Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Anti-Malware finds 45,000+ Detected Objects - can't remove objects


  • Please log in to reply
15 replies to this topic

#1 cinerama

cinerama

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 02 August 2014 - 11:38 AM

I have been running Malwarebytes Anti-Malware on a regular basis. Sometimes it finds a few hundred objects, sometimes nothing. Today it finds over 45,000 which is very unusual but never gets to the screen where I can remove/quarantine them. It says 347787 objects scanned, 45,000 detected objects, Heuristic Analysis: Done. I tried running it in Safe Mode and it does the same thing. 

 

Its kind of strange in that the Objects Scanned: stays at 347787 while Detected Objects keeps going up and up till it hits 45205 then, after a few seconds Heuristic Analysis:changes from Working to Done, then nothing happens after that. I don't get prompted to do anything with the files. Should I just wait a few hours and see what happens?


Edited by hamluis, 02 August 2014 - 12:18 PM.
Moved from AV/AM Software to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:55 AM

Posted 02 August 2014 - 12:28 PM

Hi,

 

Please don't do nothing to those detected objects for now.

 

Open Malwarebytes and check the Database Version you have on the Dashboard, please post that here, next click Update Now to update the Database.

 

Did the program update successfully? What is the database version now?

 

 

Please post the Database Version before and after the update.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 02 August 2014 - 12:35 PM

Database Version: v2014.08.02.03 before update, v2014.08.02.04 after update



#4 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:55 AM

Posted 02 August 2014 - 01:17 PM

Hi,

 

If you run a scan now with Malwarebytes it continues to detect the high number of infected objects?

 

If it's the case after the scan collect the MBAM log please

 

Dashboard > History > Scan Logs --> double-click to select the most recent log you want > Export to .txt file > save it to your Desktop

Open the exported log and Copy & Paste the contents to your post.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#5 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 02 August 2014 - 02:25 PM

Yes, in the upper left corner it says "Malwarebytes Anti-Malware (Free) 2.0.2.1012 (Not Responding).

 

On the left - "Heuristic: Analysis Done"

 

in the middle of the page below

 

"Objects Scanned: 357981"

 

"Detected Objects: 45205"

 

I can't collect the MBAM log as the page is frozen - can't do anything in Malwarebytes other than x out.

 

If I bring up the Windows Task Manager, it shows for mbam.exe *32 - CPU 50 - Memory (Private Working Set) 405,424 K and keeps increasing



#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:55 AM

Posted 02 August 2014 - 02:53 PM

If you open Malwarebytes without scanning do you have any logs on the History > Scan Logs?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 02 August 2014 - 03:41 PM

No History. My last few scans done in July found no bad files so I deleted them all.



#8 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:55 AM

Posted 02 August 2014 - 03:51 PM

Can you boot in Safe Mode and try to scan from there.

 

When the Malwarebytes scan starts reporting bad objects you should see a text link allowing to see what was detected before the scan ends can you try that and report what the program detected?

 

Edit: Found one image showing the scan...

 

malwarebytes-anti-malware-scan.jpg

 

You need to click Review Detected Items do this when you see Detected Objects: 1 maybe this way you can get the information before the program stop responding...


Edited by SleepyDude, 02 August 2014 - 03:59 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#9 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 02 August 2014 - 04:18 PM

Yes, I tried it in Safe Mode and it does the same thing. I thought maybe in Safe Mode it would work but it did the same thing.

 

It only shows the bad objects link (Review Detected Items ) for a while, then that link disappears. It finds about 500 of them and then the Review Detected Objects link is gone. The objects name are either "PUP.Optional.conduit.A" or  "PUP.Optional.ShopAtHome.A"

 

I know I can pause the scan but is there any way I can delete or quarantine those found after a pause and then start again?



#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:55 AM

Posted 02 August 2014 - 04:33 PM

Yes, I tried it in Safe Mode and it does the same thing. I thought maybe in Safe Mode it would work but it did the same thing.
 
It only shows the bad objects link (Review Detected Items ) for a while, then that link disappears. It finds about 500 of them and then the Review Detected Objects link is gone. The objects name are either "PUP.Optional.conduit.A" or  "PUP.Optional.ShopAtHome.A"
 
I know I can pause the scan but is there any way I can delete or quarantine those found after a pause and then start again?

 
I was expecting to see some false detections but based on the last piece of information I don't think so.
 
We need to use another tool...
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 02 August 2014 - 06:45 PM

# AdwCleaner v3.302 - Report created 02/08/2014 at 17:56:43
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Roland - ROLAND-HP
# Running from : C:\Users\Roland\Desktop\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\gnvdtatf.default\prefs.js ]
 
 
[ File : C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\tfzt0uo4.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
[ File : C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R1].txt - [15010 octets] - [02/08/2014 17:39:47]
AdwCleaner[S1].txt - [15836 octets] - [02/08/2014 17:56:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15897 octets] ##########


#12 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:55 AM

Posted 03 August 2014 - 05:40 AM

Hi,
 
Run JRT also.
 
Download JRT to your Desktop

  • Disable your AntiVirus and AntiSpyware applications
    (If you have difficulty properly disabling your security programs, refer to this link.)
  • Right click on the icon JRT.jpg and choose Run as Administrator. Make sure all other windows are closed & follow the prompts.
    (The tool will start scanning your system please be patient as this can take a while to complete depending on your system's specifications and the program you have installed)
  • On completion Notepad will open showing the log JRT.txt (the log is saved to your desktop). Please copy and paste its contents on your next reply
  • Enable your AntiVirus and AntiSpyware applications

 

After running JRT, scan with Malwarebytes to see it it works ok now and post the resulting log.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#13 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 03 August 2014 - 07:19 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Roland on Sun 08/03/2014 at  7:45:36.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Roland\appdata\local\{1a38e437-8887-8e05-c450-35793a70480a}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/03/2014 at  7:51:35.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/3/2014
Scan Time: 8:02:25 AM
Logfile: m.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.03.02
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Roland
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358273
Time Elapsed: 10 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 


#14 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:55 AM

Posted 03 August 2014 - 10:04 AM

Hi,

 

The logs are looking good :thumbup2:

 

One last scan to see if nothing is left behind.

 

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
ESET_ScanArchRemove.png

  • Select the option Enable detection of potential unwanted applications
  • Click on Advanced Settings, an check the following options:
    • Remove found threads
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
    (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it will take a long time it's normal!).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#15 cinerama

cinerama
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 04 August 2014 - 09:09 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=32d4dafe30d70e40a1afe478d5a3361e
# engine=19497
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-04 11:52:11
# local_time=2014-08-04 07:52:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 87 100 1793765 157772427 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 33620737 158739781 0 0
# scanned=286295
# found=13
# cleaned=13
# scan_time=7189
sh=6016E7163836BE52ECA661EADDB44FCA30B54815 ft=1 fh=c307da2984cfc001 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.20.101.5_0\plugins\ConduitChromeApiPlugin.dll.vir"
sh=6016E7163836BE52ECA661EADDB44FCA30B54815 ft=1 fh=c307da2984cfc001 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.20.101.5_1\plugins\ConduitChromeApiPlugin.dll.vir"
sh=6016E7163836BE52ECA661EADDB44FCA30B54815 ft=1 fh=c307da2984cfc001 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.20.101.5_2\plugins\ConduitChromeApiPlugin.dll.vir"
sh=6016E7163836BE52ECA661EADDB44FCA30B54815 ft=1 fh=c307da2984cfc001 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.20.101.5_3\plugins\ConduitChromeApiPlugin.dll.vir"
sh=6016E7163836BE52ECA661EADDB44FCA30B54815 ft=1 fh=c307da2984cfc001 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.20.101.5_4\plugins\ConduitChromeApiPlugin.dll.vir"
sh=6016E7163836BE52ECA661EADDB44FCA30B54815 ft=1 fh=c307da2984cfc001 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.20.101.5_5\plugins\ConduitChromeApiPlugin.dll.vir"
sh=B0B26548D636CFADD954E4B3DFD30E8F2D61D487 ft=1 fh=5129ed505060d1fb vn="Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.22.3.518_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=B29F3B9A4A4AABF0FEFB0E60BD550EBC066696F9 ft=1 fh=2ca2cc0143b71c5c vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.22.3.518_0\plugins\ConduitChromeApiPlugin.dll.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.23.0.822_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=47684BC9F96872C4134DD46689D013BD8E51A14A ft=1 fh=47ffb6bc73749a57 vn="Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.26.0.540_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=8879BFA6BB9730415D8E4BA58C690B0A7077F57C ft=1 fh=b71f2d19d9d9ceb1 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\gnvdtatf.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=B11588DAAB92882FFD0F270C8AB43DFF33D4304E ft=1 fh=a9b9552c3c452ef5 vn="Win32/InstalleRex.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000001"
sh=922603E190A8B95E7CC8D825B00AB0926BB0D429 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Lynne\AppData\Local\Mozilla\Firefox\Profiles\gnvdtatf.default\Cache\5\80\1632Dd01"
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users