Please help my infected computer - third party keeps trying to change
Started by
starlingdarlinf
, Jan 22 2014 02:17 AM
#16
Posted 12 February 2014 - 11:58 PM
#17
Posted 13 February 2014 - 08:38 PM
Teima,
Yes I am. The ESET scan is still running only at 35% and its been running for almost 14hours so once that is done I will post the information. Sorry about the delay. -Heather
Yes I am. The ESET scan is still running only at 35% and its been running for almost 14hours so once that is done I will post the information. Sorry about the delay. -Heather
#18
Posted 14 February 2014 - 08:53 PM
Hello!
Ok finally got it all done, below are the logs.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll.vir probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll.vir Win32/Toolbar.Babylon.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bg.exe.vir a variant of Win32/Toolbar.CrossRider.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll.vir a variant of Win32/Toolbar.CrossRider.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.exe.vir probably a variant of Win32/Toolbar.CrossRider.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.dll.vir probably a variant of Win64/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.T potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\utils.exe.vir Win32/Toolbar.CrossRider.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGong.crx.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1390372927464.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe.vir Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\ldrtbSwag.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\Swag_BucksToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\tbSwag.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe.vir Win32/AdWare.Yontoo.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir probably a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\CT2260173\Swag_BucksAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\ldrtbSwa0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\ldrtbSwag.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\tbSwa0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\tbSwa1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\tbSwag.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\BabSolution\CR\Delta.crx.vir a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir Win32/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\WebCakeDesktop.exe.vir MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Desktop.OS.dll.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Dora.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Maintain.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Paladin.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Phoenix.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Web Cake\WebCakeDesktop.exe.vir MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Web Cake\dat\Maintain.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\WebCakeDesktop.exe.vir MSIL/WebCake.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Desktop.OS.dll.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Dora.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Maintain.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Paladin.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Phoenix.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\WorldRiddlesAnimals\AnimalWorld.exe a variant of Win32/Kryptik.BCY trojan cleaned by deleting - quarantined
C:\Users\Heather\AppData\Local\Media Get LLC\MediaGet2\update.exe Win32/MediaGet.AB potentially unwanted application deleted - quarantined
C:\Users\Heather\AppData\LocalLow\1409.tmp Win64/Olmarik.AY trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\WBDesktop.Updater.exe MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll Win32/Toolbar.Escort.A potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\Movdap\WebCakeIEClient.dll probably a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\Swag_Bucks\prxtbSwag.dll Win32/Toolbar.Conduit.O potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\options\pg_options.js Win32/PriceGong.B potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\plugins\npPriceGong_CH.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\BabMaint.x a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\NPObject.dll a variant of Win32/Toolbar.Babylon.Q potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb\1.8.1.24_0\background.js JS/SaveValet.A potentially unwanted application deleted - quarantined
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-15 11:45:22
-----------------------------
11:45:22.474 OS Version: Windows x64 6.1.7601 Service Pack 1
11:45:22.474 Number of processors: 2 586 0x2505
11:45:22.474 ComputerName: ANDEE UserName:
11:45:29.541 Initialize success
11:50:57.929 AVAST engine defs: 14021402
11:51:26.041 The log file has been saved successfully to "C:\Users\Heather\Desktop\Geeks2Go\aswMBR(1).txt"
Ok finally got it all done, below are the logs.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll.vir probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll.vir Win32/Toolbar.Babylon.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bg.exe.vir a variant of Win32/Toolbar.CrossRider.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll.vir a variant of Win32/Toolbar.CrossRider.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.exe.vir probably a variant of Win32/Toolbar.CrossRider.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.dll.vir probably a variant of Win64/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.T potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe.vir a variant of Win32/Toolbar.CrossRider.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\utils.exe.vir Win32/Toolbar.CrossRider.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGong.crx.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1390372927464.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe.vir Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\ldrtbSwag.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\Swag_BucksToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\tbSwag.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe.vir Win32/AdWare.Yontoo.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir probably a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Conduit\CT2260173\Swag_BucksAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\ldrtbSwa0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\ldrtbSwag.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\tbSwa0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\tbSwa1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\LocalLow\Swag_Bucks\tbSwag.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\BabSolution\CR\Delta.crx.vir a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir Win32/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\WebCakeDesktop.exe.vir MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Desktop.OS.dll.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Dora.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Maintain.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Paladin.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Movdap\dat\Phoenix.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Web Cake\WebCakeDesktop.exe.vir MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\Web Cake\dat\Maintain.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\WebCakeDesktop.exe.vir MSIL/WebCake.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Desktop.OS.dll.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Dora.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Maintain.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Paladin.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Heather\AppData\Roaming\WebCake\dat\Phoenix.dat.vir a variant of MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\WorldRiddlesAnimals\AnimalWorld.exe a variant of Win32/Kryptik.BCY trojan cleaned by deleting - quarantined
C:\Users\Heather\AppData\Local\Media Get LLC\MediaGet2\update.exe Win32/MediaGet.AB potentially unwanted application deleted - quarantined
C:\Users\Heather\AppData\LocalLow\1409.tmp Win64/Olmarik.AY trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\WBDesktop.Updater.exe MSIL/WebCake.A potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll Win32/Toolbar.Escort.A potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\Movdap\WebCakeIEClient.dll probably a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Program Files (x86)\Swag_Bucks\prxtbSwag.dll Win32/Toolbar.Conduit.O potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\options\pg_options.js Win32/PriceGong.B potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\plugins\npPriceGong_CH.dll a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\BabMaint.x a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\NPObject.dll a variant of Win32/Toolbar.Babylon.Q potentially unwanted application deleted - quarantined
C:\_OTL\MovedFiles\01242014_161433\C_Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb\1.8.1.24_0\background.js JS/SaveValet.A potentially unwanted application deleted - quarantined
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-15 11:45:22
-----------------------------
11:45:22.474 OS Version: Windows x64 6.1.7601 Service Pack 1
11:45:22.474 Number of processors: 2 586 0x2505
11:45:22.474 ComputerName: ANDEE UserName:
11:45:29.541 Initialize success
11:50:57.929 AVAST engine defs: 14021402
11:51:26.041 The log file has been saved successfully to "C:\Users\Heather\Desktop\Geeks2Go\aswMBR(1).txt"
#19
Posted 16 February 2014 - 06:49 AM
How does the machine appear to be running at the moment? Is it still slow as it was before?
#20
Posted 19 February 2014 - 07:44 AM
Hello,
The difference in my computer is amazing. It still runs a little slow when I'm typing, but everything else seems to be working well and best of all no more crazy pop ups. Thank you so very much. -Heather
The difference in my computer is amazing. It still runs a little slow when I'm typing, but everything else seems to be working well and best of all no more crazy pop ups. Thank you so very much. -Heather
#21
Posted 21 February 2014 - 08:41 PM
Congratulations your computer appears to be malware free!
Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.
Removal of OTL
Double-click OTL to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
Uninstall AdwCleaner:
Right-click on AdwCleaner.exe nd select Run as Administrator to start the program
Click on Uninstall >> Yes, this will remove the application and its log(s) etc.
Step One
Enabling Windows Updates
1. Please proceed with clicking "Start" then choosing the "Control Panel" on the left hand window.
2. Click the first menu selection named "System and Security".
3. Click the next option entitled "Windows Update".
4. Now click "Change Settings" which is situated on the left hand side.
5. Please make sure that the "Important Updates" box is selected to "Install Updates Automatically". Whilst these updates have been selected to install "Every Day".
6. Please also enable the "Recommended Updates" check box if it hasn't already been enabled.
7. Click "Ok" once these steps have been followed.
Step Two
Clearing System Restore Points
1. Please Navigate to the Start Menu
2. Once that's loaded right click on my computer and select the option named "Properties".
3. On the menu which is located on the left hand side please select "System Protection".
4. Under the system properties dialogue which is now loaded navigate to the tab named "System Protection" and proceed with clicking "Configure".
5. Click the option entitled "Delete" and proceed with clicking "Continue". Your system restore points have now been cleared.
Other recommendations
Please note that prevention is better than any cure. I'll post some recommendations below to further enhance your security.
Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.
Removal of OTL
Double-click OTL to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
Uninstall AdwCleaner:
Right-click on AdwCleaner.exe nd select Run as Administrator to start the program
Click on Uninstall >> Yes, this will remove the application and its log(s) etc.
Step One
Enabling Windows Updates
1. Please proceed with clicking "Start" then choosing the "Control Panel" on the left hand window.
2. Click the first menu selection named "System and Security".
3. Click the next option entitled "Windows Update".
4. Now click "Change Settings" which is situated on the left hand side.
5. Please make sure that the "Important Updates" box is selected to "Install Updates Automatically". Whilst these updates have been selected to install "Every Day".
6. Please also enable the "Recommended Updates" check box if it hasn't already been enabled.
7. Click "Ok" once these steps have been followed.
Step Two
Clearing System Restore Points
1. Please Navigate to the Start Menu
2. Once that's loaded right click on my computer and select the option named "Properties".
3. On the menu which is located on the left hand side please select "System Protection".
4. Under the system properties dialogue which is now loaded navigate to the tab named "System Protection" and proceed with clicking "Configure".
5. Click the option entitled "Delete" and proceed with clicking "Continue". Your system restore points have now been cleared.
Other recommendations
Please note that prevention is better than any cure. I'll post some recommendations below to further enhance your security.
- Please read this great article by miekiemoes entitled How to prevent Malware
#22
Posted 27 February 2014 - 07:35 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users