DouglasW Posted January 28, 2015 ID:933849 Share Posted January 28, 2015 I tried to use my sons computer and can't because of all of the pop ups and redirects.I went to download farbar but it wouldn't let me. Would someone please help me clean this up. Link to post Share on other sites More sharing options...
Naathim Posted January 28, 2015 ID:933854 Share Posted January 28, 2015 Hello and welcome! I'm Radek and I'll try to help you with your issue. Before we start please note the following:Analysis and research take some time, also sometimes real life gets in the way, please be patient.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Paste the logs in your posts, attachments make my work harder and more complicated.Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding! The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Malwarebytes' Anti-Malware Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.First of all select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Link to post Share on other sites More sharing options...
DouglasW Posted January 28, 2015 Author ID:933873 Share Posted January 28, 2015 Thank you for the help. Here is the file. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 1/28/2015Scan Time: 3:38:48 PMLogfile: history log.txtAdministrator: Yes Version: 2.00.4.1028Malware Database: v2015.01.28.10Rootkit Database: v2015.01.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Ryan Scan Type: Threat ScanResult: CompletedObjects Scanned: 330352Time Elapsed: 8 min, 28 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 1PUP.Optional.GoldenCoupon.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [e76a4fa80386e056b67c4331db286a96], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 1PUP.Optional.GoldenCoupon.A, C:\ProgramData\GoldenCoupon, Quarantined, [e76a4fa80386e056b67c4331db286a96], Files: 13PUP.Optional.InstallCore, C:\Users\Ryan\AppData\Roaming\1H1Q\Open Office Packages\uninstaller.exe, Quarantined, [d77a49aed4b557df5c14d741e220fe02], PUP.Optional.Softpulse, C:\Users\Ryan\Downloads\Setup (1).exe, Quarantined, [b69b6b8cb7d249ed14454ead4bb6d62a], PUP.Optional.Softpulse, C:\Users\Ryan\Downloads\Setup (2).exe, Quarantined, [4809d225cfbadb5b88d109f2ef1225db], PUP.Optional.Softpulse, C:\Users\Ryan\Downloads\Setup (3).exe, Quarantined, [4908a94e8dfca690401933c811f007f9], PUP.Optional.Softpulse, C:\Users\Ryan\Downloads\Setup (4).exe, Quarantined, [b899c82fc0c9c17560f91fdc6899e31d], PUP.Optional.Softpulse, C:\Users\Ryan\Downloads\Setup (5).exe, Quarantined, [dc7548af35543006b0a9de1d887915eb], PUP.Optional.Softpulse, C:\Users\Ryan\Downloads\Setup (6).exe, Quarantined, [341d5e99b8d1a690adac03f851b0946c], PUP.Optional.Softpulse, C:\Users\Ryan\Downloads\Setup (7).exe, Quarantined, [55fc04f3424780b6a9b09e5d679a966a], PUP.Optional.Softpulse, C:\Users\Ryan\Downloads\Setup (8).exe, Quarantined, [173a57a04a3f0d29aeab877431d0f10f], PUP.Optional.Softpulse, C:\Users\Ryan\Downloads\Setup.exe, Quarantined, [4e030ceb6d1c1b1ba9b09764c63b43bd], PUP.Optional.GoldenCoupon.A, C:\ProgramData\GoldenCoupon\GoldenCoupon.exe, Quarantined, [e76a4fa80386e056b67c4331db286a96], PUP.Optional.Trovi, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "search_url": "http://www.trovi.com/Results.aspx?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M1660E9B2-F2E0-4798-9DFA-98F6D2D7B485&SearchSource=58&CUI=&UM=6&UP=SPEF81FA7D-5C09-43FB-8F67-95D544C7C80D&q={searchTerms}&SSPV=",),Replaced,[6ee350a726631026529128bb8481639d] PUP.Optional.Conduit, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "suggest_url": "http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}",),Replaced,[80d106f15c2d14225193e201d72ec43c] Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
DouglasW Posted January 29, 2015 Author ID:934248 Share Posted January 29, 2015 I was able to download the Farbar Recovery scan tool. Would you like me to run this? Link to post Share on other sites More sharing options...
Naathim Posted January 29, 2015 ID:934254 Share Posted January 29, 2015 Yes, but there's an order to run each tool for a reason. We'll run FRST now. Scan with Farbar Recovery Scan Tool Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.When the tool opens click Yes to disclaimer.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
DouglasW Posted January 29, 2015 Author ID:934275 Share Posted January 29, 2015 Here are the Scans.I had to attach the files because the were to large to send when I pasted them into the window.FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Naathim Posted January 30, 2015 ID:934542 Share Posted January 30, 2015 Hi, plenty of work to be done here. Your Chrome settings have been bypassed/altered so you'll have to reinstall it, but after we are done. I'll notify you. Fix with Junkware Removal Tool Please download JRT by Thisisu and save the file to your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Follow the prompts and let this process run uninterrupted.This scan can take a while, depending on your System specs.Upon completion, a log (JRT.txt) will open on your desktop.Please include the contents of that file in your reply. Do not forget to re-enable your previously switched off protection software! Please also manually reboot your machine after this procedure. Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your desktop.Right-click on icon and select Run as Administrator to start the tool.The program will begin to update the database (if internet connection is operational). Please wait a little bit.Follow the prompts and click Scan.When finished, please click Clean.Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.Please include the contents of that file in your reply. Link to post Share on other sites More sharing options...
DouglasW Posted January 30, 2015 Author ID:934581 Share Posted January 30, 2015 Here are the scans. # AdwCleaner v4.109 - Report created 30/01/2015 at 15:50:40# Updated 24/01/2015 by Xplode# Database : 2015-01-26.1 [Live]# Operating System : Windows 8.1 (64 bits)# Username : Ryan - RYANS_LAPTOP# Running from : C:\Users\Ryan\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\646a3724e54faa20Folder Deleted : C:\Program Files\QuiknowledgeFolder Deleted : C:\Users\Ryan\AppData\Roaming\1H1QFolder Deleted : C:\ProgramData\hdhlohnoninaedfflojpbmcooceajopa ***** [ Scheduled Tasks ] ***** Task Deleted : RocketTab Update TaskTask Deleted : RocketTab ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkdKey Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}Key Deleted : HKCU\Software\BRSKey Deleted : HKCU\Software\VittaliaKey Deleted : HKCU\Software\StormWatchKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Deleted : HKLM\SOFTWARE\SPPDCOMData Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17037 -\\ Google Chrome v40.0.2214.94 ************************* AdwCleaner[R0].txt - [2530 octets] - [30/01/2015 15:48:07]AdwCleaner[s0].txt - [2046 octets] - [30/01/2015 15:50:40] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2106 octets] ########## Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.1 (12.28.2014:1)OS: Windows 8.1 x64Ran by Ryan on Fri 01/30/2015 at 15:29:36.68~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\LuckyCouPoenSuccessfully deleted: [Folder] C:\ProgramData\RROyalShopperApppSuccessfully deleted: [Folder] C:\ProgramData\SaleesCHeckerSuccessfully deleted: [Folder] C:\ProgramData\SalesCHeckerSuccessfully deleted: [Folder] C:\ProgramData\SalesuMaggnetSuccessfully deleted: [Folder] C:\ProgramData\SOfTCouepSuccessfully deleted: [Folder] "C:\ProgramData\browser"Successfully deleted: [Folder] "C:\ProgramData\instashare"Successfully deleted: [Folder] "C:\Program Files (x86)\quiknowledge"Successfully deleted: [Folder] "C:\Program Files (x86)\tidynetwork"Successfully deleted: [Folder] "C:\Users\Ryan\documents\optimizer pro" ~~~ Chrome Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkdSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 01/30/2015 at 15:34:01.25End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
DouglasW Posted January 30, 2015 Author ID:934589 Share Posted January 30, 2015 Things seem to be working a bit better. Not getting the popups any more. Link to post Share on other sites More sharing options...
Naathim Posted January 31, 2015 ID:934868 Share Posted January 31, 2015 Glad to hear that, but we're not done. Still alot before us. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
DouglasW Posted January 31, 2015 Author ID:934945 Share Posted January 31, 2015 Thank you, we will keep at it. The files are still to large to paste here so I attached them.FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Naathim Posted February 4, 2015 ID:936101 Share Posted February 4, 2015 Hi and sorry for the delay, I blame it on the jetlag. Uninstall some programsWe need to uninstall some programs.Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.Search there for each entry mentioned below, right-click the entry and click Uninstall one at a timeThe list of programs to uninstall:Open Office PackagesPay special attention when uninstalling, some of the programs may have checkboxes that will either install others instead or ask you to leave them installed!After completing uninstalls, please manually reboot your machine! Scan with ZOEKPlease download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:createsrpoint;autoclean;emptyclsid;C:\windows\Sysnative\sdo2ml6.dll;virustotal{FFAAAB72-30FB-4B20-8BA5-1F76989A605B};cMake sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Please include its content in your next reply.Don't forget to re-enable your switched-off protection software! Link to post Share on other sites More sharing options...
DouglasW Posted February 7, 2015 Author ID:937189 Share Posted February 7, 2015 Hi Radek,After we are done will we be able to reinstall Open Office? Zoek.exe v5.0.0.0 Updated 06-February-2015Tool run by Ryan on Fri 02/06/2015 at 19:08:28.55.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Ryan\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 2/6/2015 7:09:46 PM Zoek.exe System Restore Point Created Succesfully. ==== VirusTotal Scan ====================== C:\windows\Sysnative\sdo2ml6.dll https://www.virustotal.com/file/B9CB660EBD99FF01527150239E6C1EE3BD87B1FA324CDA7509976992EF8F9E2D/analysis/ ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on Fri 02/06/2015 at 19:12:31.24 ====================== Link to post Share on other sites More sharing options...
Naathim Posted February 9, 2015 ID:937906 Share Posted February 9, 2015 Sure, but what's the problem with Open Office? Link to post Share on other sites More sharing options...
DouglasW Posted February 9, 2015 Author ID:937952 Share Posted February 9, 2015 In your Feb 4 post you asked to uninstall open office so I just was making sure it was ok to re install.How are things looking on the scans? Link to post Share on other sites More sharing options...
Naathim Posted February 9, 2015 ID:937954 Share Posted February 9, 2015 No, it's not Open Office, it was Open Office Packages - they are two different things. Please pay more attention to details Link to post Share on other sites More sharing options...
DouglasW Posted February 9, 2015 Author ID:937989 Share Posted February 9, 2015 Ok. How are we looking on the scans. Link to post Share on other sites More sharing options...
Naathim Posted February 9, 2015 ID:938008 Share Posted February 9, 2015 We'll see. I need a fresh FRST report after all that. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
DouglasW Posted February 9, 2015 Author ID:938016 Share Posted February 9, 2015 Here are the Farbar scans.Thank youFRST.txtAddition.txt Link to post Share on other sites More sharing options...
Naathim Posted February 9, 2015 ID:938027 Share Posted February 9, 2015 OK, let's purify Chrome now. Reset Chrome to defaults Please open Google Chrome.Enter the Chrome menu by clicking the button.Select Settings.Click Show advanced settings and find the Reset browser settings section.Click Reset browser settings.In the dialog that appears, click Reset.Chrome will reset itself.Bare in mind that all your browsing history, passwords, cookies will be saved. This procedure will only remove all extensions, themes, plugins etc. and restore Chrome engine to a state similar after a fresh installation. Link to post Share on other sites More sharing options...
DouglasW Posted February 9, 2015 Author ID:938038 Share Posted February 9, 2015 Ok, Chrome has been reset. Link to post Share on other sites More sharing options...
Naathim Posted February 9, 2015 ID:938134 Share Posted February 9, 2015 OK, so now we need to reinstall it. Uninstall some programs We need to uninstall some programs.Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.Search there for each entry mentioned below, right-click the entry and click Uninstall one at a timeThe list of programs to uninstall:Google ChromeAfter completing uninstalls, please manually reboot your machine! Google Chrome reinstall Please go to the official Chrome download website and install a fresh version. Link to post Share on other sites More sharing options...
DouglasW Posted February 10, 2015 Author ID:938403 Share Posted February 10, 2015 Hi Radek, I have un-installed and re-installed Chrome from the above link. Link to post Share on other sites More sharing options...
Naathim Posted February 10, 2015 ID:938407 Share Posted February 10, 2015 Good. Let's make some final scans then. Scan with Security Check Please download Security Check by Screen317 and save it to your desktop.Right-click on icon and select Run as Administrator to start the tool.Follow onscreen instructions inside the black box. This scan won't take long.Soon a notepad document called checkup.txt will open automaticaly.Please include the content of that document. Scan with ESET Online Scanner This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Please visit ESET Online Scanner website. Click there Run ESET Online Scanner. If using Internet Explorer:Accept the Terms of Use and click Start.Allow the running of add-on.If using Mozilla Firefox or Google Chrome:Download esetsmartinstaller_enu.exe that you'll be given link to.Double click esetsmartinstaller_enu.exe.Allow the Terms of Use and click Start.To perform the scan:Make sure that Enable detecion of potentially unwanted applications is checked.In the Advanced Settings dropdown menu:Make sure that Remove found threats is unchecked.Scan archives is checked.Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.Use custom proxy settings is unchecked.Click StartThe program will begin to download it's virus database. The speed may vary depending on your Internet connection.When completed, the program will begin to scan. This may take several hours. Please, be patient.Do not do anything on your machine as it may interrupt the scan.When the scan is done, click Finish.A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.Please include this logfile in your next reply. Don't forget to re-enable previously switched-off protection software! Link to post Share on other sites More sharing options...
DouglasW Posted February 10, 2015 Author ID:938455 Share Posted February 10, 2015 Here are the 2 scans. ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OK# product=EOS# version=8# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=77cdefa7468b7743ae14f4713fb34405# engine=22404# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2015-02-10 07:37:12# local_time=2015-02-10 01:37:12 (-0600, Central Standard Time)# country="United States"# lang=1033# osver=6.3.9600 NT # compatibility_mode_1=''# compatibility_mode=5893 16776573 100 94 0 39991729 0 0# scanned=238755# found=12# cleaned=0# scan_time=6311sh=426802626A8B4D633330AA090EB8C34B909AF626 ft=1 fh=6f9bcc5c95e0319a vn="a variant of Win32/SoftPulse.S potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2184052683-1741030757-3614636820-1001\$R6FL56U.exe"sh=35966D9A14EDB05B66BB02FE3834ABDA903EF689 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\hdhlohnoninaedfflojpbmcooceajopa\q9jyhzeO.js.vir"sh=560A8FB4F6AABAEEF5A1594471937FCE5DA7EF96 ft=1 fh=9dc5c0ca431585cc vn="a variant of MSIL/Adware.PullUpdate.K.gen application" ac=I fn="C:\ProgramData\jiWVDDtPgrj\dat\kpvIRQkEI.dll"sh=08B8AD866A27ADACE4F29D9155AFBAF1CAAE1F15 ft=1 fh=7fcca138d1725700 vn="a variant of MSIL/Adware.PullUpdate.K.gen application" ac=I fn="C:\ProgramData\jiWVDDtPgrj\dat\laiyVKrec.dll"sh=560A8FB4F6AABAEEF5A1594471937FCE5DA7EF96 ft=1 fh=9dc5c0ca431585cc vn="a variant of MSIL/Adware.PullUpdate.K.gen application" ac=I fn="C:\Users\All Users\jiWVDDtPgrj\dat\kpvIRQkEI.dll"sh=08B8AD866A27ADACE4F29D9155AFBAF1CAAE1F15 ft=1 fh=7fcca138d1725700 vn="a variant of MSIL/Adware.PullUpdate.K.gen application" ac=I fn="C:\Users\All Users\jiWVDDtPgrj\dat\laiyVKrec.dll"sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Ryan\Downloads\25623-673284-ccleaner.exe"sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Ryan\Downloads\ccsetup502.exe"sh=270D0C8B3EC68CFBC58F4D0F7EEF5A08C5330713 ft=1 fh=d39f0adf6fd44a53 vn="NSIS/TrojanDownloader.Adload.AA trojan" ac=I fn="C:\Users\Ryan\Downloads\FLVPlayer-Chrome.exe"sh=BF79312F0BCA9FDBD455F0E6C184212BB4CA4411 ft=1 fh=00ae859c95e0319a vn="a variant of Win32/SoftPulse.S potentially unwanted application" ac=I fn="C:\Users\Ryan\Downloads\Installation.exe"sh=F796F3E70304AE3A041B9176AD8E197C9E1FCA6D ft=1 fh=5c6c1b2fa77e8b94 vn="Win32/OutBrowse.BU potentially unwanted application" ac=I fn="C:\Users\Ryan\Downloads\Java (1).exe"sh=795CF822898746752DA0339E504822F8ED6FA64D ft=1 fh=6876035103f347a1 vn="Win32/OutBrowse.BU potentially unwanted application" ac=I fn="C:\Users\Ryan\Downloads\Java.exe" Results of screen317's Security Check version 0.99.96 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Google Chrome (40.0.2214.111) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Recommended Posts