Hacked by malware - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware
Click Here to Login
Reply
 
Thread Tools Display Modes
 
Old 05-29-2017, 05:47 PM   #1 (permalink)
Newb Techie
 
Join Date: Nov 2005
Posts: 31
Default Hacked by malware

So I went on a site to download some development software (ResEdit.net to be exact), but it turns out that the site has been hacked. I ended up installing malware onto my computer. I was able to scan and manually look through my running processes list and delete some of them:
Quote:
AppTrialers
YeaDesktop
MaohiWiFiService
I've also seemed to have disabled the file:
Quote:
act_win_2605.exe
Previously, it would periodically run and drop my explorer.exe process. I would search for it and find it in my Windows folder and delete it, but it would periodically be created again. I'm not sure what I did to fix it, but I ended up opening the file up with notepad and deleting chunks of text out.

Anyhow there are a couple of things still worrying me. In the Services tab of msconfig, the following services have shady "Manufacturer" entries:
Quote:
Runtimebroker.exe | www.kdsmarketing.com
Telephone | The Privoxy team - privoxy.org
Runtimebroker.exe is said to be an official Microsoft Component, but the manufacturer entry "kdsmarketing" implies that it must have been hacked. In fact, when I view the source of the ResEdit.net site, I was able to find kdsmarketing.com as a source of one of the running scripts. I was able to disable the Runtimebroker.exe service without any issues.

If I disable Telephone, on the other hand, I would not be able to access the internet. My browsers would tell me that the they are configured to run through a proxy server, which is not responding. So I left it enabled. In the Services Administrator Tools, there is another service called "Telephony" of which "Telephone" appears to have the exact description copy:

"Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service."

I'm wondering if Telephone is a legitimate service, and if so, why is it associated with Privoxy, or if not, why can't I access the internet if it is disabled. Chances are, this service is malware that is logging my internet activity.
When I go and download the actual Privoxy software, which appears to be legitimate and run it, I get the error:
Quote:
Fatal error: can't bind to 127.0.0.1:8118: There may be another Privoxy or some other proxy running on port 8118
So it looks like whatever is installed in "Telephone" is using Privoxy to hijack port 8118.

Here is my Hijackthis Log if it helps:
Code:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:43:52 PM, on 5/29/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 53.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Users\Centurion\Desktop\Sysinternals\Desktops.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\OneDrive.exe
D:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Users\Centurion\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos

LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos

LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital 

Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft 

Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files 

(x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft 

Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:

\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files 

(x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital 

Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted

\RUBottedGUI.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Sysinternals Desktops] D:\Users\Centurion\Desktop\Sysinternals\Desktops.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search 

and Destroy\Test.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files (x86)\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] 

C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Centurion\AppData\Local\Microsoft\OneDrive

\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 

/errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 

/errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office

\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root

\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program 

Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program 

Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft 

Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft 

Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office

\root\Office16\MSOSB.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common 

Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program 

Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - 

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file 

missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast

\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files 

(x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files 

(x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe 

(file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows

\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:

\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - 

C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MaohaWiFiService (MaohaWifiSvr) - Unknown owner - C:\Program Files (x86)\Maoha\MaohaAP

\MaohaWifiSvr.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files 

(x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program 

Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program 

Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:

\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files 

(x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:

\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows

\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend 

Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe 

(file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files 

(x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files 

(x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program 

Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater

\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows

\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows

\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows

\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files

\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam

\SteamService.exe
O23 - Service: Telephone - The Privoxy team - Privoxy - Home Page - C:\Windows\centurion-pc\oxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file 

missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe 

(file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows

\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows

\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:

\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14899 bytes
__________________

__________________
Cryora is offline   Reply With Quote
Old 05-29-2017, 07:05 PM   #2 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 24,582
Default Re: Hacked by malware

Firstly, run a scan with Malwarebytes Antimalware (the Free version is fine, you don't need to activate the Pro trial). Scan with it, delete whatever it finds, reboot and post the log here. Download it from here:
https://www.malwarebytes.org/mwb-download/

Secondly, run a scan with AdwCleaner. Same as above, scan with it, delete what it finds, post the log file here. Download from here:
AdwCleaner Download

Thirdly, re-run HiJackThis and post your new log afterwards.
__________________

__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is offline   Reply With Quote
Old 05-30-2017, 03:54 PM   #3 (permalink)
Newb Techie
 
Join Date: Nov 2005
Posts: 31
Default Re: Hacked by malware

Thanks. After running Malwarebytes, the Runtimebroker.exe and Telephone service are both removed, and I am able to enter Privoxy without the previous error message. Here are the log files.

Malwarebytes:
Code:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/30/17
Scan Time: 12:53 PM
Log File: malwarebytes log.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2053
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Centurion-PC\Centurion

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433493
Threats Detected: 148
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 8 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
Adware.Privoxy, C:\WINDOWS\CENTURION-PC\OXY.EXE, No Action By User, [1465], [385808],1.0.2053

Module: 1
Adware.Privoxy, C:\WINDOWS\CENTURION-PC\OXY.EXE, No Action By User, [1465], [385808],1.0.2053

Registry Key: 17
Trojan.SpamBot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RuntimeBroker, No Action By User, [563], [402529],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C4F7D9E-EB86-4C74-82BA-D09F0005CA0D}, No Action By User, [471], [258705],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA6BEB5A-E530-447F-919F-7A4E290D17A8}, No Action By User, [471], [258705],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2452B9E-72A6-4F2B-8789-CFAA17434E40}, No Action By User, [471], [258294],1.0.2053
PUP.Optional.MaohaWiFi, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaohaWifiNetPro, No Action By User, [709], [309308],1.0.2053
PUP.Optional.MaohaWiFi, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaohaWifiSvr, No Action By User, [709], [309309],1.0.2053
PUP.Optional.OneSystemCare, HKU\S-1-5-21-745823480-782122488-418964141-1001\SOFTWARE\One System Care, No Action By User, [471], [311038],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Run Delay, No Action By User, [471], [241385],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Task, No Action By User, [471], [241385],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System CarePeriod, No Action By User, [471], [241385],1.0.2053
Adware.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TELEPHONE, No Action By User, [1465], [385808],1.0.2053
Adware.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Telephone, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RuntimeBroker, No Action By User, [1465], [-1],0.0.0
PUP.Optional.ClearScreenPlayer, HKU\S-1-5-21-745823480-782122488-418964141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\clearscreenplayer.com, No Action By User, [15667], [261502],1.0.2053
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{cf07fcf0}, No Action By User, [28], [260250],1.0.2053
Adware.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eoalfhodgifhbkgmbbdafcihjpdldpll, No Action By User, [5125], [387361],1.0.2053

Registry Value: 10
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C4F7D9E-EB86-4C74-82BA-D09F0005CA0D}|PATH, No Action By User, [471], [258705],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA6BEB5A-E530-447F-919F-7A4E290D17A8}|PATH, No Action By User, [471], [258705],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2452B9E-72A6-4F2B-8789-CFAA17434E40}|PATH, No Action By User, [471], [258294],1.0.2053
Adware.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TELEPHONE|IMAGEPATH, No Action By User, [1465], [385808],1.0.2053
Adware.Privoxy, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, HKU\S-1-5-21-745823480-782122488-418964141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, HKU\S-1-5-21-745823480-782122488-418964141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [1465], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{cf07fcf0}|1, No Action By User, [28], [260250],1.0.2053
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-745823480-782122488-418964141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, No Action By User, [12925], [250493],1.0.2053

Registry Data: 8
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6C930E0A-A9B1-4A11-9510-F702625028DC}|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6C930E0A-A9B1-4A11-9510-F702625028DC}|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EBD9D26F-D56B-48F1-892F-79EF643D6CEA}|NameServer, No Action By User, [28], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|NameServer, No Action By User, [6346], [293494],1.0.2053

Data Stream: 0
(No malicious items detected)

Folder: 8
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\87698097-0c15-0, No Action By User, [28], [182288],1.0.2053
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\87698097-6085-1, No Action By User, [28], [182288],1.0.2053
PUP.Optional.OneSystemCare, C:\Users\Centurion\AppData\Roaming\One System Care\WL, No Action By User, [471], [178764],1.0.2053
PUP.Optional.OneSystemCare, C:\USERS\CENTURION\APPDATA\ROAMING\One System Care, No Action By User, [471], [178764],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\index-dir, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Local Storage, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\USERS\CENTURION\APPDATA\LOCAL\APPTRAILERS, No Action By User, [853], [324095],1.0.2053

File: 103
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\87698097-0c15-0\BITFA02.tmp, No Action By User, [28], [182288],1.0.2053
PUP.Optional.DNSUnlocker.ACMB2, C:\WINDOWS\SYSTEM32\TASKS\{787E0947-780F-0B04-0A11-7D7F7D0E110F}, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\87698097-6085-1\BITF9B3.tmp, No Action By User, [28], [182288],1.0.2053
Trojan.SpamBot, C:\WINDOWS\CENTURION-PC\RUNTIMEBROKER.EXE, No Action By User, [563], [402529],1.0.2053
PUP.Optional.OneSystemCare, C:\Users\Centurion\AppData\Roaming\One System Care\CallBanner.png, No Action By User, [471], [178764],1.0.2053
PUP.Optional.OneSystemCare, C:\Users\Centurion\AppData\Roaming\One System Care\FinishedScan.png, No Action By User, [471], [178764],1.0.2053
Adware.Agent, C:\WINDOWS\SHADER.EXE, No Action By User, [249], [403014],1.0.2053
Trojan.TechSupportScam, C:\WINDOWS\ACT_WIN_2605.EXE, No Action By User, [96], [385566],1.0.2053
PUP.Optional.AppTrailers, C:\USERS\CENTURION\APPDATA\LOCAL\APPTRAILERS\WEB DATA, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\index-dir\the-real-index, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\02cdb733b079655d_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\08b837b14d8218cc_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\08bc571418449ead_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\08be8ae72d819e72_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0b2cb1c30f056a2f_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0baf5697bf3bf800_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0c76d78841dabb82_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0e8f39007fa96f86_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\56bf1901a2000606_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\5b2798981a94dd4b_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\5ede7465ad814101_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\63479e381d306dfc_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\66e510668b4796e9_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\76b228819fe790b3_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\81d810c3058ed4c2_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\8326a92c0f293bc4_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\83a226c1379f7a18_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\87426d38bd7929a4_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\8b434da3e535fe22_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\8d9b27c428a8f6a3_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\8f60e69a4afd6f60_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\b0cd0c5fa02013a2_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\b3986aa6d1a5b1ca_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\b3edef432256edd5_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\b7cdd7b5fe4f317b_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\be189d201694bf89_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\be6f7e42793fdc75_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\bf38eda67e7b2761_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\bfbe9938bbb38577_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\c487316b1c7eb401_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\c7c57907885ba096_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\d0d46ad7234438f9_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\d19a15ac54bfa3ba_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\d48a903ae25fb25c_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\dc7c883ebdb4ce43_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\26968e7a0c71776d_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\2819c5233c1f77b4_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\2d6e75c5747466fa_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\2f03bb844410cebe_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\3082972055161e5d_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\31ff54c02f38a848_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\329de0f223effc59_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\3a977894dc0fcd39_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\3f3fda5adb8df559_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\423f781a8e8478ac_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\4591c6ac451d3d52_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\5125b9f58b582f46_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\5317f7f0b0bcadb9_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\902790b2feff6cb4_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\93b7a45e5c6a23f0_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\94891ebce9bf5311_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\9a7acda46c711861_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\9ab069da12c6f7cd_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\9cb3bc99abef00e5_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\9de1374ad99ad146_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\9e12b0434ab20ee0_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\a11e26989a0eada7_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\a1f309cd5a3eb6fa_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\a5e2954781dc05c1_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\a9423296c2c84f57_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\a9c7bbd0f09b8f11_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\ab6bc8112cf834f6_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\e70e818514594096_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\ec4f6ed275931f4b_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\ef6ab851cbdc8c59_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\f552ab47376f113e_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\f5598e246bb91301_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\f74a8c1655500d73_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\index, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0ed73590870cfbd2_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0ed7399215f555d7_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0f041dbb208b6314_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0fc3db66b9cbe75d_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\11ef7502caf0bcb6_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\15102e1fa0485514_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\1b72c2d37a2af109_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\1dff67c9badf383d_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\234986793e71f265_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Local Storage\file__0.localstorage, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Local Storage\file__0.localstorage-journal, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage-journal, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\cookies, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\cookies-journal, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Web Data-journal, No Action By User, [853], [324095],1.0.2053
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Run Delay, No Action By User, [471], [241381],1.0.2053
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Task, No Action By User, [471], [241381],1.0.2053
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System CarePeriod, No Action By User, [471], [241381],1.0.2053
PUP.Optional.WinHTTP, C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\WINHTTP.DLL, No Action By User, [8770], [382898],1.0.2053
Adware.Privoxy, C:\WINDOWS\CENTURION-PC\OXY.EXE, No Action By User, [1465], [385808],1.0.2053
Adware.Privoxy, C:\WINDOWS\CENTURION-PC\oxy.exe, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, C:\WINDOWS\CENTURION-PC\RuntimeBroker.exe, No Action By User, [1465], [-1],0.0.0
PUP.Optional.OneSystemCare, C:\WINDOWS\TASKS\One System CarePeriod.job, No Action By User, [471], [241382],1.0.2053

Physical Sector: 0
(No malicious items detected)


(end)
Adwcleaner:
Code:
# AdwCleaner v6.047 - Logfile created 30/05/2017 at 13:10:37
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-30.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Centurion - CENTURION-PC
# Running from : D:\Users\Centurion\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
[-] Folder deleted: C:\Users\Centurion\AppData\Local\AdService


***** [ Files ] *****

[-] File deleted: C:\Users\Centurion\AppData\Roaming\Mozilla\Firefox\Profiles\zng06nd3.default\searchplugins\google-lavasoft.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MaohaWifiSvr
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
[-] Key deleted: HKU\S-1-5-21-745823480-782122488-418964141-1001\Software\Installer
[#] Key deleted on reboot: HKCU\Software\Installer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Key deleted: HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe


***** [ Web browsers ] *****

[-] [C:\Users\Centurion\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Centurion\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9200 Bytes] - [12/01/2017 01:28:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [2607 Bytes] - [30/05/2017 13:10:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [8524 Bytes] - [12/01/2017 01:28:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [3027 Bytes] - [30/05/2017 13:09:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2826 Bytes] ##########
Hijackthis:
Code:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:16:09 PM, on 5/30/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 53.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
D:\Users\Centurion\Desktop\Sysinternals\Desktops.exe
C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\OneDrive.exe
D:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Users\Centurion\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Sysinternals Desktops] D:\Users\Centurion\Desktop\Sysinternals\Desktops.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files (x86)\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C930E0A-A9B1-4A11-9510-F702625028DC}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBD9D26F-D56B-48F1-892F-79EF643D6CEA}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15110 bytes

For Hijackthis, the entries that got deleted/changed include
Quote:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8118
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
It looks like there might have been a Proxy Hijacking and a DNS Hijacking. Thanks for suggesting Malwarebytes. Avast had detected the Resedit file as a virus before I opened it, but since Avast was also quarantining files I made using a Bat to Exe converter, I thought it was just indiscriminately targeting unknown binary files. I guess now I know better.
__________________
Cryora is offline   Reply With Quote
Old 05-30-2017, 08:03 PM   #4 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 24,582
Default Re: Hacked by malware

Quote:
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C930E0A-A9B1-4A11-9510-F702625028DC}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBD9D26F-D56B-48F1-892F-79EF643D6CEA}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8
Did you add these entries? Looks like Google's DNS...but just making sure.
__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is offline   Reply With Quote
Old 05-31-2017, 03:11 PM   #5 (permalink)
Newb Techie
 
Join Date: Nov 2005
Posts: 31
Default Re: Hacked by malware

I did not. They were there after scanning with Malwarebytes and Adwcleaner. Maybe those programs added them?
__________________
Cryora is offline   Reply With Quote
Old 05-31-2017, 03:32 PM   #6 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 24,582
Default Re: Hacked by malware

Can't say I've ever seen MBAM or Adw add DNS entries...
__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is offline   Reply With Quote
Old 06-07-2017, 03:51 AM   #7 (permalink)
Newb Techie
 
Ivanper's Avatar
 
Join Date: May 2017
Location: Germany
Posts: 15
Default Re: Hacked by malware

Avast should do the trick, I had the same problem before
__________________
Ivanper is offline   Reply With Quote
Old 03-29-2018, 09:33 PM   #8 (permalink)
Newb Techie
 
Join Date: Mar 2018
Location: USA
Posts: 3
Default Re: Hacked by malware

Quote:
Originally Posted by carnageX View Post
Firstly, run a scan with Malwarebytes Antimalware (the Free version is fine, you don't need to activate the Pro trial). Scan with it, delete whatever it finds, reboot and post the log here. Download it from here:
https://www.malwarebytes.org/mwb-download/

Secondly, run a scan with AdwCleaner. Same as above, scan with it, delete what it finds, post the log file here. Download from here:
AdwCleaner Download

Thirdly, re-run HiJackThis and post your new log afterwards.


Thank you so much for that. My internet has been terrible lately and pretty much not even be able to use it. I ran the first scan and got a nice long log




Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 3/29/18
Scan Time: 7:54 PM
Log File: 81ebb220-33ac-11e8-8713-f07bcbd0ba8c.json
Administrator: Yes
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4542
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: VAIO-RandomHero\AdioRandomHero
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 361830
Threats Detected: 217
Threats Quarantined: 216
Time Elapsed: 1 hr, 27 min, 2 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 5
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\f6f0e850389 6ca06c75219320d560375.exe, Quarantined, [5187], [415982],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Module: 6
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\f6f0e850389 6ca06c75219320d560375.exe, Quarantined, [5187], [415982],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.Wajam.TskLnk, C:\WINDOWS\FDB4A8C82DE2303365EE0D0517CFA165.DLL, Quarantined, [11115], [478565],1.0.4542
Registry Key: 52
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UPDATER_ ONLINE_APPLICATION, Quarantined, [3720], [391429],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7AC7CA 5C-9348-4AD9-A878-47BBA74CA086}, Quarantined, [3720], [391429],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7AC7CA 5C-9348-4AD9-A878-47BBA74CA086}, Quarantined, [3720], [391429],1.0.4542
Adware.Social2Search.EncJob, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cef869680aa fff609393ea4639465fe4, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cef86968 0aafff609393ea4639465fe4, Quarantined, [5187], [-1],0.0.0
Adware.Social2Search.EncJob, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5447F8 D1-C3DA-4C7A-8A6E-B62998CDA0C1}, Quarantined, [5187], [-1],0.0.0
Adware.Social2Search.EncJob, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5447F8D 1-C3DA-4C7A-8A6E-B62998CDA0C1}, Quarantined, [5187], [-1],0.0.0
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G1, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8D38AF 33-F356-4926-AAF3-5F0E728FEA71}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{8D38AF 33-F356-4926-AAF3-5F0E728FEA71}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.BlockAdsPro, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNI NSTALL\BlockAdsPro, Quarantined, [1113], [419770],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G2, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46571E 2F-A814-48EA-8DC4-5AE2F2E176AD}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{46571E 2F-A814-48EA-8DC4-5AE2F2E176AD}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G3, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5610FB A6-BAA9-4320-87BE-1720BE584E32}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5610FB A6-BAA9-4320-87BE-1720BE584E32}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G4, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{91B0A7 F4-7EC8-4A48-9415-9A4674AD8F3B}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{91B0A7 F4-7EC8-4A48-9415-9A4674AD8F3B}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G5, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CAADC6 8E-8657-4799-B9DB-B539892A557F}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{CAADC6 8E-8657-4799-B9DB-B539892A557F}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G6, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8762F9 C9-924A-4D13-A999-5DC9FF276A5F}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{8762F9 C9-924A-4D13-A999-5DC9FF276A5F}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Quarantined, [3720], [360190],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Quarantined, [3720], [317312],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3720], [339688],1.0.4542
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFIC ATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B 6E079E5A2220E, Quarantined, [2871], [260247],1.0.4542
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [220], [236865],1.0.4542
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [220], [236865],1.0.4542
PUP.Optional.Conduit, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [220], [236865],1.0.4542
PUP.Optional.MindSpark, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNI NSTALL\FromDocToPDFTooltab Uninstall Internet Explorer, Quarantined, [516], [352442],1.0.4542
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-18\SOFTWARE\WebDiscoverBrowser, Quarantined, [1572], [253912],1.0.4542
PUP.Optional.InstallCore, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\csastats, Quarantined, [386], [260986],1.0.4542
PUP.Optional.Wajam, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\WajIEnhance, Quarantined, [211], [244670],1.0.4542
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARA METERS\INTERNET\MANUALPROXIES, Quarantined, [211], [-1],0.0.0
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\WebDiscoverBrowser, Quarantined, [1572], [253912],1.0.4542
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [7188], [246387],1.0.4542
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Quarantined, [7406], [424837],1.0.4542
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [1572], [253915],1.0.4542
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f25212 6fbc3d5b, Quarantined, [7188], [246387],1.0.4542
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Quarantined, [7406], [424837],1.0.4542
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, Quarantined, [1572], [253915],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3720], [398592],1.0.4542
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CE RTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220 E, Quarantined, [2871], [260247],1.0.4542
Adware.VidSquare.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\UNINSTALL\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1, Quarantined, [7449], [372833],1.0.4542
Adware.Wajam.TskLnk, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fdb4a8c82de 2303365ee0d0517cfa165, Quarantined, [11115], [478565],1.0.4542
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [211], [170024],1.0.4542
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [211], [170024],1.0.4542
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [211], [170024],1.0.4542
Registry Value: 20
PUP.Optional.Conduit, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [220], [236865],1.0.4542
PUP.Optional.Conduit, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Quarantined, [220], [236865],1.0.4542
PUP.Optional.MindSpark, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNI NSTALL\FromDocToPDFTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [516], [352442],1.0.4542
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTER NET SETTINGS|PROXYENABLE, Quarantined, [211], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTER NET SETTINGS|PROXYENABLE, Quarantined, [211], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTER NET SETTINGS|PROXYENABLE, Quarantined, [211], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INT ERNET SETTINGS|PROXYENABLE, Removal Failed, [211], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INT ERNET SETTINGS|PROXYOVERRIDE, Quarantined, [211], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVER SION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [211], [-1],0.0.0
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Quarantined, [3720], [333852],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Quarantined, [3720], [321304],1.0.4542
Adware.VidSquare.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\UNINSTALL\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1|DISPLAYNAME, Quarantined, [7449], [372833],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46571E 2F-A814-48EA-8DC4-5AE2F2E176AD}|PATH, Quarantined, [3720], [317311],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5610FB A6-BAA9-4320-87BE-1720BE584E32}|PATH, Quarantined, [3720], [317311],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7AC7CA 5C-9348-4AD9-A878-47BBA74CA086}|PATH, Quarantined, [3720], [391427],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8762F9 C9-924A-4D13-A999-5DC9FF276A5F}|PATH, Quarantined, [3720], [317311],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8D38AF 33-F356-4926-AAF3-5F0E728FEA71}|PATH, Quarantined, [3720], [317311],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{91B0A7 F4-7EC8-4A48-9415-9A4674AD8F3B}|PATH, Quarantined, [3720], [317311],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CAADC6 8E-8657-4799-B9DB-B539892A557F}|PATH, Quarantined, [3720], [317311],1.0.4542
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAM ETERS\INTERFACES\{F1AB48D3-620A-412A-B77D-05020B395317}|NAMESERVER, Quarantined, [7790], [260227],1.0.4542
Registry Data: 8
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAM ETERS|NameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAM ETERS|DhcpNameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAM ETERS\Interfaces\{0654C34C-B014-4EA4-B957-94B3CABCBA21}|NameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAM ETERS\Interfaces\{0958A96C-B6DA-4ACA-9785-7ACAC335A508}|NameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAM ETERS\Interfaces\{597649FD-27A4-4D35-AFDB-8328C72AAAD8}|NameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAM ETERS\Interfaces\{597649FD-27A4-4D35-AFDB-8328C72AAAD8}|DhcpNameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAM ETERS\Interfaces\{F1AB48D3-620A-412A-B77D-05020B395317}|NameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAM ETERS\Interfaces\{F1AB48D3-620A-412A-B77D-05020B395317}|DhcpNameServer, Replaced, [2871], [-1],0.0.0
Data Stream: 0
(No malicious items detected)
Folder: 30
Adware.Social2Search.EncJob, C:\PROGRAM FILES\cef869680aafff609393ea4639465fe4, Quarantined, [5187], [415982],1.0.4542
Trojan.Yelloader, C:\USERS\ADIORANDOMHERO\APPDATA\LOCAL\TEMP\1522215 095, Quarantined, [4653], [452260],1.0.4542
PUP.Optional.BundleInstaller, C:\USERS\ADIORANDOMHERO\APPDATA\LOCAL\TEMP\3589692 , Quarantined, [392], [463480],1.0.4542
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL, Quarantined, [381], [479103],1.0.4542
Trojan.Yelloader, C:\PROGRAM FILES (X86)\S5, Quarantined, [4653], [452258],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Sync Data\LevelDB, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Sync Data, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\BrowserMetrics, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\USERS\ADIORANDOMHERO\APPDATA\LOCAL\WEBDISCOVERB ROWSER, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\WebDiscoverBrowser\User Data\Crashpad\reports, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\WebDiscoverBrowser\User Data\Crashpad, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\WebDiscoverBrowser\User Data, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\L OCAL\WEBDISCOVERBROWSER, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\Loca les, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\PROGRAM FILES\WEBDISCOVERBROWSER, Quarantined, [1569], [348279],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES, Quarantined, [1110], [399420],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3720], [391425],1.0.4542
Adware.OnlineIO, C:\Users\AdioRandomHero\AppData\Roaming\Microleave s\Online Application 2.7.0\install\CFCBAA1, Quarantined, [1110], [399763],1.0.4542
Adware.OnlineIO, C:\Users\AdioRandomHero\AppData\Roaming\Microleave s\Online Application 2.7.0\install, Quarantined, [1110], [399763],1.0.4542
Adware.OnlineIO, C:\Users\AdioRandomHero\AppData\Roaming\Microleave s\Online Application 2.7.0, Quarantined, [1110], [399763],1.0.4542
Adware.OnlineIO, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MICROLEAVE S, Quarantined, [1110], [399763],1.0.4542
Trojan.Yelloader.Gen, C:\PROGRAMDATA\1522215094, Quarantined, [3742], [452257],1.0.4542
PUP.Optional.BlockAdsPro, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MICROSOFT\ BLOCKADSPRO, Quarantined, [1113], [421128],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\LTZWBOSMJA8X, Quarantined, [3219], [422717],1.0.4542
File: 96
Adware.Wajam, C:\Windows\System32\drivers\ff920189ecf8b338a60548 8ff400774c.sys, Quarantined, [415], [498505],0.0.0
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\UPDATER_ONLINE_APPLICATI ON, Quarantined, [3720], [391429],1.0.4542
Adware.Social2Search.EncJob, C:\PROGRAM FILES\cef869680aafff609393ea4639465fe4\WBE_uninsta ll.dat, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\4c80f0261e8 1dc6f5e192023423b872f, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\bfdc513b06c 1e081c8f4fb8be2e33716.exe, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\da288e9df21 0ed28861e9fedfd4df8f3.ico, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\f4ddab98eea 7682abd6f97d8b049b5f6.exe, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\f6f0e850389 6ca06c75219320d560375.exe, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\mozcrt19.dl l, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\nspr4.dll, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\nss3.dll, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\plc4.dll, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\plds4.dll, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\service.dat , Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\service_64. dat, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\softokn3.dl l, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\WINDOWS\SYSTEM32\TASKS\cef869680aafff609393ea46 39465fe4, Quarantined, [5187], [-1],0.0.0
Trojan.Yelloader, C:\USERS\ADIORANDOMHERO\APPDATA\LOCAL\TEMP\1522215 095\s5m_install_325.zip, Quarantined, [4653], [452260],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G1.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G2.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G3.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G4.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G5.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G6.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.BundleInstaller, C:\USERS\ADIORANDOMHERO\APPDATA\LOCAL\TEMP\3589692 \ic-0.2280169699ca84.exe, Quarantined, [392], [463480],1.0.4542
PUP.Optional.BundleInstaller, C:\Users\AdioRandomHero\AppData\Local\Temp\3589692 \dlreport, Quarantined, [392], [463480],1.0.4542
PUP.Optional.BundleInstaller, C:\Users\AdioRandomHero\AppData\Local\Temp\3589692 \ic-0.3321fb84599bcc.exe, Quarantined, [392], [463480],1.0.4542
PUP.Optional.BundleInstaller, C:\Users\AdioRandomHero\AppData\Local\Temp\3589692 \ic-0.4932e97dadd92c.exe, Quarantined, [392], [463480],1.0.4542
PUP.Optional.BundleInstaller, C:\Users\AdioRandomHero\AppData\Local\Temp\3589692 \ic-0.645dca274f8c4c.exe, Quarantined, [392], [463480],1.0.4542
PUP.Optional.BundleInstaller, C:\Users\AdioRandomHero\AppData\Local\Temp\3589692 \ic-0.c8b1bd936abf38.exe, Quarantined, [392], [463480],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\UPDATER_ONLINE_APPLICATION.JOB, Quarantined, [3720], [391430],1.0.4542
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL\XV.DB, Quarantined, [381], [479103],1.0.4542
Trojan.Agent, C:\Windows\SysWOW64\SSL\a073fc9b8b0ef767 2.cer, Quarantined, [381], [479103],1.0.4542
Trojan.Agent, C:\Windows\SysWOW64\SSL\cert.db, Quarantined, [381], [479103],1.0.4542
Trojan.Agent, C:\Windows\SysWOW64\SSL\x.db, Quarantined, [381], [479103],1.0.4542
Trojan.Yelloader, C:\PROGRAM FILES (X86)\S5\u.exe, Quarantined, [4653], [452258],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\BrowserMetrics\BrowserMetrics-5ABB348E.pma, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Sync Data\LevelDB\000003.log, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Current Session, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Login Data, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Login Data-journal, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Top Sites, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\Default\Visited Links, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverB rowser\User Data\CrashpadMetrics.pma~RF71f2f7.TMP, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\WebDiscoverBrowser\User Data\Crashpad\metadata, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\WebDiscoverBrowser\User Data\Crashpad\settings.dat, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\WebDiscoverBrowser\User Data\CrashpadMetrics-active.pma, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\WebDiscoverBrowser\User Data\CrashpadMetrics.pma, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Quarantined, [5443], [505085],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G1, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G2, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G3, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G4, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G5, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G6, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\Loca les\en-US.pak, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\chro me.dll, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\chro me_100_percent.pak, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\chro me_200_percent.pak, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\chro me_elf.dll, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\icud tl.dat, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\reso urces.pak, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\browser.exe, Quarantined, [1569], [348279],1.0.4542
Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES\Online Application\Online Application Updater.exe, Delete-on-Reboot, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini, Quarantined, [1110], [399420],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3720], [391431],1.0.4542
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [3720], [391425],1.0.4542
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [3720], [391425],1.0.4542
Adware.OnlineIO, C:\Users\AdioRandomHero\AppData\Roaming\Microleave s\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi, Quarantined, [1110], [399763],1.0.4542
PUP.Optional.WinResSync, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MICROSOFT\ PROTECT\WINRESCHECK.WRC, Quarantined, [4156], [471379],1.0.4542
Trojan.Yelloader.Gen, C:\PROGRAMDATA\1522215094\s9.zip.download, Quarantined, [3742], [452257],1.0.4542
PUP.Optional.WinResSync.Generic, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MICROSOFT\ PROTECT\c65560-88cfb1-3a5e8780-7cfdd0-b1a0.tpl.rs, Quarantined, [4154], [462913],1.0.4542
PUP.Optional.Conduit, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MOZILLA\FI REFOX\PROFILES\L8K1N1A5.DEFAULT-1460563467111\PREFS.JS, Replaced, [220], [301520],1.0.4542
PUP.Optional.Conduit, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MOZILLA\FI REFOX\PROFILES\L8K1N1A5.DEFAULT-1460563467111\PREFS.JS, Replaced, [220], [303091],1.0.4542
MachineLearning/Anomalous.100%, C:\WINDOWS\F4DDAB98EEA7682ABD6F97D8B049B5F6.EXE, Quarantined, [0], [392687],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\LTZWBOSMJA8X\LTZWBOSMJA8X.CER, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\config.ini, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\Info.rtf, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\License.rtf, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\settings.ini, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\trz48A9.tmp, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\unins000.dat, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\unins000.exe, Quarantined, [3219], [422717],1.0.4542
Adware.Wajam.TskLnk, C:\WINDOWS\FDB4A8C82DE2303365EE0D0517CFA165.DLL, Quarantined, [11115], [478565],1.0.4542
Adware.Wajam, C:\WINDOWS\TEMP\WJME149.TMP\UPDATE.EXE, Quarantined, [415], [504673],1.0.4542
Generic.Malware/Suspicious, C:\USERS\ADIORANDOMHERO\DOWNLOADS\IMGBURN_15218026 59.EXE, Quarantined, [0], [392686],1.0.4542
PUP.Optional.TotalAV, C:\USERS\ADIORANDOMHERO\DOWNLOADS\TOTALAV.EXE, Quarantined, [4675], [503750],1.0.4542
Adware.Zdengo.Generic, C:\WINDOWS\F4DDAB98EEA7682ABD6F97D8B049B5F6.EXE, Quarantined, [11113], [487934],1.0.4542
Generic.Malware/Suspicious, C:\USERS\ADIORANDOMHERO\DOWNLOADS\SETUPIMGBURN_2.5 .8.0.EXE, Quarantined, [0], [392686],1.0.4542
Physical Sector: 0
(No malicious items detected)

(end)
__________________
Shaneaook1989 is offline   Reply With Quote
Old 03-30-2018, 11:20 AM   #9 (permalink)
Build Guru
 
PP Mguire's Avatar
 
Join Date: Dec 2004
Location: Fort Worth, Texas
Posts: 29,141
Default Re: Hacked by malware

If you're that infected it's best you wipe the machine, and also check any other machine that's on the network including your mobile devices.
__________________
"Resolution is just a number." #Ubisoft
Origin/Steam = PP_Mguire Twitch = pp_mguire Instagram = ppmguire PSN = PP_Mguire

Access to my Plex PM me.
PP Mguire is online now   Reply With Quote
Old 03-30-2018, 01:09 PM   #10 (permalink)
Newb Techie
 
Join Date: Mar 2018
Location: USA
Posts: 3
Default Re: Hacked by malware

Quote:
Originally Posted by PP Mguire View Post
If you're that infected it's best you wipe the machine, and also check any other machine that's on the network including your mobile devices.
Yeah I ran the other 2 as well and they came up with a ton as well. I just installed norton internet security deluxe too. I have an external hd, is there a chance that is infected too?
__________________

__________________
Shaneaook1989 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware attack; Cannot view, delete, edit hacked Hosts File jhill Viruses, Spyware and Malware 3 04-05-2011 04:19 PM
US Treasury Web Sites Hacked, Serving Malware Osiris Viruses, Spyware and Malware 0 05-04-2010 08:07 AM
Hacked GOP Site Infects Visitors with Malware Osiris Viruses, Spyware and Malware 0 09-16-2007 05:20 PM
Bank Site Hacked, Dispensing Malware Osiris Viruses, Spyware and Malware 0 09-01-2007 11:25 AM
LOL The RIAA got hacked again Nightman Polls 3 01-11-2003 05:11 PM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 11:23 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.