Hacked by malware

Cryora

Baseband Member
Messages
31
So I went on a site to download some development software (ResEdit.net to be exact), but it turns out that the site has been hacked. I ended up installing malware onto my computer. I was able to scan and manually look through my running processes list and delete some of them:
AppTrialers
YeaDesktop
MaohiWiFiService

I've also seemed to have disabled the file:
act_win_2605.exe
Previously, it would periodically run and drop my explorer.exe process. I would search for it and find it in my Windows folder and delete it, but it would periodically be created again. I'm not sure what I did to fix it, but I ended up opening the file up with notepad and deleting chunks of text out.

Anyhow there are a couple of things still worrying me. In the Services tab of msconfig, the following services have shady "Manufacturer" entries:
Runtimebroker.exe | www.kdsmarketing.com
Telephone | The Privoxy team - privoxy.org

Runtimebroker.exe is said to be an official Microsoft Component, but the manufacturer entry "kdsmarketing" implies that it must have been hacked. In fact, when I view the source of the ResEdit.net site, I was able to find kdsmarketing.com as a source of one of the running scripts. I was able to disable the Runtimebroker.exe service without any issues.

If I disable Telephone, on the other hand, I would not be able to access the internet. My browsers would tell me that the they are configured to run through a proxy server, which is not responding. So I left it enabled. In the Services Administrator Tools, there is another service called "Telephony" of which "Telephone" appears to have the exact description copy:

"Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service."

I'm wondering if Telephone is a legitimate service, and if so, why is it associated with Privoxy, or if not, why can't I access the internet if it is disabled. Chances are, this service is malware that is logging my internet activity.
When I go and download the actual Privoxy software, which appears to be legitimate and run it, I get the error:
Fatal error: can't bind to 127.0.0.1:8118: There may be another Privoxy or some other proxy running on port 8118
So it looks like whatever is installed in "Telephone" is using Privoxy to hijack port 8118.

Here is my Hijackthis Log if it helps:
Code:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:43:52 PM, on 5/29/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 53.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Users\Centurion\Desktop\Sysinternals\Desktops.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\OneDrive.exe
D:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Users\Centurion\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?]MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos[/url]

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/p/?]MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos[/url]

LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?]MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos[/url]

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?]MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos[/url]

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/p/?]MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos[/url]

LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital 

Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft 

Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files 

(x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft 

Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:

\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files 

(x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital 

Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted

\RUBottedGUI.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Sysinternals Desktops] D:\Users\Centurion\Desktop\Sysinternals\Desktops.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search 

and Destroy\Test.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files (x86)\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] 

C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Centurion\AppData\Local\Microsoft\OneDrive

\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 

/errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 

/errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office

\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root

\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program 

Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program 

Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files 

(x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft 

Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft 

Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office

\root\Office16\MSOSB.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common 

Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program 

Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - 

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file 

missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast

\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files 

(x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files 

(x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe 

(file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows

\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:

\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - 

C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MaohaWiFiService (MaohaWifiSvr) - Unknown owner - C:\Program Files (x86)\Maoha\MaohaAP

\MaohaWifiSvr.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files 

(x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program 

Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program 

Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:

\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files 

(x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:

\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows

\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend 

Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe 

(file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files 

(x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files 

(x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program 

Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater

\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows

\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows

\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows

\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files

\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam

\SteamService.exe
O23 - Service: Telephone - The Privoxy team - [url=http://www.privoxy.org]Privoxy - Home Page[/url] - C:\Windows\centurion-pc\oxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file 

missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe 

(file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows

\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows

\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:

\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14899 bytes
 
Last edited:

carnageX

Private Joker,
Staff member
Messages
25,043
Location
South Dakota
Firstly, run a scan with Malwarebytes Antimalware (the Free version is fine, you don't need to activate the Pro trial). Scan with it, delete whatever it finds, reboot and post the log here. Download it from here:
https://www.malwarebytes.org/mwb-download/

Secondly, run a scan with AdwCleaner. Same as above, scan with it, delete what it finds, post the log file here. Download from here:
AdwCleaner Download

Thirdly, re-run HiJackThis and post your new log afterwards.
 

Cryora

Baseband Member
Messages
31
Thanks. After running Malwarebytes, the Runtimebroker.exe and Telephone service are both removed, and I am able to enter Privoxy without the previous error message. Here are the log files.

Malwarebytes:
Code:
Malwarebytes
[url]www.malwarebytes.com[/url]

-Log Details-
Scan Date: 5/30/17
Scan Time: 12:53 PM
Log File: malwarebytes log.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2053
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Centurion-PC\Centurion

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433493
Threats Detected: 148
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 8 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
Adware.Privoxy, C:\WINDOWS\CENTURION-PC\OXY.EXE, No Action By User, [1465], [385808],1.0.2053

Module: 1
Adware.Privoxy, C:\WINDOWS\CENTURION-PC\OXY.EXE, No Action By User, [1465], [385808],1.0.2053

Registry Key: 17
Trojan.SpamBot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RuntimeBroker, No Action By User, [563], [402529],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C4F7D9E-EB86-4C74-82BA-D09F0005CA0D}, No Action By User, [471], [258705],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA6BEB5A-E530-447F-919F-7A4E290D17A8}, No Action By User, [471], [258705],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2452B9E-72A6-4F2B-8789-CFAA17434E40}, No Action By User, [471], [258294],1.0.2053
PUP.Optional.MaohaWiFi, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaohaWifiNetPro, No Action By User, [709], [309308],1.0.2053
PUP.Optional.MaohaWiFi, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaohaWifiSvr, No Action By User, [709], [309309],1.0.2053
PUP.Optional.OneSystemCare, HKU\S-1-5-21-745823480-782122488-418964141-1001\SOFTWARE\One System Care, No Action By User, [471], [311038],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Run Delay, No Action By User, [471], [241385],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System Care Task, No Action By User, [471], [241385],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\One System CarePeriod, No Action By User, [471], [241385],1.0.2053
Adware.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TELEPHONE, No Action By User, [1465], [385808],1.0.2053
Adware.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Telephone, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RuntimeBroker, No Action By User, [1465], [-1],0.0.0
PUP.Optional.ClearScreenPlayer, HKU\S-1-5-21-745823480-782122488-418964141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\clearscreenplayer.com, No Action By User, [15667], [261502],1.0.2053
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{cf07fcf0}, No Action By User, [28], [260250],1.0.2053
Adware.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eoalfhodgifhbkgmbbdafcihjpdldpll, No Action By User, [5125], [387361],1.0.2053

Registry Value: 10
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C4F7D9E-EB86-4C74-82BA-D09F0005CA0D}|PATH, No Action By User, [471], [258705],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AA6BEB5A-E530-447F-919F-7A4E290D17A8}|PATH, No Action By User, [471], [258705],1.0.2053
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2452B9E-72A6-4F2B-8789-CFAA17434E40}|PATH, No Action By User, [471], [258294],1.0.2053
Adware.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TELEPHONE|IMAGEPATH, No Action By User, [1465], [385808],1.0.2053
Adware.Privoxy, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, HKU\S-1-5-21-745823480-782122488-418964141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, HKU\S-1-5-21-745823480-782122488-418964141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [1465], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{cf07fcf0}|1, No Action By User, [28], [260250],1.0.2053
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-745823480-782122488-418964141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, No Action By User, [12925], [250493],1.0.2053

Registry Data: 8
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6C930E0A-A9B1-4A11-9510-F702625028DC}|NameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6C930E0A-A9B1-4A11-9510-F702625028DC}|DhcpNameServer, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EBD9D26F-D56B-48F1-892F-79EF643D6CEA}|NameServer, No Action By User, [28], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|NameServer, No Action By User, [6346], [293494],1.0.2053

Data Stream: 0
(No malicious items detected)

Folder: 8
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\87698097-0c15-0, No Action By User, [28], [182288],1.0.2053
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\87698097-6085-1, No Action By User, [28], [182288],1.0.2053
PUP.Optional.OneSystemCare, C:\Users\Centurion\AppData\Roaming\One System Care\WL, No Action By User, [471], [178764],1.0.2053
PUP.Optional.OneSystemCare, C:\USERS\CENTURION\APPDATA\ROAMING\One System Care, No Action By User, [471], [178764],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\index-dir, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Local Storage, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\USERS\CENTURION\APPDATA\LOCAL\APPTRAILERS, No Action By User, [853], [324095],1.0.2053

File: 103
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\87698097-0c15-0\BITFA02.tmp, No Action By User, [28], [182288],1.0.2053
PUP.Optional.DNSUnlocker.ACMB2, C:\WINDOWS\SYSTEM32\TASKS\{787E0947-780F-0B04-0A11-7D7F7D0E110F}, No Action By User, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\87698097-6085-1\BITF9B3.tmp, No Action By User, [28], [182288],1.0.2053
Trojan.SpamBot, C:\WINDOWS\CENTURION-PC\RUNTIMEBROKER.EXE, No Action By User, [563], [402529],1.0.2053
PUP.Optional.OneSystemCare, C:\Users\Centurion\AppData\Roaming\One System Care\CallBanner.png, No Action By User, [471], [178764],1.0.2053
PUP.Optional.OneSystemCare, C:\Users\Centurion\AppData\Roaming\One System Care\FinishedScan.png, No Action By User, [471], [178764],1.0.2053
Adware.Agent, C:\WINDOWS\SHADER.EXE, No Action By User, [249], [403014],1.0.2053
Trojan.TechSupportScam, C:\WINDOWS\ACT_WIN_2605.EXE, No Action By User, [96], [385566],1.0.2053
PUP.Optional.AppTrailers, C:\USERS\CENTURION\APPDATA\LOCAL\APPTRAILERS\WEB DATA, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\index-dir\the-real-index, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\02cdb733b079655d_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\08b837b14d8218cc_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\08bc571418449ead_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\08be8ae72d819e72_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0b2cb1c30f056a2f_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0baf5697bf3bf800_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0c76d78841dabb82_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0e8f39007fa96f86_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\56bf1901a2000606_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\5b2798981a94dd4b_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\5ede7465ad814101_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\63479e381d306dfc_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\66e510668b4796e9_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\76b228819fe790b3_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\81d810c3058ed4c2_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\8326a92c0f293bc4_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\83a226c1379f7a18_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\87426d38bd7929a4_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\8b434da3e535fe22_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\8d9b27c428a8f6a3_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\8f60e69a4afd6f60_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\b0cd0c5fa02013a2_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\b3986aa6d1a5b1ca_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\b3edef432256edd5_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\b7cdd7b5fe4f317b_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\be189d201694bf89_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\be6f7e42793fdc75_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\bf38eda67e7b2761_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\bfbe9938bbb38577_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\c487316b1c7eb401_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\c7c57907885ba096_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\d0d46ad7234438f9_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\d19a15ac54bfa3ba_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\d48a903ae25fb25c_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\dc7c883ebdb4ce43_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\26968e7a0c71776d_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\2819c5233c1f77b4_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\2d6e75c5747466fa_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\2f03bb844410cebe_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\3082972055161e5d_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\31ff54c02f38a848_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\329de0f223effc59_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\3a977894dc0fcd39_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\3f3fda5adb8df559_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\423f781a8e8478ac_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\4591c6ac451d3d52_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\5125b9f58b582f46_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\5317f7f0b0bcadb9_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\902790b2feff6cb4_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\93b7a45e5c6a23f0_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\94891ebce9bf5311_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\9a7acda46c711861_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\9ab069da12c6f7cd_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\9cb3bc99abef00e5_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\9de1374ad99ad146_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\9e12b0434ab20ee0_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\a11e26989a0eada7_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\a1f309cd5a3eb6fa_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\a5e2954781dc05c1_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\a9423296c2c84f57_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\a9c7bbd0f09b8f11_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\ab6bc8112cf834f6_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\e70e818514594096_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\ec4f6ed275931f4b_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\ef6ab851cbdc8c59_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\f552ab47376f113e_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\f5598e246bb91301_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\f74a8c1655500d73_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\index, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0ed73590870cfbd2_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0ed7399215f555d7_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0f041dbb208b6314_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\0fc3db66b9cbe75d_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\11ef7502caf0bcb6_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\15102e1fa0485514_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\1b72c2d37a2af109_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\1dff67c9badf383d_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Cache\234986793e71f265_0, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Local Storage\file__0.localstorage, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Local Storage\file__0.localstorage-journal, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage-journal, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\cookies, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\cookies-journal, No Action By User, [853], [324095],1.0.2053
PUP.Optional.AppTrailers, C:\Users\Centurion\AppData\Local\AppTrailers\Web Data-journal, No Action By User, [853], [324095],1.0.2053
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Run Delay, No Action By User, [471], [241381],1.0.2053
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Task, No Action By User, [471], [241381],1.0.2053
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System CarePeriod, No Action By User, [471], [241381],1.0.2053
PUP.Optional.WinHTTP, C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\WINHTTP.DLL, No Action By User, [8770], [382898],1.0.2053
Adware.Privoxy, C:\WINDOWS\CENTURION-PC\OXY.EXE, No Action By User, [1465], [385808],1.0.2053
Adware.Privoxy, C:\WINDOWS\CENTURION-PC\oxy.exe, No Action By User, [1465], [-1],0.0.0
Adware.Privoxy, C:\WINDOWS\CENTURION-PC\RuntimeBroker.exe, No Action By User, [1465], [-1],0.0.0
PUP.Optional.OneSystemCare, C:\WINDOWS\TASKS\One System CarePeriod.job, No Action By User, [471], [241382],1.0.2053

Physical Sector: 0
(No malicious items detected)


(end)

Adwcleaner:
Code:
# AdwCleaner v6.047 - Logfile created 30/05/2017 at 13:10:37
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-30.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Centurion - CENTURION-PC
# Running from : D:\Users\Centurion\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : [url]https://www.malwarebytes.com/support[/url]



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
[-] Folder deleted: C:\Users\Centurion\AppData\Local\AdService


***** [ Files ] *****

[-] File deleted: C:\Users\Centurion\AppData\Roaming\Mozilla\Firefox\Profiles\zng06nd3.default\searchplugins\google-lavasoft.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MaohaWifiSvr
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
[-] Key deleted: HKU\S-1-5-21-745823480-782122488-418964141-1001\Software\Installer
[#] Key deleted on reboot: HKCU\Software\Installer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Key deleted: HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe


***** [ Web browsers ] *****

[-] [C:\Users\Centurion\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Centurion\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9200 Bytes] - [12/01/2017 01:28:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [2607 Bytes] - [30/05/2017 13:10:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [8524 Bytes] - [12/01/2017 01:28:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [3027 Bytes] - [30/05/2017 13:09:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2826 Bytes] ##########

Hijackthis:
Code:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:16:09 PM, on 5/30/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 53.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
D:\Users\Centurion\Desktop\Sysinternals\Desktops.exe
C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\OneDrive.exe
D:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Users\Centurion\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/p/?LinkId=255141]MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/p/?LinkId=255141]MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Sysinternals Desktops] D:\Users\Centurion\Desktop\Sysinternals\Desktops.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files (x86)\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Centurion\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C930E0A-A9B1-4A11-9510-F702625028DC}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBD9D26F-D56B-48F1-892F-79EF643D6CEA}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15110 bytes


For Hijackthis, the entries that got deleted/changed include
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.157 82.163.142.159

It looks like there might have been a Proxy Hijacking and a DNS Hijacking. Thanks for suggesting Malwarebytes. Avast had detected the Resedit file as a virus before I opened it, but since Avast was also quarantining files I made using a Bat to Exe converter, I thought it was just indiscriminately targeting unknown binary files. I guess now I know better.
 

carnageX

Private Joker,
Staff member
Messages
25,043
Location
South Dakota
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C930E0A-A9B1-4A11-9510-F702625028DC}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBD9D26F-D56B-48F1-892F-79EF643D6CEA}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{66A406E7-3BCF-4B00-B6CF-9170ACDEDE87}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8

Did you add these entries? Looks like Google's DNS...but just making sure.
 

Cryora

Baseband Member
Messages
31
I did not. They were there after scanning with Malwarebytes and Adwcleaner. Maybe those programs added them?
 

Shaneaook1989

Beta member
Messages
3
Location
USA
Firstly, run a scan with Malwarebytes Antimalware (the Free version is fine, you don't need to activate the Pro trial). Scan with it, delete whatever it finds, reboot and post the log here. Download it from here:
https://www.malwarebytes.org/mwb-download/

Secondly, run a scan with AdwCleaner. Same as above, scan with it, delete what it finds, post the log file here. Download from here:
AdwCleaner Download

Thirdly, re-run HiJackThis and post your new log afterwards.



Thank you so much for that. My internet has been terrible lately and pretty much not even be able to use it. I ran the first scan and got a nice long log




Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 3/29/18
Scan Time: 7:54 PM
Log File: 81ebb220-33ac-11e8-8713-f07bcbd0ba8c.json
Administrator: Yes
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4542
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: VAIO-RandomHero\AdioRandomHero
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 361830
Threats Detected: 217
Threats Quarantined: 216
Time Elapsed: 1 hr, 27 min, 2 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 5
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\f6f0e8503896ca06c75219320d560375.exe, Quarantined, [5187], [415982],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Module: 6
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\f6f0e8503896ca06c75219320d560375.exe, Quarantined, [5187], [415982],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.Wajam.TskLnk, C:\WINDOWS\FDB4A8C82DE2303365EE0D0517CFA165.DLL, Quarantined, [11115], [478565],1.0.4542
Registry Key: 52
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UPDATER_ONLINE_APPLICATION, Quarantined, [3720], [391429],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7AC7CA5C-9348-4AD9-A878-47BBA74CA086}, Quarantined, [3720], [391429],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7AC7CA5C-9348-4AD9-A878-47BBA74CA086}, Quarantined, [3720], [391429],1.0.4542
Adware.Social2Search.EncJob, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cef869680aafff609393ea4639465fe4, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cef869680aafff609393ea4639465fe4, Quarantined, [5187], [-1],0.0.0
Adware.Social2Search.EncJob, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5447F8D1-C3DA-4C7A-8A6E-B62998CDA0C1}, Quarantined, [5187], [-1],0.0.0
Adware.Social2Search.EncJob, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5447F8D1-C3DA-4C7A-8A6E-B62998CDA0C1}, Quarantined, [5187], [-1],0.0.0
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G1, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8D38AF33-F356-4926-AAF3-5F0E728FEA71}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{8D38AF33-F356-4926-AAF3-5F0E728FEA71}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.BlockAdsPro, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BlockAdsPro, Quarantined, [1113], [419770],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G2, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46571E2F-A814-48EA-8DC4-5AE2F2E176AD}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{46571E2F-A814-48EA-8DC4-5AE2F2E176AD}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G3, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5610FBA6-BAA9-4320-87BE-1720BE584E32}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5610FBA6-BAA9-4320-87BE-1720BE584E32}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G4, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{91B0A7F4-7EC8-4A48-9415-9A4674AD8F3B}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{91B0A7F4-7EC8-4A48-9415-9A4674AD8F3B}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G5, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CAADC68E-8657-4799-B9DB-B539892A557F}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{CAADC68E-8657-4799-B9DB-B539892A557F}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G6, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8762F9C9-924A-4D13-A999-5DC9FF276A5F}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{8762F9C9-924A-4D13-A999-5DC9FF276A5F}, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Quarantined, [3720], [360190],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Quarantined, [3720], [317312],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3720], [339688],1.0.4542
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [2871], [260247],1.0.4542
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [220], [236865],1.0.4542
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [220], [236865],1.0.4542
PUP.Optional.Conduit, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [220], [236865],1.0.4542
PUP.Optional.MindSpark, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FromDocToPDFTooltab Uninstall Internet Explorer, Quarantined, [516], [352442],1.0.4542
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-18\SOFTWARE\WebDiscoverBrowser, Quarantined, [1572], [253912],1.0.4542
PUP.Optional.InstallCore, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\csastats, Quarantined, [386], [260986],1.0.4542
PUP.Optional.Wajam, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\WajIEnhance, Quarantined, [211], [244670],1.0.4542
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [211], [-1],0.0.0
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\WebDiscoverBrowser, Quarantined, [1572], [253912],1.0.4542
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [7188], [246387],1.0.4542
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Quarantined, [7406], [424837],1.0.4542
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [1572], [253915],1.0.4542
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [7188], [246387],1.0.4542
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Quarantined, [7406], [424837],1.0.4542
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, Quarantined, [1572], [253915],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3720], [398592],1.0.4542
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [2871], [260247],1.0.4542
Adware.VidSquare.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1, Quarantined, [7449], [372833],1.0.4542
Adware.Wajam.TskLnk, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fdb4a8c82de2303365ee0d0517cfa165, Quarantined, [11115], [478565],1.0.4542
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [211], [170024],1.0.4542
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [211], [170024],1.0.4542
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [211], [170024],1.0.4542
Registry Value: 20
PUP.Optional.Conduit, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [220], [236865],1.0.4542
PUP.Optional.Conduit, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Quarantined, [220], [236865],1.0.4542
PUP.Optional.MindSpark, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FromDocToPDFTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [516], [352442],1.0.4542
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [211], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [211], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [211], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [211], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-2399741164-744547769-543712126-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [211], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [211], [-1],0.0.0
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Quarantined, [3720], [333852],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Quarantined, [3720], [321304],1.0.4542
Adware.VidSquare.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1|DISPLAYNAME, Quarantined, [7449], [372833],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46571E2F-A814-48EA-8DC4-5AE2F2E176AD}|PATH, Quarantined, [3720], [317311],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5610FBA6-BAA9-4320-87BE-1720BE584E32}|PATH, Quarantined, [3720], [317311],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7AC7CA5C-9348-4AD9-A878-47BBA74CA086}|PATH, Quarantined, [3720], [391427],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8762F9C9-924A-4D13-A999-5DC9FF276A5F}|PATH, Quarantined, [3720], [317311],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8D38AF33-F356-4926-AAF3-5F0E728FEA71}|PATH, Quarantined, [3720], [317311],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{91B0A7F4-7EC8-4A48-9415-9A4674AD8F3B}|PATH, Quarantined, [3720], [317311],1.0.4542
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CAADC68E-8657-4799-B9DB-B539892A557F}|PATH, Quarantined, [3720], [317311],1.0.4542
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{F1AB48D3-620A-412A-B77D-05020B395317}|NAMESERVER, Quarantined, [7790], [260227],1.0.4542
Registry Data: 8
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0654C34C-B014-4EA4-B957-94B3CABCBA21}|NameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0958A96C-B6DA-4ACA-9785-7ACAC335A508}|NameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{597649FD-27A4-4D35-AFDB-8328C72AAAD8}|NameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{597649FD-27A4-4D35-AFDB-8328C72AAAD8}|DhcpNameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F1AB48D3-620A-412A-B77D-05020B395317}|NameServer, Replaced, [2871], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F1AB48D3-620A-412A-B77D-05020B395317}|DhcpNameServer, Replaced, [2871], [-1],0.0.0
Data Stream: 0
(No malicious items detected)
Folder: 30
Adware.Social2Search.EncJob, C:\PROGRAM FILES\cef869680aafff609393ea4639465fe4, Quarantined, [5187], [415982],1.0.4542
Trojan.Yelloader, C:\USERS\ADIORANDOMHERO\APPDATA\LOCAL\TEMP\1522215095, Quarantined, [4653], [452260],1.0.4542
PUP.Optional.BundleInstaller, C:\USERS\ADIORANDOMHERO\APPDATA\LOCAL\TEMP\3589692, Quarantined, [392], [463480],1.0.4542
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL, Quarantined, [381], [479103],1.0.4542
Trojan.Yelloader, C:\PROGRAM FILES (X86)\S5, Quarantined, [4653], [452258],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data\LevelDB, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\BrowserMetrics, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\USERS\ADIORANDOMHERO\APPDATA\LOCAL\WEBDISCOVERBROWSER, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\WEBDISCOVERBROWSER, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\Locales, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\PROGRAM FILES\WEBDISCOVERBROWSER, Quarantined, [1569], [348279],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES, Quarantined, [1110], [399420],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3720], [391425],1.0.4542
Adware.OnlineIO, C:\Users\AdioRandomHero\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1, Quarantined, [1110], [399763],1.0.4542
Adware.OnlineIO, C:\Users\AdioRandomHero\AppData\Roaming\Microleaves\Online Application 2.7.0\install, Quarantined, [1110], [399763],1.0.4542
Adware.OnlineIO, C:\Users\AdioRandomHero\AppData\Roaming\Microleaves\Online Application 2.7.0, Quarantined, [1110], [399763],1.0.4542
Adware.OnlineIO, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MICROLEAVES, Quarantined, [1110], [399763],1.0.4542
Trojan.Yelloader.Gen, C:\PROGRAMDATA\1522215094, Quarantined, [3742], [452257],1.0.4542
PUP.Optional.BlockAdsPro, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MICROSOFT\BLOCKADSPRO, Quarantined, [1113], [421128],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\LTZWBOSMJA8X, Quarantined, [3219], [422717],1.0.4542
File: 96
Adware.Wajam, C:\Windows\System32\drivers\ff920189ecf8b338a605488ff400774c.sys, Quarantined, [415], [498505],0.0.0
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\UPDATER_ONLINE_APPLICATION, Quarantined, [3720], [391429],1.0.4542
Adware.Social2Search.EncJob, C:\PROGRAM FILES\cef869680aafff609393ea4639465fe4\WBE_uninstall.dat, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\4c80f0261e81dc6f5e192023423b872f, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\bfdc513b06c1e081c8f4fb8be2e33716.exe, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\da288e9df210ed28861e9fedfd4df8f3.ico, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\f4ddab98eea7682abd6f97d8b049b5f6.exe, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\f6f0e8503896ca06c75219320d560375.exe, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\mozcrt19.dll, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\nspr4.dll, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\nss3.dll, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\plc4.dll, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\plds4.dll, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\service.dat, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\service_64.dat, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\Program Files\cef869680aafff609393ea4639465fe4\softokn3.dll, Quarantined, [5187], [415982],1.0.4542
Adware.Social2Search.EncJob, C:\WINDOWS\SYSTEM32\TASKS\cef869680aafff609393ea4639465fe4, Quarantined, [5187], [-1],0.0.0
Trojan.Yelloader, C:\USERS\ADIORANDOMHERO\APPDATA\LOCAL\TEMP\1522215095\s5m_install_325.zip, Quarantined, [4653], [452260],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G1.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G2.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G3.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G4.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G5.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G6.job, Quarantined, [3720], [382506],1.0.4542
PUP.Optional.BundleInstaller, C:\USERS\ADIORANDOMHERO\APPDATA\LOCAL\TEMP\3589692\ic-0.2280169699ca84.exe, Quarantined, [392], [463480],1.0.4542
PUP.Optional.BundleInstaller, C:\Users\AdioRandomHero\AppData\Local\Temp\3589692\dlreport, Quarantined, [392], [463480],1.0.4542
PUP.Optional.BundleInstaller, C:\Users\AdioRandomHero\AppData\Local\Temp\3589692\ic-0.3321fb84599bcc.exe, Quarantined, [392], [463480],1.0.4542
PUP.Optional.BundleInstaller, C:\Users\AdioRandomHero\AppData\Local\Temp\3589692\ic-0.4932e97dadd92c.exe, Quarantined, [392], [463480],1.0.4542
PUP.Optional.BundleInstaller, C:\Users\AdioRandomHero\AppData\Local\Temp\3589692\ic-0.645dca274f8c4c.exe, Quarantined, [392], [463480],1.0.4542
PUP.Optional.BundleInstaller, C:\Users\AdioRandomHero\AppData\Local\Temp\3589692\ic-0.c8b1bd936abf38.exe, Quarantined, [392], [463480],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\UPDATER_ONLINE_APPLICATION.JOB, Quarantined, [3720], [391430],1.0.4542
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL\XV.DB, Quarantined, [381], [479103],1.0.4542
Trojan.Agent, C:\Windows\SysWOW64\SSL\a073fc9b8b0ef767 2.cer, Quarantined, [381], [479103],1.0.4542
Trojan.Agent, C:\Windows\SysWOW64\SSL\cert.db, Quarantined, [381], [479103],1.0.4542
Trojan.Agent, C:\Windows\SysWOW64\SSL\x.db, Quarantined, [381], [479103],1.0.4542
Trojan.Yelloader, C:\PROGRAM FILES (X86)\S5\u.exe, Quarantined, [4653], [452258],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\BrowserMetrics\BrowserMetrics-5ABB348E.pma, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data\LevelDB\000003.log, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Current Session, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Login Data, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Login Data-journal, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\Default\Visited Links, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Users\AdioRandomHero\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics.pma~RF71f2f7.TMP, Quarantined, [1572], [181497],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\metadata, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\settings.dat, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics-active.pma, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics.pma, Quarantined, [1572], [444086],1.0.4542
PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Quarantined, [5443], [505085],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G1, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G2, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G3, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G4, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G5, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G6, Quarantined, [3720], [317314],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\Locales\en-US.pak, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\chrome.dll, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\chrome_100_percent.pak, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\chrome_200_percent.pak, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\chrome_elf.dll, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\icudtl.dat, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\63.0.3239.132\resources.pak, Quarantined, [1569], [348279],1.0.4542
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.21.2\browser.exe, Quarantined, [1569], [348279],1.0.4542
Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES\Online Application\Online Application Updater.exe, Delete-on-Reboot, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk, Quarantined, [1110], [399420],1.0.4542
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini, Quarantined, [1110], [399420],1.0.4542
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3720], [391431],1.0.4542
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [3720], [391425],1.0.4542
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [3720], [391425],1.0.4542
Adware.OnlineIO, C:\Users\AdioRandomHero\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi, Quarantined, [1110], [399763],1.0.4542
PUP.Optional.WinResSync, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MICROSOFT\PROTECT\WINRESCHECK.WRC, Quarantined, [4156], [471379],1.0.4542
Trojan.Yelloader.Gen, C:\PROGRAMDATA\1522215094\s9.zip.download, Quarantined, [3742], [452257],1.0.4542
PUP.Optional.WinResSync.Generic, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MICROSOFT\PROTECT\c65560-88cfb1-3a5e8780-7cfdd0-b1a0.tpl.rs, Quarantined, [4154], [462913],1.0.4542
PUP.Optional.Conduit, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L8K1N1A5.DEFAULT-1460563467111\PREFS.JS, Replaced, [220], [301520],1.0.4542
PUP.Optional.Conduit, C:\USERS\ADIORANDOMHERO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L8K1N1A5.DEFAULT-1460563467111\PREFS.JS, Replaced, [220], [303091],1.0.4542
MachineLearning/Anomalous.100%, C:\WINDOWS\F4DDAB98EEA7682ABD6F97D8B049B5F6.EXE, Quarantined, [0], [392687],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\LTZWBOSMJA8X\LTZWBOSMJA8X.CER, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\config.ini, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\Info.rtf, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\License.rtf, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\settings.ini, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\trz48A9.tmp, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\unins000.dat, Quarantined, [3219], [422717],1.0.4542
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\lTzWbOsmJA8x\unins000.exe, Quarantined, [3219], [422717],1.0.4542
Adware.Wajam.TskLnk, C:\WINDOWS\FDB4A8C82DE2303365EE0D0517CFA165.DLL, Quarantined, [11115], [478565],1.0.4542
Adware.Wajam, C:\WINDOWS\TEMP\WJME149.TMP\UPDATE.EXE, Quarantined, [415], [504673],1.0.4542
Generic.Malware/Suspicious, C:\USERS\ADIORANDOMHERO\DOWNLOADS\IMGBURN_1521802659.EXE, Quarantined, [0], [392686],1.0.4542
PUP.Optional.TotalAV, C:\USERS\ADIORANDOMHERO\DOWNLOADS\TOTALAV.EXE, Quarantined, [4675], [503750],1.0.4542
Adware.Zdengo.Generic, C:\WINDOWS\F4DDAB98EEA7682ABD6F97D8B049B5F6.EXE, Quarantined, [11113], [487934],1.0.4542
Generic.Malware/Suspicious, C:\USERS\ADIORANDOMHERO\DOWNLOADS\SETUPIMGBURN_2.5.8.0.EXE, Quarantined, [0], [392686],1.0.4542
Physical Sector: 0
(No malicious items detected)

(end)
 

Shaneaook1989

Beta member
Messages
3
Location
USA
If you're that infected it's best you wipe the machine, and also check any other machine that's on the network including your mobile devices.

Yeah I ran the other 2 as well and they came up with a ton as well. I just installed norton internet security deluxe too. I have an external hd, is there a chance that is infected too?
 
Top