Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Ad pop-ups, new page, etc


  • Please log in to reply
12 replies to this topic

#1 Hal06

Hal06

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:11:07 PM

Posted 25 April 2015 - 08:11 AM

I apologize since I was helped cleaning my computer not too long ago. But, I'm infected again. Words on web pages are hyper-linked for ads, when I click on a webpage several other web pages open with ads. Also, ads appear on web pages and start playing.

 

I suppose malewarebytes is in order?

 

What else should I do?

 

What should I install to prevent this? I use Microsoft Security Essentials but nothing else.

 

Since I started typing this post a rather silly ad for car tires/tyres has appeared suddenly.

 

How frustrating.

 

Thank you.



BC AdBot (Login to Remove)

 


m

#2 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:07 AM

Posted 25 April 2015 - 09:20 AM

Hi there Hal06. :)

 

You are certainly right, a Malwarebytes scan is in order. Can you please follow the instructions below, and post back the resulting logs. We'll see where to go from there.

 

PMYCj.gif Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: Download Mirror
 
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)
 
Double Click mbam-setup.exe to install the application.
 
(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
 

 

  • Open up Malwarebytes Anti-Malware
  • Once the program has loaded, select "Scan Now". 
  • If prompted to update the malware definitions, do so by clicking Update Now.
  • The scan may take some time to finish,so please be patient.
  • If the scan finds threats, ensure all items are set to Quarantine, click the "Apply Actions" button and then restart the machine (if required). 
  • Once the scan is complete, click Export Log > Text File (*.txt) and save the file to your desktop.
  • Copy and paste the contents of this log in your next post.
 
If Malwarebytes fails to download please use the following link:
 
 
==========
 

Please download JRT from here & double click to start the program.

 

  • Hit any key when prompted and allow it to run through it's process.
 
H2HaYv4.png
 
 
  • Post the log when it's finished.
 
 
==========
 

Please download AdwCleaner by Xplode onto your desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R0].txt as well.
 

 



#3 Hal06

Hal06
  • Topic Starter

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:11:07 PM

Posted 25 April 2015 - 03:00 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/25/2015
Scan Time: 3:41:40 PM
Logfile: Malware Scan 4-25-2015.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.03.09.05
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Harold

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357476
Time Elapsed: 11 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [4c2d6ad992f85bdbc341ec3529dad52b],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [4c2d6ad992f85bdbc341ec3529dad52b],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [4c2d6ad992f85bdbc341ec3529dad52b],
PUP.Optional.Consumer.Input.A, HKU\S-1-5-21-3909690924-3761086334-1024949271-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [f9802122f99186b090ffa978a55e01ff],
PUP.Optional.Consumer.Input.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [f9802122f99186b090ffa978a55e01ff],
PUP.Optional.Consumer.Input.A, HKU\S-1-5-21-3909690924-3761086334-1024949271-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [f9802122f99186b090ffa978a55e01ff],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{ff148bd5}, Quarantined, [6b0e024185058aaccabc646d976cea16],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3909690924-3761086334-1024949271-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [60198db6b7d30036c96f829dce374eb2],
PUP.Optional.MultiIE.A, HKU\S-1-5-21-3909690924-3761086334-1024949271-1000\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [eb8eb291cac051e5fa541612dc29c13f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [7dfc51f236546ec86722ef93a85b817f],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999, Quarantined, [7dfc51f236546ec86722ef93a85b817f],

Files: 21
PUP.Optional.ConsumerInput.A, C:\Users\Harold\AppData\Local\Temp\ConsumerInputUpdate.exeecf7339, Quarantined, [ec8d2a19f694d95d573eb1dee21f09f7],
PUP.Optional.ConsumerInput.A, C:\Users\Harold\AppData\Local\Temp\goopdate.dllecf7339, Quarantined, [9cdd8ab9d5b504322d6826691be6af51],
PUP.Optional.MovieWizard.A, C:\Users\Harold\AppData\Local\Temp\337d4090-d3a8-4f62-911f-9d5777e62b9f\setup.exe, Quarantined, [f3867ac9fe8c5cdaff2bde7fb64abc44],
PUP.Optional.MixVideoPlayer.A, C:\Users\Harold\AppData\Local\Temp\ddd6b4a5-9f5a-499d-97a3-08279c8ea05e\mixvideoplayersetup.exe, Quarantined, [3841e95a563489ad132d8de1c739619f],
PUP.Optional.Useful, C:\Users\Harold\Downloads\TinyPlayer.exe, Quarantined, [c2b7fc470d7da29479cbad24fd08c43c],
PUP.Optional.CrossRider.A, C:\Users\Harold\Downloads\c7.exe, Quarantined, [136611327a10df57242e949c0ef47789],
PUP.Optional.SelectNGo.A, C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [93e65ce7cdbdeb4bc3c4a40911f2ae52],
PUP.Optional.SelectNGo.A, C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [e69321223753f73f6720b6f7f013bc44],
PUP.Optional.SelectNGo.A, C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [c0b990b31278b97dd98a0ccec93a5da3],
PUP.Optional.SelectNGo.A, C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Quarantined, [760368db9af01422ea795c7ed3301ee2],
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999\GoogleCrashHandler.exe, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999\GoogleUpdate.exe, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999\GoogleUpdateBroker.exe, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999\GoogleUpdateHelper.msi, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999\GoogleUpdateOnDemand.exe, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999\goopdate.dll, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999\goopdateres_en.dll, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999\npGoogleUpdate4.dll, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999\psmachine.dll, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.GlobalUpdate.A, C:\Users\Harold\AppData\Local\Temp\comh.309999\psuser.dll, Quarantined, [7dfc51f236546ec86722ef93a85b817f],
PUP.Optional.CrossRider.A, C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\h05iluh2.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14cd309ff9f54320c7f2c006433acb47");), Replaced,[ee8b142f96f4fe38bb37eb33ea1c32ce]

Physical Sectors: 0
(No malicious items detected)


(end)



#4 Hal06

Hal06
  • Topic Starter

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:11:07 PM

Posted 25 April 2015 - 03:05 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.3 (04.25.2015:1)
OS: Windows 7 Home Premium x64
Ran by Harold on Sat 04/25/2015 at 16:01:49.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\globalupdate
Successfully deleted: [Folder] C:\Users\Harold\appdata\local\globalupdate
Successfully deleted: [Folder] C:\Users\Harold\appdata\local\pc_drivers_headquarters



~~~ FireFox

Successfully deleted the following from C:\Users\Harold\AppData\Roaming\mozilla\firefox\profiles\h05iluh2.default\prefs.js

user_pref(extensions.crossrider.bic, 14cd309ff9f54320c7f2c006433acb47);
Emptied folder: C:\Users\Harold\AppData\Roaming\mozilla\firefox\profiles\h05iluh2.default\minidumps [48 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/25/2015 at 16:05:17.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 Hal06

Hal06
  • Topic Starter

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:11:07 PM

Posted 25 April 2015 - 03:08 PM

# AdwCleaner v4.202 - Logfile created 25/04/2015 at 16:06:58
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Harold - HAROLD-HP
# Running from : C:\Users\Harold\Downloads\adwcleaner_4.202.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Harold\Desktop\Continue Live Installation.lnk
Folder Found : C:\rei
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Local AppWizard-Generated Applications
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Local AppWizard-Generated Applications
Key Found : HKLM\SOFTWARE\a2b9adc9-2036-049b-1bb3-43b6ad636c5c
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKLM\SOFTWARE\WebBar

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.90

[C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2006 bytes] - [04/10/2014 10:51:22]
AdwCleaner[R1].txt - [8479 bytes] - [13/03/2015 19:43:18]
AdwCleaner[R2].txt - [1872 bytes] - [20/03/2015 18:54:18]
AdwCleaner[R3].txt - [1931 bytes] - [21/03/2015 09:37:22]
AdwCleaner[R4].txt - [2880 bytes] - [25/04/2015 16:06:58]
AdwCleaner[S0].txt - [2051 bytes] - [04/10/2014 10:58:21]
AdwCleaner[S1].txt - [7656 bytes] - [13/03/2015 19:46:14]
AdwCleaner[S2].txt - [2007 bytes] - [21/03/2015 09:39:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [3116 bytes] ##########
 



#6 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:07 AM

Posted 26 April 2015 - 03:19 AM

Hi again,

 

Thanks a lot for the logs. Can you please run AdwCleaner again, but this time using the Clean function?



#7 Hal06

Hal06
  • Topic Starter

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:11:07 PM

Posted 26 April 2015 - 07:33 AM

# AdwCleaner v4.202 - Logfile created 26/04/2015 at 08:19:16
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Harold - HAROLD-HP
# Running from : C:\Users\Harold\Downloads\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\rei
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch
File Deleted : C:\Users\Harold\Desktop\Continue Live Installation.lnk

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
Key Deleted : HKLM\SOFTWARE\a2b9adc9-2036-049b-1bb3-43b6ad636c5c
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\WebBar

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.90

[C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2006 bytes] - [04/10/2014 10:51:22]
AdwCleaner[R1].txt - [8479 bytes] - [13/03/2015 19:43:18]
AdwCleaner[R2].txt - [1872 bytes] - [20/03/2015 18:54:18]
AdwCleaner[R3].txt - [1931 bytes] - [21/03/2015 09:37:22]
AdwCleaner[R4].txt - [3223 bytes] - [25/04/2015 16:06:58]
AdwCleaner[R5].txt - [3282 bytes] - [26/04/2015 08:18:43]
AdwCleaner[S0].txt - [2051 bytes] - [04/10/2014 10:58:21]
AdwCleaner[S1].txt - [7656 bytes] - [13/03/2015 19:46:14]
AdwCleaner[S2].txt - [2007 bytes] - [21/03/2015 09:39:02]
AdwCleaner[S3].txt - [3119 bytes] - [26/04/2015 08:19:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3178  bytes] ##########
 



#8 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:07 AM

Posted 26 April 2015 - 07:50 AM

Hi,

 

How is the computer running now, Hal06?



#9 Hal06

Hal06
  • Topic Starter

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:11:07 PM

Posted 26 April 2015 - 07:53 AM

Much better. I actually think (or hope) the problem is resolved. Does it look that way to you?

 

If so, are there programs in addition to Microsoft Security Essentials that I could use to further secure my computer?

 

Thanks, by the way.



#10 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:07 AM

Posted 26 April 2015 - 08:53 AM

Yup, everything seems to have gone. I'd just like you to run one more scan if possible.

 

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

 


  • Tick the box next to YES, I accept the Terms of Use


  • Click Start


  • When asked, allow the ActiveX control to install


  • Click Start


  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked


  • Click Scan (This scan can take several hours, so please be patient)


  • Once the scan is completed, you may close the window


  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt


  • Copy and paste that log as a reply to this topic

 
 
==========
 
Regarding alternatives to Microsoft Security Essentials, I would personally recommend Avast! or Avira. Just remember to uninstall Microsoft Security Essentials before installing a new anti virus software.

Edited by AndroidOS, 26 April 2015 - 08:53 AM.


#11 Hal06

Hal06
  • Topic Starter

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:11:07 PM

Posted 26 April 2015 - 05:33 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=98cd8d204f149a40a99e78409c18e55d
# engine=23028
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-23 12:22:46
# local_time=2015-03-22 08:22:46 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2510085 49946160 0 0
# scanned=229041
# found=56
# cleaned=0
# scan_time=10325
sh=7D3659510468C28C7AECBD01CBE1693CACB74052 ft=1 fh=0a99a5032a448b01 vn="a variant of Win32/ReImageRepair.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\LanguageSelect.exe.vir"
sh=28A2197E6556B501C7D9C4D111BD9676C5CD6E13 ft=1 fh=3255a3c07fbe8343 vn="Win32/Toolbar.Babylon.T potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageRepair.exe.vir"
sh=667CD6D9CD0F1543256EF3D883816BBB1AA8CF12 ft=1 fh=d3422451128e857a vn="a variant of MSIL/Adware.iBryte.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Local\Browser Extensions\Client.exe.vir"
sh=3E11625BA880352CE3EAEBA4BA17F9525EB2B7E6 ft=1 fh=d720f009f974b10a vn="a variant of MSIL/Adware.iBryte.X application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Local\Browser Extensions\Tasks.exe.vir"
sh=0498C8CA1C8FBEAC9B0D913B041D6A229863D583 ft=1 fh=b0168cec15caad78 vn="a variant of MSIL/Adware.iBryte.X application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Local\Browser Extensions\Uninstall.exe.vir"
sh=A7DB60FB996D1940DB2D7AD5A23C9A6ED2A4BDB9 ft=1 fh=54f23377f245e0e9 vn="a variant of MSIL/Adware.iBryte.X application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Local\Browser Extensions\Updater.exe.vir"
sh=C114A2B464BF73EA6C20BBC3625A9B1F8456886F ft=1 fh=fbf062348ff98c4b vn="a variant of Win32/BubbleDock.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe.vir"
sh=D779C2E074CA75FA8D4705E40B2C9CD07F66C0DA ft=1 fh=6504c554c6cf3ee2 vn="a variant of Win32/BubbleDock.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe.vir"
sh=EB8DDFE5E333FECE231728BF68EEEDBB25AE2C16 ft=1 fh=c71c0011fc7599c3 vn="a variant of Win32/Adware.ConvertAd.CV application" ac=I fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Local\34444335-1426274367-4433-3958-6CC2175ED54A\onsr3A9B.tmp"
sh=1C2747A8C83A8019BD38834FD4048F0381047779 ft=1 fh=68ceeda39efe8123 vn="a variant of Win32/Adware.AdService.BF application" ac=I fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Local\34444335-1426274367-4433-3958-6CC2175ED54A\snsb3A89.tmp"
sh=4AB0C3905BB29A0571D3EDFC270AB200FE7B38C2 ft=1 fh=e19b5ac848bd8cdc vn="a variant of Win32/Adware.ConvertAd.DB application" ac=I fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Roaming\34444335-1426288539-4433-3958-6CC2175ED54A\jnsf11C2.tmp"
sh=4AB0C3905BB29A0571D3EDFC270AB200FE7B38C2 ft=1 fh=e19b5ac848bd8cdc vn="a variant of Win32/Adware.ConvertAd.DB application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYDKOLBF\JOSrv[1].exe"
sh=592EC8B63A9077CDFBC41C932296D810E54F7DB1 ft=1 fh=633a64bca365c706 vn="a variant of Win32/InstallCore.PO potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYDKOLBF\Setup[1].exe"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUW0Q03V\SearchProtect_1611[1].exe"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUW0Q03V\Setup[1].exe"
sh=CAD030A252A8F3E8D953818AE2448145CD03B064 ft=1 fh=a5ba52c9b2362852 vn="a variant of MSIL/Adware.iBryte.X application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJL8DF79\gb-installer-ns[1].exe"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJL8DF79\Setup[1].exe"
sh=ED3463A7DB95D4B0A40B18FF7D4C3A198AFE9C87 ft=1 fh=b73262d5706d13f5 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJL8DF79\Stub[1].exe"
sh=06D91735982A6D0DBB150C6167514C57E2715DBD ft=1 fh=6fd7c1c6cf2c911d vn="Win32/Adware.ConvertAd.CZ application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJL8DF79\WinCheckSetup[1].exe"
sh=5130AFFCC0F8099D451A6C60FD4FD12B440E7283 ft=1 fh=310cdaa0fc82a44a vn="a variant of Win32/Adware.AddLyrics.DX application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1HFG29Q\3333-6051_CheckMeUp[1].exe"
sh=844F95A2022A316122DABAE27DF3E32F0EDA0921 ft=1 fh=0e5817b000d8e872 vn="Win32/BubbleDock.A potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1HFG29Q\BubbleDock20150217[1].exe"
sh=5F017D704F0FD4A9FFF856E1F65371827A10A0B4 ft=1 fh=545d61061d382af8 vn="a variant of Win32/Adware.SpeedingUpMyPC.AB application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1HFG29Q\OptimizerPro_0803[1].exe"
sh=A6272E9B99FF125BF0047842AD01BA7F0BEF11E6 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1HFG29Q\stubinst_pkg_en-us[1].cab"
sh=C8FA69D09CE19C6D735AE8942A4C11232E3A2115 ft=1 fh=609ab5095581ebbe vn="a variant of Win32/Adware.AdService.BI application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1HFG29Q\VOsrv[1].exe"
sh=C4F2149618675C30F623C2BE4DEF75E88500D333 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HN9HY3HX\ask_en[1].cab"
sh=23734979225AD8A8DDAFA18B58434B00AECB6587 ft=1 fh=590cfafdc3bf97e5 vn="multiple threats" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HN9HY3HX\ConvertAdSetup[1].exe"
sh=2184E916FE3B2D34C4AA16A75DDABC3B4EB825EB ft=1 fh=7121e2d641bf43b6 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HN9HY3HX\Setup[1].exe"
sh=1C2747A8C83A8019BD38834FD4048F0381047779 ft=1 fh=68ceeda39efe8123 vn="a variant of Win32/Adware.AdService.BF application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HN9HY3HX\SU_Srv[1].exe"
sh=E4947B055EAFFEFF4C7DFD743022394C95271494 ft=1 fh=d1a5e7f29d4b640e vn="a variant of Win32/Adware.AdService.BG application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KU2V24N4\CASrv[1].exe"
sh=EB8DDFE5E333FECE231728BF68EEEDBB25AE2C16 ft=1 fh=c71c0011fc7599c3 vn="a variant of Win32/Adware.ConvertAd.CV application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KU2V24N4\Update_Notifier[1].exe"
sh=FB5D3C024D8252E2BB2E98DD6DD5D487BEDF5D44 ft=1 fh=9e70f47c3a7b9e39 vn="Win32/VOPackage.BV potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NB4WL929\count_vc[1].htm"
sh=8AA9A3A6BE4352CB29F19B12D3C0FBDA9E35E570 ft=1 fh=d456cf5681dc4139 vn="a variant of Win32/Adware.AdService.BI application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NB4WL929\VOsrv[1].exe"
sh=C001AA9D1C3E40BAD50C9F072E36D4A14E95BFD8 ft=1 fh=85552db74b73232d vn="Win32/Verti.L potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TS2G261B\StormWatchSetup[1].exe"
sh=64780946CC634D2B9070D7971A46C32B96DADC91 ft=1 fh=c71c00114a642d10 vn="a variant of Win32/Adware.AddLyrics.DY application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\2DEF263C-23F6-78C7-BAD7-8648A721FA62.exe"
sh=43476C4BB860BE6D8C57806FF45F8496DF15C527 ft=1 fh=c71c00115fc3e060 vn="a variant of Win32/Adware.AddLyrics.DY application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\EBE94044-E3F5-B37C-AC93-2317E576A5AD.exe"
sh=592EC8B63A9077CDFBC41C932296D810E54F7DB1 ft=1 fh=633a64bca365c706 vn="a variant of Win32/InstallCore.PO potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\ICReinstall_nsjBA0A.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\ICReinstall_nsjC800.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\ICReinstall_nsnD40.tmp"
sh=A43A063440237D6A7816CFD22A6A09C71AD4B5CC ft=1 fh=49e0f9824a029dcb vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\ICReinstall_nsoF667.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\ICReinstall_nsw62EF.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\ICReinstall_nsx9582.tmp"
sh=06D91735982A6D0DBB150C6167514C57E2715DBD ft=1 fh=6fd7c1c6cf2c911d vn="Win32/Adware.ConvertAd.CZ application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\nsf7D5B.tmp"
sh=23734979225AD8A8DDAFA18B58434B00AECB6587 ft=1 fh=590cfafdc3bf97e5 vn="multiple threats" ac=I fn="C:\Users\Harold\AppData\Local\Temp\nsg96D7.tmp"
sh=6047B95E401E3E12ED551C8980CBC3E6EC6EBB95 ft=1 fh=be590a4afa4bdc0b vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\nsj51E6.tmp"
sh=592EC8B63A9077CDFBC41C932296D810E54F7DB1 ft=1 fh=633a64bca365c706 vn="a variant of Win32/InstallCore.PO potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\nsjBA0A.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\nsjC800.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\nsnD40.tmp"
sh=A43A063440237D6A7816CFD22A6A09C71AD4B5CC ft=1 fh=49e0f9824a029dcb vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\nsoF667.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\nsw62EF.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\nsx9582.tmp"
sh=E73AEB9DE803EAD6C988468FD6F8BC73826B0D46 ft=1 fh=1483a661ad3ebc66 vn="multiple threats" ac=I fn="C:\Users\Harold\AppData\Local\Temp\optsetup.exe"
sh=1DAF1F036E729AB568A561A275A3D79E12D8125D ft=1 fh=a2b312dd15b7eae5 vn="a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\is45637729\231141366_stp\CleanerProSetup.exe"
sh=5D1680BAF73C81D7CAEA5E3406E3D2D917EA260E ft=1 fh=47a240ba2e89709f vn="a variant of Win32/Adware.Similagro.E application" ac=I fn="C:\Users\Harold\AppData\Local\Temp\is45637729\231141460_stp\offer_7941.exe"
sh=4370E4F60FB96627C6AD4F4820A4FA8A61F8EC29 ft=1 fh=3b60eb1472d7e959 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Harold\Downloads\cbsidlm-cbsi213-Print_to_PDF-SEO-75945959.exe"
sh=F69F5B71A6FA94B71504EF184913BCF428D43899 ft=1 fh=6c8257ade2556f83 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Harold\Downloads\ccsetup418.exe"
sh=402E74EAC314C7B6452F35BDA63E0D2890D84F6E ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Installer\4ac81c9.msi"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=98cd8d204f149a40a99e78409c18e55d
# engine=23573
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-26 08:21:31
# local_time=2015-04-26 04:21:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5519610 52955685 0 0
# scanned=223085
# found=21
# cleaned=21
# scan_time=7828
sh=7D3659510468C28C7AECBD01CBE1693CACB74052 ft=1 fh=0a99a5032a448b01 vn="a variant of Win32/ReImageRepair.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\LanguageSelect.exe.vir"
sh=28A2197E6556B501C7D9C4D111BD9676C5CD6E13 ft=1 fh=3255a3c07fbe8343 vn="Win32/Toolbar.Babylon.T potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageRepair.exe.vir"
sh=667CD6D9CD0F1543256EF3D883816BBB1AA8CF12 ft=1 fh=d3422451128e857a vn="a variant of MSIL/Adware.iBryte.F application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Local\Browser Extensions\Client.exe.vir"
sh=3E11625BA880352CE3EAEBA4BA17F9525EB2B7E6 ft=1 fh=d720f009f974b10a vn="a variant of MSIL/Adware.iBryte.X application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Local\Browser Extensions\Tasks.exe.vir"
sh=0498C8CA1C8FBEAC9B0D913B041D6A229863D583 ft=1 fh=b0168cec15caad78 vn="a variant of MSIL/Adware.iBryte.X application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Local\Browser Extensions\Uninstall.exe.vir"
sh=A7DB60FB996D1940DB2D7AD5A23C9A6ED2A4BDB9 ft=1 fh=54f23377f245e0e9 vn="a variant of MSIL/Adware.iBryte.X application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Local\Browser Extensions\Updater.exe.vir"
sh=C114A2B464BF73EA6C20BBC3625A9B1F8456886F ft=1 fh=fbf062348ff98c4b vn="a variant of Win32/BubbleDock.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe.vir"
sh=D779C2E074CA75FA8D4705E40B2C9CD07F66C0DA ft=1 fh=6504c554c6cf3ee2 vn="a variant of Win32/BubbleDock.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Harold\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe.vir"
sh=EB8DDFE5E333FECE231728BF68EEEDBB25AE2C16 ft=1 fh=c71c0011fc7599c3 vn="a variant of Win32/Adware.ConvertAd.CV application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Local\34444335-1426274367-4433-3958-6CC2175ED54A\onsr3A9B.tmp"
sh=77E81EF6900571DE5D7D4EE3F870F7E7B27A970C ft=1 fh=9fae3813f05740fb vn="Win32/Adware.ConvertAd.FC application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Local\34444335-1426274367-4433-3958-6CC2175ED54A\pnsb3ADA.exe"
sh=1F4CDEC144B0DE5798E15307B232365ABE2B0B12 ft=1 fh=834bb37dcdb00cb4 vn="a variant of Win32/Adware.ConvertAd.EA application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Local\34444335-1426274367-4433-3958-6CC2175ED54A\rnsb3A8A.exe"
sh=1C2747A8C83A8019BD38834FD4048F0381047779 ft=1 fh=68ceeda39efe8123 vn="a variant of Win32/Adware.AdService.BF application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Local\34444335-1426274367-4433-3958-6CC2175ED54A\snsb3A89.tmp"
sh=4AB0C3905BB29A0571D3EDFC270AB200FE7B38C2 ft=1 fh=e19b5ac848bd8cdc vn="a variant of Win32/Adware.ConvertAd.DB application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Roaming\34444335-1426288539-4433-3958-6CC2175ED54A\jnsf11C2.tmp"
sh=7BB2B6474C9B85A4462C9EB783BF55DD85BB806C ft=1 fh=0662d93222f420d4 vn="a variant of Win32/Adware.AdService.BN application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Roaming\34444335-1426288539-4433-3958-6CC2175ED54A\nsbE2B6.tmp"
sh=1F4CDEC144B0DE5798E15307B232365ABE2B0B12 ft=1 fh=834bb37dcdb00cb4 vn="a variant of Win32/Adware.ConvertAd.EA application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Roaming\34444335-1426288539-4433-3958-6CC2175ED54A\rnsvCA0.exe"
sh=9A4E769E63252098561E92A295B5C9B9D5920489 ft=1 fh=f84e6e4b5d2b1a4d vn="Win32/Adware.ConvertAd.EB application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Roaming\34444335-1426288539-4433-3958-6CC2175ED54A\Uninstall.exe"
sh=2BD4C9D735256A7411AC3A05B3019E892F2E1AB0 ft=1 fh=e784d1bd9bc37b7c vn="Win32/Adware.ConvertAd.EB application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\AppData\Roaming\34444335-1426288539-4433-3958-6CC2175ED54A\vnsfB498.tmp"
sh=4370E4F60FB96627C6AD4F4820A4FA8A61F8EC29 ft=1 fh=3b60eb1472d7e959 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\Downloads\cbsidlm-cbsi213-Print_to_PDF-SEO-75945959.exe.xBAD"
sh=F69F5B71A6FA94B71504EF184913BCF428D43899 ft=1 fh=6c8257ade2556f83 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Harold\Downloads\ccsetup418.exe.xBAD"
sh=0D90A3500192010179A595B28A46A2E76E4BDF73 ft=1 fh=2774584e6adae81d vn="a variant of Win32/TrojanDropper.Addrop.A trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Harold\AppData\Local\Temp\6b5c9c8d-1f95-4cab-88cb-920e36f40276\setup.exe"
sh=3AFD94624725E8A844DDC4989C39706B6DAE4B8B ft=1 fh=9c4fcf06e38c8bb5 vn="a variant of Win32/SoftPulse.AB potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Harold\Downloads\Setup.exe"
 



#12 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:07 AM

Posted 27 April 2015 - 07:56 AM

Yup, that all looks good to me. You can run DelFix to remove the tools we have used (just run the program, select the Remove disinfection tools box and click Run).

 

Is there anything else I can help you with?



#13 Hal06

Hal06
  • Topic Starter

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:11:07 PM

Posted 27 April 2015 - 10:37 AM

At the moment all else seems well. Thank you very much for your assistance.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users