Jump to content

Change Mode

Nasty Optimizer Pro Performance Monitor FAKE anti-virus program


Recommended Posts

Good morning...I have been very grateful in the past with all the free help you all have provided me in getting some nasty viruses off my PC, so today I am back with a new problem for you to help me solve.

 

My step-daughter accidentally downloaded a fake anti-virus program called Optimizer Pro Performance Monitor...I originally discovered this when she told me how slow her laptop was running, so I was going to clean it up for her. This nasty program is beyond my spectrum of cleaning so I would really appreciate your help. I have run and installed Malwarebytes and the Revo Uninstaller already, but the program is still popping up. As an added bonus, she also has a stubborn toolbar add-on called SweetIM that I would like to get rid of.

 

Before we start, I should tell you that in addition to the Malwarebytes, her laptop has both Norton and McAfee anti-virus programs installed and I want to remove them and any other conflicting anti-virus programs and add a few that actually work when we are done to prevent this sort of thing from happening to her again.

 

Looking forward to your help...I am ready for the challenge of working with you to get this cyber junk off her machine. Lets do this!

 

Thanks so much! Jennifer :)

 

PS...The program pops up when I log in as her user, but not on the other users

Link to post
Share on other sites

Log into one of the unaffected accts, launch Malwarebytes, update and run a full scan. Check ALL THE ITEMS found and have it remove them. Reboot and post the log and how it's running.

Link to post
Share on other sites

I don't think so, but either way I will remove both of them...I'm not a big fan of either and I would rather just have Malwarebytes and any other anti-virus programs that you recommend that work well together installed on her laptop when it is cleaned up.

 

I already started the scan, so I'm going to let it finish, remove the items it has found and then take the Norton, etc off and run a scan again. I will post both logs when they are done...I'm in 2 1/2 hours on the first scan so it will be a bit...

 

Thanks Juliet! You actually helped me last time and I REALLY appreciated it!

Link to post
Share on other sites

You can get rid of SweetIM and other adware with AdwCleaner.

 

download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:AdwCleaner folder which was created when running the tool.

Using AdwCleaner v3: Scan & Clean:

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:AdwCleaner folder.
Link to post
Share on other sites

Here are the Malwarebytes logs...As you can see from the first one, the laptop was all fubar...After running it the first time, and deleting everything it found, I ran it again after unistalling the competing anti-virus programs. That report didn't find anything...I am now going to install the adwcleaner and run it. Also...In addition to the McAfee, Norton and Avg I unistalled...Windows security essentials is also running...Any advice on whether or not I should keep it installed? Thanks!

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.03.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Admin :: ASUS [administrator]
Protection: Disabled
11/3/2013 10:15:42 AM
mbam-log-2013-11-03 (10-15-42).txt
Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 404643
Time elapsed: 4 hour(s), 3 minute(s), 29 second(s)
Memory Processes Detected: 3
C:Program Files (x86)BatBrowsebinutilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> 2804 -> Delete on reboot.
C:WindowsSysWOW64jmdpstij.exe (PUP.Optional.InstallBrain.A) -> 688 -> Delete on reboot.
C:Program Files (x86)Optimizer ProOptProReminder.exe (PUP.Optional.OptimizerPro) -> 5280 -> Delete on reboot.
Memory Modules Detected: 1
C:WindowsSysWOW64jmdplmrn.dll (PUP.Optional.Sweetpacks) -> Delete on reboot.
Registry Keys Detected: 32
HKLMSYSTEMCurrentControlSetServices70e6ca8c (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
HKLMSYSTEMCurrentControlSetServicesUtil BatBrowse (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
HKLMSYSTEMCurrentControlSetServicesUpdate BatBrowse (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
HKCRCLSID{b67b3dbb-c1c9-49d2-b016-2748b0b5017e} (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
HKCRTypeLib{03f38765-173f-4344-b4d6-78500a46cace} (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
HKCRInterface{88CCA982-C030-4B27-8FBC-201189970FDE} (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
HKCRAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCRAppID{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCRCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCRCLSID{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCRCLSID{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCRTypeLib{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCRInterface{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKLMSOFTWARE{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCUSOFTWAREBabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCUSOFTWAREDataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCUSoftwareDataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCUSoftwareBabSolutionUpdater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCUSOFTWAREINSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCUSOFTWARESWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREBatBrowse (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREUpdater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREInstallCoremysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREWow6432NodeUpdater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLMSYSTEMCurrentControlSetServicesIBUpdaterService (Adware.InstallBrain) -> Quarantined and deleted successfully.
HKLMSOFTWARESWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallWNLT (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKCUSoftwareInstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0F -> Quarantined and deleted successfully.
HKCUSoftwareSweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {404EF140-98A8-11E2-B4BC-F46D04A9E7EB} -> Quarantined and deleted successfully.
HKLMSoftwareSweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {404EF140-98A8-11E2-B4BC-F46D04A9E7EB} -> Quarantined and deleted successfully.
Registry Data Items Detected: 4
HKCUSOFTWAREMicrosoftInternet ExplorerMain|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN20225833767322279&UM=2&ctid=CT3287819) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLMSOFTWAREMicrosoftInternet ExplorerMain|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyE0Azy0EyB0E0BzyzzyDzytN0D0Tzu0CyCyCtAtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=2045651151&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCRscrfileshellopencommand| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCRregfileshellopencommand| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.
Folders Detected: 19
C:Program Files (x86)BatBrowse (PUP.Optional.BatBrowse.A) -> Delete on reboot.
C:Program Files (x86)BatBrowsebin (PUP.Optional.BatBrowse.A) -> Delete on reboot.
C:Program Files (x86)BatBrowsebinplugins (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2 (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:ProgramDataTarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:ProgramDataTarma Installer{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:UsersAdminAppDataRoamingBabSolution (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:UsersAdminAppDataRoamingBabSolutionShared (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataRoamingmysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataRoamingmysearchdialicons_2.2.5.1070 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:UsersAdminAppDataRoamingFile Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempct3310511 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:WindowsSystem32WNLTInstallation (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:WindowsSysWOW64WNLTInstallation (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chrome (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chromecontent (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:Program Files (x86)SweetPacks (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
Files Detected: 97
C:Program Files (x86)Optimizer ProOptProCrash.exe (PUP.Optional.OptimizerPro) -> Delete on reboot.
C:Program Files (x86)BatBrowsebinutilBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Delete on reboot.
C:WindowsSysWOW64jmdpstij.exe (PUP.Optional.InstallBrain.A) -> Delete on reboot.
C:WindowsSysWOW64jmdplmrn.dll (PUP.Optional.Sweetpacks) -> Delete on reboot.
C:Program Files (x86)Optimizer ProOptProReminder.exe (PUP.Optional.OptimizerPro) -> Delete on reboot.
C:Program Files (x86)BatBrowseupdateBatBrowse.exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowseBatBrowseBHO.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHitsGreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:Config.Msia022237.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:Program Files (x86)Mysearchdial1.8.21.0mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:Program Files (x86)Mysearchdial1.8.21.0mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:Program Files (x86)Mysearchdial1.8.21.0mysearchdialsrv.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:Program Files (x86)Mysearchdial1.8.21.0bhmysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:Program Files (x86)Optimizer ProOptimizerPro.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:Program Files (x86)Optimizer ProOptProGuard.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:Program Files (x86)Optimizer ProOptProLauncher.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:Program Files (x86)Optimizer ProOptProSchedule.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:Program Files (x86)Optimizer ProOptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:Program Files (x86)Optimizer ProOptProStart.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:ProgramDataBasicSeekbasicseek110.exe (PUP.Zwangi) -> Quarantined and deleted successfully.
C:ProgramDataTarma Installer{361E80BE-388B-4270-BF54-A10C2B756504}Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:UsersAdminAppDataRoamingFile Scoutfilescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:UsersAdminDownloadsFlashPlayer_V.43740451c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersAdminDownloadsiLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:UsersAdminDownloadsUltimateCodec.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5ES0I3F30bundlesweetimsetup[1].exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5RWK6A81VSkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5ZLEGPGFXconduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5ZLEGPGFXSetup[1].exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempIMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempmgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempnewsetup.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempShortcut_IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempSweetIESetup.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempSweetIMInstallValidator.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempSweetIMSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempWSSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempct3310511stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempis127551935048765424_stp.EXE (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempis127551935048765293_stpBatBrowseSetup.exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempis127551935048765363_stpGreatArcadeHits.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempis48933691mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempis48933691mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempis48933691mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempis48933691mysearchdialsrv.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempis48933691mysearchdialTlbr.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempis48933691MySearchDialUpdate.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalTempnsz8103.tmp10sweetpacks_dlcom_conduit_942013.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:UsersEmmaDownloadsiTunes_Setup (1).exe (PUP.Optional.ExpressInstall.A) -> Quarantined and deleted successfully.
C:WindowsSystem32ARFCwrtc.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:WindowsSystem32jmdplmrn.dll (PUP.Optional.Sweetpacks) -> Delete on reboot.
C:WindowsSystem32jmdpstij.exe (PUP.Optional.InstallBrain.A) -> Delete on reboot.
C:WindowsSystem32WNLTInstallationSKSetup.exe (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:WindowsTasksGreatArcadeHits.job (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersAdminAppDataRoamingspeedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowseBatBrowse.ico (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowseBatBrowseUninstall.exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowseccncljhbalbbkkfgopogabimepmfkmff.crx (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowsesqlite3.exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowsebinsqlite3.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowsebinutilBatBrowse.InstallState (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowsebinpluginsBatBrowse.CompatibilityChecker.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowsebinpluginsBatBrowse.FFUpdate.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowsebinpluginsBatBrowse.GCUpdate.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:Program Files (x86)BatBrowsebinpluginsBatBrowse.IEUpdate.dll (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.
C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2Optimizer Pro.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2Check updates.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2Help.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2Optimizer Pro on the Web.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro v3.2Uninstall Optimizer Pro.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:ProgramDataTarma Installer{361E80BE-388B-4270-BF54-A10C2B756504}Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:ProgramDataTarma Installer{361E80BE-388B-4270-BF54-A10C2B756504}_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:ProgramDataTarma Installer{361E80BE-388B-4270-BF54-A10C2B756504}_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:UsersAdminAppDataRoamingBabSolutionSharedBUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:UsersAdminAppDataRoamingBabSolutionSharedchu.js (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:UsersAdminAppDataRoamingBabSolutionSharedSQLite3.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataRoamingmysearchdialicons_2.2.5.107059.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataRoamingmysearchdialicons_2.2.5.107060.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:UsersAdminAppDataRoamingFile Scoutuninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:WindowsSystem32WNLTInstallationConfig.bin (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:WindowsSystem32WNLTInstallationuninstaller.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:WindowsSysWOW64WNLTInstallationConfig.bin (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:WindowsSysWOW64WNLTInstallationSKSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:WindowsSysWOW64WNLTInstallationuninstaller.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHitsapplication.ico (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHitscookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHitsGAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHitsGAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHitsstatic.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chrome.manifest (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chromecontentapplication.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chromecontentpage.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:UsersEmmaAppDataLocalGreatArcadeHits{B21F5E31-B8E8-41CD-B74C-168A71A10E49}chromecontentstatic.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:Program Files (x86)SweetPacksGottenAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:Program Files (x86)SweetPacksOtherAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:Program Files (x86)SweetPacksSharedAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:Program Files (x86)SweetPacksToolbarContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
(end)
Here is the 2nd log...
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.03.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Admin :: ASUS [administrator]
Protection: Enabled
11/3/2013 3:23:29 PM
mbam-log-2013-11-03 (15-23-29).txt
Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 402842
Time elapsed: 2 hour(s), 5 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Link to post
Share on other sites

Here are the Adwcleaner logs...

 

# AdwCleaner v3.011 - Report created 03/11/2013 at 23:05:18
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ASUS
# Running from : E:AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:END
File Found : C:UsersAdminAppDataLocalTempUninstall.exe
File Found : C:UsersAdminAppDataRoamingBabMaint.exe
File Found : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_app.mam.conduit.com_0.localstorage
File Found : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:UsersEmmaDesktopContinue SweetIM Installation.lnk
File Found : C:UsersEmmaDesktopOptimizer Pro.lnk
File Found : C:WindowsSystem32dmwu.exe
File Found : C:WindowsSystem32ImhxxpComm.dll
File Found : C:WindowsSystem32roboot64.exe
File Found : C:WindowsSystem32TasksDSite
File Found : C:WindowsSystem32TasksEPUpdater
File Found : C:WindowsSystem32TasksUpdaterEX
File Found : C:WindowsTasksDSite.job
File Found : C:WindowsTasksUpdaterEX.job
Folder Found : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultExtensionsdlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:UsersRachelAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:Program Files (x86)BasicSeek
Folder Found C:Program Files (x86)Conduit
Folder Found C:Program Files (x86)Mysearchdial
Folder Found C:Program Files (x86)optimizer pro
Folder Found C:Program Files (x86)Searchprotect
Folder Found C:ProgramDataAsk
Folder Found C:ProgramDataBabylon
Folder Found C:ProgramDataBasicSeek
Folder Found C:ProgramDataConduit
Folder Found C:ProgramDataPartner
Folder Found C:Searchprotect
Folder Found C:UsersAdminAppDataLocalConduit
Folder Found C:UsersAdminAppDataLocalSupreme Savings
Folder Found C:UsersAdminAppDataLocalSwvUpdater
Folder Found C:UsersAdminAppDataLocalTempAirInstaller
Folder Found C:UsersAdminAppDataLocalLowboost_interprocess
Folder Found C:UsersAdminAppDataLocalLowConduit
Folder Found C:UsersAdminAppDataRoamingConduit
Folder Found C:UsersAdminAppDataRoamingDSite
Folder Found C:UsersAdminAppDataRoamingPerformerSoft
Folder Found C:UsersAdminAppDataRoamingSpeedanAlysis
Folder Found C:UsersEmmaAppDataLocalConduit
Folder Found C:UsersEmmaAppDataLocalLowConduit
Folder Found C:UsersEmmaAppDataRoamingoptimizer pro
Folder Found C:UsersEmmaAppDataRoamingSearchprotect
Folder Found C:UsersEmmaAppDataRoamingUpdaterEX
Folder Found C:WindowsSystem32ljkb
Folder Found C:WindowsSysWOW64ARFC
Folder Found C:WindowsSysWOW64jmdp
Folder Found C:WindowsSysWOW64WNLT
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : [x64] HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] - C:PROGRA~2OPTIMI~1OPTPRO~2.DLL
Key Found : HKCUSoftware5d5388dbbd34e948
Key Found : HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCUSoftwareAppDataLowSoftwareCrossrider
Key Found : HKCUSoftwareAppDataLowSoftwaresmartbar
Key Found : HKCUSoftwareBabSolution
Key Found : HKCUSoftwareConduit
Key Found : HKCUSoftwaredsiteproducts
Key Found : HKCUSoftwarefilescout
Key Found : HKCUSoftwareilivid
Key Found : HKCUSoftwareImInstaller
Key Found : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCUSoftwareperformersoft llc
Key Found : HKCUSoftwarewnlt
Key Found : [x64] HKCUSoftwareBabSolution
Key Found : [x64] HKCUSoftwareConduit
Key Found : [x64] HKCUSoftwaredsiteproducts
Key Found : [x64] HKCUSoftwarefilescout
Key Found : [x64] HKCUSoftwareilivid
Key Found : [x64] HKCUSoftwareImInstaller
Key Found : [x64] HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKCUSoftwareperformersoft llc
Key Found : [x64] HKCUSoftwarewnlt
Key Found : HKLMSoftware{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLMSoftwareBabylon
Key Found : HKLMSOFTWAREClassesApplicationsilividsetup.exe
Key Found : HKLMSOFTWAREClassesCLSID{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLMSOFTWAREClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLMSOFTWAREClassesCLSID{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLMSOFTWAREClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLMSOFTWAREClassesCLSID{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLMSOFTWAREClassesdriverscanner
Key Found : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLMSOFTWAREClassesInterface{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLMSOFTWAREClassesInterface{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLMSOFTWAREClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLMSOFTWAREClassesProd.cap
Key Found : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLMSoftwareConduit
Key Found : HKLMSoftwareDataMngr
Key Found : HKLMSOFTWAREGoogleChromeExtensionsccncljhbalbbkkfgopogabimepmfkmff
Key Found : HKLMSOFTWAREGoogleChromeExtensionscfcbmgbfdbijmjgjihagbomfbjfjmgon
Key Found : HKLMSOFTWAREGoogleChromeExtensionsmocblcnaofikinigmceddfghppkkjbog
Key Found : HKLMSOFTWAREGoogleChromeExtensionsogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLMSoftwareInstallCore
Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{31111111-1111-1111-1111-110111991162}
Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLMSOFTWAREMicrosoftTracingau__rasapi32
Key Found : HKLMSOFTWAREMicrosoftTracingau__rasmancs
Key Found : HKLMSOFTWAREMicrosoftTracingBingBar_RASMANCS
Key Found : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASAPI32
Key Found : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASMANCS
Key Found : HKLMSOFTWAREMicrosoftTracingiLividSetup_RASAPI32
Key Found : HKLMSOFTWAREMicrosoftTracingiLividSetup_RASMANCS
Key Found : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASAPI32
Key Found : HKLMSOFTWAREMicrosoftTracingMyBabylontb_RASMANCS
Key Found : HKLMSOFTWAREMicrosoftTracingTaskScheduler_RASAPI32
Key Found : HKLMSOFTWAREMicrosoftTracingTaskScheduler_RASMANCS
Key Found : HKLMSOFTWAREMicrosoftTracingupdateBatBrowse_RASAPI32
Key Found : HKLMSOFTWAREMicrosoftTracingupdateBatBrowse_RASMANCS
Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallOptimizer Pro_is1
Key Found : HKLMSoftwareSupreme Savings
Key Found : [x64] HKLMSOFTWAREClassesCLSID{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : [x64] HKLMSOFTWAREClassesCLSID{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLMSOFTWAREClassesCLSID{64697678-0000-0010-8000-00AA00389B71}
Key Found : [x64] HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLMSOFTWAREClassesInterface{88CCA982-C030-4B27-8FBC-201189970FDE}
Key Found : [x64] HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLMSOFTWAREDivXInstallSetupWizardLayoutConduitToolbar
Key Found : [x64] HKLMSOFTWARETarma Installer
Key Found : [x64] HKLMSOFTWAREUpdater By Sweetpacks
Key Found : [x64] HKLMSOFTWAREwnlt
Value Found : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKCUSoftwareMozillaFirefoxExtensions [[email protected]]
Value Found : HKCUSoftwareMozillaFirefoxExtensions [[email protected]]
Value Found : HKLMSOFTWAREMozillaFirefoxExtensions [[email protected]]
Value Found : HKLMSOFTWAREMozillaFirefoxExtensions [[email protected]]
***** [ Browsers ] *****
- Internet Explorer v10.0.9200.16720
- Google Chrome v30.0.1599.101
[ File : C:UsersAdminAppDataLocalGoogleChromeUser DataDefaultpreferences ]
[ File : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultpreferences ]
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : search_url
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
[ File : C:UsersRachelAppDataLocalGoogleChromeUser DataDefaultpreferences ]
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [9981 octets] - [03/11/2013 23:05:18]
########## EOF - C:AdwCleanerAdwCleaner[R0].txt - [10041 octets] ##########
# AdwCleaner v3.011 - Report created 03/11/2013 at 23:33:03
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ASUS
# Running from : E:AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultExtensionsdlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
- Internet Explorer v10.0.9200.16720
- Google Chrome v30.0.1599.101
[ File : C:UsersAdminAppDataLocalGoogleChromeUser DataDefaultpreferences ]
[ File : C:UsersEmmaAppDataLocalGoogleChromeUser DataDefaultpreferences ]
*************************
AdwCleaner[R0].txt - [10210 octets] - [03/11/2013 23:05:18]
AdwCleaner[R1].txt - [1187 octets] - [03/11/2013 23:31:25]
AdwCleaner[s0].txt - [9123 octets] - [03/11/2013 23:14:17]
AdwCleaner[s1].txt - [1113 octets] - [03/11/2013 23:33:03]
########## EOF - C:AdwCleanerAdwCleaner[s1].txt - [1173 octets] ##########
Link to post
Share on other sites

Please download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

Tell us if the computer is running normally now, or not.

Link to post
Share on other sites

I downloaded TFC and followed your instructions...The computer is running fast now, but I would like to optimize it as much as possible and install a few programs that will work together and prevent it getting bogged down like it was again...I would also like to run any more programs you recommend to clean it up further and possibly install a free antivirus...Should I keep the windows security essentials installed? Thanks! Jennifer

Link to post
Share on other sites

Keep Microsoft Security Essentials.

 

Make sure windows firewall is enabled.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

[*]Green should be good to go

[*]Yellow for caution

[*]Red to stop

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

 

 

SpywareBlaster protects against bad ActiveX.

http://www.javacoolsoftware.com/spywareblaster.html

Link to post
Share on other sites

I know it's her computer and she wants to have full run around with it but, if she used an user account with limited privileges, less can happen

Other then that, thats about all we can for now.

Link to post
Share on other sites

You won't be able to use AdwCleaner as a 'working' application. It's continually being updated!

 

Removing/Uninstalling AdwCleaner:

 

Double click on AdwCleaner.exe to run the tool again.

    [*]Click on the Uninstall button.

    [*]Click Yes when asked are you sure you want to uninstall.

    [*]Both AdwCleaner.exe, its folder and all logs will be removed.

If you need to use it again, you will need to re-download and go through the process of scanning and deleting detected adware as you did above. ;)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...