More PUPs

Maniac · August 3, 2015

How are things now?

Jhay · August 4, 2015

Nothing out of the ordinary at this point.

Maniac · August 4, 2015

Great!

Let's clean these tools:

Please download Delfix.exe by Xplode and save it to your desktop.
Please start it and check the box next to "Remove disinfection tools" and click on the Run button.
The tool will delete itself once it finishes.

Some malware preventions:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing!

Jhay · August 30, 2015

Sorry I been neglecting this post, but I finally ran the tool. All the applications used to clean the system have been removed!

Thanks again!

Maniac · September 1, 2015

You are welcome!

Jhay · October 5, 2015

Came across another "fake virus warning" today after browsing another site. Attached are screenshots of what it looked like. I hit the "prevent this page from creating additional dialogs" and hit "Leave this page" and got it to disappear. Ran an MBAM scan and returned empty results.

Here is the log to verify:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/4/2015

Scan Time: 8:57 PM

Logfile:

Administrator: Yes

Version: 2.1.8.1057

Malware Database: v2015.10.05.01

Rootkit Database: v2015.10.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Jordan

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 403465

Time Elapsed: 15 min, 7 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Maniac · October 8, 2015

Please download ZHPCleaner (by NicolasCoolman) to your desktop.
Double click on ZHPCleaner to run the tool. (Vista/Windows 7/8 users right-click and select Run As Administrator).
Please click on the button.
Then press the button.
During the scan any open instances of the browsers will be closed automatically.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.

Jhay · October 10, 2015

~ ZHPCleaner v2015.10.7.361 by Nicolas Coolman (2015/10/07)

~ Run by Jordan (Administrator) (10/10/2015 00:05:31)

~ Site : http://www.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : No network file

~ Type : Scan

~ Report : C:\Users\Jordan\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\Jordan\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Deactivate

~ Boot Mode : Normal (Normal boot)

Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Services (0)

~ No malicious or unnecessary items found.

---\\ Browser internet (0)

~ No malicious or unnecessary items found.

---\\ Hosts file (1)

~ The hosts file is legitimate (21)

---\\ Scheduled automatic tasks. (0)

~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (0)

~ No malicious or unnecessary items found.

---\\ Registry ( Key, Value, Data) (3)

FOUND key: [X64] HKLM\SOFTWARE\Classes\FinaleNotation [Finale Notation File] =>PUP.Optional.Proxy

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Offercast346_ARS__RASAPI32 [] =>Toolbar.Ask

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Offercast346_ARS__RASMANCS [] =>Toolbar.Ask

---\\ Result of repair

~ Any repair made

~ Browser not found (Opera Software)

---\\ Statistics

~ Items scanned : 68092

~ Items found : 3

~ Items cancelled : 0

~ Items repaired : 0

~ End of search in 3 minutes

===================

ZHPCleaner--10102015-00_08_55.txt

AdvancedSetup · October 29, 2015

Sorry for the delay. Please run the following for me and I'll take over for Maniac

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Jhay · November 3, 2015

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.4 (09.28.2015:1)

OS: Windows 7 Home Premium x64

Ran by Jordan on Sun 11/01/2015 at 18:54:40.70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\coupons

Successfully deleted: [Folder] C:\Program Files (x86)\your product

Successfully deleted: [Folder] C:\ProgramData\esellerate

~~~ Chrome

[C:\Users\Jordan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Jordan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Jordan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Jordan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 11/01/2015 at 18:57:41.66

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner:

# AdwCleaner v5.016 - Logfile created 01/11/2015 at 19:03:08

# Updated 01/11/2015 by Xplode

# Database : 2015-11-01.2 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Jordan - JORDAN-PC

# Running from : C:\Users\Jordan\Desktop\AdwCleaner.exe

# Option : Scan

# Support : http://www.taoframework.com)C:\Program Files (x86)\Tao.Sdl.$AA

2015-02-07 14:09 - 2015-02-07 14:09 - 0116013 _____ () C:\Program Files (x86)\Uninstal.exe

1998-04-27 00:00 - 1998-04-27 00:00 - 0570128 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\DAO350.DLL

2015-01-15 21:14 - 2015-11-01 16:46 - 0009196 _____ () C:\Users\Jordan\AppData\Roaming\JORDAN-PC.MTBF.txt

2015-10-13 23:02 - 2015-11-02 19:08 - 0023988 _____ () C:\Users\Jordan\AppData\Roaming\Notepad2.ini

2015-06-08 13:50 - 2015-06-08 13:50 - 0000600 _____ () C:\Users\Jordan\AppData\Roaming\PUTTY.RND

2015-01-15 21:14 - 2015-11-01 18:27 - 0001072 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManager.log

2015-01-15 21:14 - 2015-10-25 21:31 - 0000894 _____ () C:\Users\Jordan\AppData\Roaming\__AvidCloudManagerPrevious.log

2015-01-15 21:16 - 2015-06-14 16:12 - 0004608 _____ () C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-01-14 20:19 - 2015-09-07 21:19 - 0000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND

2015-05-30 21:27 - 2015-05-30 21:27 - 0008394 _____ () C:\Users\Jordan\AppData\Local\recently-used.xbel

2015-03-10 13:24 - 2015-03-10 13:31 - 0000824 _____ () C:\ProgramData\hpzinstall.log

2015-01-31 00:02 - 2015-01-31 00:02 - 0000085 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:

====================

C:\Users\Jordan\AppData\Local\Temp\AutoRun.exe

C:\Users\Jordan\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Jordan\AppData\Local\Temp\drm_dyndata_7330011.dll

C:\Users\Jordan\AppData\Local\Temp\EAInstall.dll

C:\Users\Jordan\AppData\Local\Temp\madden_inst.exe

C:\Users\Jordan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-01 19:34

==================== End of FRST.txt ============================

Addition (attached)

Addition.txt

AdvancedSetup · November 3, 2015

Please temporarily disable your antivirus and run the following.

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then restart your computer and reset your browsers to default settings.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

Next,

Please download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

Thanks

Jhay · November 5, 2015

Performed the TFC clean-up, reset sync and browser settings, and then ran the Security Check. Here's the results:

Results of screen317's Security Check version 1.009

Windows 7 Service Pack 1 x64 (UAC is disabled!)

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Kaspersky Total Security

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader XI

Mozilla Firefox 38.0.1 Firefox out of Date!

Google Chrome (46.0.2490.71)

Google Chrome (46.0.2490.80)

````````Process Check: objlist.exe by Laurent````````

Kaspersky Lab Kaspersky Total Security 15.0.2 avp.exe

Kaspersky Lab Kaspersky Total Security 15.0.2 avpui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

AdvancedSetup · November 5, 2015

You need to uninstall your current flash player and get the latest from Adobe. Then also update your Firefox

How is the computer running now otherwise?

Jhay · November 6, 2015

I updated the Adobe Flash Player. I had version 10 on there because it was the only version that is compatible with a game I have installed on this computer. I also uninstalled Firefox because Chrome is my primary browser.

Otherwise, the computer is running fine.

AdvancedSetup · November 6, 2015

At this time there are no more signs of an infection on your system.

However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.

They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

Download Delfix from here and save it to your desktop. (you may already have this)

Ensure Remove disinfection tools is checked.
Click the Run button.
Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.

How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.

Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Jhay · November 9, 2015

Thanks for all your help, as always. Just figured I would bring this to your attention. This was detected by Kaspersky Total Security 2015:

09.11.2015 12.57.03 Detected object (file) was deleted. c:\users\jordan\desktop\delfix_1.011 (1).exe File: c:\users\jordan\desktop\delfix_1.011 (1).exe Object name:: PDM:Trojan.Win32.Generic Object type:: Unknown threat Time:: 11/9/2015, 12:57 PM

AdvancedSetup · November 11, 2015

No problem. You can either opt to tell Kaspersky it's okay or manually remove anything else left over we used.

Cheers

Jhay · January 5, 2016

Thanks. Don't mean to do this to you again, but I encountered a BSOD scam like this one: https://blog.malwarebytes.org/fraud-scam/2015/09/avoid-this-bsod-tech-support-scam/. This happened when I was using my old laptop that I plan to decommission since I got a new laptop for Christmas. Also I was connected to a VPN at Syracuse University while this happened and my phone was plugged in via USB. Furthermore, my Google Chrome settings were set to sync my browsing history from all computers using Chrome. I am concerned that all these computers may be possibly infected.

AdvancedSetup · January 5, 2016

Well I know that people just love the ease and convenience of items like Chrome and Firefox sync "but" it can and will lead to the exact concern you're expressing. I cannot say whether or not your current computer or others are infected or having issues without doing full scans etc on them. Might be best to do at least a browser reset on all devices.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

If issues continue then let me know and we can do further scans.

Jhay · January 6, 2016

I disabled/reset sync for my Google Account and reset the browser settings for all computers connected to the Internet when last night's incident happened.

No more suspicious activity observed on any computers as well. Please let me know if we should run scans for at least the computer it happened on. Keep in mind I plan to wipe it clean once I remove all important files off of it.

I just ran a scan on my new laptop, which was synced to my Google account on Chrome. Here are the results:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 1/5/2016

Scan Time: 11:33 PM

Logfile: jordan-nb2 mbam log.txt

Administrator: Yes

Version: 2.2.0.1024

Malware Database: v2016.01.06.01

Rootkit Database: v2016.01.05.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 10

CPU: x64

File System: NTFS

User: Jordan

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 330777

Time Elapsed: 10 min, 34 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

AdvancedSetup · January 6, 2016

Up to you but if you're going to wipe it then probably not worth spending any time on it. I'll give you a generic cleanup speech though that has details on how to help keep the new computer or new build safe.

Number one being keep good backups of your data on an external device that does not stay connected to the computer except to do the backup.

Backup Software
The complexity of finding, preventing, and cleanup from malware

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

Download Delfix from here and save it to your desktop. (you may already have this)

Ensure Remove disinfection tools is checked.
Click the Run button.
Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Jhay · January 6, 2016

Thanks. Since we never used any disinfection tools, I will skip Delfix. BTW, I ran a scan with Hitman Pro on my new laptop, which produced the following results:

HitmanPro 3.7.12.253www.hitmanpro.com    Computer name . . . . : JORDAN-NBNEW   Windows . . . . . . . : 10.0.0.10240.X64/4   User name . . . . . . : JORDAN-NBNEW\Jordan   UAC . . . . . . . . . : Enabled   License . . . . . . . : Trial (30 days left)    Scan date . . . . . . : 2016-01-06 12:14:37   Scan mode . . . . . . : Normal   Scan duration . . . . : 5m 10s   Disk access mode  . . : Direct disk access (SRB)   Cloud . . . . . . . . : Internet   Reboot  . . . . . . . : No    Threats . . . . . . . : 1   Traces  . . . . . . . : 16    Objects scanned . . . : 1,436,442   Files scanned . . . . : 27,368   Remnants scanned  . . : 280,510 files / 1,128,564 keys Malware remnants ____________________________________________________________    findwide   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Web Data  Potential Unwanted Programs _________________________________________________    C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\ (SpeedSurfing) -> Deleted   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\ (SpeedSurfing) -> Deleted   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\_metadata\ (SpeedSurfing) -> Deleted   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\_metadata\computed_hashes.json (SpeedSurfing) -> Deleted   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\_metadata\verified_contents.json (SpeedSurfing) -> Deleted   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\b4g.js (SpeedSurfing) -> Deleted   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\background.js (SpeedSurfing) -> Deleted   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\icon.png (SpeedSurfing) -> Deleted   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\manifest.json (SpeedSurfing) -> Deleted   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\uninstall_old.js (SpeedSurfing) -> Deleted   ask.com   C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Web Data  Cookies _____________________________________________________________________    C:\Users\Jordan\AppData\Local\Microsoft\Windows\INetCookies\Low\6HISJ8RM.txt   C:\Users\Jordan\AppData\Local\Microsoft\Windows\INetCookies\Low\N5KHYF3S.txt   C:\Users\Jordan\AppData\Local\Microsoft\Windows\INetCookies\Low\XM5RN4EV.txt   C:\Users\Jordan\AppData\Local\Microsoft\Windows\INetCookies\Low\ZWS6UI1T.txt

I deleted each of the files marked as threats.

AdvancedSetup · January 7, 2016

Looks good. Okay I'll go ahead then and close your topic. Have a great New Year

Ron

AdvancedSetup · January 7, 2016

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

More PUPs

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information