WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

rvzr-a.akamaihd.net [Solved]

Started by Manbearpig79 , Oct 27 2013 01:50 PM

This topic is locked

23 replies to this topic

#16 Manbearpig79

New Member

Authentic Member
12 posts

Posted 06 November 2013 - 11:37 PM

^ESET

^{C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll Win32/Toolbar.Linkury.D application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\101_cortica_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\105_corticas_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\107_coupish_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\108_icm_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\116_ads_only_5_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\117_coupons_intext_ads_5_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\119_similar_web_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\120_luck_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\123_intext_adv_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\125_arcadi2_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\126_revizer_ws_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\127_revizer_p_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\128_superfish_pricora_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\129_widdit_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\135_arcadi3_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\138_getdeal_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\155_ibario_pops_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\159_cortica_rollover_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\170_icm1_5_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\171_arcadi2_sourceID_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\175_coolmirage_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\0VYCH029\50onred_ads_only_no_fb_m[2].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\0VYCH029\arcadi2_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\0VYCH029\icm1_5_m[2].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\0VYCH029\intext_5_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\0VYCH029\similar_web_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\0VYCH029\superfish_no_search_no_coupons_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\ads_only_5_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\ads_only_5_m[2].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\arcadi2_sourceID_m[2].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\arcadi_serp_dynamic_id_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\CodecPerformerSetup.exe a variant of Win32/InstallBrain.AW application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\coolmirage_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\cortica_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\coupons_intext_ads_5_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\dealply_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\eGdpSvc[1].exe a variant of Win32/ELEX.S application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\icm_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\revizer_p_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\revizer_p_m[2].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\3HCUVKDI\revizer_ws_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\AXOQS2F9\arcadi3_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\AXOQS2F9\CodecPerformerSetup.exe a variant of Win32/InstallBrain.AW application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\AXOQS2F9\coolmirage_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\AXOQS2F9\coupish_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\AXOQS2F9\getdeal_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\AXOQS2F9\icm1_5_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\AXOQS2F9\icm_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\50onred_ads_only_no_fb_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\cbsidlm-cbsi134-Super_Ad_Blocker-ORG-10295147.exe probably a variant of Win32/CNETInstaller.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\CodecPerformerSetup (1).exe a variant of Win32/InstallBrain.AW application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\CodecPerformerSetup.exe a variant of Win32/InstallBrain.AW application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\coolmirage_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\corticas_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\cortica_rollover_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\coupons_intext_ads_5_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\ibario_pops_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\intext_5_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\intext_adv_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\jollywallet_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\luck_m[2].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\revizer_ws_m[2].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\superfish_pricora_m[2].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\IE\O7LR2RQY\widdit_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\Brandon\AppData\Local\Temp\015cb27d-e87b-4519-a964-b8d7b95c5078.exe multiple threats

C:\Windows.old\Users\Brandon\AppData\Local\Temp\tbappb.dll a variant of Win32/Toolbar.Conduit.B application

C:\Windows.old\Users\Brandon\AppData\Local\Temp\tbSwee.dll a variant of Win32/Toolbar.Conduit.B application

C:\Windows.old\Users\Brandon\AppData\Local\Temp\{6C61F3BC-0B2A-432C-8EB4-6C9B5D076E78}\setup.exe multiple threats

C:\Windows.old\Users\Brandon\AppData\Local\Temp\{B2DC238B-6825-4D2F-924A-D33E923FE4BA}\setup.exe multiple threats

C:\Windows.old\Users\Brandon\AppData\Roaming\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application

C:\Windows.old\Users\Brandon\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\101_cortica_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\105_corticas_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\107_coupish_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\108_icm_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\116_ads_only_5_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\117_coupons_intext_ads_5_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\119_similar_web_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\120_luck_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\123_intext_adv_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\125_arcadi2_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\126_revizer_ws_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\127_revizer_p_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\128_superfish_pricora_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\129_widdit_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\135_arcadi3_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\138_getdeal_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\155_ibario_pops_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\159_cortica_rollover_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\170_icm1_5_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\171_arcadi2_sourceID_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.84_0\extensionData\plugins\175_coolmirage_m.js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\8ZQ8MP24\50onred_ads_only_no_fb_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\JCITVZ64\coolmirage_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\JCITVZ64\coupons_intext_ads_5_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\JCITVZ64\icm_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\O7E5WPMD\icm1_5_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\O7E5WPMD\icm_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\O7E5WPMD\revizer_p_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\YC31IJSA\ads_only_5_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\YC31IJSA\coolmirage_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\YC31IJSA\intext_5_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Local\Microsoft\Windows\INetCache\IE\YC31IJSA\revizer_ws_m[1].js JS/Toolbar.Crossrider.A application

C:\Windows.old\Users\jabon_000\AppData\Roaming\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application

C:\Windows.old\Users\jabon_000\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application}

Advertisements

Register to Remove

#17 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 12 November 2013 - 08:10 AM

Please delete C:\Windows.old, then rescan with ESET and post the log.

Proud Member of UNITE & TB

#18 Manbearpig79

New Member

Authentic Member
12 posts

Posted 13 November 2013 - 08:21 PM

Only 1 threat

C:\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\IL0AWCAK\Java7.exe a variant of Win32/DomaIQ.AK application

#19 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 14 November 2013 - 02:58 AM

Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:

Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
Save and close all running applications
Double-click on TFC.exe to run the program
Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
When the scan is complete, if you were not asked to reboot the computer, please do so now

More Information can be found about the tool here: http://www.geekstogo...er-by-oldtimer/

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe
Hit Scan and wait for the scan to finish.
Confirm the message but don´t uncheck anything.
Hit Clean
When the run is finished, it will open up a text file
Please post its contents within your next reply
You´ll find the log file at C:\AdwCleaner[S1].txt also

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

Save it to your desktop, start it and follow the instructions in the window.
After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Proud Member of UNITE & TB

#20 Manbearpig79

New Member

Authentic Member
12 posts

Posted 14 November 2013 - 06:07 PM

AdwCleaner

# AdwCleaner v3.012 - Report created 14/11/2013 at 15:39:14
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Brandon - BILLYBADASS
# Running from : C:\Users\Brandon\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\QN6R0N1O\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Brandon\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Brandon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Brandon\AppData\LocalLow\PriceGong
File Deleted : C:\Users\Brandon\Desktop\SpeedAnalysis.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

*************************

AdwCleaner[R0].txt - [900 octets] - [14/11/2013 15:38:37]
AdwCleaner[S0].txt - [836 octets] - [14/11/2013 15:39:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [895 octets] ##########

Security Check

Results of screen317's Security Check version 0.99.77
   x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#21 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 15 November 2013 - 02:56 AM

Your system is clean now!

Internet Explorer out of date

Your version of Internet Explorer is outdated.

Please download IE 10 from http://windows.micro...dwide-languages
Save it to your desktop.
Double click on the file on your desktop to start the installation process.
Reboot

Uninstall our tools using delfix

Please follow these steps in order:

In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
In any case please download delfix to your desktop.
- Close all other programms and start delfix.
- Please check all the boxes and run the tool.
- delfix will now delete all found traces of our removal process
If there is still something left please delete it manualy.

How to protect yourself

System Updates
Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
Windows XP | Windows Vista |
Windows 7 | windows 8
Protection
What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
Up to date Software
Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
- Secunia Online Software Inspector - Checks if your software has updates available.
- Filehippo Update Checkere - This tool also scans your computer for outdated software.
- Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser.
Backups
There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
Brains
It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Proud Member of UNITE & TB

#22 Manbearpig79

New Member

Authentic Member
12 posts

Posted 15 November 2013 - 11:45 AM

THANK YOU SO MUCH FOR YOUR HELP!!!!!!!!!!!

#23 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 18 November 2013 - 02:37 AM

You´re welcome!

Proud Member of UNITE & TB

#24 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 18 November 2013 - 02:37 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Proud Member of UNITE & TB

Body Background

skin color theme