Laptop with serious virus/adware issues - would prefer not to reformat

Toggle sidebar Toggle sidebar
N

notasandwich

Distinguished
Jun 13, 2011
115
1
18,685
For some time now my mom's Laptop, an HP Probook 4520s has had serious issues with adware and spyware-like programs. They seem to install themselves in the background automatically and are usually things like pseudo-diagnostic tools that try to trick you into purchasing some kind of product to fix computer issues, programs that generate obtrusive pop up ads, and a host of other similar things that are generally annoying and hurt overall performance

I have tried doing a number of fixes, including deep scanning for virus' and malware using Microsoft Security Essentials and Malwarebytes in safe mode, running registry cleaners and generally just uninstalling any of these programs that install themselves manually. They always come back (usually different programs) regardless of how many times MSE or Malwarbytes finds malicious software and removes them

Then, just yesterday, someone using my Mom's AOL email address started emailing spam mail to everyone in her address book. When she tried accessing AOL through Firefox she got a "Forbidden - you don't have permission to access /cgr/login on this server" message. Oddly enough this didn't occur when she tried it on Chrome but it's obviously a security issue

The only solution I can think of at this point is to simply reformat the main hard drive and reinstall Windows 7 32bit, but I was hoping someone could potentially tell me of another solution since having to back up and reinstall everything would be a huge pain


HP Probook 4520s
Windows 7 32bit Home Premium
i3 2.53 GHz CPU
4GB RAM
 
Sort by date Sort by votes
game junky

game junky

Distinguished
Feb 2, 2012
1,125
0
19,660
there are lots of cleaners on the market - Kaspersky has some good general antivirus/malware scanners and they have some that are for specific culprits. Malwarebytes is a good general scanner but it doesn't catch everything and can take a lot of time. If I were in your shoes, I would pull the drive and replace it with a SSD and load Windows from disk. You will still have the old drive if you ever want to attempt a deep clean but she'll be back up and running.
 
Upvote 0 Downvote
A

aldan

Splendid
Apr 15, 2013
3,999
29
24,640
what amazes me is the number of people who think that there is one or two magic programs that can get rid of everything.there are often specific am programs to get rid of a given infection,so know what you have first.that having been said,it looks like her email has been hacked.she needs to change her password.aside from that,if your serious about cleaning her computer up,post back and let me know.
 
Upvote 0 Downvote
gerr

gerr

Distinguished
Apr 1, 2008
503
0
19,060
On a different PC, download multiple NON-INSTALLABLE virus & malware cleaners that can be run directly from a USB drive. Since on one tool will likely remove all of the infections, you want to run several of them. But in the end, a wipe & reformat along with changing ALL your online passwords is your best option.

CCE is just one example of the type of programs you will need...
https://www.comodo.com/business-security/network-protection/cleaning_essentials.php
 
Upvote 0 Downvote
N

notasandwich

Distinguished
Jun 13, 2011
115
1
18,685


I can't really what she has as every new program that self installs is different but falls into the general area of being either bogus maintenance utility or a shopping app of some kind. She has already gone ahead and changed her email password and is going to go about changing her password for several other sites as she uses the same one for almost everything
 
Upvote 0 Downvote
A

aldan

Splendid
Apr 15, 2013
3,999
29
24,640
the password change should take care of the email spamming,but i would recommend running the following programs.download and run a scan with adwcleaner.check anything it comes up with for removal.next,download and run a scan with junkware cleaner.it will automatically do its thing.then download and run a scan with malwarebtes and quarantine anything it comes up with.post the logs from all three programs in your next post.i work on lots of old ladies (no offense to your mother)computers and this is just so familiar.lol. here are the links to the above programs.
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.bleepingcomputer.com/download/junkware-removal-tool/
https://www.malwarebytes.org/
 
Upvote 0 Downvote
N

notasandwich

Distinguished
Jun 13, 2011
115
1
18,685




Adwcleaner:
# AdwCleaner v4.206 - Logfile created 12/06/2015 at 18:22:32
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Lily - LILY-HP
# Running from : C:\Users\Lily\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ERFSLH9\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : SPBIUpd
Service Found : SPBIUpdd
Service Found : bb1a24ab
Service Found : SPDRIVER_1.42.1.1961

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\nvtm5u8m.default\searchplugins\ask-search.xml
File Found : C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cobbaepnkejfnljmjgimdhoefifdhcak_0.localstorage
File Found : C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fmfgcipfpihnkblbbemdagfdhjjeilli_0.localstorage
File Found : C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_njbcfghpoodhahbegndmbojmgkibhiol_0.localstorage
File Found : C:\Users\Lily\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
File Found : C:\Users\Lily\AppData\Roaming\Mozilla\Firefox\Profiles\grjweiq3.default-1424734721345\user.js
File Found : C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\windows\AppPatch\nbin\VC32Loader.dll
File Found : C:\windows\system32\roboot.exe
Folder Found : C:\Program Files\app_setup
Folder Found : C:\Program Files\Common Files\Goobzo
Folder Found : C:\Program Files\Common Files\ShopperPro
Folder Found : C:\Program Files\ConnectPC
Folder Found : C:\Program Files\coupoon
Folder Found : C:\Program Files\Coupoon
Folder Found : C:\Program Files\DDiiscountExtenSi
Folder Found : C:\Program Files\ExstrraCouppoon
Folder Found : C:\Program Files\FInDBEssttDeal
Folder Found : C:\Program Files\Ge-Force
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\youtubeadblocker
Folder Found : C:\ProgramData\{75e42d0c-0375-32d7-75e4-42d0c037b430}
Folder Found : C:\ProgramData\{97f24119-3624-de9e-97f2-241193620464}
Folder Found : C:\ProgramData\1ae15fe000002520
Folder Found : C:\ProgramData\599bc70600005d17
Folder Found : C:\ProgramData\6ec665435eeb4faea683f3f6b1ea9661
Folder Found : C:\ProgramData\Ads Remover
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\bb08b27c00004b6d
Folder Found : C:\ProgramData\Browser
Folder Found : C:\ProgramData\SearchModule
Folder Found : C:\ProgramData\ShopperPro
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cobbaepnkejfnljmjgimdhoefifdhcak
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfgcipfpihnkblbbemdagfdhjjeilli
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol
Folder Found : C:\Users\Lily\AppData\Local\BrowserHelper
Folder Found : C:\Users\Lily\AppData\Local\Crossbrowse
Folder Found : C:\Users\Lily\AppData\Local\globalUpdate
Folder Found : C:\Users\Lily\AppData\Local\SmartWeb
Folder Found : C:\Users\Lily\AppData\Local\TVWizard
Folder Found : C:\Users\Lily\AppData\Roaming\Developerts LLC USA
Folder Found : C:\Users\Lily\AppData\Roaming\iWin
Folder Found : C:\Users\Lily\AppData\Roaming\Mozilla\Firefox\Profiles\grjweiq3.default-1424734721345\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
Folder Found : C:\Users\Lily\AppData\Roaming\Systweak
Folder Found : C:\Users\Lily\Documents\PCPrivacyDock

***** [ Scheduled tasks ] *****

Task Found : Crossbrowse
Task Found : LaunchSignup
Task Found : ShopperPro
Task Found : ShopperProJSUpd
Task Found : SPDriver
Task Found : TidyNetwork Update
Task Found : amiupdaterExd
Task Found : amiupdaterExi
Task Found : 160623c2-43be-4dcd-b462-0543b81eb447-5
Task Found : 160623c2-43be-4dcd-b462-0543b81eb447-5_user
Task Found : 160623c2-43be-4dcd-b462-0543b81eb447-5
Task Found : 160623c2-43be-4dcd-b462-0543b81eb447-5_user
Task Found : JYNZR

***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\Public\Desktop\Google Chrome.lnk

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Crossbrowse
Key Found : HKCU\Software\CrossBrowser
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6CCC7AE9-2311-4220-971F-19086E8E2908}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96A35E6D-82AE-4B07-B0C8-7D0A8FD783DF}
Key Found : HKCU\Software\Microsoft\KanarCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\sidecom
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\1bb96dc1-e45d-4921-0315-d9099bc10243
Key Found : HKLM\SOFTWARE\Boost
Key Found : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Key Found : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Found : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Found : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Found : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{318C7F13-3498-459E-BF35-12865E6D005C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5D9FB48A-5CE2-4118-B19F-F88ADDB0F814}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Found : HKLM\SOFTWARE\Coupoon
Key Found : HKLM\SOFTWARE\coupoon
Key Found : HKLM\SOFTWARE\Crossbrowse
Key Found : HKLM\SOFTWARE\DeviceVM
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dmidaiabaeipgkcooijbikmdcofhpakp
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\microsoft\shared tools\msconfig\startupreg\ApnTBMon
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{bb1a24ab}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\ShopperPro
Key Found : HKLM\SOFTWARE\SiteSee
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\Universal
Key Found : HKLM\SOFTWARE\WebBar
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[grjweiq3.default-1424734721345] - Line Found : user_pref("browser.newtab.url", "hxxp://www-searching.com/?site=shyosffdefault&s=F69ztutdksC0004,4717af95-57bf-4583-92c4-0da0364273ff");

-\\ Google Chrome v39.0.2171.95

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : cobbaepnkejfnljmjgimdhoefifdhcak
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : fmfgcipfpihnkblbbemdagfdhjjeilli
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : njbcfghpoodhahbegndmbojmgkibhiol
[C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=ATU-SAT&o=APN10241&itbv=11.8.2.658&doi=2013-05-30&locale=en_US&apn_uid=56CD0278-B082-41E7-895A-085FC6F9A066&apn_ptnrs=^AF8&apn_dtid=^YYYYYY^YY^US&apn_dbr=ff_21.0&&q={searchTerms}
[C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I85251BE1-7D34-4A47-9534-EF90A28680BD&SearchSource=58&CUI=&UM=8&UP=SPA6D87D0C-62B4-4C8A-A854-121B0D42B4E5&q={searchTerms}&D=031815&SSPV=

*************************

AdwCleaner[R0].txt - [10894 bytes] - [12/06/2015 18:22:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10954 bytes] ##########
Click to expand...

Junkware:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.2 (06.12.2015:1)
OS: Windows 7 Home Premium x86
Ran by Lily on Fri 06/12/2015 at 18:34:15.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] updatecheck
Successfully deleted: [Service] updatecheck



~~~ Tasks

Successfully deleted: [Task] C:\windows\System32\tasks\BWYDFXOS1
Successfully deleted: [Task] C:\windows\System32\tasks\ProPCCleaner_Start
Successfully deleted: [Task] C:\windows\tasks\BWYDFXOS1.job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30111B93-65FD-44DF-BA32-F5B68BF729E3}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Shop Time



~~~ Files

Successfully deleted: [File] C:\Users\Lily\appdata\local\nsaC779.tmp
Successfully deleted: [File] C:\Users\Lily\appdata\local\nslE6AA.tmp
Successfully deleted: [File] C:\Users\Lily\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\windows\System32\sho55C0.tmp
Successfully deleted: [File] C:\windows\System32\sho6593.tmp
Successfully deleted: [File] C:\windows\System32\sho6A7.tmp
Successfully deleted: [File] C:\windows\System32\sho84B.tmp
Successfully deleted: [File] C:\windows\System32\shoBD9B.tmp
Successfully deleted: [File] C:\windows\System32\shoD999.tmp
Successfully deleted: [File] C:\ProgramData\1421271128.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1423931084.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1423931086.bdinstall.bin
Successfully deleted: [File] C:\Users\Lily\appdata\local\3c15800e71a187df9a94841865c83ce7



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\ospd_us_1082 [Adware.EoRezo]
Successfully deleted: [Folder] C:\Users\Lily\appdata\local\installer
Successfully deleted: [Folder] C:\Users\Lily\appdata\locallow\company
Successfully deleted: [Folder] C:\Users\Lily\documents\optimizer pro
Successfully deleted: [Folder] C:\Users\Lily\local settings\application data\com
Successfully deleted: [Folder] C:\Users\Lily\local settings\application data\crashrpt
Successfully deleted: [Folder] C:\Users\Lily\local settings\application data\pro_pc_cleaner
Successfully deleted: [Folder] C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
Successfully deleted: [Folder] C:\ProgramData\13948155360650324683
Successfully deleted: [Folder] C:\Users\Lily\appdata\local\ospd_us_1082 [Adware.EoRezo]



~~~ FireFox




~~~ Chrome


[C:\Users\Lily\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Lily\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Lily\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Lily\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/12/2015 at 18:36:22.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarbytes:
Scan Date: 6/12/2015
Scan Time: 6:39:25 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.12.07
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Lily

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398095
Time Elapsed: 28 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.GeForce.A, HKLM\SOFTWARE\Ge-Force-nv-ie, , [19d274414644cf6732d7621c70952ed2],
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\ONESOFTPERDAY, , [36b5575eeb9f63d319b3050ad82c6c94],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [14d7466f93f7fc3a70f1a24d53b014ec],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [5398bbfaef9b01356b90deabdc29fd03],
PUP.Optional.SearchModule.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHMODULE\SMUpd, , [35b6664f5238f54138177514b352cc34],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [cb20e6cfe8a23ef85ab698f44eb77789],
PUP.Optional.Coupoon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\coupoon, , [1ecdded7e3a764d2aaa4443d4fb657a9],
PUP.Optional.Crossrider.C, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [d11a5461fd8db87efec086fefd08bc44],
PUP.Optional.GeForce.A, HKU\S-1-5-21-87976727-3667668781-379997952-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Ge-Force-nv-ie, , [12d99c19d8b2ad891af098e64bbac040],
PUP.Optional.ProPCCleaner.A, HKU\S-1-5-21-87976727-3667668781-379997952-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ProPCCleanerLanguage, , [915a0ea737538da9c662a5e1778e3dc3],
PUP.Optional.RapidMediaConverter.A, HKU\S-1-5-21-87976727-3667668781-379997952-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RapidMediaConverterApp, , [628950655c2e9e98b4f1780db64fbc44],

Registry Values: 1
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [5398bbfaef9b01356b90deabdc29fd03]

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.GlobalUpdate.A, C:\Users\Lily\AppData\Local\Temp\comh.465192, , [6b80cbea731795a180379c325fa412ee],
PUP.Optional.Trovi.A, C:\Users\Lily\AppData\Roaming\Mozilla\Firefox\Profiles\grjweiq3.default-1424734721345\storage\default\http+++www.trovi.com, , [f6f5b302c8c2c96d99db09e09a697987],
PUP.Optional.Trovi.A, C:\Users\Lily\AppData\Roaming\Mozilla\Firefox\Profiles\grjweiq3.default-1424734721345\storage\default\http+++www.trovi.com\idb, , [f6f5b302c8c2c96d99db09e09a697987],
PUP.Optional.Trovi.A, C:\Users\Lily\AppData\Roaming\Mozilla\Firefox\Profiles\grjweiq3.default-1424734721345\storage\default\http+++www.trovi.com\idb\1320802654iedibk_oeovcer.files, , [f6f5b302c8c2c96d99db09e09a697987],
PUP.Optional.OneSystemCare.A, C:\Users\Lily\AppData\Roaming\One System Care, , [22c9b9fc65257bbbc8c85d8f7192966a],
PUP.Optional.OneSystemCare.A, C:\Users\Lily\AppData\Roaming\One System Care\WL, , [22c9b9fc65257bbbc8c85d8f7192966a],

Files: 7
Trojan.Agent.AI, C:\Users\Lily\AppData\Local\Temp\Quarantine.exe, , [7d6e40756129c76f09e33a33f70b7888],
PUP.Optional.PriceLess.A, C:\Users\Lily\AppData\Local\Temp\is-ULI17.tmp\package_priceless_installer_multilang.exe, , [34b7eacb781287afe075ec8f34d2f20e],
PUP.Optional.WebBar.A, C:\Users\Lily\AppData\Local\Temp\is-ULI17.tmp\package_airwebbar_installer_multilang.exe, , [d813c6ef3d4dbe78083fd2a957afa45c],
PUP.Optional.Linkey.A, C:\Users\Lily\AppData\Local\Temp\is-ULI17.tmp\package_linkey_pariente_installer_multilang.exe, , [fcef5a5bec9e142264ec6c0f887e6898],
PUP.Optional.GeForce.A, C:\Users\Lily\AppData\Local\Temp\Install_30844\ins_geforce.exe, , [18d3dcd9c4c668ce5748ba8714eec63a],
PUP.Optional.Trovi.A, C:\Users\Lily\AppData\Roaming\Mozilla\Firefox\Profiles\grjweiq3.default-1424734721345\storage\default\http+++www.trovi.com\.metadata, , [f6f5b302c8c2c96d99db09e09a697987],
PUP.Optional.Trovi.A, C:\Users\Lily\AppData\Roaming\Mozilla\Firefox\Profiles\grjweiq3.default-1424734721345\storage\default\http+++www.trovi.com\idb\1320802654iedibk_oeovcer.sqlite, , [f6f5b302c8c2c96d99db09e09a697987],

Physical Sectors: 0
(No malicious items detected)


(end)

 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom