Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scanners finding hundreds of objects


  • Please log in to reply
6 replies to this topic

#1 rhilton

rhilton

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 15 September 2015 - 10:25 AM

I know I'm not supposed to post logs here unless instructed, but I currently use Windows defender and MBAM and I've been having hundreds of hits every day with my scanners. What is my first step? I don't know how to prevent them from starting back even though I'm cautious with what I install and where I go on the internet.

 

Thanks for the help!



BC AdBot (Login to Remove)

 


#2 BenjaminGordonT

BenjaminGordonT

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 15 September 2015 - 10:44 AM

I don't know whether those are legitimate hits or just browser cookies... I know that sometimes antiviruses (especially ones with real-time) can give you false hits if they are running side-by-side but without one of those scan logs I won't be able to tell... Attach one of the scan logs from either MBAM or Defender or whatever is giving you all those hits so I can see it... I can't imagine you would have that many viruses but anything's possibe​​



#3 rhilton

rhilton
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 15 September 2015 - 10:56 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/14/2015
Scan Time: 10:05 AM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.14.04
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Rebecca

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 456602
Time Elapsed: 42 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 38
PUP.Optional.SweetIM, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEDAF650-12B8-48F5-A843-BBA100716106}, Quarantined, [9933dd520487a98d47a541a317eb7d83], 
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, Quarantined, [fdcf1d124b40e155769e18cd71916d93], 
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UpdateAdmin, Delete-on-Reboot, [5f6db6794a4160d6f1a797251aea9967], 
PUP.Optional.eShield, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dkmjljdbbgogihjcapfhgkonfmccbffp, Quarantined, [7a52fa3592f9cf67df9c5c35ef15df21], 
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, Quarantined, [27a53ef1c0cb2313faa5219913f1bf41], 
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F1CD30B-3A84-4B95-BFA4-CC0F885B8463}, Quarantined, [dfed89a64b40ca6ce6b3497344c02ad6], 
PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\PlaythruPlayer, Quarantined, [7f4d8da26427e84ea34fe9c0020222de], 
PUP.Optional.TNT, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\TNT2, Quarantined, [ece0f03faedd83b3a21f02b811f36d93], 
PUP.Optional.UpdateAdmin, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\DOWNLOADADMIN\UpdateAdmin, Quarantined, [74580827fa91d75f7f17318be222f010], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, Quarantined, [9834e649bbd058deeaab19a1e71d05fb], 
PUP.Optional.TNT, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, Quarantined, [f2da5cd3fb901224c5fa9624a55f27d9], 
PUP.Optional.TNT, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{30F06AFD-527E-4C62-9632-F65B063EF36C}, Quarantined, [3498c76856350135942cf8c2659fd22e], 
PUP.Optional.TNT, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{833D2931-F401-44C5-9948-4813A109627D}, Quarantined, [814b012eb4d7280edbe53882ad576f91], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin, Quarantined, [48842e01f09bed49d0caf5c52cd82bd5], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\TYPELIB\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{30510474-98B5-11CF-BB82-00AA00BDCE0B}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{52C5395B-1FCD-47FA-A834-FD830701C2D5}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{762D463B-C45A-456D-A80D-8689C297C91E}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{7A6BE473-7960-44D0-BD54-D23DA76353DF}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{803F550E-BAAE-42BB-8917-64BA0006AB17}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{F1912128-469A-4138-AA26-9699C15BB13E}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\INTERFACE\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5A1F490D-CF4D-4B32-B9DF-82AC3F817007}, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\CLASSES\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001_Classes\CLSID\{598E8388-36D7-4DF8-A4D8-D4B4E9C08E73}, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{598E8388-36D7-4DF8-A4D8-D4B4E9C08E73}, Quarantined, [a329ec435437360091586db642c14db3], 

Registry Values: 10
PUP.Optional.DownLoadAdmin, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|UpdateAdmin, C:\Users\Rebecca\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN, Quarantined, [27a5939caddeb5810975a1ff0005d828]
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8F1CD30B-3A84-4B95-BFA4-CC0F885B8463}|Publisher, DownloadAdmin, Quarantined, [dfed89a64b40ca6ce6b3497344c02ad6]
PUP.Optional.TNT, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}|AppName, TNT2User.exe, Quarantined, [f2da5cd3fb901224c5fa9624a55f27d9]
PUP.Optional.TNT, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{30F06AFD-527E-4C62-9632-F65B063EF36C}|OSDFileURL, file:///C:/Users/Rebecca/AppData/Local/TNT2/Profiles/11469/yah11469.xml, Quarantined, [3498c76856350135942cf8c2659fd22e]
PUP.Optional.TNT, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{30F06AFD-527E-4C62-9632-F65B063EF36C}|FaviconURL, http://mirror.mirror-files.com/tnt2/1/Y1404.ico, Quarantined, [c705ae817c0fe3531da38931cb39ca36]
PUP.Optional.TNT, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{833D2931-F401-44C5-9948-4813A109627D}|OSDFileURL, file:///C:/Users/Rebecca/AppData/Local/TNT2/Profiles/11469/os11469.xml, Quarantined, [814b012eb4d7280edbe53882ad576f91]
PUP.Optional.TNT, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{833D2931-F401-44C5-9948-4813A109627D}|FaviconURL, http://mirror.mirror-files.com/tnt2/10999/eShield_16.ico, Quarantined, [7f4d1c137f0c8ea8ebd5fbbf0301718f]
PUP.Optional.eShield, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{833D2931-F401-44C5-9948-4813A109627D}|URL, http://search.eshield.com/serp?guid={5A1F490D-CF4D-4B32-B9DF-82AC3F817007}&action=default_search&k={searchTerms}, Quarantined, [e4e80f20dbb059dd8bef7120b94bf808]
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{598E8388-36D7-4DF8-A4D8-D4B4E9C08E73}, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{598E8388-36D7-4DF8-A4D8-D4B4E9C08E73}, Quarantined, [a329ec435437360091586db642c14db3], 

Registry Data: 3
PUP.Optional.eShield, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={5A1F490D-CF4D-4B32-B9DF-82AC3F817007}&i=, Good: (www.google.com), Bad: (http://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={5A1F490D-CF4D-4B32-B9DF-82AC3F817007}&i=),Replaced,[25a757d828634ee8ccd6531860a5867a]
PUP.Optional.eShield, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={5A1F490D-CF4D-4B32-B9DF-82AC3F817007}&i=, Good: (www.google.com), Bad: (http://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={5A1F490D-CF4D-4B32-B9DF-82AC3F817007}&i=),Replaced,[c5071a152665181e39688edd699cd42c]
PUP.Optional.eShield, HKU\S-1-5-21-4138983452-927947076-2944478575-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={5A1F490D-CF4D-4B32-B9DF-82AC3F817007}&i=, Good: (www.google.com), Bad: (http://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={5A1F490D-CF4D-4B32-B9DF-82AC3F817007}&i=),Replaced,[c70567c88209d85eb0f1ee7dd53026da]

Folders: 15
PUP.Optional.UpdateAdmin, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin, Quarantined, [21ab79b6f992cd6950429527c83ce21e], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Common, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\Cache, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Program Files (x86)\TNT2, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, C:\Program Files (x86)\TNT2\2.0.0.2000, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, C:\Program Files (x86)\TNT2\Profiles, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, C:\Program Files (x86)\TNT2\Profiles\11469, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.UpdateAdmin, C:\Users\Rebecca\AppData\Local\UpdateAdmin, Quarantined, [17b531fe9fec92a4743c49db36cd728e], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\_metadata, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 

Files: 89
PUP.Optional.DownLoadAdmin, C:\Users\Rebecca\AppData\Local\UpdateAdmin\UpdateAdmin.exe, Quarantined, [27a5939caddeb5810975a1ff0005d828], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Temp\U7g1343bRWBIuUUhJIM\134\E_shield-TB11469.exe, Quarantined, [765643ec55360333e868edcd9a678080], 
PUP.Optional.ArcadeTwist, C:\Users\Rebecca\AppData\Local\Temp\U7g1343bRWBIuUUhJIM\147\atw_stub_tightrope_4.exe, Quarantined, [65673cf3eba0340252e4633d2dd854ac], 
Trojan.MSIL.Dropper, C:\Users\Rebecca\AppData\Local\Temp\U7g1343bRWBIuUUhJIM\192\gb-installer-nsi.exe, Quarantined, [1fad86a93655c4728c41391590758a76], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\IEToolbar.dll, Quarantined, [ebe132fd3f4c30062b241e9c17eaba46], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\IEToolbar64.dll, Quarantined, [24a85dd27f0cbc7ada750baf778a45bb], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\passport.dll, Quarantined, [1eae99962566ad89e46b87333ac730d0], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\passport64.dll, Quarantined, [5676b47b711abe78232c98229170d030], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\Temp\VOTPrx.log, Quarantined, [ece09699d4b7e056dcde85ec24e09a66], 
PUP.Optional.Winsock.HijackBoot, C:\Users\Rebecca\AppData\Local\Temp\VOTPrxr.log, Quarantined, [517bed4297f4b482ebd0373ad13360a0], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\Temp\VOTPrxr.log, Quarantined, [cffd40ef8dfe0a2cebd03d34877dbd43], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\gizi8010.default\extensions\toolbar11469@eshield.com.xpi, Quarantined, [d9f3f9365635e650da9d5140659f4ab6], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\gizi8010.default\searchplugins\eshield-safe-web.xml, Quarantined, [4884240b0f7c4ee814642c659f6523dd], 
PUP.Optional.UpdateAdmin, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin\UpdateAdmin.lnk, Quarantined, [21ab79b6f992cd6950429527c83ce21e], 
PUP.Optional.UpdateAdmin, C:\Windows\System32\Tasks\UpdateAdmin, Quarantined, [5478c26db2d9de58eba8a418b94be31d], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\Autorun.inf, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\chromeinst.1.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\crx.tar, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\GLOBALUNINSTALL.TNT, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\hmac.1.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\iestage2.1.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\INSTALL.TNT, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\LastSession.log, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\log.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\npTNT2.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\PARTNER.TNT, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\pinnedSearch.htm, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\pinnedSearch_FindWide.htm, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\pinnedSearch_Freshy.htm, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\progress.1.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\regsvr.1.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\RemoteSkin.wms, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\sqlite.1.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\tnt2chrome.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\tnt2chrome64.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\TNT2User.exe, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\TNT2UserPS.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\TNT2UserPS64.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\TntMagicDel.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\UnInjLib.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\UnInjLib64.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\UNINSTALL.TNT, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\UninstallDlg.1.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\untar.1.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\UPDATE.TNT, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\xpi.tar, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\2.0.0.2000\zipunzip.1.dll, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Common\extension_host-manifest.json, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Common\extension_host.exe, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Common\extension_host.ini, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\blklst0.db, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\blklst1.db, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\blklst2.db, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\icon.ico, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\inst.ini, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\INSTALL.TNT, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\LastSession.log, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\os11469.xml, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\PARTNER.145.TNT, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\partner.dat, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\runt.ini, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\tnt_32x32.png, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\toolbar11469@eshield.com.xpi, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Users\Rebecca\AppData\Local\TNT2\Profiles\11469\yah11469.xml, Quarantined, [5478f33c3e4d02348662f13235ceef11], 
PUP.Optional.TidyNetwork, C:\Program Files (x86)\TNT2\TNT2UserPS.dll, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, C:\Program Files (x86)\TNT2\TNT2UserPS64.dll, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, C:\Program Files (x86)\TNT2\2.0.0.2000\IEToolbar.dll, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, C:\Program Files (x86)\TNT2\2.0.0.2000\IEToolbar64.dll, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, C:\Program Files (x86)\TNT2\Profiles\11469\passport.dll, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.TidyNetwork, C:\Program Files (x86)\TNT2\Profiles\11469\passport64.dll, Quarantined, [a329ec435437360091586db642c14db3], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\background.js, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\background.html, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\eshield.nmf, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\eShield_128.png, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\eShield_16.png, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\eShield_48.png, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\eshield_arm.nexe, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\eshield_x86_32.nexe, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\eshield_x86_64.nexe, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\manifest.json, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\newtab.html, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\newtab.js, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\off.png, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\on.png, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp\1.5_0\_metadata\verified_contents.json, Quarantined, [993340ef1e6dd165c3f4188d47be4eb2], 
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\gizi8010.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://services.eshield.com/general/newhometab.php?hometab=tab&partner=11469&guid={5A1F490D-CF4D-4B32-B9DF-82AC3F817007}&i=");), Replaced,[8e3e0d228b0063d3e437574c788d22de]
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\gizi8010.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.eshield.com/serp?guid={5A1F490D-CF4D-4B32-B9DF-82AC3F817007}&action=default_search&k=");), Replaced,[73597cb3a5e6e5511c00d9caec199769]
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\gizi8010.default\prefs.js, Good: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (browser.startup.homepage", "http://services.eshield.com), Replaced,[f0dc909f0883a690730a1a8f62a31ce4]
PUP.Optional.eShield, C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\gizi8010.default\user.js, Quarantined, [468677b8206b20168530564fd23341bf], 

Physical Sectors: 0
(No malicious items detected)


(end)


#4 BenjaminGordonT

BenjaminGordonT

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 15 September 2015 - 03:09 PM

Most of that is Adware or PUP... Download AdwCleaner and JRT and run them. First run AdwCleaner and hit "Scan"... Once scan is completed hit "Clean"... It will ask you to reboot so go ahead and do that... Once that is done then run JRT and follow the on-screen instructions... It will reboot as well and then you can run a scan with Malwarebytes and/or Windows Defender to clean up the leftover traces of adware left on your computer... Also I would recommend if you have Malwarebytes to disable Windows Defender as they will only conflict with each other and Windows Defender is pretty limited as-is...



#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:11 PM

Posted 15 September 2015 - 04:40 PM

Just to clarify... Malwarebytes won't conflict with Windows Defender (or most AVs for that matter), so there is no need to disable Windows Defender.

MBAM will also benefit from the AV component of Windows Defender, as it covers certain types of threats MBAM does not target itself.

#6 BenjaminGordonT

BenjaminGordonT

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 15 September 2015 - 05:17 PM

OK fair enough



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:11 PM

Posted 15 September 2015 - 09:13 PM

The default setting for detected PUPs is to "Warn user about detections". Malwarebytes will not automatically remove these detections unless you reconfigure (change) the default Non-Malware Protection settings to "Treat detections as malware".

Read the Malwarebytes User Guide: Non-Malware Protection for information and applicable settings found under the Detection and Protection section.

Detection.png
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users