Jump to content

A little help please?


Recommended Posts

I recently accidentally acquired a browser hijacker on my computer through some freeware due to not paying attention during the installation.  I ran this scan and seem to have found the problem, however, I do know that false-positives can occur and just was wondering if anybody would look through my text log and make sure that it looks alright before I give it the go-ahead to quarantine. I've attached the .txt export file from MalwareBytes to my post and would be very appreciative if somebody would be willing to take a look for me.

 

export.txt

 

 

Thanks so much!

Brandon

Link to post
Share on other sites

For those of you that do not feel comfortable downloading a random .txt file - here's the pasted version as well. 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/27/2014
Scan Time: 11:01:51 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.28.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Brandon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371743
Time Elapsed: 1 hr, 1 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 3
PUP.Optional.SweetPacks.A, C:\Program Files\V-bates\ExtensionUpdaterService.exe, 2208, , [e7da02546b10f046a0b13acd9e637e82]
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\guardsvc.exe, 1760, , [9a2787cf6b1064d2ffbb169306fcb050]
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\notifier.exe, 4124, , [9a2787cf6b1064d2ffbb169306fcb050]
 
Modules: 17
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
 
Registry Keys: 26
PUP.Optional.SweetPacks.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\V-bates Updater, , [e7da02546b10f046a0b13acd9e637e82], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}\INPROCSERVER32, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject.1, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject.1, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKU\S-1-5-21-1294440619-2963033295-1164845174-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, HKU\S-1-5-21-1294440619-2963033295-1164845174-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D067E3E4-354F-4F8A-8668-1AA03D22CBA1}, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{82C1E22B-0B13-4959-8E7D-FDACCBCC4391}, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A516C81D-0FB7-4306-BBAE-9E42DA16B804}, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{82C1E22B-0B13-4959-8E7D-FDACCBCC4391}, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A516C81D-0FB7-4306-BBAE-9E42DA16B804}, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D067E3E4-354F-4F8A-8668-1AA03D22CBA1}, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Mext Guard, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\V-bates, , [13aec78f502b38fea517238659a938c8], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\WOW6432NODE\V-bates, , [2899ee688cef64d2c5f7cadfc53d54ac], 
 
Registry Values: 5
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [b20f4b0b58230531a7bf67caa75ba957]
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [b20f4b0b58230531a7bf67caa75ba957]
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [be0359fd95e6e551333348e955adea16], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [922f92c4fa819e98c89e0b26639fda26], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|V-bates, C:\Program Files\V-bates\notifier.exe, , [9a2787cf6b1064d2ffbb169306fcb050]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 13
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\libraries, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\resources, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\locale, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\locale\en-US, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\skin, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\defaults, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\defaults\preferences, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libraries, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\resources, , [9a2787cf6b1064d2ffbb169306fcb050], 
 
Files: 37
PUP.Optional.SweetPacks.A, C:\Program Files\V-bates\ExtensionUpdaterService.exe, , [e7da02546b10f046a0b13acd9e637e82], 
PUP.Optional.VBates, C:\Program Files\V-bates\Extension64.dll, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.VBates, C:\Program Files\V-bates\Extension32.dll, , [b20f4b0b58230531a7bf67caa75ba957], 
PUP.Optional.Outbrowse, C:\$Recycle.Bin\S-1-5-21-1294440619-2963033295-1164845174-1001\$R7ZHUO8.exe, , [caf70d4981fa95a1461e364812ef26da], 
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-1294440619-2963033295-1164845174-1001\$RDX4MR4.exe, , [af120d49314a6ec8cba45af4f40dc63a], 
PUP.Optional.VBates.A, C:\Users\Brandon\AppData\Local\Temp\v-bates.exe, , [358c95c1a4d70432f5923d0842be6799], 
PUP.Optional.InstallMonetizer.A, C:\Users\Brandon\AppData\Local\Temp\is-JUO6L.tmp\InstallManager.exe, , [427f61f5c5b60f27dd112205de2356aa], 
PUP.Optional.Somoto.A, C:\Users\Brandon\Downloads\FreeZipSetup-Nfl5U26AA.exe, , [18a9b4a296e5b97d317abf281be818e8], 
PUP.Optional.Bandoo, C:\Users\Brandon\Downloads\iLividSetup-r468-n-bc.exe, , [1ba60f4764176bcbcca3878381808080], 
PUP.Optional.Superfish.A, C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [7948f85e84f7f64075bfa2eda75bf60a], 
PUP.Optional.Superfish.A, C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [437e62f4ee8df83e0f25ade28f733fc1], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\source.crx, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\DGChrome.exe, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\guardsvc.exe, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\InstallerHelper.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libinject.dll, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\NMHClient.exe, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\NMHClient.json, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\notifier.exe, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\PrefHelper.exe, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\startsc.bat, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\unins000.dat, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\unins000.exe, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome.manifest, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\icon.png, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\install.rdf, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\main.js, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\main.xul, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\libraries\DataExchangeScript.js, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\resources\LocalScript.js, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\locale\en-US\overlay.dtd, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\skin\overlay.css, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\defaults\preferences\defaults.js, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libraries\DataExchangeScript.js, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\resources\LocalScript.js, , [9a2787cf6b1064d2ffbb169306fcb050], 
PUP.Optional.Trovi.A, C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ ""https://www.renweb.com/rwlogin/ParentsWeb-Login.aspx?District=KCHS-TN&SchoolCode", "https://www.youtube.com/" ],), ,[5071e6707506a3933f1db7cf32d2a858]
PUP.Optional.Trovi.A, C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://www.trovi.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=MC4C7240E-70BC-4052-BDFE-9F24E81D11F4&SearchSource=55&CUI=&UM=5&UP=SP7AB9C72E-E55D-4CFD-BFA3-6F5C84014516&SSPV=",), ,[09b88bcba4d743f35d006c1ad0345ea2]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)



Thanks again

Link to post
Share on other sites

Hello Brandon24 and :welcome:

You can proceed with the PUP quarantine followed by a wait of about one week to evaluate the outcome before permanent deletion. However, the method of conveyance may or may not have been the recent install because you provided no details there.

I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and having one of the Malware Removal Experts assist you with looking into your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.