Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow Boot Time and Browser Pop up issues [Solved]

Started by nfmaharaj , Oct 18 2014 06:08 PM

Systems Slow response browser

This topic is locked

#61
Naathim

Posted 27 October 2014 - 01:49 AM

GeekU Minion

Expert
4,568 posts

Hi

No need to be concerned by any of those cases you have brought in your previous post. I'd like to do some general scans and after that I will post my recommendations.
No need to worry about any donations, my help is and always will be free. I help people because I enjoy it

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run Malwarebytes' Anti-Malware.

First of all, select update.
Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the newest Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:

Make sure that Enable detecion of potentially unwanted applications is checked.
In the Advanced Settings dropdown menu:
- Make sure that Remove found threats is unchecked.
- Scan archives is checked.
- Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
- Use custom proxy settings is unchecked.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Follow onscreen instructions inside the black box. This scan won't take long.
Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

#62
nfmaharaj

Posted 27 October 2014 - 04:44 PM

Member

Topic Starter
Member
44 posts

Naat, in doing this for free, I know that you have to enjoy helping others. I just did not want this situation to go by without expressing my sincere gratitude. When ESET Online Scanner ran it identified 27 treats, but the log file says every thing is OK. I will take it that the ESET Online Scanner fixed the treats. However, I have also copied the reports, you requested below, to assist you with your recommendations.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/27/2014
Scan Time: 12:23:13 PM
Logfile: Malwarebytes Anti-Malware_Scan_Log_10_27_14.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.27.03
Rootkit Database: v2014.10.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nigel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 522420
Time Elapsed: 52 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox 18.0.2 Firefox out of Date!
Google Chrome 38.0.2125.104
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#63
Naathim

Posted 27 October 2014 - 04:52 PM

GeekU Minion

Expert
4,568 posts

Actually your kind words of gratitude is the best thing you can give me

Is this all that ESET produced? I'd like to see the list, before pulling a trigger...

#64
nfmaharaj

Posted 28 October 2014 - 09:17 AM

Member

Topic Starter
Member
44 posts

I am happy about that because I am grateful. Yes, this was everything that was on the log file located in C:\Program Files (86)\ESET\ESET Online Scanner. Maybe I did something incorrectly, so I am going to try and re-run it.

#65
nfmaharaj

Posted 28 October 2014 - 02:07 PM

Member

Topic Starter
Member
44 posts

Naat, I re-ran the ESET Online Scanner and below is a copy of the log file, which I believe is what you were looking for. Should I also re-run the Malwarebytes Anti_Malware and Security Check programs?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6cf34bc5486d564b9ea489d6ce67dcaf
# engine=20816
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-28 07:45:22
# local_time=2014-10-28 03:45:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3181302 37397916 0 0
# scanned=281665
# found=72
# cleaned=0
# scan_time=15527
sh=6868496C6E591A1AEC167726BF79EF96F87750F1 ft=1 fh=c5527820e9f07eb6 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll.vir"
sh=963190D100B0AAC267EA60629D8AFE644205EF3B ft=1 fh=5b15c3bb46580041 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=CD9D04EB0875B73636B00DECB7D654CAA91FB21B ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjfblpnfdjhbdpfipoidkhadofkbflk\1.0\NyKGd.js.vir"
sh=53BBCC96FA9B549204EB18BA60C8256CA6404A5F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkjbmmfapigdpcamjfmdemjncepcekgm\1.6\ErTshRBEvFa.js.vir"
sh=28F29CC7A90CE493E2847E4918C91FF46FE15D22 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfljadejmjmhpjnlecoipjgkmdmeokmh\1.6\VW05hwvWM8S.js.vir"
sh=47CD039DA909335897A454D5D8DAFD614181BB68 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\phofmbmpdibgabjhpdjocpdfinpmpnhe\1.6\p9voSCC1Bm.js.vir"
sh=0B8E34867BB267EE4330663B517B0DA5CFD9D993 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir"
sh=13D2F829970187864AB02F870AD4C84BEDB00168 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir"
sh=1A044D95742EEF92CDB192BB8A372C6DAA0FE991 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir"
sh=C508A79EE6A83A93875037BD5C3737A99842C676 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir"
sh=E17F4D74FCF5667A7FA1541A05AD6E18C6D9EE27 ft=1 fh=ca7ba9af57f17908 vn="Win32/Somoto.G potentially unwanted application" ac=I fn="C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000"
sh=17E5CADA2AF119ECBF987DB128D414DBFC2CD713 ft=1 fh=f36ccde02912972b vn="Win32/AdWare.1ClickDownload.AW application" ac=I fn="C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000"
sh=17E5CADA2AF119ECBF987DB128D414DBFC2CD713 ft=1 fh=f36ccde02912972b vn="Win32/AdWare.1ClickDownload.AW application" ac=I fn="C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000"
sh=123AFBDB95EEA763635176E67D274258F3F7F611 ft=1 fh=1f02d5a91ee45204 vn="Win32/AdWare.1ClickDownload.AW application" ac=I fn="C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000"
sh=0640D6DD873771517F410C5896E3F2477B016309 ft=1 fh=749a87a2690cffff vn="Win32/AdWare.1ClickDownload.AW application" ac=I fn="C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001"
sh=EA0BBB6B8F86A5C1C404DC9BED7E3519A5E387DE ft=1 fh=c90bc8b1f0ae9e66 vn="a variant of Win32/4Shared.X potentially unwanted application" ac=I fn="C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000"
sh=19335EB25C9BF6F626864580E9EBA195806E74AD ft=1 fh=9173ad20f7d89a62 vn="NSIS/TrojanDownloader.Adload.Y trojan" ac=I fn="C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\Nigel\AppData\Roaming\BOAJA"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\Nigel\AppData\Roaming\DXDCU"
sh=2A88FC6509FDC3B22587F6E97AC12F70E4F75DC8 ft=1 fh=86e0df17c19558fd vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Nigel\Documents\APNSetup.exe"
sh=BF0A0CFB0068DC5C2DC683318B0B3A2DBEA446CB ft=1 fh=16c30e2ebda36965 vn="a variant of Win32/OutBrowse.AJ potentially unwanted application" ac=I fn="C:\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasi0n7_1.0.8.exe"
sh=DDCE86E9C221291C302DACA4629E12CD44CB0107 ft=0 fh=0000000000000000 vn="a variant of Win32/OutBrowse.AJ potentially unwanted application" ac=I fn="C:\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasion7_1.0.8.zip"
sh=5CA87DC6B6015D5CE62B4C8C246ECA0F0211ED4D ft=1 fh=de4154e050c19eee vn="a variant of Win32/InstallCore.QW potentially unwanted application" ac=I fn="C:\Users\Nigel\Downloads\iPhone Related\iPhone Software\tinyumbrella.exe"
sh=F947AA34205F4C7C9202197D2FFE9D21E5938708 ft=1 fh=e3f519acea9fec13 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=9CE317C3749C254138FB6F1995A7580894F5F8D6 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\2098ad.msi"
sh=9E29E207E65635E3ABF21A8D8272A3DEA8520BC3 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Windows\Installer\39907f.msi"
sh=28DA0A94AA16EFDCA1DEAA367FDCABBC74CFD1AA ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Windows\Installer\41d4264.msi"
sh=5E2483E90156237A5412A0561F0CF528DE73D8F3 ft=1 fh=8db433fbbf5523cb vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll"
sh=8FB67113D692FD8EBE0F313AF5BB8EE49CC0A2B6 ft=1 fh=7251d3d44ebeaf95 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll"
sh=8FB67113D692FD8EBE0F313AF5BB8EE49CC0A2B6 ft=1 fh=7251d3d44ebeaf95 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll"
sh=5E2483E90156237A5412A0561F0CF528DE73D8F3 ft=1 fh=8db433fbbf5523cb vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll"
sh=8FB67113D692FD8EBE0F313AF5BB8EE49CC0A2B6 ft=1 fh=7251d3d44ebeaf95 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll"
sh=8FB67113D692FD8EBE0F313AF5BB8EE49CC0A2B6 ft=1 fh=7251d3d44ebeaf95 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll"
sh=C5866A745ADCEF49A6B8EC6C7489E5A6AF6F5310 ft=1 fh=0622e11f934fd63f vn="a variant of Win64/Riskware.NetFilter.E application" ac=I fn="C:\zoek_backup\C_windows_SysNative_drivers_ssnfd.sys.vir"
sh=A17181FCD3295901FF06BD82E833E3DEE1DC8775 ft=1 fh=4607010b50fb560b vn="Win32/InstalleRex.L potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~3_InstallMate\{2EFC949D-5C33-4DAA-AF41-1411F51FB66B}\Custom.dll"
sh=A17181FCD3295901FF06BD82E833E3DEE1DC8775 ft=1 fh=4607010b50fb560b vn="Win32/InstalleRex.L potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~3_InstallMate\{88533CB7-4788-40D0-A23B-0FAA53B01E41}\Custom.dll"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_16.dll"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_17.dll"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_18.dll"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_19.dll"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_21.dll"
sh=7A6388B0898161ED68EB44C90916776FDC97840C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 1.zip"
sh=D5490BAB29EB3EF20B29E5D2A939DA5BC8A40E8D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 32.zip"
sh=CB8EA8575FD3538CA07281EB62B8470ABB9F7682 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 36.zip"
sh=246226CC2F25F7BC441173834155356ECDC57583 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 38.zip"
sh=A90FE6B24D2EA54712FE35ACB14C9AED29AC996C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 41.zip"
sh=93B7EBDFD745DF7F88732A26CD7C84747FFC4A09 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.PP potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 46.zip"
sh=30113D7C91090E389BBB73EAB00BA183255C42FC ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 49.zip"
sh=680FBA4858C77C30F7B14C878E82FE65C82EE177 ft=0 fh=0000000000000000 vn="a variant of Win32/AdWare.MultiPlug.CN application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-28 190004\Backup files 7.zip"
sh=C96085A06B1116D3E5C46FDB69FCF667CEA9CF7A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-10-12 190010\Backup files 1.zip"
sh=1DF305D9881D8F28756AC1283F154FA906662C44 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-10-12 190010\Backup files 3.zip"
sh=65917C97E99844EFF7ADA0E2854D174F2F2012BF ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 1.zip"
sh=F38AF68B525DD3FA148C25C23E0D1B79BF750683 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 3.zip"
sh=FC589D7F7833B9938664D46544BE82F6072D7CC7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 34.zip"
sh=6F23536F954F72BCF0CD0A45B3AB151BF478CB0D ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 38.zip"
sh=FBF1BC204C5B9F583F1B7867B78ABBE4BA18EA13 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 40.zip"
sh=3C6F9172C876C533A12CEBF18A9D9801C291EDDB ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 41.zip"
sh=0D589EEFEAAFBE0BFA4EE09E7F2667A0A72498B4 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 42.zip"
sh=AB8FB76102BF30DE9AE35D7672B38BF524E50465 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 47.zip"
sh=B125249566B9F265A62C9BD4ED93CF269D0962F8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 58.zip"
sh=6BB772A3C2D165A3F3A5F13FA26FBCEEB29E3215 ft=0 fh=0000000000000000 vn="a variant of Win32/Amonetize.BS potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 1.zip"
sh=769B463FCF6AA57F012813545B0AE31914BCC8F9 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.ND potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 3.zip"
sh=18E827CD0E8AAFCD211275081E2DF47B21746589 ft=0 fh=0000000000000000 vn="a variant of Win32/AdWare.MultiPlug.CN application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 4.zip"
sh=F8ECE7D57B648C774D67D4640D0F53890D6DE2D0 ft=0 fh=0000000000000000 vn="a variant of Win32/OutBrowse.AJ potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-19 190057\Backup files 5.zip"
sh=2185277A4277BD69FEB49951B62171FD55628316 ft=0 fh=0000000000000000 vn="a variant of Win32/OutBrowse.AJ potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-19 190057\Backup files 62.zip"

*********Below is a list copy of found threats**************

C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjfblpnfdjhbdpfipoidkhadofkbflk\1.0\NyKGd.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkjbmmfapigdpcamjfmdemjncepcekgm\1.6\ErTshRBEvFa.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfljadejmjmhpjnlecoipjgkmdmeokmh\1.6\VW05hwvWM8S.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\phofmbmpdibgabjhpdjocpdfinpmpnhe\1.6\p9voSCC1Bm.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Win32/Somoto.G potentially unwanted application
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000 Win32/AdWare.1ClickDownload.AW application
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000 Win32/AdWare.1ClickDownload.AW application
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000 Win32/AdWare.1ClickDownload.AW application
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001 Win32/AdWare.1ClickDownload.AW application
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000 a variant of Win32/4Shared.X potentially unwanted application
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000 NSIS/TrojanDownloader.Adload.Y trojan
C:\Users\Nigel\AppData\Roaming\BOAJA JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Nigel\AppData\Roaming\DXDCU JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Nigel\Documents\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasi0n7_1.0.8.exe a variant of Win32/OutBrowse.AJ potentially unwanted application
C:\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasion7_1.0.8.zip a variant of Win32/OutBrowse.AJ potentially unwanted application
C:\Users\Nigel\Downloads\iPhone Related\iPhone Software\tinyumbrella.exe a variant of Win32/InstallCore.QW potentially unwanted application
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application
C:\Windows\Installer\2098ad.msi a variant of Win32/Systweak.L potentially unwanted application
C:\Windows\Installer\39907f.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows\Installer\41d4264.msi a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\zoek_backup\C_windows_SysNative_drivers_ssnfd.sys.vir a variant of Win64/Riskware.NetFilter.E application
C:\zoek_backup\C_PROGRA~3_InstallMate\{2EFC949D-5C33-4DAA-AF41-1411F51FB66B}\Custom.dll Win32/InstalleRex.L potentially unwanted application
C:\zoek_backup\C_PROGRA~3_InstallMate\{88533CB7-4788-40D0-A23B-0FAA53B01E41}\Custom.dll Win32/InstalleRex.L potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_16.dll Win32/Toolbar.Linkury.D potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_17.dll Win32/Toolbar.Linkury.D potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_18.dll Win32/Toolbar.Linkury.D potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_19.dll Win32/Toolbar.Linkury.D potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_20.dll Win32/Toolbar.Linkury.D potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_21.dll Win32/Toolbar.Linkury.D potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 32.zip Win32/Toolbar.Linkury.D potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 36.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 38.zip a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 41.zip Win32/Adware.MultiPlug.H application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 46.zip a variant of Win32/InstallCore.PP potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 49.zip Win32/Toolbar.SearchSuite potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-28 190004\Backup files 7.zip a variant of Win32/AdWare.MultiPlug.CN application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-10-12 190010\Backup files 1.zip multiple threats
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-10-12 190010\Backup files 3.zip multiple threats
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 3.zip JS/Toolbar.Crossrider.C potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 34.zip Win32/Toolbar.Linkury.D potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 38.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 40.zip multiple threats
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 41.zip a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 42.zip multiple threats
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 47.zip multiple threats
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 58.zip Win32/Toolbar.SearchSuite potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 1.zip a variant of Win32/Amonetize.BS potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 3.zip a variant of Win32/InstallCore.ND potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 4.zip a variant of Win32/AdWare.MultiPlug.CN application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-19 190057\Backup files 5.zip a variant of Win32/OutBrowse.AJ potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-19 190057\Backup files 62.zip a variant of Win32/OutBrowse.AJ potentially unwanted application

#66
nfmaharaj

Posted 28 October 2014 - 03:51 PM

Member

Topic Starter
Member
44 posts

Naat, just in case you may also need the Malwarebytes and Security Check reports, I went ahead and re-ran them.

Malwarebytes report:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/28/2014
Scan Time: 4:11:13 PM
Logfile: Malwarebytes Anti-Malware_Scan_Log_10_28_14.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.28.06
Rootkit Database: v2014.10.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nigel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 523495
Time Elapsed: 49 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Security Check report:

Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox 18.0.2 Firefox out of Date!
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#67
Naathim

Posted 29 October 2014 - 02:03 AM

GeekU Minion

Expert
4,568 posts

Hi

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

Copy the entire content of the codebox below and paste into the Notepad document:

start
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000
C:\Users\Nigel\AppData\Roaming\BOAJA
C:\Users\Nigel\AppData\Roaming\DXDCU
C:\Users\Nigel\Documents\APNSetup.exe
C:\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasi0n7_1.0.8.exe
C:\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasion7_1.0.8.zip
C:\Users\Nigel\Downloads\iPhone Related\iPhone Software\tinyumbrella.exe
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
C:\Windows\Installer\2098ad.msi
C:\Windows\Installer\39907f.msi
C:\Windows\Installer\41d4264.msi
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll
EmptyTemp:
end

Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your software needs updating.

Updating Java manually

Click the Start button
Click Control Panel
Double click Java - Looks like a coffee cup. You may have to switch to Classical View to see it.
Click the Update tab
Click Update Now
Allow any updates to be downloaded and installed.
If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.
From Control panel also please remove any older versions of Java - do not leave them installed!.

Updating Mozilla Firefox manually

Please open Firefox.
Click the icon.
Click Help and select About Firefox.
Firefox will search for any updates and start downloading them automatically.
When the updates will be ready you will be prompted to restart Firefox. Please do it.

Remember to keep those always updated.

#68
nfmaharaj

Posted 29 October 2014 - 07:09 AM

Member

Topic Starter
Member
44 posts

Naat, I did update both java and firefox, but while Farbar was in the fixing process I received the following error message:

Farbar Recovery Scan Tool has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

However Farbar did generate a fixlog file

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014
Ran by Nigel at 2014-10-29 09:04:49 Run:5
Running from C:\Users\Nigel\Desktop
Loaded Profile: Nigel (Available profiles: Nigel & Guest & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000
C:\Users\Nigel\AppData\Roaming\BOAJA
C:\Users\Nigel\AppData\Roaming\DXDCU
C:\Users\Nigel\Documents\APNSetup.exe
C:\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasi0n7_1.0.8.exe
C:\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasion7_1.0.8.zip
C:\Users\Nigel\Downloads\iPhone Related\iPhone Software\tinyumbrella.exe
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
C:\Windows\Installer\2098ad.msi
C:\Windows\Installer\39907f.msi
C:\Windows\Installer\41d4264.msi
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll
EmptyTemp:
end
*****************

"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe" => File/Directory not found.
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll" => File/Directory not found.
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe" => File/Directory not found.
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe" => File/Directory not found.
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe" => File/Directory not found.
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe" => File/Directory not found.
"C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000" => File/Directory not found.
"C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000" => File/Directory not found.
"C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000" => File/Directory not found.
"C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000" => File/Directory not found.
"C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001" => File/Directory not found.
"C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000" => File/Directory not found.
"C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000" => File/Directory not found.
"C:\Users\Nigel\AppData\Roaming\BOAJA" => File/Directory not found.
"C:\Users\Nigel\AppData\Roaming\DXDCU" => File/Directory not found.
"C:\Users\Nigel\Documents\APNSetup.exe" => File/Directory not found.
"C:\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasi0n7_1.0.8.exe" => File/Directory not found.
"C:\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasion7_1.0.8.zip" => File/Directory not found.
"C:\Users\Nigel\Downloads\iPhone Related\iPhone Software\tinyumbrella.exe" => File/Directory not found.
"C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" => File/Directory not found.
"C:\Windows\Installer\2098ad.msi" => File/Directory not found.
"C:\Windows\Installer\39907f.msi" => File/Directory not found.
"C:\Windows\Installer\41d4264.msi" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll" => File/Directory not found.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll" => File/Directory not found.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll" => File/Directory not found.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll" => File/Directory not found.

#69
Naathim

Posted 29 October 2014 - 07:15 AM

GeekU Minion

Expert
4,568 posts

Did you remove those earlier with ESET?

#70
nfmaharaj

Posted 29 October 2014 - 01:34 PM

Member

Topic Starter
Member
44 posts

Naat, I don't believe that I removed any programs using ESET..... I had to re-run it. The programs that I manually removed were Torch, Drive Booster, Cloud System Booster and I think with one of the scripts you wrote Quick Share, IOBit Apps Toolbar and IOBits Malware fighter were removed because they no longer show up in the list of programs under list of programs via the control panel. I am also going off the assumption that it is the above programs mentioned you are referring to. Were there any additional programs you would suggest removing?

#71
Naathim

Posted 29 October 2014 - 01:38 PM

GeekU Minion

Expert
4,568 posts

No, I am just a little confused with the FRST results... Could you please re-run ESET?

#72
nfmaharaj

Posted 29 October 2014 - 08:56 PM

Member

Topic Starter
Member
44 posts

Naat, below is a copy of the ESET logfile and I also made a copy of the treats that the program found:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6cf34bc5486d564b9ea489d6ce67dcaf
# engine=20840
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-30 12:11:55
# local_time=2014-10-29 08:11:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3283695 37500309 0 0
# scanned=282105
# found=66
# cleaned=0
# scan_time=15368
sh=6868496C6E591A1AEC167726BF79EF96F87750F1 ft=1 fh=c5527820e9f07eb6 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll.vir"
sh=963190D100B0AAC267EA60629D8AFE644205EF3B ft=1 fh=5b15c3bb46580041 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe.xBAD"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll.xBAD"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe.xBAD"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe.xBAD"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe.xBAD"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe.xBAD"
sh=E17F4D74FCF5667A7FA1541A05AD6E18C6D9EE27 ft=1 fh=ca7ba9af57f17908 vn="Win32/Somoto.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000.xBAD"
sh=17E5CADA2AF119ECBF987DB128D414DBFC2CD713 ft=1 fh=f36ccde02912972b vn="Win32/AdWare.1ClickDownload.AW application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000.xBAD"
sh=17E5CADA2AF119ECBF987DB128D414DBFC2CD713 ft=1 fh=f36ccde02912972b vn="Win32/AdWare.1ClickDownload.AW application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000.xBAD"
sh=123AFBDB95EEA763635176E67D274258F3F7F611 ft=1 fh=1f02d5a91ee45204 vn="Win32/AdWare.1ClickDownload.AW application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000.xBAD"
sh=0640D6DD873771517F410C5896E3F2477B016309 ft=1 fh=749a87a2690cffff vn="Win32/AdWare.1ClickDownload.AW application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001.xBAD"
sh=EA0BBB6B8F86A5C1C404DC9BED7E3519A5E387DE ft=1 fh=c90bc8b1f0ae9e66 vn="a variant of Win32/4Shared.X potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000.xBAD"
sh=19335EB25C9BF6F626864580E9EBA195806E74AD ft=1 fh=9173ad20f7d89a62 vn="NSIS/TrojanDownloader.Adload.Y trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000.xBAD"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\AppData\Roaming\BOAJA.xBAD"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\AppData\Roaming\DXDCU.xBAD"
sh=2A88FC6509FDC3B22587F6E97AC12F70E4F75DC8 ft=1 fh=86e0df17c19558fd vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\Documents\APNSetup.exe.xBAD"
sh=BF0A0CFB0068DC5C2DC683318B0B3A2DBEA446CB ft=1 fh=16c30e2ebda36965 vn="a variant of Win32/OutBrowse.AJ potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasi0n7_1.0.8.exe.xBAD"
sh=DDCE86E9C221291C302DACA4629E12CD44CB0107 ft=0 fh=0000000000000000 vn="a variant of Win32/OutBrowse.AJ potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasion7_1.0.8.zip.xBAD"
sh=5CA87DC6B6015D5CE62B4C8C246ECA0F0211ED4D ft=1 fh=de4154e050c19eee vn="a variant of Win32/InstallCore.QW potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Nigel\Downloads\iPhone Related\iPhone Software\tinyumbrella.exe.xBAD"
sh=F947AA34205F4C7C9202197D2FFE9D21E5938708 ft=1 fh=e3f519acea9fec13 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll.xBAD"
sh=5E2483E90156237A5412A0561F0CF528DE73D8F3 ft=1 fh=8db433fbbf5523cb vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll.xBAD"
sh=8FB67113D692FD8EBE0F313AF5BB8EE49CC0A2B6 ft=1 fh=7251d3d44ebeaf95 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll.xBAD"
sh=8FB67113D692FD8EBE0F313AF5BB8EE49CC0A2B6 ft=1 fh=7251d3d44ebeaf95 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll.xBAD"
sh=CD9D04EB0875B73636B00DECB7D654CAA91FB21B ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjfblpnfdjhbdpfipoidkhadofkbflk\1.0\NyKGd.js.vir"
sh=53BBCC96FA9B549204EB18BA60C8256CA6404A5F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkjbmmfapigdpcamjfmdemjncepcekgm\1.6\ErTshRBEvFa.js.vir"
sh=28F29CC7A90CE493E2847E4918C91FF46FE15D22 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfljadejmjmhpjnlecoipjgkmdmeokmh\1.6\VW05hwvWM8S.js.vir"
sh=47CD039DA909335897A454D5D8DAFD614181BB68 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\phofmbmpdibgabjhpdjocpdfinpmpnhe\1.6\p9voSCC1Bm.js.vir"
sh=0B8E34867BB267EE4330663B517B0DA5CFD9D993 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir"
sh=13D2F829970187864AB02F870AD4C84BEDB00168 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir"
sh=1A044D95742EEF92CDB192BB8A372C6DAA0FE991 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir"
sh=C508A79EE6A83A93875037BD5C3737A99842C676 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir"
sh=C5866A745ADCEF49A6B8EC6C7489E5A6AF6F5310 ft=1 fh=0622e11f934fd63f vn="a variant of Win64/Riskware.NetFilter.E application" ac=I fn="C:\zoek_backup\C_windows_SysNative_drivers_ssnfd.sys.vir"
sh=A17181FCD3295901FF06BD82E833E3DEE1DC8775 ft=1 fh=4607010b50fb560b vn="Win32/InstalleRex.L potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~3_InstallMate\{2EFC949D-5C33-4DAA-AF41-1411F51FB66B}\Custom.dll"
sh=A17181FCD3295901FF06BD82E833E3DEE1DC8775 ft=1 fh=4607010b50fb560b vn="Win32/InstalleRex.L potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~3_InstallMate\{88533CB7-4788-40D0-A23B-0FAA53B01E41}\Custom.dll"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_16.dll"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_17.dll"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_18.dll"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_19.dll"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_21.dll"
sh=7A6388B0898161ED68EB44C90916776FDC97840C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 1.zip"
sh=D5490BAB29EB3EF20B29E5D2A939DA5BC8A40E8D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 32.zip"
sh=CB8EA8575FD3538CA07281EB62B8470ABB9F7682 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 36.zip"
sh=246226CC2F25F7BC441173834155356ECDC57583 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 38.zip"
sh=A90FE6B24D2EA54712FE35ACB14C9AED29AC996C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 41.zip"
sh=93B7EBDFD745DF7F88732A26CD7C84747FFC4A09 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.PP potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 46.zip"
sh=30113D7C91090E389BBB73EAB00BA183255C42FC ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 49.zip"
sh=680FBA4858C77C30F7B14C878E82FE65C82EE177 ft=0 fh=0000000000000000 vn="a variant of Win32/AdWare.MultiPlug.CN application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-28 190004\Backup files 7.zip"
sh=C96085A06B1116D3E5C46FDB69FCF667CEA9CF7A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-10-12 190010\Backup files 1.zip"
sh=1DF305D9881D8F28756AC1283F154FA906662C44 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-10-12 190010\Backup files 3.zip"
sh=65917C97E99844EFF7ADA0E2854D174F2F2012BF ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 1.zip"
sh=F38AF68B525DD3FA148C25C23E0D1B79BF750683 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 3.zip"
sh=FC589D7F7833B9938664D46544BE82F6072D7CC7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 34.zip"
sh=6F23536F954F72BCF0CD0A45B3AB151BF478CB0D ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 38.zip"
sh=FBF1BC204C5B9F583F1B7867B78ABBE4BA18EA13 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 40.zip"
sh=3C6F9172C876C533A12CEBF18A9D9801C291EDDB ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 41.zip"
sh=0D589EEFEAAFBE0BFA4EE09E7F2667A0A72498B4 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 42.zip"
sh=AB8FB76102BF30DE9AE35D7672B38BF524E50465 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 47.zip"
sh=B125249566B9F265A62C9BD4ED93CF269D0962F8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 58.zip"
sh=6BB772A3C2D165A3F3A5F13FA26FBCEEB29E3215 ft=0 fh=0000000000000000 vn="a variant of Win32/Amonetize.BS potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 1.zip"
sh=769B463FCF6AA57F012813545B0AE31914BCC8F9 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.ND potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 3.zip"
sh=18E827CD0E8AAFCD211275081E2DF47B21746589 ft=0 fh=0000000000000000 vn="a variant of Win32/AdWare.MultiPlug.CN application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 4.zip"
sh=F8ECE7D57B648C774D67D4640D0F53890D6DE2D0 ft=0 fh=0000000000000000 vn="a variant of Win32/OutBrowse.AJ potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-19 190057\Backup files 5.zip"
sh=2185277A4277BD69FEB49951B62171FD55628316 ft=0 fh=0000000000000000 vn="a variant of Win32/OutBrowse.AJ potentially unwanted application" ac=I fn="K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-19 190057\Backup files 62.zip"

Treats Found

C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll.xBAD a variant of Win32/Systweak.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe.xBAD a variant of Win32/Systweak potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe.xBAD a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000.xBAD Win32/Somoto.G potentially unwanted application
C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000.xBAD Win32/AdWare.1ClickDownload.AW application
C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000.xBAD Win32/AdWare.1ClickDownload.AW application
C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000.xBAD Win32/AdWare.1ClickDownload.AW application
C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001.xBAD Win32/AdWare.1ClickDownload.AW application
C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000.xBAD a variant of Win32/4Shared.X potentially unwanted application
C:\FRST\Quarantine\C\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000.xBAD NSIS/TrojanDownloader.Adload.Y trojan
C:\FRST\Quarantine\C\Users\Nigel\AppData\Roaming\BOAJA.xBAD JS/Toolbar.Crossrider.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Nigel\AppData\Roaming\DXDCU.xBAD JS/Toolbar.Crossrider.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Nigel\Documents\APNSetup.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\FRST\Quarantine\C\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasi0n7_1.0.8.exe.xBAD a variant of Win32/OutBrowse.AJ potentially unwanted application
C:\FRST\Quarantine\C\Users\Nigel\Downloads\iPhone Related\Evasi0n\Evasion7_1.0.8.zip.xBAD a variant of Win32/OutBrowse.AJ potentially unwanted application
C:\FRST\Quarantine\C\Users\Nigel\Downloads\iPhone Related\iPhone Software\tinyumbrella.exe.xBAD a variant of Win32/InstallCore.QW potentially unwanted application
C:\FRST\Quarantine\C\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll.xBAD a variant of Win32/Toolbar.Linkury.G potentially unwanted application
C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll.xBAD a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll.xBAD a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.16.70.501_0\plugins\ConduitChromeApiPlugin.dll.xBAD a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjfblpnfdjhbdpfipoidkhadofkbflk\1.0\NyKGd.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkjbmmfapigdpcamjfmdemjncepcekgm\1.6\ErTshRBEvFa.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfljadejmjmhpjnlecoipjgkmdmeokmh\1.6\VW05hwvWM8S.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\phofmbmpdibgabjhpdjocpdfinpmpnhe\1.6\p9voSCC1Bm.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\xxxk6g1a.default\Extensions\staged\[email protected]\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\zoek_backup\C_windows_SysNative_drivers_ssnfd.sys.vir a variant of Win64/Riskware.NetFilter.E application
C:\zoek_backup\C_PROGRA~3_InstallMate\{2EFC949D-5C33-4DAA-AF41-1411F51FB66B}\Custom.dll Win32/InstalleRex.L potentially unwanted application
C:\zoek_backup\C_PROGRA~3_InstallMate\{88533CB7-4788-40D0-A23B-0FAA53B01E41}\Custom.dll Win32/InstalleRex.L potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_16.dll Win32/Toolbar.Linkury.D potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_17.dll Win32/Toolbar.Linkury.D potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_18.dll Win32/Toolbar.Linkury.D potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_19.dll Win32/Toolbar.Linkury.D potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_20.dll Win32/Toolbar.Linkury.D potentially unwanted application
C:\zoek_backup\C_Users_Nigel_AppData_Roaming_Mozilla_Firefox_Profiles_xxxk6g1a.default_extensions_{78f95c9b-16b5-4f71-a733-87632abd4c0c}\components\SmartbarFireFoxRemotePlugin_21.dll Win32/Toolbar.Linkury.D potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 32.zip Win32/Toolbar.Linkury.D potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 36.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 38.zip a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 41.zip Win32/Adware.MultiPlug.H application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 46.zip a variant of Win32/InstallCore.PP potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-21 190002\Backup files 49.zip Win32/Toolbar.SearchSuite potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-09-28 190004\Backup files 7.zip a variant of Win32/AdWare.MultiPlug.CN application
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-10-12 190010\Backup files 1.zip multiple threats
K:\NIGEL-PC\Backup Set 2014-09-21 190002\Backup Files 2014-10-12 190010\Backup files 3.zip multiple threats
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 3.zip JS/Toolbar.Crossrider.C potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 34.zip Win32/Toolbar.Linkury.D potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 38.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 40.zip multiple threats
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 41.zip a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 42.zip multiple threats
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 47.zip multiple threats
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-14 153521\Backup files 58.zip Win32/Toolbar.SearchSuite potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 1.zip a variant of Win32/Amonetize.BS potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 3.zip a variant of Win32/InstallCore.ND potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-16 151314\Backup files 4.zip a variant of Win32/AdWare.MultiPlug.CN application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-19 190057\Backup files 5.zip a variant of Win32/OutBrowse.AJ potentially unwanted application
K:\NIGEL-PC\Backup Set 2014-10-14 153521\Backup Files 2014-10-19 190057\Backup files 62.zip a variant of Win32/OutBrowse.AJ potentially unwanted application

#73
Naathim

Posted 30 October 2014 - 12:42 AM

GeekU Minion

Expert
4,568 posts

OK, now it looks better as they are all quarantined

Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
Push Run.
When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.

#74
nfmaharaj

Posted 30 October 2014 - 12:52 PM

Member

Topic Starter
Member
44 posts

# DelFix v10.8 - Logfile created 30/10/2014 at 14:45:17
# Updated 29/07/2014 by Xplode
# Username : Nigel - NIGEL-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\Nigel\Desktop\FRST-OlderVersion
Deleted : C:\ComboFix.txt
Deleted : C:\log.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Nigel\Desktop\AdwCleaner.exe
Deleted : C:\Users\Nigel\Desktop\esetsmartinstaller_enu (1).exe
Deleted : C:\Users\Nigel\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Nigel\Desktop\Fixlog.txt
Deleted : C:\Users\Nigel\Desktop\FRST64.exe
Deleted : C:\Users\Nigel\Desktop\JRT.exe
Deleted : C:\Users\Nigel\Desktop\SecurityCheck.exe
Deleted : C:\Users\Nigel\Desktop\zoek.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
~ Cleaning system restore ...
Deleted : RP #1624 [Microsoft Antimalware Checkpoint | 10/10/2014 04:01:33]
Deleted : RP #1625 [Windows Update | 10/12/2014 00:32:26]
Deleted : RP #1626 [Windows Backup | 10/12/2014 23:01:33]
Deleted : RP #1627 [Restore Operation | 10/14/2014 18:00:01]
Deleted : RP #1628 [Windows Backup | 10/14/2014 19:36:04]
Deleted : RP #1629 [Windows Update | 10/14/2014 21:20:04]
Deleted : RP #1630 [Windows Backup | 10/16/2014 19:17:02]
Deleted : RP #1632 [Reimage Express Restore Point | 10/16/2014 23:08:12]
Deleted : RP #1634 [Reimage Express Restore Point | 10/17/2014 12:55:06]
Deleted : RP #1636 [Uninstalled with Total Uninstall "" | 10/17/2014 13:09:23]
Deleted : RP #1637 [Revo Uninstaller's restore point - Google+ Auto Backup | 10/17/2014 15:53:12]
Deleted : RP #1638 [Installed STOPzilla | 10/17/2014 16:51:36]
Deleted : RP #1639 [STOPzilla Restore Point. | 10/17/2014 17:00:05]
Deleted : RP #1640 [Removed STOPzilla | 10/17/2014 18:00:24]
Deleted : RP #1641 [Windows Update | 10/18/2014 17:58:42]
Deleted : RP #1643 [Microsoft Antimalware Checkpoint | 10/19/2014 16:17:02]
Deleted : RP #1644 [Removed Adobe Acrobat XI Pro. | 10/19/2014 19:50:27]
Deleted : RP #1645 [Windows Backup | 10/19/2014 23:03:13]
Deleted : RP #1646 [Removed Java 8 Update 25 | 10/20/2014 16:07:42]
Deleted : RP #1647 [Removed Java 8 Update 25 | 10/20/2014 16:24:27]
Deleted : RP #1648 [Installed Java 7 Update 71 (64-bit) | 10/20/2014 16:44:36]
Deleted : RP #1649 [Installed Java 7 Update 72 (64-bit) | 10/20/2014 17:19:23]
Deleted : RP #1650 [zoek.exe restore point | 10/21/2014 09:48:22]
Deleted : RP #1651 [zoek.exe restore point | 10/24/2014 14:20:42]
Deleted : RP #1652 [Windows Backup | 10/26/2014 23:00:42]
Deleted : RP #1653 [Removed Java 7 Update 67 | 10/27/2014 16:43:52]
Deleted : RP #1654 [Removed Java 7 Update 72 (64-bit) | 10/27/2014 16:47:10]
Deleted : RP #1655 [Removed Java 8 Update 25 | 10/29/2014 01:38:10]
Deleted : RP #1656 [Removed Java 8 Update 25 | 10/29/2014 01:44:15]
Deleted : RP #1657 [Removed Java 8 Update 25 | 10/29/2014 02:04:51]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########

#75
Naathim

Posted 30 October 2014 - 12:57 PM

GeekU Minion

Expert
4,568 posts

OK. I think that it's all from me

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:

MUST READ - security tips: Keep your computer safe online.

MUST READ - general maintenance: Slow computer/browser? Check here.

Recommended additional software:

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.
All donations are to refund a new HDD to replace the old one, which recently passed away!

Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.

Stay safe,
Naat

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Systems, Slow response, browser

Software → Applications → What's App Web Not Connecting Started by guyshahar , 03 Apr 2022 whatsapp, browser, qr code	2 replies 1,945 views	guyshahar 04 Apr 2022
Answered Software → Web Browsers and Email → Delay in "Save As" prompt in Chrome Started by Solice93 , 23 Jan 2022 Chrome, browser, google chrome and 1 more...	12 replies 2,046 views	Solice93 26 Jan 2022
Answered Software → Web Browsers and Email → Remove BING Started by cat112 , 10 Aug 2019 Bing, browser, uninstall and 2 more...	8 replies 3,897 views	phillpower2 10 Aug 2019
Software → Web Browsers and Email → Google Chrome ads Started by Moloove , 09 Jan 2019 browser, google, ads	1 reply 3,424 views	EdwardRees 15 Jan 2019
Security → Virus, Spyware, Malware Removal → Izogreb virus Started by Sam2345234 , 06 Apr 2018 virus, malware, redirect, browser	2 replies 3,555 views	Sam2345234 11 Apr 2018