Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Invasion


  • This topic is locked This topic is locked

#31
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Hello,
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-09-23]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\Best Buy pc app
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi [not found]
Task: {104CEB10-3E29-4685-9280-FFB59132F0E6} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {5ABF7B85-4D0C-4A52-BD34-96AD4AD7301A} - \CIMT_S-1-5-21-3206371679-4115178929-761777742-1000 -> No File <==== ATTENTION
Task: {707DF837-F854-4D6E-A6BD-C10027F85872} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {BD85C3C8-AC0C-486B-9B36-B437CA41BBE7} - \WebBarLaunchTask -> No File <==== ATTENTION
Task: {CE285F28-DC0D-45B2-A41F-C5D768861CC4} - \DrspeedyPc Secure -> No File <==== ATTENTION
Task: {F0BF0259-B9B1-43EF-AC92-D47976342F14} - \Inst_Rep -> No File <==== ATTENTION
Task: {F6610C81-8F26-4295-89F2-B2B37BCEAECE} - \CIMT_daily_S-1-5-21-3206371679-4115178929-761777742-1000 -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 Right click "Run as administrator" and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the Fixlog.txt
  • 0

Advertisements


#32
TriciaDP72

TriciaDP72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi! Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Owner (2015-08-16 17:52:32) Run:4
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-09-23]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\Best Buy pc app
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi [not found]
Task: {104CEB10-3E29-4685-9280-FFB59132F0E6} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {5ABF7B85-4D0C-4A52-BD34-96AD4AD7301A} - \CIMT_S-1-5-21-3206371679-4115178929-761777742-1000 -> No File <==== ATTENTION
Task: {707DF837-F854-4D6E-A6BD-C10027F85872} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {BD85C3C8-AC0C-486B-9B36-B437CA41BBE7} - \WebBarLaunchTask -> No File <==== ATTENTION
Task: {CE285F28-DC0D-45B2-A41F-C5D768861CC4} - \DrspeedyPc Secure -> No File <==== ATTENTION
Task: {F0BF0259-B9B1-43EF-AC92-D47976342F14} - \Inst_Rep -> No File <==== ATTENTION
Task: {F6610C81-8F26-4295-89F2-B2B37BCEAECE} - \CIMT_daily_S-1-5-21-3206371679-4115178929-761777742-1000 -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"C:\ProgramData\Best Buy pc app" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{104CEB10-3E29-4685-9280-FFB59132F0E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{104CEB10-3E29-4685-9280-FFB59132F0E6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5ABF7B85-4D0C-4A52-BD34-96AD4AD7301A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ABF7B85-4D0C-4A52-BD34-96AD4AD7301A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-3206371679-4115178929-761777742-1000 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{707DF837-F854-4D6E-A6BD-C10027F85872}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{707DF837-F854-4D6E-A6BD-C10027F85872}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD85C3C8-AC0C-486B-9B36-B437CA41BBE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD85C3C8-AC0C-486B-9B36-B437CA41BBE7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarLaunchTask => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE285F28-DC0D-45B2-A41F-C5D768861CC4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE285F28-DC0D-45B2-A41F-C5D768861CC4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DrspeedyPc Secure => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0BF0259-B9B1-43EF-AC92-D47976342F14}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0BF0259-B9B1-43EF-AC92-D47976342F14}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6610C81-8F26-4295-89F2-B2B37BCEAECE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6610C81-8F26-4295-89F2-B2B37BCEAECE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-3206371679-4115178929-761777742-1000 => key not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 19.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 17:53:00 ====


  • 0

#33
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
The logs are looking much better,

We need to do this scan ESET and it takes a long time, don't wait for it. You could start it then just leave it run probably an hour or more. You can post the results Tomorrow..

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

  • 0

#34
TriciaDP72

TriciaDP72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi - Here is the log:

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0fe2b85dfd3b1641a21ba9b4831222ef
# end=init
# utc_time=2015-08-17 01:23:24
# local_time=2015-08-16 06:23:24 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25304
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0fe2b85dfd3b1641a21ba9b4831222ef
# end=updated
# utc_time=2015-08-17 01:27:33
# local_time=2015-08-16 06:27:33 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0fe2b85dfd3b1641a21ba9b4831222ef
# engine=25304
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-17 03:00:48
# local_time=2015-08-16 08:00:48 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 191323898 0 0
# compatibility_mode_1='Webroot SecureAnywhere'
# compatibility_mode=16129 16777213 85 66 85872467 85872472 0 0
# scanned=268739
# found=102
# cleaned=0
# scan_time=5595
sh=02E1E58BE25BC656589C5DC5AF311B9F2E5EA6E2 ft=1 fh=a94b1d23b6435b2a vn="Win32/Toolbar.Iminent.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe.vir"
sh=488DC3EFA016C519629B546918CCA39724AF33DD ft=1 fh=cb5589ba1b6e68bb vn="a variant of Win32/Toolbar.Iminent.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Umbrella\Umbrella264.exe.vir"
sh=EC7562F68C29C39061A377072446697AE14BC243 ft=1 fh=1234be0fff50349e vn="a variant of Win32/Compete.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\CIuninstall.exe.vir"
sh=D5910D8812BDAA6181186B860281A6525EEA8B98 ft=1 fh=fa66b3218c1fc19d vn="a variant of Win32/Compete.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Firefox\uninstall.exe.vir"
sh=9E590DF36E66CD224A3D2CB0C74F4093553DE505 ft=1 fh=b52f361fc41cb598 vn="a variant of Win32/Compete.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.exe.vir"
sh=F83AEF48C526100437E190E2DEC72A58E5AE6AC7 ft=1 fh=229028718ef52102 vn="a variant of Win32/Compete.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe.vir"
sh=E36BA9087C4E2D594731D7B3092C17DB6CB0F436 ft=1 fh=c5a4182ea8131491 vn="a variant of Win32/Compete.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Monitoring\uninstall.exe.vir"
sh=88945BBAE02DBCA2C72F7B792D53A89D05A43C72 ft=1 fh=e4f550e5b3c82f34 vn="a variant of Win32/Compete.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.309\goopdate.dll.vir"
sh=4BA2FED5639BC723BB2F997BD6AE59C09CE37A3F ft=1 fh=15915644aea74023 vn="a variant of Win32/Compete.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.309\psmachine.dll.vir"
sh=9417FCD6C89FAFDB655E304CFD0001A38B8A234D ft=1 fh=445d17be9bc63711 vn="a variant of Win32/Compete.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.309\psuser.dll.vir"
sh=9BACDDE5FB44F8DD68F8F39DF7B179559806EEE6 ft=1 fh=5f625db76880fb6f vn="a variant of Win32/Compete.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0\ciie-3.2.0-12405.exe.vir"
sh=12A44CAB6634ACC46A72B9CF678760FDEE4BDAE3 ft=1 fh=f9cd4de7de9cee42 vn="a variant of Win32/Compete.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0\cimt-3.2.1-1105.exe.vir"
sh=E2764EEC5DF61DF9A19C93C828C030EE10ADD6B7 ft=1 fh=ec71684df33623e5 vn="a variant of Win32/Compete.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Download\{C7B061F6-380E-4545-86E3-400E3156FD28}\0.0.0.0\ciff-3.2.0-12191.exe.vir"
sh=4DEB4AC6C3A2620CA05BFE2618374E9E2B52F12E ft=1 fh=023d253a61d0fbf9 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Time\updateCouponTime.exe.vir"
sh=8444197E7403243129F971672902BB07C5FB91DF ft=1 fh=6fc699c135267ad0 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Time\bin\plugins\CouponTime.BrowserAdapter.dll.vir"
sh=EE640FA2642A976B434DA86B521A416D9C803FD4 ft=1 fh=42b5bd46b09f3873 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Time\bin\plugins\CouponTime.CompatibilityChecker.dll.vir"
sh=BCE9252F2F9B90B876A7D38BC4C1F1D2D4C19ED4 ft=1 fh=459ddb9733cb1ee5 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Time\bin\plugins\CouponTime.ExpExt.dll.vir"
sh=E06549889F5B8544D3A43EBA2991296023641650 ft=1 fh=f056a18e247dc17a vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Time\bin\plugins\CouponTime.FFUpdate.dll.vir"
sh=5966C1EA5B86B1040D6E733E0DC08B6F299A8D2A ft=1 fh=ea79bc9535a6c5c0 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Time\bin\plugins\CouponTime.GCUpdate.dll.vir"
sh=B6EDFC46D92689D6A41CEC672FAD9C8E35DD094E ft=1 fh=3ea171c28e532642 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Time\bin\plugins\CouponTime.PurBrowseG.dll.vir"
sh=C3617AD4683AF5B991E8F5C2FE53ABECE21544AF ft=1 fh=ff0590880251bdff vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=9B317EB87019D0600599C7ABB579F6904DCC0F5B ft=1 fh=943d551a16f0648c vn="a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir"
sh=B303AAD3450688D72FEDDD12F4A673D24609CBB6 ft=1 fh=75c98acd3cb84daf vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=2C931A79737E13CB57DD7CE0C3B5B79DAB0FE61F ft=1 fh=fac71ac1aa0220bd vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir"
sh=8F4561F59D9F9285F305DA7D3187530B7FFD2CF7 ft=1 fh=3b5092a7532b16e0 vn="a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=EBB1CB36EA40A9D5FDC36E911DD08FABF8689ECE ft=1 fh=8c196507ecf75b55 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir"
sh=E9431D6F9CC2EBDDF9E5E71AA76C4D3F462E3F44 ft=1 fh=13dc455354ca1a69 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir"
sh=8DD918189DF97FE6C7F14E286F17CE0B420D5490 ft=1 fh=028e82786e79a939 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir"
sh=B585CF2B6DFE1296905D4EE045C64BD4E4287714 ft=1 fh=c5697dffab5a8a38 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir"
sh=1E98E0A4797D05338AACA431810D24C2A78B2E69 ft=1 fh=c621d2cf0600cb0b vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir"
sh=F8EEA87F2D80A2B9F50D003B50EC177D6BA18340 ft=1 fh=202479d58531f6ed vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir"
sh=566BEC2FFE9304A7F732096F2F57FA3464F560A3 ft=1 fh=06f903c4073f63c4 vn="a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=A5E5273539671E7B1568F69B6559C06EA0E91C36 ft=1 fh=1f57c9c58de8bb27 vn="Win32/RiskWare.Komodia.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sushileads\friend1.exe.vir"
sh=01AC4E06024F2BF7429D59348C78D836C5959650 ft=1 fh=1c0f11079b89df43 vn="Win32/InstallBrain.AW potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IBUpdaterService\ibsvc.exe.vir"
sh=68F39FDC5C97B7D3B93A4B793E3E9DAF1ED75344 ft=1 fh=c71c0011ed98cc6f vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Babylon\Setup\BExternal.dll.vir"
sh=D128CBAF3DEF02BD11A92A43C36D540E47BF06E0 ft=1 fh=6abf192eb2d8af09 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"
sh=C88D76106C34D093167BD69B433CFF15F24CFE68 ft=1 fh=c9f8a6e51b4e4ea2 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=085F77EB21E35804B09F1D53064AD09EDFD30F3B ft=1 fh=30d6e2c5eecf8f6b vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\YeUBBA7OfsskP753cAqWAW.exe.vir"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\YeUBBA7OfsskP753cAqWAW.vir"
sh=C2CDF8F5CF8F8E7082898326B1937499DEFA5C63 ft=1 fh=4dce2de995a2d99e vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\YeUBBA7OfsskP753cAqWAW4.exe.vir"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\YeUBBA7OfsskP753cAqWAW4.vir"
sh=0070B48B1231869D1B83A8C4809B16418E6F3D94 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lghuf863.default\Extensions\[email protected]"
sh=F8EEA87F2D80A2B9F50D003B50EC177D6BA18340 ft=1 fh=202479d58531f6ed vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\apppatch\apppatch64\vcldr64.dll.vir"
sh=B585CF2B6DFE1296905D4EE045C64BD4E4287714 ft=1 fh=c5697dffab5a8a38 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\apppatch\nbin\VC32Loader.dll.vir"
sh=537C5F0E4C623DD724B118409D63C838D84CEB2E ft=1 fh=485dec5edf82e04a vn="a variant of Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\shopperz04082015\Heyep64.dll"
sh=E0B7C29B8C839CF0BBA610121268F03E10973B3C ft=1 fh=e40b76ad507ce1da vn="a variant of Win32/Adware.ConvertAd.VM application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\07599E80-1439095677-81E1-3676-5404A63C37F3\hnsfB1D2.tmp"
sh=951001960F82B7971171719ACA6BB90A37F3BA9A ft=1 fh=2ed34e1a7cbb4127 vn="a variant of Win32/Adware.ConvertAd.VG application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\07599E80-1439095677-81E1-3676-5404A63C37F3\knskCCCB.tmp"
sh=E30B611B8575EF7D029D9684ECECC27FDC0782B6 ft=1 fh=35a0475d5d4fa10e vn="a variant of Win32/Adware.ConvertAd.VG application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\07599E80-1439095677-81E1-3676-5404A63C37F3\vnspC5FE.tmp"
sh=D15E098EE156102DB8B1B89BBE65E877A80E9653 ft=1 fh=f6b27c06e780db4d vn="a variant of Win32/Adware.ConvertAd.WH application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\07599E80-1439095677-81E1-3676-5404A63C37F3\07599E80-1439095677-81E1-3676-5404A63C37F3\rnspE54A.exe"
sh=2591055C89AF7DA80BD5F3708538EB9E5B3506F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Cinema PlusV09.08\277beaec-11fa-4a03-b6c8-18842003bd0a.crx"
sh=C90CE8E462509D2F1B1B072230637F4D7AE2585C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Cinema PlusV09.08\418780ce-3d28-4b57-8fc4-c70230d4f25e.xpi"
sh=C7F7D8AB1640F99EF8F5BC7C3F788CD4C07F23DC ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\bnfeofmnkjekpbpcjiooniapclfggngk.crx"
sh=36E7CC5193B217178F05B8960CC867B9D3934CD6 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\mnmnecfbfgonlhpgdjekopinjpgkpjna.crx"
sh=29B0CE7CD04322148AB79D91446B7051A8DEC1D5 ft=1 fh=625fd01f2cb261bd vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\updateCouponTime.exe"
sh=90D025EF78B99FF01212C3137C1FE327E0D57202 ft=1 fh=250271563fbfa200 vn="a variant of Win32/BrowseFox.M potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\6ec0.dll"
sh=9338F6B396D58E6736F69F762A96749891C8659A ft=1 fh=773d9bb59c113a1e vn="a variant of Win64/BrowseFox.CK potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\6ec064.dll"
sh=F652B39FAF44D8D4B1071832324B5CEC2EA1E80D ft=1 fh=23739fb3f67db65a vn="a variant of Win32/BrowseFox.CB potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\6ec0990879.dll"
sh=8A4E66E34441AE745E5F8FAC5B476B4E11168821 ft=1 fh=d101c3362b18c39d vn="a variant of Win64/BrowseFox.CI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\6ec099087964.dll"
sh=FD8D91D8E78D9B6D5EB236EB4A079638441C76C8 ft=1 fh=df96da1a8c850ed9 vn="a variant of Win32/BrowseFox.M potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\949b.dll"
sh=07130F40346ED5791F0C218EC8DA5F36D35D4F9A ft=1 fh=3f38f29192bf475c vn="a variant of Win64/BrowseFox.CK potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\949b64.dll"
sh=714C8851D5B0AB4EFF33813D4EA2213665A43102 ft=1 fh=deea2f75fe50b967 vn="a variant of Win32/BrowseFox.CB potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\949ba8b6a9.dll"
sh=E0FF3CAE662EAE05F1DB62E415CBACA5063FD6B6 ft=1 fh=a16230ecb326b8f0 vn="a variant of Win64/BrowseFox.CI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\949ba8b6a964.dll"
sh=42CDB119412E0F5FCD5D53C9CA1CC923B841ADE1 ft=1 fh=d788ac12763f7cd2 vn="a variant of Win32/BrowseFox.AX potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\CouponTime.BrowserAdapter.exe"
sh=9838B011FF64CC82982FE415B926BE6AA491C7AE ft=1 fh=a401815cde9f95e0 vn="a variant of Win64/BrowseFox.CP potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\CouponTime.BrowserAdapter64.exe"
sh=43522DBEB88139F3B92D2B291B133A2C611AF99E ft=1 fh=76ce685b68dc87b6 vn="a variant of Win64/BrowseFox.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\CouponTime.PurBrowse64.exe"
sh=CD1F4A614BEA015A4F50A1105A8B0BC516F3A2EC ft=1 fh=203499e14f450c47 vn="a variant of Win32/BrowseFox.M potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\f3e4.dll"
sh=36B39897BD0F58AC2A83D68364BD9100B9C9CC8B ft=1 fh=998d5467318304bd vn="a variant of Win32/BrowseFox.CB potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\f3e41bda24.dll"
sh=801515E5A7A70EEECB0732EEBE4CE6F4951A7411 ft=1 fh=c7b1912acb21b674 vn="a variant of Win64/BrowseFox.CI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\f3e41bda2464.dll"
sh=EB67D9FC547E8D0B69517330A778C90506A9EC24 ft=1 fh=cc30a05b3c481ed5 vn="a variant of Win64/BrowseFox.CK potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\f3e464.dll"
sh=29B0CE7CD04322148AB79D91446B7051A8DEC1D5 ft=1 fh=625fd01f2cb261bd vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\utilCouponTime.exe"
sh=F8B9F2B23B340FEF68938DB4EC33E9F1D148CD1C ft=1 fh=927e2966c120af1b vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\plugins\CouponTime.BrowserAdapter.dll"
sh=BDB2520C1F77B336930B16E314B097B6E898E3CD ft=1 fh=98dbe79be057e43a vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\plugins\CouponTime.CompatibilityChecker.dll"
sh=B264524C6D9CC3079B13F0F4DC78DD83D5BDAD8B ft=1 fh=3372fb33c4c33feb vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\plugins\CouponTime.ExpExt.dll"
sh=0D8BD8483D612B9CB94AA59512CB1FB8F93E14C9 ft=1 fh=6068854a2c2ea64b vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\plugins\CouponTime.FFUpdate.dll"
sh=0CBAF4014FC34B2CCC26C9200232DC8BEC152DC8 ft=1 fh=52bfa3fd6bfd0a17 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\plugins\CouponTime.GCUpdate.dll"
sh=8A8975E0ABA89FE612E3AC7BFB6EEF25D4DCB2C2 ft=1 fh=4a9f3dbf1dc53ab0 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupon Time\Coupon Time\bin\plugins\CouponTime.PurBrowseG.dll"
sh=A96820CD585E00B9F6C344BC1E7BFCE2C5A08A31 ft=1 fh=7bed3e477a04d6b3 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Coupoon\nfapi.dll"
sh=032A654248CD9AD0BB0EEEC875555C5CD3BB0AD1 ft=1 fh=0c89a3ec67ea9b05 vn="a variant of Win32/Solimba.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe"
sh=01AC4E06024F2BF7429D59348C78D836C5959650 ft=1 fh=1c0f11079b89df43 vn="Win32/InstallBrain.AW potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\IBUpdaterService\ibsvc.exe"
sh=4D478027F61BAE3EADBD1625D160906DE97D71FA ft=1 fh=1e7e214ff1b6bd00 vn="a variant of Win32/Wombat.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Service1291\Service1291.dll"
sh=A2B8F473CAB370244BDDB9558A001A69E78714A5 ft=1 fh=4373c16fa857e97f vn="a variant of Win32/Wombat.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Service1291\Service1291.exe"
sh=DDC50DE656E99F0F69AB00E24253FF71232974A8 ft=1 fh=3d360b3e47b35b72 vn="a variant of Win32/Adware.SpeedingUpMyPC.AP application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\{4d917b50-ca18-1849-4d91-17b50ca1ed43}\{4d917b50-ca18-1849-4d91-17b50ca1ed43}\hqghumeaylnlf.exe"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\AppData\Local\nsz777.tmp.xBAD"
sh=B4450C96172B08E942FA291973FBF835B07A30C5 ft=1 fh=14d0cf0229e4805e vn="Win32/Adware.ConvertAd.TT application" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\AppData\Local\07599E80-1439070532-81E1-3676-5404A63C37F3\onsaA0E4.tmp"
sh=491164FE123DB6DA6E777864326D6213AD986A78 ft=1 fh=3cc6bbefcd819d9d vn="Win32/Adware.ConvertAd.UC application" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\AppData\Local\07599E80-1439070532-81E1-3676-5404A63C37F3\snsaA0E2.tmp"
sh=68F39FDC5C97B7D3B93A4B793E3E9DAF1ED75344 ft=1 fh=c71c0011ed98cc6f vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Babylon\Setup\BExternal.dll"
sh=D128CBAF3DEF02BD11A92A43C36D540E47BF06E0 ft=1 fh=6abf192eb2d8af09 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Babylon\Setup\IECookieLow.dll"
sh=C88D76106C34D093167BD69B433CFF15F24CFE68 ft=1 fh=c9f8a6e51b4e4ea2 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Babylon\Setup\Setup.exe"
sh=32BE00C9B8BD83BF621E433EC87DE21B08F82098 ft=1 fh=a4fbdca8e8e73dc7 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\AppData\Local\SmartWeb\__u.exe"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\dum3wyST49Ex.xBAD"
sh=085F77EB21E35804B09F1D53064AD09EDFD30F3B ft=1 fh=30d6e2c5eecf8f6b vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\YeUBBA7OfsskP753cAqWAW.exe.xBAD"
sh=C2CDF8F5CF8F8E7082898326B1937499DEFA5C63 ft=1 fh=4dce2de995a2d99e vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\YeUBBA7OfsskP753cAqWAW4.exe.xBAD"
sh=7CEA281BF2C7FF5F24BDEB2DF829843F5E1B856D ft=1 fh=f5c7d29a32431718 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\Owner\Downloads\Unconfirmed 671830.crdownload.xBAD"
sh=AF0FF3FC3774099F67C12B57C6D2A5971256BC4F ft=0 fh=0000000000000000 vn="Win32/Qhost trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\system32\aby\aby\thh\dhjed.dat"
sh=AF0FF3FC3774099F67C12B57C6D2A5971256BC4F ft=0 fh=0000000000000000 vn="Win32/Qhost trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\system32\aby\thh\dhjed.dat"
sh=05CBE56C02ADB1A04F0F8C448C71AB1C422A3226 ft=1 fh=63b795cfa886ba28 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Windows\system32\Drivers\{6ec09908-795a-4141-bffa-5fa914d42b7e}Gw64.sys.xBAD"
sh=F39FC0FBCB813DFFBF2538EC06CC08292FA0DEF7 ft=1 fh=ee9ce9eb1ee86e78 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Windows\system32\Drivers\{949ba8b6-a9ea-4b6b-a97d-688a70f2ea0b}Gw64.sys.xBAD"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\Owner\AppData\Roaming\DK8is89dyPzmla2uemyT3"
sh=F74DEFC00820BA00880E018936AD16226C301A4E ft=1 fh=af16ef21883d2d4c vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\m4a-to-mp3-converter.exe"
sh=840089368A021815E9584C7E4B4E407060D63C95 ft=1 fh=233661436117d005 vn="a variant of MSIL/Agent.QPG trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\BluetoothSupport\kbdindev.exe"
sh=840089368A021815E9584C7E4B4E407060D63C95 ft=1 fh=233661436117d005 vn="a variant of MSIL/Agent.QPG trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\IntelRPROSetWireless\napipsec.exe"
sh=840089368A021815E9584C7E4B4E407060D63C95 ft=1 fh=233661436117d005 vn="a variant of MSIL/Agent.QPG trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\NQIBPTF\netlogon32.exe"
 


  • 0

#35
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
How is the computer right now, what browser issues remain and in what browsers do they occur in ?
  • 0

#36
TriciaDP72

TriciaDP72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi - Sorry for the late response, i had to go out of town for a few days on business. Things seem normal, nothing popping open and all browsers seem to work as they should.

 

Tricia


  • 0

#37
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Wow Malware invasion over!

Lets remove the tools I had you download, delete the log files and system restore points, delfix will create a new one.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#38
TriciaDP72

TriciaDP72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi - So a couple of things i noticed after i sent you a reply. When I shut down, something was running in the background and I had to force the shut down, then after I ran delfix, a Webroot SecureAnywhere pop up came up asking me if I was sure the geekstogo website was safe, i clicked yes and then there was no reply box for me to respond to? So I copied over the log to my mac and I am responding here, let me know your thoughts, here is the log:

 

# DelFix v1.011 - Logfile created 24/08/2015 at 10:19:44
# Updated 18/08/2015 by Xplode
# Username : Owner - OWNER-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Owner\Desktop\FRST-OlderVersion
Deleted : C:\AdwCleaner[C1].txt
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\Users\Owner\Desktop\Addition.txt
Deleted : C:\Users\Owner\Desktop\adwcleaner_5.000.exe
Deleted : C:\Users\Owner\Desktop\Fixlog.txt
Deleted : C:\Users\Owner\Desktop\FRST.txt
Deleted : C:\Users\Owner\Desktop\FRST64.exe
Deleted : C:\Users\Owner\Desktop\JRT.exe
Deleted : C:\Users\Owner\Desktop\JRT.txt
Deleted : C:\Users\Owner\Downloads\esetsmartinstaller_enu(1).exe
Deleted : C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #298 [Windows Update | 08/13/2015 19:01:56]
Deleted : RP #300 [Restore Point Created by FRST | 08/14/2015 04:23:36]
Deleted : RP #301 [Windows Update | 08/14/2015 10:00:10]
Deleted : RP #303 [Restore Point Created by FRST | 08/14/2015 14:38:47]
Deleted : RP #304 [JRT Pre-Junkware Removal | 08/16/2015 21:39:34]
Deleted : RP #306 [Restore Point Created by FRST | 08/17/2015 00:52:33]
Deleted : RP #307 [Windows Update | 08/17/2015 14:43:48]
Deleted : RP #308 [Windows Update | 08/21/2015 16:48:48]
Deleted : RP #309 [Windows Update | 08/23/2015 05:39:38]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#39
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts

When I shut down, something was running in the background and I had to force the shut down

Let me know if that continues to occur.

I can't really explain why Webroot was asking if this site was safe or the reply box not being there, the reply box could have been a glitch with the forum perhaps.

Run the computer for a while and let me know if issues persist.

Thanks
Joe :)
  • 0

#40
TriciaDP72

TriciaDP72

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

will do, thanks again for all your help!

 

Tricia


  • 0

Advertisements


#41
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP