# PC Health Kit Performance Monitor



## nhoj (Oct 12, 2013)

I have this come up PC Health Kit Performance Monitor and I have never installed it. How do you get raid of this?


Also how do you change your HOME PAGE back to what it was?  I keep getting Goggle Chrome and it should be Centurylink.


----------



## johnb35 (Oct 12, 2013)

I would say you are infected.  Please do the following.

1.

Please download* AdwCleaner* by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download *Malwarebytes' Anti-Malware *from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run *Rkill.scr*,  *Rkill.exe*, or *Rkill.com*.  If you are still having issues running rkill then try downloading these renamed versions of the same program.

*EXPLORER.EXE*
*IEXPLORE.EXE*
*USERINIT.EXE*
*WINLOGON.EXE*

But *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the *HijackThis* installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

*Vista and Windows 7 users must right click on the hijackthis icon and click on run as.  If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.* 


Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy.  Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## nhoj (Oct 12, 2013)

I am using avast Antivirus.

I don't know anything about AdwCleaner can you explain this program?

Not sure what HijackThis is ether?


----------



## johnb35 (Oct 12, 2013)

Please follow the steps outlined and post the requested logs.


----------



## S.T.A.R.S. (Oct 12, 2013)

According to what you told us,I must agree with johnb35 and say that you are probably infected.
Do what johnb35 said in his post with instructions.


----------



## nhoj (Oct 12, 2013)

nhoj said:


> I am using avast Antivirus.
> 
> I don't know anything about AdwCleaner can you explain this program?
> 
> Not sure what HijackThis is ether?




I got Reg Clean Pro and it told me that I had 419 Errors and if I would buy the Full version it would clean my Computer, and if I took the Free version it would clean 15 of them. Any time you have to buy something all they are doing is pushing there product.

My question is did I download something that I did not want?



And also I got a window asking me to back up my files, is this something that I don't need?

Everything else went OK.

Just need to clean everything up so that I don't get all this juck.


----------



## johnb35 (Oct 12, 2013)

Reg clean pro is junk.  I really need you to do what I posted and post the logs for review.  That is the only way your system will get cleaned up.  And just because you have avast doesn't mean you can't get infected.


----------



## nhoj (Oct 12, 2013)

I believe I need to start all over again and YES do what you have told me to do.

I was OK up until I get to that Reg Clean Pro and I do not know where that came from.

What do I need to correct everything now?


You have been very good in helping me. I am not a Computer expert.

As far as backed how impotent is it?  I have never done this before. 

I might be asking some doom questions, but you are the expert on this.

By  post the requested logs were do you put them?


----------



## johnb35 (Oct 12, 2013)

You post the logs in your reply.


----------



## nhoj (Oct 13, 2013)

johnb35 said:


> You post the logs in your reply.



I can get everyone but when it comes to HijackThis  I cannot download it. I get FileHippo 

I have Windows 7 and I went there and it's been downloading for 6 hours so far and it is still downloading. Am I in the right one?

According to FileHippo I have 8 updates, I am totally confused when I get to HijackThis?

Am I doing something worn? At this point.


----------



## johnb35 (Oct 14, 2013)

When the file hippo page loads, click up top right on the green arrow where it says download latest version.  That is the hijackthis software.


----------



## nhoj (Oct 14, 2013)

johnb35 said:


> When the file hippo page loads, click up top right on the green arrow where it says download latest version.  That is the hijackthis software.




Thank-You every much for helping me with this. I have completed everything now.

Hope that this all FREE. Malwarebytes Anti-Malware tells me that I have 0 days remaining.  Am I to do something to keep this working or up to date? 

Everything else is working OK so far.


----------



## johnb35 (Oct 14, 2013)

I need you to post the logs requested as you may have other issues that need to be fixed. 

You just enabled the trial version of malwarebytes.  All you need to do is end trial and disable malwarebytes from running at bootup.  You should be able to do that by right clicking on the icon in the system tray down by the clock.

But as I said, please post the logs.


----------



## nhoj (Oct 15, 2013)

johnb35 said:


> I need you to post the logs requested as you may have other issues that need to be fixed.
> 
> You just enabled the trial version of malwarebytes.  All you need to do is end trial and disable malwarebytes from running at bootup.  You should be able to do that by right clicking on the icon in the system tray down by the clock.
> 
> But as I said, please post the logs.



I hope that this is what you wanted


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
John Wilhelm :: JOHNWILHELM-HP [administrator]

10/14/2013 7:03:19 PM
mbam-log-2013-10-14 (19-03-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208845
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## johnb35 (Oct 15, 2013)

You ran it just a bit ago, didn't you?  I need the log that actually removed the infections.  Open malwarebytes, click on the logs tab, open the log that removed the infections and copy and paste back here.  I also need the hijackthis log along with the adwcleaner log.


----------



## nhoj (Oct 15, 2013)

johnb35 said:


> You ran it just a bit ago, didn't you?  I need the log that actually removed the infections.  Open malwarebytes, click on the logs tab, open the log that removed the infections and copy and paste back here.  I also need the hijackthis log along with the adwcleaner log.



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.12.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
John Wilhelm :: JOHNWILHELM-HP [administrator]

10/12/2013 6:51:39 AM
mbam-log-2013-10-12 (06-51-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208252
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 4
C:\Program Files (x86)\bomlabio\updatebomlabio.exe (PUP.Optional.Bomlabio.A) -> 2156 -> Delete on reboot.
C:\Program Files (x86)\bomlabio\bin\utilbomlabio.exe (PUP.Optional.Bomlabio.A) -> 2308 -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe (Rogue.PCHealthKit) -> 3372 -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe (Rogue.PCHealthKit) -> 3192 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 20
HKLM\SYSTEM\CurrentControlSet\Services\Update bomlabio (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util bomlabio (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{9593d220-8a70-4dce-9e80-16668c228bef} (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{cb36d5fd-991d-4f82-bff6-84c414999f58} (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0B060FEE-10D2-437D-A13F-93B6B59E3BE8} (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9593D220-8A70-4DCE-9E80-16668C228BEF} (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (Adware.GameVance) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Health Kit_is1 (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\Software\bomlabio (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
HKCU\Software\PC Health Kit (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\TidyNetwork.com (PUP.TidyNetwork) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PC Health Kit (Rogue.PCHealthKit) -> Data: C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {AAC9C9ED-23DC-11E3-9EBB-AC162D0C0B25} -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 18
C:\Program Files (x86)\PC Health Kit (Rogue.PCHealthKit) -> Delete on reboot.
C:\Users\John Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\TopArcadeHits (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio (PUP.Optional.Bomlabio.A) -> Delete on reboot.
C:\Program Files (x86)\bomlabio\bin (PUP.Optional.Bomlabio.A) -> Delete on reboot.
C:\Program Files (x86)\bomlabio\bin\plugins (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\update (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\CT3297927 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 143
C:\Program Files (x86)\bomlabio\updatebomlabio.exe (PUP.Optional.Bomlabio.A) -> Delete on reboot.
C:\Program Files (x86)\bomlabio\bin\utilbomlabio.exe (PUP.Optional.Bomlabio.A) -> Delete on reboot.
C:\Program Files (x86)\bomlabio\bomlabioBHO.dll (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\TopArcadeHits\Toparcadehits.dll (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\air89DF.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\airBF42.exe (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\Installer.exe (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsd123C.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsd159F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsdDD78.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsdEE9C.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nseE05B.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsi82C9.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsiE111.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsn1A69.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsnF27F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsp6B3F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsu3F2D.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsuEB66.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsx850A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\nsy69F2.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\OptimizerProDynamic.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\QuickShare1.exe (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\Shortcut_sweetpacks_conduit_942013.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\Toparcadehits_setup.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\toparcadesetup.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\WSSetup.exe (PUP.Optional.Perion.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\chlogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\ielogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\CT3297927\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\sl.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Downloads\ClasifiedsSetup (1).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Downloads\ClasifiedsSetup (2).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Downloads\ClasifiedsSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Downloads\coolreader_freely_d163113(1).exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Downloads\coolreader_freely_d163113.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Downloads\Mapit_1_B2.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Downloads\rcpsetup_dcnew_util_300_pd.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Downloads\rcpsetup_matomy_my40945.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\TopArcadeHits\uninstaller.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\TopArcadeHits\updater.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\G046CQFT\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\G046CQFT\Inbox[1].cab (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\G046CQFT\InternetHelper3.1[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\G046CQFT\mgsqlite3[1].7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\G046CQFT\SweetPacks[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\HRXI0Z14\Setup[1].exe (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\HRXI0Z14\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\HRXI0Z14\WhiteSmoke_New[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\HRXI0Z14\WhiteSmoke_New_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\SI1QCUFK\checktbexist[1].exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\SI1QCUFK\DefaultTabSetupf[1].exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\SI1QCUFK\Inbox_dll[1].cab (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\SI1QCUFK\OptimizerPro[1].exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\SI1QCUFK\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\SI1QCUFK\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\WKZYB7J3\bomlabio_ai[1].exe (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\WKZYB7J3\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\WKZYB7J3\Inbox64[1].cab (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\WKZYB7J3\InternetHelper3_1_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\WKZYB7J3\QuickShare1[1].exe (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\WKZYB7J3\SweetPacks_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\Local Settings\Temporary Internet Files\Content.IE5\WKZYB7J3\Toparcadehits_setup[1].exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\PCHealthKit.chm (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\CookiesException.txt (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\English.ini (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\file_id.diz (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\HomePage.url (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\PCHealthKit.exe (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\PCHKGuard.exe (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKSchedule.exe (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKUninstaller.exe (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\scan.gif (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\sqlite3.dll (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\StartupList.txt (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\unins000.dat (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Health Kit\unins000.exe (Rogue.PCHealthKit) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\TopArcadeHits\tah.config (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\TopArcadeHits\uninstaller.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\TopArcadeHits\updater.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\TopArcadeHits.job (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\updatebomlabio.InstallState (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\bomlabio.Common.dll (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\bomlabio.ico (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\bomlabioUninstall.exe (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\ljidjdddaoiogpbmniipclcppkoembao.crx (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\sqlite3.exe (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\bin\utilbomlabio.InstallState (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\bin\plugins\bomlabio.FFUpdate.dll (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\bin\plugins\bomlabio.IEUpdate.dll (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\bomlabio\update\n1iiuvuo.e4s.exe (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\CT3289663.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289663\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\CT3289847.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3289847\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\CT3297927\CT3297927.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\CT3297927\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\CT3297927\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\CT3310511.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John Wilhelm\AppData\Local\Temp\ct3310511\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)


----------



## johnb35 (Oct 15, 2013)

If you have not done so already please do the following.

1.

Please download* AdwCleaner* by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Download the *HijackThis* installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

*Vista and Windows 7 users must right click on the hijackthis icon and click on run as.  If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.* 


Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy.  Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces


----------



## nhoj (Oct 15, 2013)

johnb35 said:


> You ran it just a bit ago, didn't you?  I need the log that actually removed the infections.  Open malwarebytes, click on the logs tab, open the log that removed the infections and copy and paste back here.  I also need the hijackthis log along with the adwcleaner log.





* Trend Micro HijackThis v2.0.4 *


See bottom for version history.

The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

 R - Registry, StartPage/SearchPage changes
    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be
 F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    F2 - Changed inifile value, mapped to Registry
    F3 - Created inifile value, mapped to Registry
 N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla
 O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols and filters
    O19 - User stylesheet hijack
    O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
    O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    O22 - SharedTaskScheduler autorun Registry key
    O23 - Enumeration of NT Services
    O24 - Enumeration of ActiveX Desktop Components

Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention

* Version history *

[v2.0.4]
* Fixed parser issues on winlogon notify
* Fixed issues to handle certain environment variables
* Rename HJT generates complete scan log
[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
 * Added O23 (NT Services) in light of newer trojans
 * Integrated ADS Spy into Misc Tools section
 * Added 'Action taken' to info in 'More info on this item'
[v1.98]
 * Definitive support for Japanese/Chinese/Korean systems
 * Added O20 (AppInit_DLLs) in light of newer trojans
 * Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
 * Added O22 (SharedTaskScheduler) in light of newer trojans
 * Backups of fixed items are now saved in separate folder
 * HijackThis now checks if it was started from a temp folder
 * Added a small process manager (Misc Tools section)
[v1.96]
 * Lots of bugfixes and small enhancements! Among others:
 * Fix for Japanese IE toolbars
 * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
 * Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
 * Added several files to the LSP whitelist
 * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
 * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
 * Added a new regval to check for from Whazit hijack (Start Page_bak).
 * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
 * New in logfile: Running processes at time of scan.
 * Checkmarks for running StartupList with /full and /complete in HijackThis UI.
 * New O19 method to check for Datanotary hijack of user stylesheet.
 * Google.com IP added to whitelist for Hosts file check.
[v1.94]
 * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
 * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
 * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
 * Fixed a bug where DPF could not be deleted.
 * Fixed a stupid bug in enumeration of autostarting shortcuts.
 * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
 * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
 * Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
 * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
 * Fixed a bug in LSP routine for Win95. 
 * Made taborder nicer.
 * Fixed a bug in backup/restore of IE plugins.
 * Added UltimateSearch hijack in O17 method (I think). 
 * Fixed a bug with detecting/removing BHO's disabled by BHODemon.
 * Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
 * Fixed two stupid bugs in backup restore function. 
 * Added DiamondCS file to LSP files safelist.
 * Added a few more items to the protocol safelist.
 * Log is now opened immediately after saving. 
 * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
 * Updated integrated StartupList to v1.52.
 * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
 * Rudimentary proxy support for the Check for Updates function.
[v1.91]
 * Added rd.yahoo.com to the Nonstandard But Safe Domains list. 
 * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
 * Added listing of programs/links in Startup folders (O4).
 * Fixed 'Check for Update' not detecting new versions.
[v1.9]
 * Added check for Lop.com 'Domain' hijack (O17).
 * Bugfix in URLSearchHook (R3) fix.
 * Improved O1 (Hosts file) check.
 * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
 * Added AutoConfigURL and proxyserver checks (R1).
 * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
 * Added check for extra protocols (O18).
[v1.81]
 * Added 'ignore non-standard but safe domains' option.
 * Improved Winsock LSP hijackers detection.
 * Integrated StartupList updated to v1.4.
[v1.8]
 * Fixed a few bugs.
 * Adds detecting of free.aol.com in Trusted Zone.
 * Adds checking of URLSearchHooks key, which should have only one value.
 * Adds listing/deleting of Download Program Files.
 * Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
 * Improves detecting of O6.
 * Some internal changes/improvements.
[v1.7]
 * Adds backup function! Yay!
 * Added check for default URL prefix
 * Added check for changing of IERESET.INF
 * Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
 * Fixes Runtime Error when Hosts file is empty.
[v1.6]
 * Added enumerating of MSIE plugins
 * Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
 * Adds 'Uninstall & Exit' and 'Check for update online' functions. 
 * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
 * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
 * A few bugfixes/enhancements
[v1.3]
 * Adds detecting of extra MSIE context menu items
 * Added detecting of extra 'Tools' menu items and extra buttons
 * Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
 * Adds 'Ignorelist' and 'Info' functions
[v1.1]
 * Supports BHO's, some default URL changes
[v1.0]
 * Original release

A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.


I hope that I got the information you wanted.


----------



## johnb35 (Oct 15, 2013)

Not sure where you got that info from but you need to follow my directions I posted.  That is not the info I need.


----------



## nhoj (Oct 16, 2013)

johnb35 said:


> Not sure where you got that info from but you need to follow my directions I posted.  That is not the info I need.




I got the infro from HijackThis.

I went to see if there was any other results and I cannot find anything else.

I hope that we will get everything taken care of. 

Can you tell me where you find the infro that you want from Hijackthis? I uninstalled it and than installed it again.

It woiuld not be in the AdwCleaner would it?


----------



## johnb35 (Oct 16, 2013)

You open hijackthis, then click on "do a system scan and save a log file"  When the notepad file pops up, just copy and paste the contents in your reply.


----------



## nhoj (Oct 16, 2013)

johnb35 said:


> You open hijackthis, then click on "do a system scan and save a log file"  When the notepad file pops up, just copy and paste the contents in your reply.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:59:18 PM, on 10/15/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\optimi~1\optpro~1.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11377 bytes

I hope that this is what you want.


----------



## johnb35 (Oct 16, 2013)

yes, that is what i wanted.  Ok, you need to uninstall a couple things.

trojanhunter 
file hippo update checker

Uninstall those programs by going into the control panel, into programs and features and highlight each of those programs and then click on uninstall.


----------



## nhoj (Oct 16, 2013)

johnb35 said:


> yes, that is what i wanted.  Ok, you need to uninstall a couple things.
> 
> trojanhunter
> file hippo update checker
> ...




I have successfully uninstalled these.

I am still trying to set up my Homepage and it keeps going to goggles chrome and I put in my hamepage address and when I come back it has this screen: UNABLE TO ACCESS THE NETWORK  Reload or Cancel.


----------



## johnb35 (Oct 16, 2013)

What web browser do you plan on using?  Also, what do you want your homepage set to?


----------



## nhoj (Oct 16, 2013)

johnb35 said:


> What web browser do you plan on using?  Also, what do you want your homepage set to?



The web Browser that I want is gobble chrome and I want Centurylink to be my Home Page.


----------



## johnb35 (Oct 16, 2013)

It's google chrome.  Follow the directions here to manually set your home page.

https://support.google.com/chrome/answer/95314?hl=en


----------



## nhoj (Oct 17, 2013)

johnb35 said:


> It's google chrome.  Follow the directions here to manually set your home page.
> 
> https://support.google.com/chrome/answer/95314?hl=en



I went to the settings and find no Set your homepage.

Also I did not find Add the home button to the browser toolbar.

Also I did not find Appearance ether.


----------



## nhoj (Oct 17, 2013)

I do have a question on AdwCleaner, HijackThis, and Malwarebytes 'Anti-Malware , how often do you have to run these programs to stay safe?

Daily, Weekly or Monthly?


----------



## johnb35 (Oct 17, 2013)

Malwarebytes you should run on a weekly basis.  Adwcleaner can be run every so often, however a new download would be required to get the latest definitions.  

As far as your home page issue, I don't use chrome but maybe someone else can tell you how to set it.  Should be pretty easy and somewhere in the settings.


----------



## nhoj (Oct 18, 2013)

I have some other problems which I feel are more than likely simple, but before I do anything I want to check with you.

I have Piriform CCleaner should I remove this?

And some reason I now get this when I start my computer up:  Start Liminent.com start web I do not want this so how do you remove it?  It brings up a bar at the top of my computer.

I did get raid of Liminent.

Not sure if I should get raid of  Piriform CCleaner.  I'd say yes but before I do i'll wait on you.


----------



## nhoj (Oct 19, 2013)

Is Piriform CCleaner part of AdwCleaner?

If not should I delete it?


----------



## johnb35 (Oct 19, 2013)

Keep Ccleaner, its a nice program to run once a week.  And its not part of adwcleaner


----------



## S.T.A.R.S. (Oct 19, 2013)

It's easy to change your homepage in Google chrome.
Of course there are tons of ways of how you can do that.
Here is one of them:

In the ADDRESS BAR (the place where you write web page links such as "www.google.com) write "chrome://settings/browser" but without the quotation marks!
Under BASICS section make sure that under the STARTUP the option called OPEN THE HOMEPAGE is selected.After that make sure that under HOME PAGE you select OPEN THIS PAGE.And there in that small text box write the link of your home page you want to use.On the picture the one that is used is:

http://4rapiddev.com/







Oh yea by the way...according to your logs you posted...I would say that you both have the same name ---> John? 
Am I right? 





Cheers!


----------



## nhoj (Oct 19, 2013)

S.T.A.R.S. said:


> It's easy to change your homepage in Google chrome.
> Of course there are tons of ways of how you can do that.
> Here is one of them:
> 
> ...




I went and type that in and it does not come up with anything stating anything about Open the home page?


----------



## nhoj (Oct 19, 2013)

Settings
Sign in

Sign in to Google Chrome with your Google Account to save your personalized browser features to the web and access them from Google Chrome on any computer. You'll also be automatically signed in to your favorite Google services. Learn more
Sign in to Chrome
On startup


Open the New Tab page

Continue where I left off

Open a specific page or set of pages.  Set pages
Appearance

Get themes  Reset to default theme

Show Home button
New Tab page  Change

Always show the bookmarks bar
Search

Set which search engine is used when searching from the omnibox.
  Manage search engines...
Users

You are currently the only Google Chrome user.
Add new user...  Delete this user Import bookmarks and settings...
Default browser

The default browser is currently Google Chrome.

This is the page that comes up.


----------

