Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'Phantom' audio adware


  • This topic is locked This topic is locked
7 replies to this topic

#1 dvmlifestyle

dvmlifestyle

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 14 March 2015 - 04:31 PM

Hello.

I have had issues with audio advertisements interrupting my system and providing a great deal of annoyance. I can't see any suspicious files that might be the culprit and a Kapersky virus scan in safe mode yields nothing. I can see now that I shouldn't have ran Combofix, but I did it because I was trying to follow solutions in closed cases. That being said, it didn't seem to have an effect. I also ran hijackthis which gave me the following data:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:27:39 PM, on 3/13/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
 
 
Boot mode: Safe mode
 
Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\Danny\Downloads\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
O4 - HKCU\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OowaKgim] regsvr32.exe "C:\ProgramData\OowaKgim\FifaVerzo.drx" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OowaKgim] regsvr32.exe "C:\ProgramData\OowaKgim\FifaVerzo.drx" (User 'Default user')
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll
O18 - Protocol: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files (x86)\TurboTax 2014\ic2014pp.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ACP User Service (amdacpusrsvc) - Advanced Micro Devices - C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SupraSavingsService64 - Unknown owner - C:\Program Files (x86)\CDDCF87A-3EAD-40C4-8099-34C6869D3E9D\SupraSavingsService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Compatibility Verify (Verifies and fixes application compatibility issues) - Unknown owner - C:\Users\Danny\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 7501 bytes
 
Attached are the FRST files. I don't have my account set as an admin for security purposes, I don't know if that affected the scan. Thank you and godspeed. 

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 PM

Posted 15 March 2015 - 12:33 AM

Welcome to bleeping computer,

Please log on to the admin account and run the following fix:

Download attached fixlist.txt file and save it to the Downloads folder

Attached File  FixList.txt   2.16KB   4 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 dvmlifestyle

dvmlifestyle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 15 March 2015 - 04:25 PM

Thanks

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 PM

Posted 16 March 2015 - 11:29 AM

Looks better, please run the following:


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Cleaning button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
  • NEXT

    Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.
    • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
    • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
    • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
    • You will be prompted to update Malwarebytes...click on the Update Now button.
    • The THREAT SCAN will automatically begin.
    • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
    • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
    • After rebooting the computer, copy and paste the mbam.log in your next reply.
    To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
    • Open Malwarebytes Anti-Malware.
    • Click the History Tab at the top and select Application Logs.
    • Select (check) the box next to Scan Log. Choose the most current scan.
    • Click the View button.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
    • Open Malwarebytes Anti-Malware.
    • Click the Scan Tab at the top.
    • Click the View detailed log link on the right.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following location:
    C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 dvmlifestyle

dvmlifestyle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 16 March 2015 - 06:24 PM

Here's the first scan log, I'll post the second when I run it ASAP.

Attached Files



#6 dvmlifestyle

dvmlifestyle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 16 March 2015 - 07:15 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/16/2015
Scan Time: 5:26:22 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.16.04
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 430412
Time Elapsed: 14 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 13
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [73c18abce8a22b0b66108a9757acb749], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [73c18abce8a22b0b66108a9757acb749], 
PUP.Optional.Sizlsearch.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{36D96925-ABFA-4EB8-B630-305E905A930D}, Quarantined, [260e88be7218d66077d7af780df632ce], 
PUP.Optional.Sizlsearch.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{36D96925-ABFA-4EB8-B630-305E905A930D}, Quarantined, [260e88be7218d66077d7af780df632ce], 
PUP.Optional.Sizlsearch.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{36D96925-ABFA-4EB8-B630-305E905A930D}, Quarantined, [260e88be7218d66077d7af780df632ce], 
PUP.Optional.Sizlsearch.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{36D96925-ABFA-4EB8-B630-305E905A930D}, Quarantined, [260e88be7218d66077d7af780df632ce], 
PUP.Optional.AdPeak.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [c2721234bdcd2214bb6a0321f80b659b], 
PUP.Optional.AdPeak.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [c2721234bdcd2214bb6a0321f80b659b], 
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, Quarantined, [3df799ad0c7e77bfa7ec4276f60dbb45], 
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, Quarantined, [51e3cb7b6228a4926b8bb0364bb8c739], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Quarantined, [e64ecc7a4d3d0f27bf6d6a8453b0f709], 
PUP.Optional.ConduitSearch.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, Quarantined, [35ff35116c1ee74f45b40ca8976c0af6], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Quarantined, [f2420d39f69442f4f537628c847f0000], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-2153888122-2013989124-1917090430-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M9998F972-B575-433F-8087-51F0EB3F5C2E&SearchSource=55&CUI=&UM=5&UP=SPA1D32040-3A67-4694-A65B-8439EEFADC71&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M9998F972-B575-433F-8087-51F0EB3F5C2E&SearchSource=55&CUI=&UM=5&UP=SPA1D32040-3A67-4694-A65B-8439EEFADC71&SSPV=),Replaced,[8ca8b49236543df96e046977bd484db3]
 
Folders: 3
Rogue.Multiple, C:\ProgramData\3528706942, Quarantined, [e84cc5810387c076c2943e21649ff010], 
PUP.Optional.Extutil.A, C:\Users\Danny\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [0d275aecccbe033302f402837d864ab6], 
PUP.Optional.Managera.A, C:\Users\Danny\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [68cc76d0216935017b7c562fbc47619f], 
 
Files: 22
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [88ac5aece6a447ef95b524878184ec14], 
PUP.Optional.Somoto, C:\Users\Danny\AppData\Local\Temp\nsv4459.tmp, Quarantined, [c56f49fd1f6ba2948829d6e53dc8b749], 
PUP.Optional.SearchProtect.A, C:\Users\Danny\AppData\Local\Temp\nst547E\SpSetup.exe, Quarantined, [9e962b1bc0ca1a1ccabc5b5d768bed13], 
PUP.Optional.SearchProtect.A, C:\Users\Danny\AppData\Local\Temp\nsw1445\SpSetup.exe, Quarantined, [d95bbd899eec64d2394df2c6f90817e9], 
PUP.Optional.SearchProtect.A, C:\Users\Mom\AppData\Local\Temp\SPSetup.exe, Quarantined, [013393b31d6dab8be1a53e7a0cf5837d], 
Trojan.Ransom.ED, C:\Windows\Temp\1E16.tmp, Quarantined, [c4708eb88802dd5976ba61d244befa06], 
PUP.Optional.SupraSavings, C:\Windows\Temp\CDDCF87A-3EAD-40C4-8099-34C6869D3E9Dn.exe, Quarantined, [a58f054112788caa53a74c6cec1953ad], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsr5563.exe, Quarantined, [1e16b096f5953204b9b038760bf64cb4], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsx6694.exe, Quarantined, [ed47dd69d5b5d85e94d5911d719035cb], 
Trojan.Agent, C:\Windows\Temp\~011731DE.tmp, Quarantined, [81b34303701a4beb664241f2c93916ea], 
PUP.Optional.OptimumInstaller.A, C:\Users\Danny\Downloads\Setup (1).exe, Quarantined, [48ec66e095f5f343c77a2c4dd22f669a], 
PUP.Optional.OptimumInstaller.A, C:\Users\Danny\Downloads\Setup.exe, Quarantined, [fc38163099f1ea4c1829bfba44bdf709], 
PUP.Optional.OpenCandy, C:\Users\Danny\Downloads\InstallFreeRARExtractFrog.exe, Quarantined, [4aea0f37058596a0a3fe858c788e51af], 
PUP.Optional.OpenCandy, C:\Users\Danny\Downloads\DAEMONToolsUltra230-0254.exe, Quarantined, [161eac9aaae0c96da7fa49c866a0ad53], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys, Quarantined, [db59d76f5733f1451bd525aeb84b1fe1], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys, Quarantined, [71c348fe8cfe80b6b65fb87ab5503cc4], 
Rogue.Multiple, C:\ProgramData\3528706942\BIT8B08.tmp, Quarantined, [e84cc5810387c076c2943e21649ff010], 
PUP.Optional.Extutil.A, C:\Users\Danny\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [0d275aecccbe033302f402837d864ab6], 
PUP.Optional.Extutil.A, C:\Users\Danny\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [0d275aecccbe033302f402837d864ab6], 
PUP.Optional.Extutil.A, C:\Users\Danny\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [0d275aecccbe033302f402837d864ab6], 
PUP.Optional.Managera.A, C:\Users\Danny\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [68cc76d0216935017b7c562fbc47619f], 
PUP.Optional.Managera.A, C:\Users\Danny\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [68cc76d0216935017b7c562fbc47619f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 PM

Posted 17 March 2015 - 10:50 AM

Please run a fresh scan with FRST and attach the new log

also, please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:36 PM

Posted 24 March 2015 - 10:43 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users