Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can't access google because of automated queries


  • Please log in to reply
13 replies to this topic

#1 yeltsyn

yeltsyn

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 01 February 2015 - 05:06 AM

I am trying to access Google one time and I can't search anything due to our computer sending automated queries which I have no knowledge about.  I tried scanning using an antivirus on both of our desktop computers to determine if a virus might be causing the problem but both computers' results always indicate that no threats were found.  Can someone please help me?  



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 AM

Posted 01 February 2015 - 06:43 AM

First, try deleting all cookies in all browsers. That sometimes works for curing the automated queries message. Use CCleaner.

Make sure that Cookies are checked in the cleaning settings.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 01 February 2015 - 07:29 AM

I would want to know if my other computer is infected. May I post its logs for review as well?



#4 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 AM

Posted 01 February 2015 - 07:41 AM

Sure...but post one at a time....I'm easily confused.. :crazy:


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 01 February 2015 - 10:16 AM

Okay. I'd just post the other one tomorrow, or until you're finished with this one. :)

 

Malwarebytes Anti-Malware:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/1/2015
Scan Time: 8:29:39 PM
Logfile: malwarebytes1.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.01.03
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Yeltsyn
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374057
Time Elapsed: 7 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
Hacktool.Agent, C:\Users\Yeltsyn\Desktop\Utilities\wi-lo-fcfd\Wi Lo FCFD.exe, Quarantined, [c19046b1d9b0171ffc29096639c8cd33], 
Adware.FakeFlash, C:\Users\Yeltsyn\Desktop\Games\super-adventure-pals-13529.exe, Quarantined, [aaa707f0c5c424125f4cb469c43cd927], 
PUP.Optional.OpenCandy, C:\Users\Yeltsyn\Desktop\Installers\DTLite4491-0356.exe, Quarantined, [fc5542b58ffa0234db4b21b362a3f709], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
AdwCleaner:
 
# AdwCleaner v4.109 - Report created 01/02/2015 at 20:51:31
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Yeltsyn - YELTSYN-PC
# Running from : C:\Users\Yeltsyn\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v40.0.2214.93
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Yeltsyn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Yeltsyn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1851 octets] - [01/02/2015 20:49:24]
AdwCleaner[S0].txt - [1776 octets] - [01/02/2015 20:51:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1836 octets] ##########
 
Junkware Removal Tool:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Yeltsyn on Sun 02/01/2015 at 20:59:16.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/01/2015 at 21:01:39.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ESET:
 
C:\Windows.old\Documents and Settings\Cebuala\AppData\Local\Temp\nsz736D.tmp-2\APN_ATU3_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows.old\Documents and Settings\Cebuala\Local Settings\Temp\nsz736D.tmp-2\APN_ATU3_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows.old\Users\Cebuala\AppData\Local\Temp\nsz736D.tmp-2\APN_ATU3_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows.old\Users\Cebuala\Local Settings\Temp\nsz736D.tmp-2\APN_ATU3_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Games\Borderlands - The Pre-Sequel\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
C:\Games\Dishonored nosTEAM\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application deleted - quarantined
C:\Games\Saints Row IV Game of the Century Edition\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
C:\Users\Yeltsyn\Desktop\Installers\rcsetup151.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Yeltsyn\Desktop\Utilities\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Yeltsyn\Desktop\Warcraft 3\Warcraft III\w3l.exe Win32/GameHack.QJ potentially unsafe application deleted - quarantined
C:\Users\Yeltsyn\Downloads\Connectify Hotspot Pro & Dispatch Pro 8.0.0.30686 Incl. Crack [ATOM]\Crack\BLOCKHosts.bat BAT/HostsChanger.A potentially unsafe application deleted - quarantined
C:\Users\Yeltsyn\Downloads\Dishonored PC full game + DLC ^^nosTEAM^^\Dishonored nosTEAM.part1.exe a variant of Win32/HackTool.Crack.BQ potentially unsafe application deleted - quarantined
C:\Users\Yeltsyn\Downloads\The.Escapists.Early.Cracked-3DM\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Cebuala\AppData\Local\Application Data\Temp\nsz736D.tmp-2\APN_ATU3_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
 
Here it is. :)

 



#6 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 AM

Posted 01 February 2015 - 10:53 AM

Did you delete all cookies from all browsers and other locations using CCleaner?

 

Some nasty adware and malware was removed.

 

Do you still have a problem with using Google Search?

 

Reset your hosts file:

To reset the Hosts file back to the default automatically, click the Fix it button or link, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.

FixItButton1.jpgFix this problem
Microsoft Fix it 50267
 

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 02 February 2015 - 06:19 AM

Yes, I've deleted all cookies and cache from my computer. I have no problems on Google Search now. Thank you. :)

 

Here is the contents of checkup.txt:

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31
  Adobe Flash Player 15.0.0.152 Flash Player out of Date!
 Google Chrome (40.0.2214.91) 
 Google Chrome (40.0.2214.93) 
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
 
 
Should I do these fixes and scans on my other computer too?  Or should I post it here for your reviewal first?  I think the other computer contains more adware than this computer though.  :mellow:


#8 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 AM

Posted 02 February 2015 - 07:01 AM

You should uninstall all old Java programs as they are malware magnets. Most users don't need to have Java installed. Try without installing Java if you are not sure

that a game or whatever requires installing Java.

Flash Player needs updating. Unsecured Flash Player is a malware magnet, too.

 

Run the same scans on the second computer and post them.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 02 February 2015 - 07:45 AM

My flash player is Google Chrome embedded, as it tells me. I'd just update google chrome to update my flash player as well.

I would just update Java regularly, as I need it for some of my games. 

 

Following here are the logs from the second computer. I've run CCleaner, MBAM, AdwCleaner, Junkware Removal Tool, and ESET Online Scanner.

 

MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/1/2015
Scan Time: 8:31:26 PM
Logfile: logfile.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.01.01
Rootkit Database: v2015.01.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Test
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 495836
Time Elapsed: 37 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 19
Trojan.Downloader, C:\Users\Demo\Desktop\Games\Crack\Rank Hack\MW3 Rank Hack.exe, Quarantined, [aca51bdc8bfe9e9829ff74d19d686b95], 
PUP.Optional.OpenCandy, C:\Users\Test\Desktop\GTA 4\Mods\LCPDFR\1. LCPD First Response 1.0c Automatic Install.zip, Quarantined, [371ad81f860352e423e606ce0df839c7], 
PUP.Optional.OpenCandy, C:\Users\Test\Desktop\gta4\DTLite4491-0356.exe, Quarantined, [93be7d7ac8c10234cb3edff5da2bd729], 
Trojan.Dropper, C:\Users\Test\Desktop\gta4\gta_mod_installer_v5.0_beta.zip, Quarantined, [242d65928cfd7bbb5c634e0feb175ba5], 
PUP.Optional.MultiPlug, C:\Users\Test\Desktop\apk\the_sandbox_craft_play_share.apk.exe, Quarantined, [e76a63944f3a73c39876f2f8956c19e7], 
Hacktool.CheatEngine, C:\Users\Test\Desktop\Banished_V1.00_32bit-64bit_Trainer_plus9\Banished V1.00 32bit Trainer +9 MrAntiFun Final.EXE, Quarantined, [4b0614e32c5dbe781f6061d9b8486f91], 
Hacktool.CheatEngine, C:\Users\Test\Desktop\Banished_V1.00_32bit-64bit_Trainer_plus9\Banished V1.00 64Bit Trainer +9 MrAntiFun Final.EXE, Quarantined, [49089166652457dfa7d81f1b0000a35d], 
PUP.HackTool.Agent, C:\Users\Test\Desktop\Games\sims3v15056+4tr.exe, Quarantined, [c38e1ed93257c96d224d895403fd7f81], 
PUP.HackTool.Agent, C:\Users\Test\Desktop\Games\sims3v15056+4tr.rar, Quarantined, [79d8a3541a6fe2542a45b22b6d93738d], 
Hacktool.CheatEngine, C:\Users\Test\Desktop\Games\The Sims 4 V1.00 Trainer +2 MrAntiFun.EXE, Quarantined, [ce8350a746438babf38ca199619f26da], 
Hacktool.CheatEngine, C:\Users\Test\Desktop\Games\Assassin's Creed 4 Black Flag Trainer +15 V1.00 MrAntiFun.EXE, Quarantined, [aba6e90ec9c0bf77067959e1e21e0000], 
Trojan.Dropper, C:\Users\Test\Desktop\Games\gta_mod_installer_v5.0_beta\scripter.exe, Quarantined, [4110f10690f988ae11ae87d64bb7e51b], 
Spyware.Keylogger, C:\Users\Test\Desktop\2-Documents\Account Cracker Pack\Proxies\ProxyFinder.exe, Quarantined, [30218572632653e31833f7fc798751af], 
Hacktool.CheatEngine, C:\Users\Test\Desktop\2-Documents\Compressed Files\Assassins_Creed_4_Black_Flag_Trainer_plus15_V1.00.zip, Quarantined, [7cd54ea96524eb4b3748cd6d6f910df3], 
Hacktool.CheatEngine, C:\Users\Test\Desktop\2-Documents\Compressed Files\Banished_V1.00_32bit-64bit_Trainer_plus9.zip, Quarantined, [2e2372854247bf7780ff14268d73d62a], 
VirTool.Obfuscator, C:\Users\Test\Desktop\2-Documents\Compressed Files\OUTLAST.V1.05.ALL.RELOADED.NODVD.ZIP, Quarantined, [80d1cf28058443f3bdb7ad97f1108080], 
Hacktool.CheatEngine, C:\Users\Test\Desktop\2-Documents\Compressed Files\The Amazing Spider-Man 2 V1.0.0.1 Trainer +2 MrAntiFun.zip, Quarantined, [92bf44b3553486b04a350931c43c8977], 
Hacktool.CheatEngine, C:\Users\Test\Desktop\2-Documents\Compressed Files\The Sims 4 V1.00 Trainer +2 MrAntiFun.zip, Quarantined, [6ae714e3058483b3413e201a847cf20e], 
PUP.HackTool.Agent, C:\Users\Test\Desktop\2-Documents\Compressed Files\sims3v15056+4tr.rar, Quarantined, [331e19def693092d303f4d90ff019868], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
AdwCleaner:
# AdwCleaner v4.109 - Report created 01/02/2015 at 21:21:43
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : Test - DEMO-PC
# Running from : C:\Users\Test\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\PodoWeb
Folder Deleted : C:\Users\Test\AppData\Local\cool_mirage
Folder Deleted : C:\Users\Test\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Test\AppData\Roaming\NCH Software
File Deleted : C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.utorrent.com_0.localstorage-journal
File Deleted : C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.utorrent.com_0.localstorage
File Deleted : C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
File Deleted : C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage-journal
File Deleted : C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : EPUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Only-search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Webexp Enhanced
Key Deleted : HKLM\SOFTWARE\WebexpEnhancedV1
Key Deleted : HKLM\SOFTWARE\Better-Surf
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
 
-\\ Google Chrome v40.0.2214.93
 
[C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Demo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searc-hall.info/?l=1&q={searchTerms}&pid=2356&r=2014/10/29&hid=10957872010945255855&lg=EN&cc=PH&unqvl=65
 
*************************
 
AdwCleaner[R0].txt - [5938 octets] - [01/08/2014 18:02:17]
AdwCleaner[R1].txt - [17212 octets] - [01/08/2014 22:14:55]
AdwCleaner[R2].txt - [2321 octets] - [18/09/2014 17:49:12]
AdwCleaner[R3].txt - [5406 octets] - [01/02/2015 21:17:49]
AdwCleaner[S0].txt - [17327 octets] - [01/08/2014 22:16:57]
AdwCleaner[S1].txt - [5262 octets] - [01/02/2015 21:21:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5322 octets] ##########
 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Test on Sun 02/01/2015 at 21:27:16.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Test\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Users\Test\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Users\Test\appdata\local\thinstall"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/01/2015 at 21:31:42.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ESET:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1f6444e2c323894d9f452c6337de1c3f
# engine=22251
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-01 07:53:58
# local_time=2015-02-02 03:53:58 (+0800, Taipei Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 611619 19018723 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5786447 174450288 0 0
# scanned=417384
# found=85
# cleaned=84
# scan_time=20470
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=71B40E6E0A290129E0F0BADDF5FB0C0B83931CF1 ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1672708364-4241952335-2601737160-1002\$R1NRD16.zip"
sh=B034BA5465CFA2109D81478B7D9E5149EA8BB04B ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1672708364-4241952335-2601737160-1002\$RC111QH.zip"
sh=562BBB85407F4935D607FA43EF70CE5393451D11 ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1672708364-4241952335-2601737160-1002\$RLU8TON.zip"
sh=70DC5C021E62A6EB22B559B423E0A9DF26118956 ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1672708364-4241952335-2601737160-1002\$RSNV6NU.zip"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=232E9307CA737BF5BC24F7D2AC43A5ECDC90891F ft=1 fh=0e90513f52ca5fb3 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe.vir"
sh=53E8E12875A924F7FC677EC88A5ADF9229A39F59 ft=1 fh=9f4da6734ca6e94d vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.68.exe.vir"
sh=0501995068D611571638D8538FAFCEFBB35F0F17 ft=1 fh=737298c364a8bc5b vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoStage\photostage.exe.vir"
sh=F76A2F6D978121EFB35F40113898860D5E0020D0 ft=1 fh=485e04bbc5de2cd5 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoStage\photostagesetup_v2.51.exe.vir"
sh=DA86A043E1519CC31A69C46B7C536B7BEC28FC1F ft=1 fh=382342b3ccb2b8bd vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prism.exe.vir"
sh=D8CC99E55B13E0965239AFE51F49996537A17DA7 ft=1 fh=3044abf3494d8a5c vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prismsetup_v2.18.exe.vir"
sh=D0F57118B38C42D5B30915A9ED0640294F63018A ft=1 fh=c38836ed2fa50518 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir"
sh=E179C2BD03717364DEAA0932F6493128E1B92901 ft=1 fh=6c8389960282f754 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.57.exe.vir"
sh=8C7BA92F8674F9D37B040D90C3E4182E81C0405D ft=1 fh=4c2da10d68fe0666 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepad.exe.vir"
sh=9A1A181DC9C254E499BA0C2E03E465431CEDFCAA ft=1 fh=ac8bb93429cc4950 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.96.exe.vir"
sh=8AA603D3E7FFCB4117746543B2012E7B140E70BB ft=1 fh=7afcb4e0fc6e29e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Demo\AppData\Local\AskToolbar\Downloaded Program Files\xaddon.dll.vir"
sh=8C1CB25BB10CAE26F898CAE09C5CE29C8C25D0CF ft=1 fh=2671dd250fe983b5 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Demo\AppData\Local\Conduit\Chrome\CT3289075\CHUninstaller.exe.vir"
sh=9E25A856ACC5C4AF25FDAB5DDFDC9A329BC36231 ft=1 fh=d971216b9dbedb12 vn="a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Demo\AppData\Local\Conduit\Chrome\CT3289075\UninstallerUI.exe.vir"
sh=41F23E459EFF023AB1B26586463360E45528ABC7 ft=1 fh=5a93daf7e0cc20e5 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Demo\AppData\Local\NativeMessaging\CT3289075\1_0_0_10\TBMessagingHost.exe.vir"
sh=FEFE2A148E52A40A6A50C4FF7874F9C6F938910C ft=1 fh=a6e6b06e2f656293 vn="Win32/Toolbar.Babylon.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Test\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=07F2E033678F173CBB9292C877AC5038807262E5 ft=1 fh=2d281943605f0a72 vn="a variant of Win32/Toolbar.Babylon.AD potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Test\AppData\Roaming\BabSolution\Shared\GUninstaller.exe.vir"
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat"
sh=F5CEC54C9AAC59167BA95EC8077438BE381FBA3D ft=1 fh=6b9d0ee107127394 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\CustoPackTools\utils\ask\AskInstallChecker.exe"
sh=C57AE913C12AC5C23D05DE6478EE63CC9F2399C2 ft=1 fh=19726e4289477f04 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\CustoPackTools\utils\ask\askToolbarInstaller.exe"
sh=8F32875C50C828F12A5187957A7E6C63C0E97618 ft=1 fh=1d6a4f5c120f3a0c vn="Win32/HackTool.Crack.CQ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Electronic Arts\The Sims 4 Digital Deluxe Edition\Game\Bin\3dmgame.dll"
sh=FE9249DC2E4F0DC6DE3B17F99DB18FB15DE35294 ft=1 fh=3674938724bb7e81 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"
sh=9D4BC95217FABCC09CC8F387253C5448B114D20D ft=1 fh=27b77563cac91378 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LCPDFR\LCPDFR Diagnostics Tool.exe"
sh=E958C3DE77D20E62D0C7D6C6A1C8029435F6B661 ft=1 fh=f5611d7220f8d7e0 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Windforge\Bin\steam_api.dll"
sh=D3F2257D15FFD9675B4FE5A92E35807D8ABC9AB0 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\ac3sptrainer.rar"
sh=65A297B1DC50DCC993796C4E73AC047A4D87E122 ft=0 fh=0000000000000000 vn="Win32/GameHack.QJ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\Warcraft III.rar"
sh=AA1356F25CDDCC7FB04222005D51506C50DCED68 ft=1 fh=6dbe8fdf489521c7 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\7.Days.To.Die.Alpha.6.1.Fixed.[DerpTeam]\7 Days To Die Alpha 6.1\steam_api.dll"
sh=17831F553EFFF89A3E531E3A84C03A2E56AEB5BB ft=1 fh=fc7e5bea12b52419 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\7.Days.To.Die.Alpha.6.1.Fixed.[DerpTeam]\7 Days To Die Alpha 6.1\crack\steam_api64.dll"
sh=1300A7E147313F072023CB715498EAE9039DA824 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Obsidium.AG trojan (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\Crack\Trainer\Trainer.zip"
sh=18FF2F815F0648A9CDE767398BBE0C9A00BB4007 ft=0 fh=0000000000000000 vn="a variant of Java/PSW.OnLineGames.A trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\Minecraft\minecraft-2.jar"
sh=691E7CD546C43BFCF5C8A1CA5018171998A9F26F ft=1 fh=b6ae811b3a01b23e vn="Win32/GameHack.QJ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Games\Warcraft III\w3l.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\Utility\ccsetup408.exe"
sh=E9E69C03A8EA64DC79D2C712A9A35B47652AC3ED ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Desktop\WindForge.HI2U\hi-windf.iso"
sh=307E7AE762F9E3CCAECD9AA141ED368214E10423 ft=1 fh=3b38a08aeca3a57a vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Downloads\avira_free_antivirus_en.exe"
sh=99DAC8228AD53731D9C878DB55ADAF246F124E7D ft=1 fh=0dc5f169debdac09 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\Downloads\CustoPacks-1.0.0.40.exe"
sh=CE0F5005E55B6D39B15D07B2327271794C0C997D ft=1 fh=5a6af193914d31cb vn="a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Demo\soft\Plants vs Zombies\Plants vs Zombies +3 Trainer 1.0.0.1051.exe"
sh=22305C7E1E635C82AE6E4EB21A718A19154BE9DC ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcgfhagdikiadbckmcmjhmkagibmmlla\1.0.1_0\background.js"
sh=13F1BA1706ED1CEC20E124FC01D289B857DB0942 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcgfhagdikiadbckmcmjhmkagibmmlla\1.0.1_0\content.js"
sh=8CB06BCA312ED2BFA02C7F9344F2717D02ECD931 ft=1 fh=ae24f2cd7ccbd608 vn="a variant of Win32/OpenCandy.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\CheatEngine64.exe"
sh=412C1D08BEAAAE58BA3E4C9913987BC4DD69C87F ft=1 fh=4fd6604aecdc70ed vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\DH_patch-FIX.exe"
sh=40A86CEE83374A71FDFF6057660D8F6B60DF6C21 ft=1 fh=3702c3e34a89d6d6 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Far Cry 3.EXE"
sh=AF672B66179D30AEB5A09D97A11C1FCFDE771DF2 ft=0 fh=0000000000000000 vn="a variant of MSIL/Packed.Confuser.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\2. LCPD First Response 1.0d_2 Automatic Install (Alternative).zip"
sh=9923CDFE31FD9FDBB792557EEEADDA0B44877176 ft=1 fh=45549d446f3b5ace vn="a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Cheat Engine 6.2\cheatengine-i386.exe"
sh=CA3F51EC1897756636232998193325B830F22F26 ft=1 fh=3702c3e3af3ccb17 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Cheat Engine 6.2\standalonephase1.dat"
sh=32F2F22399F6E32FCAB17359D8CDCC8A015B9F29 ft=0 fh=0000000000000000 vn="a variant of MSIL/Hoax.Agent.NAD application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Compressed Files\3ds emulatorx + bios by draco.rar"
sh=4A7A620B2E1F779A945DCA1AC67FEFAFE4C54482 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Compressed Files\728c978339ccf685dfb6.zip"
sh=BA65274CFB1DE64C37724995E6937BB959DBCFAF ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Compressed Files\ACR-FX2+4trn.rar"
sh=379578312FBC7B602C891E2BF2733B5326D3A581 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Compressed Files\assassinumecrdx9-ch.zip"
sh=CD9B3766FA5FC4F35BF5740A90E962127C3C0B60 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Compressed Files\eMu3Ds_Setup.zip"
sh=CB41078BA61A5B7E14AD3FCE1ADEBB10BF50F398 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Crack\Trainer\acr_plus3_trainer.zip"
sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Executables\ccsetup405.exe"
sh=8A324746091B39CAE5343CAC323E60621CD23629 ft=1 fh=ec691b604c2e1869 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Executables\FFSetup3.0.1.1.exe"
sh=E179C2BD03717364DEAA0932F6493128E1B92901 ft=1 fh=6c8389960282f754 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\Executables\vpsetup.exe"
sh=9923CDFE31FD9FDBB792557EEEADDA0B44877176 ft=1 fh=45549d446f3b5ace vn="a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\documents\Cheat Engine 6.2\cheatengine-i386.exe"
sh=CA3F51EC1897756636232998193325B830F22F26 ft=1 fh=3702c3e3af3ccb17 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\documents\Cheat Engine 6.2\standalonephase1.dat"
sh=8A324746091B39CAE5343CAC323E60621CD23629 ft=1 fh=ec691b604c2e1869 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\executable\FFSetup3.0.1.1.exe"
sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\executable\Shockwave_Installer_Slim.exe"
sh=F27A51138D02C8701172427C99FDD45B671D00D4 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\rarzip\FFSetup3.0.1.1.zip"
sh=BDFDDD99453FCB6D566CC162E43028F710AE714B ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\2-Documents\usb\rarzip\Minecraft.rar"
sh=B87690DE76392D41E16B30A33F88A0856FB065F9 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAH trojan (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\9874351327-ASCIII105.rar"
sh=D3F2257D15FFD9675B4FE5A92E35807D8ABC9AB0 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\ac3sptrainer.rar"
sh=3F4B357B8789C13EA738047C60FAFA44F75CEC48 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\AmnesiaTheDarkDescent14Trainer.zip"
sh=FF5183D63960B2CCD8D51A6CB73B579715028DCC ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\cube_alpha_trainer_+6.rar"
sh=1914FC0E74647E5F2120BAB71BC615D1A26EAC6A ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\fc3trainer2.rar"
sh=01DDC152DCCE4C7600ED7F0F140215237CA39FB2 ft=1 fh=b492841779fc3ea6 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\Sims 3 Trainer.exe"
sh=17831F553EFFF89A3E531E3A84C03A2E56AEB5BB ft=1 fh=fc7e5bea12b52419 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\7 Days To Die Alpha 6.1\crack\steam_api64.dll"
sh=FEADF69DA924F049F94F8D09BD702AAEA881AA80 ft=1 fh=c71c001159fa3598 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\Games\dont_starve\bin\steam_api.dll"
sh=473E235207DDFE9AB1D44EB5179F8C0A99616368 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Desktop\GTA 4\Mods\RZR AND 1.0.7.0.zip"
sh=7DA66DB669C6E2AA54F174F2B2371DBE79245E48 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.CQ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Documents\The Sims 4 - 2.iso"
sh=D43C1C126224AEE9756D91F617D1F4A9BED2F984 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Downloads\Dont_Starve_26July_82208.7z"
sh=A33D60E7C118DF178EF0BE1DC2841233AFF0C741 ft=1 fh=4197c0f1cbcf4ac1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Downloads\Shockwave_Installer_Slim.exe"
sh=D22F0F5B136A553E24728668C0ED43B97B045055 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Test\Downloads\Sony Vegas Pro 13.0.zip"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=473E235207DDFE9AB1D44EB5179F8C0A99616368 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="D:\RZR AND 1.0.7.0.zip"
sh=FE9249DC2E4F0DC6DE3B17F99DB18FB15DE35294 ft=1 fh=3674938724bb7e81 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Backup GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe"
sh=5FB8B25116127316455EFCF4C4C4D7B522EE6FAB ft=1 fh=08b64282b1facfc5 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Games\Dishonored PC full game + DLC ^^nosTEAM^^\Dishonored nosTEAM.part1.exe"
sh=ADCECC3D4C5435C9EB0004BCA85ED14D3BDDE3EE ft=1 fh=3e69c08b095cb53b vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Installed Games\Borderlands - The Pre-Sequel\Binaries\Win32\steam_api.dll"
sh=E09BCB4512B6688BF29D807752A29C9BD3DF55C6 ft=1 fh=d14900a5f1f9ee72 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Installed Games\Dishonored\Dishonored nosTEAM\Binaries\Win32\steam_api.dll"
sh=A29F1BB7C30DA497BD0EDC63AADD441D412C8E0C ft=1 fh=ed22d35fce23deb5 vn="a variant of Generik.GMLQFZM trojan (cleaned by deleting - quarantined)" ac=C fn="D:\Installed Games\Far Cry 3 Blood Dragon\bin\ubiorbitapi_r2_loader.dll"
sh=096BED0083F0764D6135CAAE2DF625692D44A8DF ft=1 fh=30ab0b02d7d818b6 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="D:\Installed Games\Watch_Dogs\bin\3dmGameDll.dll"
 

Here it is. :)



#10 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 AM

Posted 02 February 2015 - 08:34 AM

You've visited the dark...wild side of the internet. Downloading free stuff using P2Ps is high risk...as you can see. I see one keylogger mentioned

and a lot more that I have no idea as to what their mission was or who they are reporting to. Some are mentioned as capable of remote controlling your

computer.

 

I suggest there is more than what has been found and removed. I recommend that you post a new Topic in the malware removal forum. You will need

to create a DDS log first to include in the new Topic. Follow the directions in the first link which contains instruction #6 for creating the DDS log and post

the new topic in the second link. Once you have posted the DDS log in your new Topic, DO NOT bump it. Wait for a reply.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 02 February 2015 - 08:51 AM

I looked up my IP on project honeypot, and I can see some things that the "controller" seems to be doing. :o  

This is my sister's computer actually.  I'll tell her to be more cautious and stop using peer to peer programs.  

Thank you for your help on these things. :)



#12 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 AM

Posted 02 February 2015 - 12:30 PM

You're welcome....but the smart thing to do is to post the new topic.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 yeltsyn

yeltsyn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 02 February 2015 - 06:50 PM

Yeah, I've posted a new topic yesterday. :) Thanks.



#14 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 AM

Posted 02 February 2015 - 07:46 PM

Yeah, I see your new topic and you are receiving help here: Keylogger and remote controller were found on computer


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users