Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermitent online typing problem


  • Please log in to reply
13 replies to this topic

#1 rebar

rebar

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 24 October 2015 - 06:34 PM

Dear Bleepers,

 

I've been having problems lately with typing online. Sometimes when I have the cursor in the proper posting spot no keystrokes follow. If I go to a desktop program, like Word, and type a few characters the problem goes away. I've checked and I'm running the latest Firefox and Flash updates. Running 64-bit Windows 7 Ultimate with SP1, and all the latest "critical" updates.

 

It has been a long time since I've been here, and the problem is relatively recent. Is this something for this forum, or should I go elsewhere? Could it be a malware symptom?

 

Thanks,

 

rebar


Edited by hamluis, 25 October 2015 - 10:21 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:52 AM

Posted 25 October 2015 - 10:06 AM

Some keyloggers can produce the exact symptoms you are describing.  They steal the information from the keyboard buffer and log it, then pass it back to the OS like nothing happened.  This information may include passwords and other sensitive information.  But if something goes wrong, not all the keystrokes get passed to the OS.
 
I would suggest running a few malware scans to determine if this is in fact what is happening.
 
Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
4)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
5)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
================
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.

================

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 25 October 2015 - 10:09 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 rebar

rebar
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 31 October 2015 - 11:35 AM

Sorry to be slow to get back, Below is the Malware scan. Now on to TDSSKiller.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/31/2015
Scan Time: 8:57 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.31.04
Rootkit Database: v2015.10.28.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: jackt

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371770
Time Elapsed: 10 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 46
PUP.Optional.Spigot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Application Updater, Quarantined, [d9a7e97469222b0be0edd75388794ab6],
PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Quarantined, [afd106577b102115c0dd3eea27db2dd3],
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Quarantined, [afd106577b102115c0dd3eea27db2dd3],
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Quarantined, [afd106577b102115c0dd3eea27db2dd3],
PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Quarantined, [afd106577b102115c0dd3eea27db2dd3],
PUP.Optional.Spigot, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Quarantined, [afd106577b102115c0dd3eea27db2dd3],
PUP.Optional.Spigot, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Quarantined, [afd106577b102115c0dd3eea27db2dd3],
PUP.Optional.StartNow, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E13D095-45C3-4271-9475-F3B48227DD9F}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E13D095-45C3-4271-9475-F3B48227DD9F}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\CLASSES\TYPELIB\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\CLASSES\INTERFACE\{1C888195-0160-4883-91B7-294C0CE2F277}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\CLASSES\INTERFACE\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1C888195-0160-4883-91B7-294C0CE2F277}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1C888195-0160-4883-91B7-294C0CE2F277}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.StartNow, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{65bcd620-07dd-012f-819f-073cf1b8f7c6}, Quarantined, [2e52ce8f3b508ea8126b0307e61cb050],
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, Quarantined, [730da3bac1cafe38d5a424e6b052857b],
PUP.Optional.Zugo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\StartNow Toolbar, Quarantined, [8df366f70388df571ac792dbab56ab55],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\Default Tab, Quarantined, [fc8476e7e7a4c5714a2d005d9c6724dc],
PUP.Optional.StartNow, HKLM\SOFTWARE\WOW6432NODE\StartNow Toolbar, Quarantined, [7f0165f86328ee488a88305543c00df3],
PUP.Optional.SweetIM, HKLM\SOFTWARE\WOW6432NODE\SweetIM, Quarantined, [3f41e67743483afc01a79de938cb4eb2],
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER, Quarantined, [394744195a3189adbabcfc88c93a0ef2],
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\CIKKKFOOOMPGEFBCJLGDJEJFDKNKHEAJ, Quarantined, [87f937262b60c2740e69aada09fa13ed],
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\GPIIFGMGNFDIBLGPAEPBMFDKCHEICGOF, Quarantined, [2060481590fb77bfd7a0e2a201028878],
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\HBCENNHACFAAGDOPIKCEGFCOBCADEOCJ, Quarantined, [8bf58ad3f09b60d6fc7bf78d1de69d63],
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PFNDAKLGOLLADNIICKLEHHANCNLGOCPP, Quarantined, [88f8a7b6a2e994a21b5c5430df2434cc],
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS, Quarantined, [4e321845cfbcf640a6d57b09e51e8977],
PUP.Optional.SweetIM, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\SweetIM, Quarantined, [215f4b122e5d0531aaf932549b6811ef],
PUP.Optional.Conduit, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [b9c7e776ec9fb2842a7868ef9f64fb05],
PUP.Optional.CrossRider, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [b0d03d20f398cc6a4ebc97c4788ba060],
PUP.Optional.Spigot, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [b8c83b22eba0a294b0beed9740c39769],
PUP.Optional.Conduit, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\CONDUIT\FF, Quarantined, [ed936bf27c0f1e18acf7afa8659ee21e],
PUP.Optional.MyStart, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}, Quarantined, [f58b25386b206ec894f2cba9ee15659b],
PUP.Optional.Spigot, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{408E2B4F-E471-4751-942C-E221CC5CD542}, Quarantined, [156babb296f596a09ad61a6ae320ad53],
PUP.Optional.SweetPacks, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{96AFAB24-8B9B-4C5A-8810-60AD51E433F3}, Quarantined, [ec94d28b2c5f38fec4ed26600201768a],
PUP.Optional.StartNow, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}, Quarantined, [651be07dddae67cfa767bfc621e2bf41],
PUP.Optional.Spigot, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\SEARCH SETTINGS, Quarantined, [d3adcb92fb906bcbea8a503451b21de3],

Registry Values: 29
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE, 1, Quarantined, [d9a7e97469222b0be0edd75388794ab6]
PUP.Optional.Spigot, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Quarantined, [afd106577b102115c0dd3eea27db2dd3],
PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, SearchMe Toolbar, Quarantined, [afd106577b102115c0dd3eea27db2dd3]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, SearchMe Toolbar, Quarantined, [afd106577b102115c0dd3eea27db2dd3]
PUP.Optional.Spigot, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Quarantined, [9ee28ad3a8e3d561b9e45bcd3bc7f20e],
PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Quarantined, [b1cf0b527417d660c3dac2666b9735cb],
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Quarantined, [fa860e4f2f5c75c1faa3fa2e09f99f61],
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER|serverURL, http://www.mybrowserbar.com/, Quarantined, [394744195a3189adbabcfc88c93a0ef2]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cikkkfooompgefbcjlgdjejfdknkheaj|path, C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx, Quarantined, [87f937262b60c2740e69aada09fa13ed]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gpiifgmgnfdiblgpaepbmfdkcheicgof|path, C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx, Quarantined, [2060481590fb77bfd7a0e2a201028878]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hbcennhacfaagdopikcegfcobcadeocj|path, C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx, Quarantined, [8bf58ad3f09b60d6fc7bf78d1de69d63]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfndaklgolladniicklehhancnlgocpp|path, C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx, Quarantined, [88f8a7b6a2e994a21b5c5430df2434cc]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS|installDir, C:\Program Files (x86)\Common Files\Spigot\Search Settings\, Quarantined, [4e321845cfbcf640a6d57b09e51e8977]
PUP.Optional.CrossRider, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\NEW WINDOWS\ALLOW|*.crossrider.com, CrossriderApp0002258, Quarantined, [97e9a9b43c4f52e464b8e17b23e041bf]
PUP.Optional.MyStart, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}|URL, http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120512263C4D5F8C88E13BFCEEE852&q={searchTerms}, Quarantined, [f58b25386b206ec894f2cba9ee15659b]
PUP.Optional.Spigot, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{408E2B4F-E471-4751-942C-E221CC5CD542}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}, Quarantined, [156babb296f596a09ad61a6ae320ad53]
PUP.Optional.Spigot, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{408E2B4F-E471-4751-942C-E221CC5CD542}|OSDFileURL, file:///C:/Program%20Files%20(x86)/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, Quarantined, [bfc10e4ffe8d81b5f27f5d2750b3cd33]
PUP.Optional.SweetPacks, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{96AFAB24-8B9B-4C5A-8810-60AD51E433F3}|DisplayName, SweetPacks A5 Customized Web Search, Quarantined, [ec94d28b2c5f38fec4ed26600201768a]
PUP.Optional.Conduit, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{96AFAB24-8B9B-4C5A-8810-60AD51E433F3}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3314312&CUI=UN38053918241975724&UM=2, Quarantined, [9ae6d984a3e8fc3a37718acde41f8f71]
PUP.Optional.Conduit, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{96AFAB24-8B9B-4C5A-8810-60AD51E433F3}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, Quarantined, [2858e479dfac01358c1c22356c9741bf]
PUP.Optional.Conduit, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{96AFAB24-8B9B-4C5A-8810-60AD51E433F3}|FaviconURL, http://search.conduit.com/favicon.ico, Quarantined, [e69a39240e7d95a1a40498bf857ef010]
PUP.Optional.StartNow, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E163AE6E-254C-5FF4-BE33-4CBD31D63F5C}|URL, http://dm.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z055&partner_id=195&product_id=611&affiliate_id=&channel=dm5&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110712&user_guid=EF7DFFF7F81344BABA1A0F27EEF06930&machine_id=a412d9ac82e6023837ad6a46619e4c81&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}, Quarantined, [651be07dddae67cfa767bfc621e2bf41]
PUP.Optional.Spigot, HKU\S-1-5-21-4067253090-2323229401-246434551-1000\SOFTWARE\SEARCH SETTINGS|GCProtected, 1, Quarantined, [d3adcb92fb906bcbea8a503451b21de3]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE, 1, Quarantined, [fe82be9f33587abc82b1b5b658aa7789]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\{4D6A6C8E-1EB2-46E1-8CAA-40DAFDE3ED93}.XPI, 1, Quarantined, [fe82be9f33587abc82b1b5b658aa7789]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\{62DD0A97-FDD4-421B-94A5-D1A9434450C7}.XPI, 1, Quarantined, [fe82be9f33587abc82b1b5b658aa7789]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SEARCHME TOOLBAR\FF\CHROME.MANIFEST, 1, Quarantined, [5a26302d9feccc6aa3aa521926dcb848]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SEARCHME TOOLBAR\FF\INSTALL.RDF, 1, Quarantined, [5a26302d9feccc6aa3aa521926dcb848]
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SEARCHME TOOLBAR\FF\CHROME\CHROME.JAR, 1, Quarantined, [5a26302d9feccc6aa3aa521926dcb848]

Registry Data: 0
(No malicious items detected)

Folders: 28
PUP.Optional.OpenCandy, C:\Users\jackt\AppData\Roaming\OpenCandy, Quarantined, [4739b4a993f86dc93ed3af9047bb5fa1],
PUP.Optional.OpenCandy, C:\Users\jackt\AppData\Roaming\OpenCandy\D1B57C4C146649E1828EC5668E99ED77, Quarantined, [4739b4a993f86dc93ed3af9047bb5fa1],
PUP.Optional.OpenCandy, C:\Users\jackt\AppData\Roaming\OpenCandy\OpenCandy_5C095F80C22A478BBA94BCF9B2A69BC4, Quarantined, [4739b4a993f86dc93ed3af9047bb5fa1],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\GC, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\FF, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\FF\chrome, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\FF\components, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\IE, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\IE\10.5, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\Lang, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Users\jackt\AppData\LocalLow\Search Settings, Quarantined, [0f713924503b57df4b0612595da5b24e],
PUP.Optional.Spigot, C:\Users\jackt\AppData\LocalLow\Search Settings\res, Quarantined, [0f713924503b57df4b0612595da5b24e],
PUP.Optional.Spigot, C:\Users\jackt\AppData\LocalLow\Search Settings\temp, Quarantined, [0f713924503b57df4b0612595da5b24e],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\protect, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.Blekko, C:\Program Files (x86)\blekkotb_soc, Quarantined, [85fbc895107b1422e7eaaec556acbb45],
PUP.Optional.Blekko, C:\Program Files (x86)\blekkotb_soc\chrome, Quarantined, [85fbc895107b1422e7eaaec556acbb45],
PUP.Optional.Blekko, C:\Program Files (x86)\blekkotb_soc\chrome\content, Quarantined, [85fbc895107b1422e7eaaec556acbb45],

Files: 114
PUP.Optional.Spigot, C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe, Quarantined, [d9a7e97469222b0be0edd75388794ab6],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\IE\10.5\searchmeToolbarIE.dll, Quarantined, [afd106577b102115c0dd3eea27db2dd3],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll, Quarantined, [9ae69fbe1b707eb8ebba35f3d32f7d83],
PUP.Optional.OpenCandy, C:\Users\jackt\AppData\Roaming\OpenCandy\OpenCandy_5C095F80C22A478BBA94BCF9B2A69BC4\LatestDLMgr.exe, Quarantined, [463aa3babbd081b5ddb455fdc44031cf],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\WidgiHelper.exe, Quarantined, [0878b6a77b10d363c40a65c5728fed13],
PUP.Optional.Zugo, C:\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe, Quarantined, [8df366f70388df571ac792dbab56ab55],
PUP.Optional.SweetPacks, C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe, Quarantined, [3f413429fb90b87eec02ac7eee13f40c],
PUP.Optional.OpenCandy, C:\Users\jackt\AppData\Roaming\OpenCandy\D1B57C4C146649E1828EC5668E99ED77\AVG Safeguard.exe, Quarantined, [4739b4a993f86dc93ed3af9047bb5fa1],
PUP.Optional.OpenCandy, C:\Users\jackt\AppData\Roaming\OpenCandy\D1B57C4C146649E1828EC5668E99ED77\AVG_Toolbar_CB_ALL_p3v5.exe, Quarantined, [4739b4a993f86dc93ed3af9047bb5fa1],
PUP.Optional.OpenCandy, C:\Users\jackt\AppData\Roaming\OpenCandy\OpenCandy_5C095F80C22A478BBA94BCF9B2A69BC4\2164.ico, Quarantined, [4739b4a993f86dc93ed3af9047bb5fa1],
PUP.Optional.OpenCandy, C:\Users\jackt\AppData\Roaming\OpenCandy\OpenCandy_5C095F80C22A478BBA94BCF9B2A69BC4\driverscanner (34).exe, Quarantined, [4739b4a993f86dc93ed3af9047bb5fa1],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\config.ini, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth195.dll, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx195.dll, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ff.xml, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ie.xml, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}.xpi, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}.xpi, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini, Quarantined, [fe82be9f33587abc82b1b5b658aa7789],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\FF\chrome.manifest, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\FF\install.rdf, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\FF\chrome\chrome.jar, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\FF\components\config.ini, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\FF\components\searchmeToolbarFF.dll, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\IE\10.5\config.ini, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\search-chevron-hover.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\amazon.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\ebay.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\facebook.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\googleplus.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\icon_settings.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\radio-close.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\radio-minimize.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\radiobeta.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\search-button-hover.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\search-button.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\search-chevron.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\search-me-toolbar-logo.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\search_amazon.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\search_baidu.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\search_ebay.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\search_yahoo.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\search_yandex.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\twitter.gif, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\widgets.xml, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\Lang\Res1031.ini, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\Lang\Res1033.ini, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\Lang\Res1034.ini, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\Lang\Res1036.ini, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.Spigot, C:\Program Files (x86)\SearchMe Toolbar\Res\Lang\Res1040.ini, Quarantined, [5a26302d9feccc6aa3aa521926dcb848],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\uninstall.dat, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\installer.xml, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\toolbar.xml, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_images.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_maps.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_news.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_videos.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\engine_web.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_games.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_msn.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_travel.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\protect\index.html, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\protect\window.css, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\protect\window.js, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\index.html, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\window.css, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\reactivate\window.js, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\separator.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\splitter.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.StartNow, C:\Program Files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png, Quarantined, [463acf8e13782c0a4a29bab1be440000],
PUP.Optional.Blekko, C:\Program Files (x86)\blekkotb_soc\chrome\content\sourceid.xml, Quarantined, [85fbc895107b1422e7eaaec556acbb45],

Physical Sectors: 0
(No malicious items detected)


(end)



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:52 AM

Posted 31 October 2015 - 11:52 AM

Did you restart the computer after running Malwarebytes?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 rebar

rebar
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 31 October 2015 - 12:09 PM

Thanks so much for your help on this.

 

Yes, I did restart after running Malware.

 

Kaspersky's TDSSKiller found no threats. Do you still want me to post the log - it's a 1.2MB text file.

 

Rebar



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:52 AM

Posted 31 October 2015 - 12:29 PM

If no threats were found this message should have been visible at the end of the scan.  If this is where you saw this, no... we won't need the log.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 rebar

rebar
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 31 October 2015 - 12:50 PM

Great, now doing the ESET scanner.



#8 rebar

rebar
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 31 October 2015 - 06:16 PM

Here's the ESET log:

 

C:\Users\jackt\Documents\Downloads\Butterscotch_Integration.exe    Win32/Toolbar.Conduit.Y potentially unwanted application    
C:\Users\jackt\Downloads\cbsidlm-cbsi183-Barcode_Generator-SEO-75622348.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    
C:\Documents and Settings\jackt\Documents\Downloads\Butterscotch_Integration.exe    Win32/Toolbar.Conduit.Y potentially unwanted application    deleted - quarantined
C:\Documents and Settings\jackt\Downloads\cbsidlm-cbsi183-Barcode_Generator-SEO-75622348.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting - quarantined
C:\downloads\Adobe\Illustrator\CAD Tools\setup.exe    a variant of Win32/AirAdInstaller.A potentially unwanted application    cleaned by deleting - quarantined
C:\downloads\Adobe\Illustrator\CAD Tools\setup2.exe    a variant of Win32/AirAdInstaller.A potentially unwanted application    cleaned by deleting - quarantined
C:\downloads\Avery\Avery Wizard 5.0_20140331.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined
C:\downloads\CD Burner\cdbxp_setup_4.3.9.2762.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\downloads\Codecs\windows.7.codec.pack.v4.0.8.setup.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\downloads\Codecs\windows.7.codec.pack.v4.0.9.setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
C:\downloads\Codecs\windows.7.codec.pack.v4.1.0.setup.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\downloads\Codecs\windows.7.codec.pack.v4.1.1.setup.exe    a variant of Win32/Toolbar.Widgi.N potentially unwanted application    deleted - quarantined
C:\downloads\Comsol\iLividSetupV1.exe    Win32/Toolbar.SearchSuite potentially unwanted application    deleted - quarantined
C:\downloads\EDB Viewer\cnet2_kernelexchangeedbviewer_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application    cleaned by deleting - quarantined
C:\downloads\MPE - Outlook Sync\MyPhoneExplorer_Setup_1.8.2.exe    Win32/InstallMonetizer.AN potentially unwanted application    deleted - quarantined
C:\downloads\Outlook Rx Apps\Outlook Fix\cbsidlm-cbsi183-OutlookFIX-SEO-10464078.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting - quarantined
C:\downloads\PCX Viewer\cnet_pcxViewerSetup_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application    cleaned by deleting - quarantined
C:\downloads\Recuva\rcsetup142.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
C:\downloads\tucows\oi_Install-Hd-4-5-0-2.exe    a variant of Win32/OpenInstall potentially unwanted application    cleaned by deleting - quarantined
C:\downloads\Xvid\XvidSetup.exe    Win32/Toolbar.Zugo.A potentially unwanted application    deleted - quarantined
H:\Olde Computers\Jun 2011\Windows.old\Documents and Settings\jacktinnea\Application Data\Uniblue\SpyEraser\SpyEraser_Setup_3_8_2008.exe    a variant of Win32/UbSpyEraser potentially unwanted application    deleted - quarantined
H:\Olde Computers\Jun 2011\Windows.old\Documents and Settings\jacktinnea\Application Data\Uniblue\SpyEraser\Quarantine\Adware.MediaTickets.o_22_03_2008_08_41_18.asq19169    Win32/PrcView potentially unsafe application    cleaned by deleting - quarantined
I:\000 cee drive files\Documents and Settings\jacktinnea\Application Data\Uniblue\SpyEraser\SpyEraser_Setup_3_8_2008.exe    a variant of Win32/UbSpyEraser potentially unwanted application    deleted - quarantined
I:\000 cee drive files\Documents and Settings\jacktinnea\Application Data\Uniblue\SpyEraser\Quarantine\Adware.MediaTickets.o_22_03_2008_08_41_18.asq19169    Win32/PrcView potentially unsafe application    cleaned by deleting - quarantined
I:\Documents and Settings\jacktinnea\Application Data\Uniblue\SpyEraser\SpyEraser_Setup_3_8_2008.exe    a variant of Win32/UbSpyEraser potentially unwanted application    deleted - quarantined
I:\Documents and Settings\jacktinnea\Application Data\Uniblue\SpyEraser\Quarantine\Adware.MediaTickets.o_22_03_2008_08_41_18.asq19169    Win32/PrcView potentially unsafe application    cleaned by deleting - quarantined
I:\Personal\Art\Lu Jian Jun\other\cybcity-neoclassical.htm    probably a variant of HTML/Exploit.AppAX virus    deleted - quarantined
I:\Personal\Art\Lu Jian Jun\other\www.cybcity.com_tanova_chinaart2.htm    probably a variant of HTML/Exploit.AppAX virus    deleted - quarantined
I:\Personal\Art\Lu Jian Jun\other\cybcity-neoclassical_files\getbanner.htm    probably a variant of HTML/Exploit.AppAX virus    deleted - quarantined
 



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:52 AM

Posted 01 November 2015 - 09:24 AM

Emsisoft Emergency Kit
 
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note:  This option is only available if malicious objects were detected during the scan.  If this is the case select Delete selected.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
  •  
    =================
     

    Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #10 dannyboy950

    dannyboy950

    • Members
    • 1,338 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:port arthur tx
    • Local time:09:52 AM

    Posted 01 November 2015 - 12:08 PM

    Every time I see of something like this it reminds me of the old joke virus/worm from back in the 50 to 60 era. It came from an infected 1.44mb floppy. At the time it was not considered a serieous threat. I really do not remember anyone writeing anything to remove it. At that time there were some really bad stuff causeing havock so they really were not focusing on it. It had no ability to propogate.

    If it has been revived and expanded upon nothing may have a definition for it in their data base.
    Which would make it unremoveable. Matter of fact at the time there was no consensus on whether it infected the program it self or the libraries associated with it.

    HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

    Linux Mint 17.3 Rosa Cinamon


    #11 rebar

    rebar
    • Topic Starter

    • Members
    • 12 posts
    • OFFLINE
    •  
    • Local time:10:52 AM

    Posted 01 November 2015 - 01:21 PM

    Arachibutyrophobia,

     

    Any idea how long this might take? The ESET took about 5.5 hours. I've work to do today, but if I have to move to my surface, then that is what I'll have to do.

     

    Thanks,

     

    rebar



    #12 rebar

    rebar
    • Topic Starter

    • Members
    • 12 posts
    • OFFLINE
    •  
    • Local time:10:52 AM

    Posted 01 November 2015 - 01:24 PM

    DannyBoy,

     

    Were/what is the bad actor?

     

    Thanks,

     

    rebar



    #13 dc3

    dc3

      Bleeping Treehugger


    • Members
    • 30,472 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Sierra Foothills of Northern Ca.
    • Local time:08:52 AM

    Posted 01 November 2015 - 01:47 PM

    Arachibutyrophobia,

     

    Any idea how long this might take? The ESET took about 5.5 hours. I've work to do today, but if I have to move to my surface, then that is what I'll have to do.

     

    Thanks,

     

    rebar

    This should be the last scan.  Everything found except for the Exploit.AppAX virus have either been potentially unwanted or potentially dangerous items.  All of these have been quarantined so far.  A lot of this type of crud is loaded to your computer when you download third party software which has embedded software which the author has permitted in order to gain extra revenue.  When you go to install the software use the Custom method to install the program, this will allow you to read each part of the installation and will give you the opportunity to recognize whether this is actually part of the software you want or the embedded software you do not want to install.

     

    The last scan should confirm that the computer is now clean. 


    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #14 dannyboy950

    dannyboy950

    • Members
    • 1,338 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:port arthur tx
    • Local time:09:52 AM

    Posted 01 November 2015 - 02:45 PM

    The message I was trying to convey was if none of what you are doing does not find anything and the problem still persists may be because of what I referred to. Nothing may have that listed in it's data bases. It was thought that it could not infect another system on it's own and a infected floppy would only distribute it.

    Generally when a exploit is no longer found in the wild in sufficient numbers most vendors remove it from their lists so nothing now being used can find or remove it.

    The actual exploit I referred to no cure was ever actually found or even developed IIRC since it was more of a nuisance than a actual threat. How you may have to deal with it is proof read everything before you actually post or print or save the document.

    Not the best solution but the only one I have found.
    I have had 5 systems in the past with these same symptoms.

    Edited by dannyboy950, 01 November 2015 - 02:48 PM.

    HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

    Linux Mint 17.3 Rosa Cinamon





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users