Scoobeedooo Posted November 3, 2013 Share Posted November 3, 2013 Good morning...I have been very grateful in the past with all the free help you all have provided me in getting some nasty viruses off my PC, so today I am back with a new problem for you to help me solve. My step-daughter accidentally downloaded a fake anti-virus program called Optimizer Pro Performance Monitor...I originally discovered this when she told me how slow her laptop was running, so I was going to clean it up for her. This nasty program is beyond my spectrum of cleaning so I would really appreciate your help. I have run and installed Malwarebytes and the Revo Uninstaller already, but the program is still popping up. As an added bonus, she also has a stubborn toolbar add-on called SweetIM that I would like to get rid of. Before we start, I should tell you that in addition to the Malwarebytes, her laptop has both Norton and McAfee anti-virus programs installed and I want to remove them and any other conflicting anti-virus programs and add a few that actually work when we are done to prevent this sort of thing from happening to her again. Looking forward to your help...I am ready for the challenge of working with you to get this cyber junk off her machine. Lets do this! Thanks so much! Jennifer PS...The program pops up when I log in as her user, but not on the other users Link to post Share on other sites
Tx Redneck Posted November 3, 2013 Share Posted November 3, 2013 Log into one of the unaffected accts, launch Malwarebytes, update and run a full scan. Check ALL THE ITEMS found and have it remove them. Reboot and post the log and how it's running. Link to post Share on other sites
Scoobeedooo Posted November 3, 2013 Author Share Posted November 3, 2013 Will do...Thanks Link to post Share on other sites
Juliet Posted November 3, 2013 Share Posted November 3, 2013 Does she have a paid subscription to either Norton or McAfee? One should come off before trying to clean the computer. Link to post Share on other sites
Scoobeedooo Posted November 3, 2013 Author Share Posted November 3, 2013 I don't think so, but either way I will remove both of them...I'm not a big fan of either and I would rather just have Malwarebytes and any other anti-virus programs that you recommend that work well together installed on her laptop when it is cleaned up. I already started the scan, so I'm going to let it finish, remove the items it has found and then take the Norton, etc off and run a scan again. I will post both logs when they are done...I'm in 2 1/2 hours on the first scan so it will be a bit... Thanks Juliet! You actually helped me last time and I REALLY appreciated it! Link to post Share on other sites
Jacee Posted November 3, 2013 Share Posted November 3, 2013 You can get rid of SweetIM and other adware with AdwCleaner. download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator. Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it. Copy and paste the contents of that logfile in your next reply. A copy of all logfiles are saved in the C:AdwCleaner folder which was created when running the tool. Using AdwCleaner v3: Scan & Clean: Double click on AdwCleaner.exe to run the tool again. Click on the Scan button. AdwCleaner will begin to scan your computer like it did before. After the scan has finished... This time, click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:AdwCleaner folder. Link to post Share on other sites
Juliet Posted November 3, 2013 Share Posted November 3, 2013 Free Antivirus-AntiSpyware-Firewall Software Link to post Share on other sites
Scoobeedooo Posted November 4, 2013 Author Share Posted November 4, 2013 Here are the Malwarebytes logs...As you can see from the first one, the laptop was all fubar...After running it the first time, and deleting everything it found, I ran it again after unistalling the competing anti-virus programs. That report didn't find anything...I am now going to install the adwcleaner and run it. Also...In addition to the McAfee, Norton and Avg I unistalled...Windows security essentials is also running...Any advice on whether or not I should keep it installed? Thanks! Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.03.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Admin :: ASUS [administrator] Protection: Disabled 11/3/2013 10:15:42 AM mbam-log-2013-11-03 (10-15-42).txt Scan type: Full scan (C:|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 404643 Time elapsed: 4 hour(s), 3 minute(s), 29 second(s) Memory Processes Detected: 3 C:Program Files (x86)BatBrowsebinutilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> 2804 -> Delete on reboot. C:WindowsSysWOW64jmdpstij.exe (PUP.Optional.InstallBrain.A) -> 688 -> Delete on reboot. C:Program Files (x86)Optimizer ProOptProReminder.exe (PUP.Optional.OptimizerPro) -> 5280 -> Delete on reboot. Memory Modules Detected: 1 C:WindowsSysWOW64jmdplmrn.dll (PUP.Optional.Sweetpacks) -> Delete on reboot. Registry Keys Detected: 32 HKLMSYSTEMCurrentControlSetServices70e6ca8c (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. HKLMSYSTEMCurrentControlSetServicesUtil BatBrowse (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. HKLMSYSTEMCurrentControlSetServicesUpdate BatBrowse (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. HKCRCLSID{b67b3dbb-c1c9-49d2-b016-2748b0b5017e} (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. HKCRTypeLib{03f38765-173f-4344-b4d6-78500a46cace} (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. HKCRInterface{88CCA982-C030-4B27-8FBC-201189970FDE} (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. HKCRAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCRAppID{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKCRCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. HKCRCLSID{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. HKCRCLSID{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. HKCRTypeLib{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. HKCRInterface{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. HKLMSOFTWARE{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKCUSOFTWAREBabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully. HKCUSOFTWAREDataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully. HKCUSoftwareDataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully. HKCUSoftwareBabSolutionUpdater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. HKCUSOFTWAREINSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully. HKCUSOFTWARESWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. HKLMSOFTWAREBatBrowse (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. HKLMSOFTWAREUpdater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully. HKLMSOFTWAREInstallCoremysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKLMSOFTWAREWow6432NodeUpdater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully. HKLMSYSTEMCurrentControlSetServicesIBUpdaterService (Adware.InstallBrain) -> Quarantined and deleted successfully. HKLMSOFTWARESWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallWNLT (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKCUSoftwareInstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0F -> Quarantined and deleted successfully. HKCUSoftwareSweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {404EF140-98A8-11E2-B4BC-F46D04A9E7EB} -> Quarantined and deleted successfully. HKLMSoftwareSweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {404EF140-98A8-11E2-B4BC-F46D04A9E7EB} -> Quarantined and deleted successfully. Registry Data Items Detected: 4 HKCUSOFTWAREMicrosoftInternet ExplorerMain|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN20225833767322279&UM=2&ctid=CT3287819) Good: (http://www.google.com) -> Quarantined and repaired successfully. HKLMSOFTWAREMicrosoftInternet ExplorerMain|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyE0Azy0EyB0E0BzyzzyDzytN0D0Tzu0CyCyCtAtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2045651151&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully. HKCRscrfileshellopencommand| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> Quarantined and repaired successfully. HKCRregfileshellopencommand| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully. Folders Detected: 19 C:Program Files (x86)BatBrowse (PUP.Optional.BatBrowse.A) -> Delete on reboot. C:Program Files (x86)BatBrowsebin (PUP.Optional.BatBrowse.A) -> Delete on reboot. C:Program Files (x86)BatBrowsebinplugins (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2 (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:ProgramDataTarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:ProgramDataTarma Installer{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:UsersAdminAppDataRoamingBabSolution (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:UsersAdminAppDataRoamingBabSolutionShared (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataRoamingmysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataRoamingmysearchdialicons_2.2.5.1070 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:UsersAdminAppDataRoamingFile Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempct3310511 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:WindowsSystem32WNLTInstallation (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. C:WindowsSysWOW64WNLTInstallation (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chrome (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chromecontent (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:Program Files (x86)SweetPacks (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully. Files Detected: 97 C:Program Files (x86)Optimizer ProOptProCrash.exe (PUP.Optional.OptimizerPro) -> Delete on reboot. C:Program Files (x86)BatBrowsebinutilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Delete on reboot. C:WindowsSysWOW64jmdpstij.exe (PUP.Optional.InstallBrain.A) -> Delete on reboot. C:WindowsSysWOW64jmdplmrn.dll (PUP.Optional.Sweetpacks) -> Delete on reboot. C:Program Files (x86)Optimizer ProOptProReminder.exe (PUP.Optional.OptimizerPro) -> Delete on reboot. C:Program Files (x86)BatBrowseupdateBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowseBatBrowseBHO.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHitsGreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:Config.Msia022237.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:Program Files (x86)Mysearchdial1.8.21.0mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:Program Files (x86)Mysearchdial1.8.21.0mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:Program Files (x86)Mysearchdial1.8.21.0mysearchdialsrv.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:Program Files (x86)Mysearchdial1.8.21.0bhmysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:Program Files (x86)Optimizer ProOptimizerPro.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:Program Files (x86)Optimizer ProOptProGuard.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:Program Files (x86)Optimizer ProOptProLauncher.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully. C:Program Files (x86)Optimizer ProOptProSchedule.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:Program Files (x86)Optimizer ProOptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:Program Files (x86)Optimizer ProOptProStart.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:ProgramDataBasicSeekbasicseek110.exe (PUP.Zwangi) -> Quarantined and deleted successfully. C:ProgramDataTarma Installer{361E80BE-388B-4270-BF54-A10C2B756504}Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:UsersAdminAppDataRoamingFile Scoutfilescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully. C:UsersAdminDownloadsFlashPlayer_V.43740451c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully. C:UsersAdminDownloadsiLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully. C:UsersAdminDownloadsUltimateCodec.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5ES0I3F30bundlesweetimsetup[1].exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5RWK6A81VSkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5ZLEGPGFXconduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5ZLEGPGFXSetup[1].exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempIMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempmgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempnewsetup.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempShortcut_IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempSweetIESetup.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempSweetIMInstallValidator.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempSweetIMSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempWSSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempct3310511stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempis127551935048765424_stp.EXE (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempis127551935048765293_stpBatBrowseSetup.exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempis127551935048765363_stpGreatArcadeHits.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempis48933691mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempis48933691mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempis48933691mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempis48933691mysearchdialsrv.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempis48933691mysearchdialTlbr.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempis48933691MySearchDialUpdate.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalTempnsz8103.tmp10sweetpacks_dlcom_conduit_942013.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:UsersEmmaDownloadsiTunes_Setup (1).exe (PUP.Optional.ExpressInstall.A) -> Quarantined and deleted successfully. C:WindowsSystem32ARFCwrtc.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. C:WindowsSystem32jmdplmrn.dll (PUP.Optional.Sweetpacks) -> Delete on reboot. C:WindowsSystem32jmdpstij.exe (PUP.Optional.InstallBrain.A) -> Delete on reboot. C:WindowsSystem32WNLTInstallationSKSetup.exe (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully. C:WindowsTasksGreatArcadeHits.job (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersAdminAppDataRoamingspeedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowseBatBrowse.ico (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowseBatBrowseUninstall.exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowseccncljhbalbbkkfgopogabimepmfkmff.crx (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowsesqlite3.exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowsebinsqlite3.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowsebinutilBatBrowse.InstallState (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowsebinpluginsBatBrowse.CompatibilityChecker.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowsebinpluginsBatBrowse.FFUpdate.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowsebinpluginsBatBrowse.GCUpdate.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:Program Files (x86)BatBrowsebinpluginsBatBrowse.IEUpdate.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully. C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2Optimizer Pro.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2Check updates.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2Help.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2Optimizer Pro on the Web.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2Uninstall Optimizer Pro.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:ProgramDataTarma Installer{361E80BE-388B-4270-BF54-A10C2B756504}Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:ProgramDataTarma Installer{361E80BE-388B-4270-BF54-A10C2B756504}_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:ProgramDataTarma Installer{361E80BE-388B-4270-BF54-A10C2B756504}_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:UsersAdminAppDataRoamingBabSolutionSharedBUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:UsersAdminAppDataRoamingBabSolutionSharedchu.js (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:UsersAdminAppDataRoamingBabSolutionSharedSQLite3.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataRoamingmysearchdialicons_2.2.5.107059.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataRoamingmysearchdialicons_2.2.5.107060.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:UsersAdminAppDataRoamingFile Scoutuninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully. C:WindowsSystem32WNLTInstallationConfig.bin (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. C:WindowsSystem32WNLTInstallationuninstaller.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. C:WindowsSysWOW64WNLTInstallationConfig.bin (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. C:WindowsSysWOW64WNLTInstallationSKSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. C:WindowsSysWOW64WNLTInstallationuninstaller.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHitsapplication.ico (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHitscookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHitsGAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHitsGAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHitsstatic.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chrome.manifest (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chromecontentapplication.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chromecontentpage.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chromecontentstatic.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully. C:Program Files (x86)SweetPacksGottenAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully. C:Program Files (x86)SweetPacksOtherAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully. C:Program Files (x86)SweetPacksSharedAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully. C:Program Files (x86)SweetPacksToolbarContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully. (end) Here is the 2nd log... Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.03.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Admin :: ASUS [administrator] Protection: Enabled 11/3/2013 3:23:29 PM mbam-log-2013-11-03 (15-23-29).txt Scan type: Full scan (C:|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 402842 Time elapsed: 2 hour(s), 5 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Link to post Share on other sites
Scoobeedooo Posted November 4, 2013 Author Share Posted November 4, 2013 Here are the Adwcleaner logs... # AdwCleaner v3.011 - Report created 03/11/2013 at 23:05:18 # Updated 03/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Admin - ASUS # Running from : E:AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:END File Found : C:UsersAdminAppDataLocalTempUninstall.exe File Found : C:UsersAdminAppDataRoamingBabMaint.exe File Found : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_app.mam.conduit.com_0.localstorage File Found : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_app.mam.conduit.com_0.localstorage-journal File Found : C:UsersEmmaDesktopContinue SweetIM Installation.lnk File Found : C:UsersEmmaDesktopOptimizer Pro.lnk File Found : C:WindowsSystem32dmwu.exe File Found : C:WindowsSystem32ImhxxpComm.dll File Found : C:WindowsSystem32roboot64.exe File Found : C:WindowsSystem32TasksDSite File Found : C:WindowsSystem32TasksEPUpdater File Found : C:WindowsSystem32TasksUpdaterEX File Found : C:WindowsTasksDSite.job File Found : C:WindowsTasksUpdaterEX.job Folder Found : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultExtensionsdlnembnfbcpjnepmfjmngjenhhajpdfd Folder Found : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof Folder Found : C:UsersRachelAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof Folder Found C:Program Files (x86)BasicSeek Folder Found C:Program Files (x86)Conduit Folder Found C:Program Files (x86)Mysearchdial Folder Found C:Program Files (x86)optimizer pro Folder Found C:Program Files (x86)Searchprotect Folder Found C:ProgramDataAsk Folder Found C:ProgramDataBabylon Folder Found C:ProgramDataBasicSeek Folder Found C:ProgramDataConduit Folder Found C:ProgramDataPartner Folder Found C:Searchprotect Folder Found C:UsersAdminAppDataLocalConduit Folder Found C:UsersAdminAppDataLocalSupreme Savings Folder Found C:UsersAdminAppDataLocalSwvUpdater Folder Found C:UsersAdminAppDataLocalTempAirInstaller Folder Found C:UsersAdminAppDataLocalLowboost_interprocess Folder Found C:UsersAdminAppDataLocalLowConduit Folder Found C:UsersAdminAppDataRoamingConduit Folder Found C:UsersAdminAppDataRoamingDSite Folder Found C:UsersAdminAppDataRoamingPerformerSoft Folder Found C:UsersAdminAppDataRoamingSpeedanAlysis Folder Found C:UsersEmmaAppDataLocalConduit Folder Found C:UsersEmmaAppDataLocalLowConduit Folder Found C:UsersEmmaAppDataRoamingoptimizer pro Folder Found C:UsersEmmaAppDataRoamingSearchprotect Folder Found C:UsersEmmaAppDataRoamingUpdaterEX Folder Found C:WindowsSystem32ljkb Folder Found C:WindowsSysWOW64ARFC Folder Found C:WindowsSysWOW64jmdp Folder Found C:WindowsSysWOW64WNLT ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : [x64] HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] - C:PROGRA~2OPTIMI~1OPTPRO~2.DLL Key Found : HKCUSoftware5d5388dbbd34e948 Key Found : HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCUSoftwareAppDataLowSoftwareCrossrider Key Found : HKCUSoftwareAppDataLowSoftwaresmartbar Key Found : HKCUSoftwareBabSolution Key Found : HKCUSoftwareConduit Key Found : HKCUSoftwaredsiteproducts Key Found : HKCUSoftwarefilescout Key Found : HKCUSoftwareilivid Key Found : HKCUSoftwareImInstaller Key Found : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{EEE6C360-6118-11DC-9C72-001320C79847} Key Found : HKCUSoftwareperformersoft llc Key Found : HKCUSoftwarewnlt Key Found : [x64] HKCUSoftwareBabSolution Key Found : [x64] HKCUSoftwareConduit Key Found : [x64] HKCUSoftwaredsiteproducts Key Found : [x64] HKCUSoftwarefilescout Key Found : [x64] HKCUSoftwareilivid Key Found : [x64] HKCUSoftwareImInstaller Key Found : [x64] HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : [x64] HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{EEE6C360-6118-11DC-9C72-001320C79847} Key Found : [x64] HKCUSoftwareperformersoft llc Key Found : [x64] HKCUSoftwarewnlt Key Found : HKLMSoftware{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLMSoftwareBabylon Key Found : HKLMSOFTWAREClassesApplicationsilividsetup.exe Key Found : HKLMSOFTWAREClassesCLSID{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Found : HKLMSOFTWAREClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLMSOFTWAREClassesCLSID{64697678-0000-0010-8000-00AA00389B71} Key Found : HKLMSOFTWAREClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLMSOFTWAREClassesCLSID{AF175732-0D59-716D-F757-9F1492D808D9} Key Found : HKLMSOFTWAREClassesdriverscanner Key Found : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLMSOFTWAREClassesInterface{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLMSOFTWAREClassesInterface{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLMSOFTWAREClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLMSOFTWAREClassesProd.cap Key Found : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLMSoftwareConduit Key Found : HKLMSoftwareDataMngr Key Found : HKLMSOFTWAREGoogleChromeExtensionsccncljhbalbbkkfgopogabimepmfkmff Key Found : HKLMSOFTWAREGoogleChromeExtensionscfcbmgbfdbijmjgjihagbomfbjfjmgon Key Found : HKLMSOFTWAREGoogleChromeExtensionsmocblcnaofikinigmceddfghppkkjbog Key Found : HKLMSOFTWAREGoogleChromeExtensionsogccgbmabaphcakpiclgcnmcnimhokcj Key Found : HKLMSoftwareInstallCore Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{31111111-1111-1111-1111-110111991162} Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{EEE6C360-6118-11DC-9C72-001320C79847} Key Found : HKLMSOFTWAREMicrosoftTracingau__rasapi32 Key Found : HKLMSOFTWAREMicrosoftTracingau__rasmancs Key Found : HKLMSOFTWAREMicrosoftTracingBingBar_RASMANCS Key Found : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASAPI32 Key Found : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASMANCS Key Found : HKLMSOFTWAREMicrosoftTracingiLividSetup_RASAPI32 Key Found : HKLMSOFTWAREMicrosoftTracingiLividSetup_RASMANCS Key Found : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32 Key Found : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCS Key Found : HKLMSOFTWAREMicrosoftTracingTaskScheduler_RASAPI32 Key Found : HKLMSOFTWAREMicrosoftTracingTaskScheduler_RASMANCS Key Found : HKLMSOFTWAREMicrosoftTracingupdateBatBrowse_RASAPI32 Key Found : HKLMSOFTWAREMicrosoftTracingupdateBatBrowse_RASMANCS Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallOptimizer Pro_is1 Key Found : HKLMSoftwareSupreme Savings Key Found : [x64] HKLMSOFTWAREClassesCLSID{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Found : [x64] HKLMSOFTWAREClassesCLSID{4AA46D49-459F-4358-B4D1-169048547C23} Key Found : [x64] HKLMSOFTWAREClassesCLSID{64697678-0000-0010-8000-00AA00389B71} Key Found : [x64] HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLMSOFTWAREClassesInterface{88CCA982-C030-4B27-8FBC-201189970FDE} Key Found : [x64] HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : [x64] HKLMSOFTWAREDivXInstallSetupWizardLayoutConduitToolbar Key Found : [x64] HKLMSOFTWARETarma Installer Key Found : [x64] HKLMSOFTWAREUpdater By Sweetpacks Key Found : [x64] HKLMSOFTWAREwnlt Value Found : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] Value Found : HKCUSoftwareMozillaFirefoxExtensions [[email protected]] Value Found : HKCUSoftwareMozillaFirefoxExtensions [[email protected]] Value Found : HKLMSOFTWAREMozillaFirefoxExtensions [[email protected]] Value Found : HKLMSOFTWAREMozillaFirefoxExtensions [[email protected]] ***** [ Browsers ] ***** - Internet Explorer v10.0.9200.16720 - Google Chrome v30.0.1599.101 [ File : C:UsersAdminAppDataLocalGoogleChromeUser DataDefaultpreferences ] [ File : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultpreferences ] Found : homepage Found : icon_url Found : search_url Found : suggest_url Found : keyword Found : urls_to_restore_on_startup Found : homepage Found : search_url Found : urls_to_restore_on_startup Found : homepage Found : icon_url Found : search_url Found : suggest_url Found : keyword Found : urls_to_restore_on_startup [ File : C:UsersRachelAppDataLocalGoogleChromeUser DataDefaultpreferences ] Found : icon_url Found : search_url Found : suggest_url Found : keyword Found : urls_to_restore_on_startup Found : icon_url Found : search_url Found : suggest_url Found : keyword Found : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [9981 octets] - [03/11/2013 23:05:18] ########## EOF - C:AdwCleanerAdwCleaner[R0].txt - [10041 octets] ########## # AdwCleaner v3.011 - Report created 03/11/2013 at 23:33:03 # Updated 03/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Admin - ASUS # Running from : E:AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultExtensionsdlnembnfbcpjnepmfjmngjenhhajpdfd Folder Deleted : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** - Internet Explorer v10.0.9200.16720 - Google Chrome v30.0.1599.101 [ File : C:UsersAdminAppDataLocalGoogleChromeUser DataDefaultpreferences ] [ File : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultpreferences ] ************************* AdwCleaner[R0].txt - [10210 octets] - [03/11/2013 23:05:18] AdwCleaner[R1].txt - [1187 octets] - [03/11/2013 23:31:25] AdwCleaner[s0].txt - [9123 octets] - [03/11/2013 23:14:17] AdwCleaner[s1].txt - [1113 octets] - [03/11/2013 23:33:03] ########## EOF - C:AdwCleanerAdwCleaner[s1].txt - [1173 octets] ########## Link to post Share on other sites
Jacee Posted November 4, 2013 Share Posted November 4, 2013 Please download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop. Save any unsaved work. TFC will close ALL open programs including your browser!Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean. Tell us if the computer is running normally now, or not. Link to post Share on other sites
Scoobeedooo Posted November 4, 2013 Author Share Posted November 4, 2013 I downloaded TFC and followed your instructions...The computer is running fast now, but I would like to optimize it as much as possible and install a few programs that will work together and prevent it getting bogged down like it was again...I would also like to run any more programs you recommend to clean it up further and possibly install a free antivirus...Should I keep the windows security essentials installed? Thanks! Jennifer Link to post Share on other sites
Juliet Posted November 4, 2013 Share Posted November 4, 2013 Keep Microsoft Security Essentials. Make sure windows firewall is enabled. WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE. [*]Green should be good to go [*]Yellow for caution [*]Red to stop Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/ SpywareBlaster protects against bad ActiveX. http://www.javacoolsoftware.com/spywareblaster.html Link to post Share on other sites
Tx Redneck Posted November 4, 2013 Share Posted November 4, 2013 Glad all that worked. Link to post Share on other sites
Scoobeedooo Posted November 5, 2013 Author Share Posted November 5, 2013 I installed the Web of Trust add-on for Chrome and Spywareblaster and left Microsoft security essentials installed...Any more advice or add-ons/programs you can recommend before we are done fixing and preventing future problems? Thanks! Jennifer Link to post Share on other sites
Juliet Posted November 5, 2013 Share Posted November 5, 2013 I know it's her computer and she wants to have full run around with it but, if she used an user account with limited privileges, less can happen Other then that, thats about all we can for now. Link to post Share on other sites
Scoobeedooo Posted November 5, 2013 Author Share Posted November 5, 2013 Yep...I was going to put some parental controls on there... I would like to thank you all for all your help and knowledge! Once again, you have helped me and I really appreciate it! Have a great week and thank you! Jennifer Link to post Share on other sites
Jacee Posted November 6, 2013 Share Posted November 6, 2013 You won't be able to use AdwCleaner as a 'working' application. It's continually being updated! Removing/Uninstalling AdwCleaner: Double click on AdwCleaner.exe to run the tool again. [*]Click on the Uninstall button. [*]Click Yes when asked are you sure you want to uninstall. [*]Both AdwCleaner.exe, its folder and all logs will be removed. If you need to use it again, you will need to re-download and go through the process of scanning and deleting detected adware as you did above. Link to post Share on other sites
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now