, Quarentena, [1012], [405390],1.0.7959
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarentena, [6385], [425124],1.0.7959
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarentena, [6385], [425126],1.0.7959
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarentena, [6385], [425125],1.0.7959
Adware.Tuto4PC, HKU\S-1-5-21-1100052066-766834226-2942838772-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, Quarentena, [2782], [411543],1.0.7959
PUP.Optional.InstallCore, HKU\S-1-5-21-1100052066-766834226-2942838772-1010\SOFTWARE\PRODUCTSETUP|TB, Quarentena, [408], [481004],1.0.7959
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XnrW3hoDOzjF Updater|IMAGEPATH, Quarentena, [3159], [494177],1.0.7959
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MjNkYWU|IMAGEPATH, Quarentena, [4874], [580236],1.0.7959
Adware.Csdimonetize, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|ymxx1adg2cd, Quarentena, [2866], [592870],1.0.7959

Dados de registro: 11
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{07b1e0e9-123e-4939-b98f-7b923fd63848}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{07b1e0e9-123e-4939-b98f-7b923fd63848}|DhcpNameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3a5013bf-98c4-413a-911b-3c6287a8a803}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3a5013bf-98c4-413a-911b-3c6287a8a803}|DhcpNameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3b997b47-9d5b-4dc6-b795-a29738e98016}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{98e9be1c-19cb-4fb2-add7-5f2ec6d8e1b6}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{98ff3d37-ee13-4ab2-82a7-74e5dca09e0e}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9cfc04c1-9c5c-42ac-b7e0-bf0e24133b6f}|NameServer, Substituído, [3159], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{efea9dcc-eb35-4e26-a58c-759e97cd1f1a}|NameServer, Substituído, [3159], [-1],0.0.0

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 14
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\HowToRemove, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\USERS\-------------------\APPDATA\LOCAL\{3D4E0B12-19E6-67AA-747E-42425016BEDA}, Quarentena, [712], [484244],1.0.7959
Trojan.BitCoinMiner, C:\PROGRAM FILES\SHADOWSOCKS, Quarentena, [567], [485109],1.0.7959
Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\D2BNS985I5, Quarentena, [2782], [487472],1.0.7959
Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\UINVN0MU49, Quarentena, [2782], [487472],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm5690.tmp, Quarentena, [475], [511084],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm6F17.tmp, Quarentena, [475], [511084],1.0.7959
PUP.Optional.MyStart, C:\USERS\-------------------\APPDATA\ROAMING\SEARCH THE WEB, Quarentena, [228], [594135],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm7C8F.tmp, Quarentena, [475], [511084],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm9752.tmp, Quarentena, [475], [511084],1.0.7959
Adware.Neoreklami.TskLnk, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\ZJVJYDILXTAAIFNHI, Quarentena, [1224], [597936],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\_metadata, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CDFGFNCDANFPLMKHEHIJMCENHOKBAAIK, Quarentena, [4618], [443118],1.0.7959

Arquivo: 57
PUP.Optional.GoodGame, C:\USERS\-------------------\DESKTOP\GOODGAME EMPIRE.URL, Quarentena, [3884], [261883],1.0.7959
PUP.Optional.SearchManager, C:\USERS\-------------------\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarentena, [255], [260989],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\USERS\-------------------\APPDATA\LOCAL\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\cica, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\HowToRemove\HowToRemove.html, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\bapi_chmm.dat, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\bapi_ff.dat, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\bapi_ie.dat, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\install.log, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\lele, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\refe, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\sole.dat, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\sota, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\Sqlite3.dll, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\tora.cfg, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\uninst.dat, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\uninst.exe, Quarentena, [712], [484244],1.0.7959
PUP.Optional.WinYahoo.TskLnk, C:\Users\-------------------\AppData\Local\{3D4E0B12-19E6-67AA-747E-42425016BEDA}\uninstp.dat, Quarentena, [712], [484244],1.0.7959
Trojan.BitCoinMiner, C:\PROGRAM FILES\SHADOWSOCKS\UNINS000.DAT, Quarentena, [567], [485109],1.0.7959
Trojan.BitCoinMiner, C:\Program Files\Shadowsocks\unins000.exe, Quarentena, [567], [485109],1.0.7959
Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\D2BNS985I5\up.exe.config, Quarentena, [2782], [487472],1.0.7959
Adware.Tuto4PC, C:\Users\-------------------\AppData\Local\Temp\D2BNS985I5\up.exe, Quarentena, [2782], [487472],1.0.7959
Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\UINVN0MU49\up.exe.config, Quarentena, [2782], [487472],1.0.7959
Adware.Tuto4PC, C:\Users\-------------------\AppData\Local\Temp\UINVN0MU49\up.exe, Quarentena, [2782], [487472],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm5690.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm6F17.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
PUP.Optional.MyStart, C:\USERS\-------------------\APPDATA\ROAMING\SEARCH THE WEB\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}.ico, Quarentena, [228], [594135],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm7C8F.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
Adware.Wajam, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\wjm9752.tmp\update.exe, Quarentena, [475], [511084],1.0.7959
Adware.Linkury.Generic, C:\USERS\-------------------\APPDATA\LOCAL\SHAM.DB, Quarentena, [3733], [516191],1.0.7959
Adware.Wajam.Generic, C:\WINDOWS\IXMIXFACA.IXML, Quarentena, [4874], [580236],1.0.7959
MachineLearning/Anomalous.100%, C:\WINDOWS\ACABC898A0EA38066A77971B0E7EC412.EXE, Quarentena,

• , [392687],1.0.7959

PUP.Optional.WinYahoo, C:\USERS\-------------------\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWM8OJQU.DEFAULT\PREFS.JS, Substituído, [232], [303324],1.0.7959
PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Substituído, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\USERS\-------------------\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CDFGFNCDANFPLMKHEHIJMCENHOKBAAIK\0.8_0\REDIRECT.JS, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\_metadata\computed_hashes.json, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\_metadata\verified_contents.json, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\background.js, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\manifest.json, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\popup.html, Quarentena, [4618], [443118],1.0.7959
PUP.Optional.Imali.Generic, C:\Users\-------------------\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfgfncdanfplmkhehijmcenhokbaaik\0.8_0\redirect.html, Quarentena, [4618], [443118],1.0.7959
Adware.Wajam, C:\WINDOWS\SYSTEM32\DRIVERS\YZYWODK5MWEWMDI5N, Quarentena, [475], [488914],1.0.7959
Adware.Csdimonetize, C:\PROGRAM FILES (X86)\XRRX\241267232.EXE, Quarentena, [2866], [592870],1.0.7959
PUP.Optional.InstallCore.Generic, C:\USERS\-------------------\DESKTOP\ATUBE_CATCHER_0656998135.EXE, Quarentena, [6143], [512134],1.0.7959
Trojan.BitCoinMiner, C:\PROGRAM FILES (X86)\CORE\VIDEOCARD.EXE, Quarentena, [567], [475355],1.0.7959
Adware.Csdimonetize, C:\PROGRAM FILES (X86)\XRRX\374534056.EXE, Quarentena, [2866], [592870],1.0.7959
Adware.Csdimonetize, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-TNFA0.TMP\DAZED.EXE, Quarentena, [2866], [592870],1.0.7959
PUP.Optional.BundleInstaller, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\BIT401C.TMP.EXE, Quarentena, [422], [601328],1.0.7959
PUP.Optional.InstallCore.Generic, C:\USERS\ENVIA\DOWNLOADS\ATUBE_CATCHER_0550002805.EXE, Quarentena, [6143], [512134],1.0.7959
Adware.OxyPumper, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\E7E3Y1C0\O8N5Y3V0.EXE, Quarentena, [4230], [601660],1.0.7959
Adware.Agent, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-93C8K.TMP\CRSWGVH.DLL, Quarentena, [101], [594543],1.0.7959
Adware.Csdimonetize, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-NGBU2.TMP\DAZED.EXE, Quarentena, [2866], [592870],1.0.7959
Adware.Tuto4PC, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\IS-TFEQP.TMP\SETUP.EXE, Quarentena, [2782], [601384],1.0.7959
Adware.Zdengo, C:\USERS\-------------------\APPDATA\LOCAL\TEMP\NSUDA27.TMP\KNNUPMGIILB.DLL, Quarentena, [7763], [600697],1.0.7959
PUP.Optional.WinThruster, C:\WINDOWS\INSTALLER\75209.MSI, Quarentena, [1487], [461217],1.0.7959
Generic.Malware/Suspicious, C:\USERS\-------------------\DOWNLOADS\BITCOMET_1.44_SETUP.EXE, Quarentena,

• , [392686],1.0.7959

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)



Security Check answer this for me! Image below

What should I do?

Title: Re: AdwCleanner detect adware
Post by: SuperDave on November 21, 2018, 04:57:16 PM

Could you please run AdwCleaner again and post the log?

Title: Re: AdwCleanner detect adware
Post by: renatinha2018 on November 21, 2018, 09:56:55 PM

I think it's fixed! Thank you very much

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-11-19.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-22-2018
# Duration: 00:00:00
# OS:       Windows 10 Enterprise 2016 LTSB
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted       Chrome Cleaner Pro
Deleted       MSN Homepage & Bing Search Engine

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

• Delete Tracing Keys
• Reset Winsock

*************************

AdwCleaner[S00].txt - [16218 octets] - [21/11/2018 03:56:48]
AdwCleaner[C00].txt - [13635 octets] - [21/11/2018 03:59:14]
AdwCleaner[S01].txt - [1471 octets] - [21/11/2018 04:21:40]
AdwCleaner[C01].txt - [1619 octets] - [21/11/2018 04:21:55]
AdwCleaner[S02].txt - [1593 octets] - [22/11/2018 02:50:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

Title: Re: AdwCleanner detect adware
Post by: SuperDave on November 22, 2018, 04:51:23 PM

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

    Download and execute  ESET OnlineScan (http://eset.com/onlinescan) (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
    Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

        Enable detection of potentially unwanted applications;
        Scan archives;
        Scan for potentially unsafe applications;
        Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

   (http://i424.photobucket.com/albums/pp322/digistar/Lilp6C2_1.png) (http://s424.photobucket.com/user/digistar/media/Lilp6C2_1.png.html)

    After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
   
(http://i424.photobucket.com/albums/pp322/digistar/PbI6QoP_1.png) (http://s424.photobucket.com/user/digistar/media/PbI6QoP_1.png.html)
    Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
   
(http://i424.photobucket.com/albums/pp322/digistar/iYk249p_1.png) (http://s424.photobucket.com/user/digistar/media/iYk249p_1.png.html)
    After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
   
(http://i424.photobucket.com/albums/pp322/digistar/SQWS56I.png) (http://s424.photobucket.com/user/digistar/media/SQWS56I.png.html)

    Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
   
(http://i424.photobucket.com/albums/pp322/digistar/OkgGDKc_1.png) (http://s424.photobucket.com/user/digistar/media/OkgGDKc_1.png.html)

    Once you're done, click on the Back button;
    Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;