1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New Eases/Specialty virus

Discussion in 'Virus & Other Malware Removal' started by Pengu, May 9, 2018.

Thread Status:
Not open for further replies.
  1. Pengu

    Pengu Thread Starter

    Joined:
    Jan 27, 2004
    Messages:
    291
    Hello everyone

    I am having an issue with this virus that appeared on my PC today, when I load Windows it loads up the default browser and plays an ad that I cannot see. Even when I close the window the ad is still playing in the backround. I tried too disable the process and delete the files but it keeps duplicating and hiding in hidden folders in different locations on the PC. I was able to remove some stuff with malwarebytes but the problem persists still.

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Pro, 64 bit
    Processor: AMD Ryzen 5 1600X Six-Core Processor, AMD64 Family 23 Model 1 Stepping 1
    Processor Count: 12
    RAM: 16330 Mb
    Graphics Card: NVIDIA GeForce GTX 1060 6GB, -1 Mb
    Hard Drives: C: 111 GB (29 GB Free); D: 931 GB (183 GB Free);
    Motherboard: Micro-Star International Co., Ltd, X370 GAMING PRO CARBON (MS-7A32)
    Antivirus: Windows Defender, Disabled

    Malwarebytes log 1:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 5/9/18
    Scan Time: 3:45 PM
    Log File: 8dff459c-53c1-11e8-87f0-309c2307611b.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.262
    Update Package Version: 1.0.5046
    License: Free

    -System Information-
    OS: Windows 10 (Build 16299.371)
    CPU: x64
    File System: NTFS
    User: GREEN\Raymond

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 308787
    Threats Detected: 6
    Threats Quarantined: 6
    Time Elapsed: 1 min, 20 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 2
    Trojan.Dropper.NSIS, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSTD2D8.TMP\FT0RWD6OCF.EXE, Quarantined, [7907], [485739],1.0.5046
    MachineLearning/Anomalous.95%, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSWE68F.TMP\CPSETUP.EXE, Quarantined, [0], [392687],1.0.5046

    Module: 2
    Trojan.Dropper.NSIS, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSTD2D8.TMP\FT0RWD6OCF.EXE, Quarantined, [7907], [485739],1.0.5046
    MachineLearning/Anomalous.95%, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSWE68F.TMP\CPSETUP.EXE, Quarantined, [0], [392687],1.0.5046

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 2
    Trojan.Dropper.NSIS, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSTD2D8.TMP\FT0RWD6OCF.EXE, Quarantined, [7907], [485739],1.0.5046
    MachineLearning/Anomalous.95%, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSWE68F.TMP\CPSETUP.EXE, Quarantined, [0], [392687],1.0.5046

    Physical Sector: 0
    (No malicious items detected)


    (end)


    Malwarebytes Log 2

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 5/9/18
    Scan Time: 4:06 PM
    Log File: 8327878a-53c4-11e8-a2e9-309c2307611b.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.262
    Update Package Version: 1.0.5046
    License: Free

    -System Information-
    OS: Windows 10 (Build 16299.371)
    CPU: x64
    File System: NTFS
    User: GREEN\Raymond

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 308907
    Threats Detected: 153
    Threats Quarantined: 153
    Time Elapsed: 0 min, 54 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 7
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    PUP.Optional.InterStat, C:\USERS\RAYMOND\APPDATA\ROAMING\INTERSTATNOGUI\INTERSTATNOGUI.EXE, Quarantined, [1044], [333870],1.0.5046

    Module: 7
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    PUP.Optional.InterStat, C:\USERS\RAYMOND\APPDATA\ROAMING\INTERSTATNOGUI\INTERSTATNOGUI.EXE, Quarantined, [1044], [333870],1.0.5046

    Registry Key: 48
    PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SOFTUPGRADE, Quarantined, [5525], [260473],1.0.5046
    PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{54E189D9-0671-4198-9E27-5D64CB31EDDF}, Quarantined, [5525], [260473],1.0.5046
    PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{54E189D9-0671-4198-9E27-5D64CB31EDDF}, Quarantined, [5525], [260473],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G1, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CA7600EB-1AD7-4B48-97E0-15A92F61B64A}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{CA7600EB-1AD7-4B48-97E0-15A92F61B64A}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G2, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CB2E14D2-CA7C-441C-B8FF-A9503B02E077}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{CB2E14D2-CA7C-441C-B8FF-A9503B02E077}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G3, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{099402FC-7F55-43F9-AC3B-8E6D80E429FE}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{099402FC-7F55-43F9-AC3B-8E6D80E429FE}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G4, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{74AD2294-6E5D-4B3A-A3D6-E8E92B3BFDE3}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{74AD2294-6E5D-4B3A-A3D6-E8E92B3BFDE3}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G5, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9B3AF98F-FC08-4C6A-A4ED-D0FC0C9519A8}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{9B3AF98F-FC08-4C6A-A4ED-D0FC0C9519A8}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G6, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{33AA6F5F-6A11-48CE-B37D-ED7CE6F18373}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{33AA6F5F-6A11-48CE-B37D-ED7CE6F18373}, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UPDATER_ONLINE_APPLICATION, Quarantined, [3683], [391429],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{86C06257-DA6F-4667-89A4-89C631C3363F}, Quarantined, [3683], [391429],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{86C06257-DA6F-4667-89A4-89C631C3363F}, Quarantined, [3683], [391429],1.0.5046
    PUP.Optional.InterStat, HKU\S-1-5-21-1608285615-1653559005-1897046051-1001_Classes\APPLICATIONS\interstatnogui.exe, Quarantined, [1044], [463411],1.0.5046
    PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [7067], [246387],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Quarantined, [3683], [360190],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Quarantined, [3683], [317312],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3683], [339688],1.0.5046
    PUP.Optional.InterStat, HKU\S-1-5-21-1608285615-1653559005-1897046051-1001\SOFTWARE\Interstatnogui, Quarantined, [1044], [333863],1.0.5046
    PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [7067], [246387],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3683], [398592],1.0.5046
    Adware.VidSquare.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1, Quarantined, [7304], [372833],1.0.5046
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\koxlGDTuIp8V Updater, Quarantined, [3132], [494177],1.0.5046
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [2851], [260247],1.0.5046
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [2851], [260247],1.0.5046
    Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\fantastique, Quarantined, [11400], [517318],1.0.5046
    Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8CF06F58-C15B-4D9E-81EB-E5515DF68CA4}, Quarantined, [11400], [517318],1.0.5046
    Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{8CF06F58-C15B-4D9E-81EB-E5515DF68CA4}, Quarantined, [11400], [517318],1.0.5046
    Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\fantastiquefantastique, Quarantined, [11400], [517318],1.0.5046
    Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3C7C14AA-31F5-4FC9-902C-0EDA8319A290}, Quarantined, [11400], [517318],1.0.5046
    Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3C7C14AA-31F5-4FC9-902C-0EDA8319A290}, Quarantined, [11400], [517318],1.0.5046
    Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fantastique, Quarantined, [11400], [-1],0.0.0
    Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CF06F58-C15B-4D9E-81EB-E5515DF68CA4}, Quarantined, [11400], [-1],0.0.0
    Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CF06F58-C15B-4D9E-81EB-E5515DF68CA4}, Quarantined, [11400], [-1],0.0.0
    Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fantastiquefantastique, Quarantined, [11400], [-1],0.0.0
    Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C7C14AA-31F5-4FC9-902C-0EDA8319A290}, Quarantined, [11400], [-1],0.0.0
    Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C7C14AA-31F5-4FC9-902C-0EDA8319A290}, Quarantined, [11400], [-1],0.0.0

    Registry Value: 15
    PUP.Optional.InterStat, HKU\S-1-5-21-1608285615-1653559005-1897046051-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|INTERSTATNOGUI, Quarantined, [1044], [333870],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Quarantined, [3683], [333852],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Quarantined, [3683], [321304],1.0.5046
    Adware.VidSquare.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1|DISPLAYNAME, Quarantined, [7304], [372833],1.0.5046
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\koxlGDTuIp8V Updater|IMAGEPATH, Quarantined, [3132], [494177],1.0.5046
    Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{06a09436-ec54-40f8-833d-f791067e2150}|NAMESERVER, Quarantined, [7655], [260226],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{099402FC-7F55-43F9-AC3B-8E6D80E429FE}|PATH, Quarantined, [3683], [317311],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{33AA6F5F-6A11-48CE-B37D-ED7CE6F18373}|PATH, Quarantined, [3683], [317311],1.0.5046
    PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{54E189D9-0671-4198-9E27-5D64CB31EDDF}|PATH, Quarantined, [5525], [260475],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{74AD2294-6E5D-4B3A-A3D6-E8E92B3BFDE3}|PATH, Quarantined, [3683], [317311],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{86C06257-DA6F-4667-89A4-89C631C3363F}|PATH, Quarantined, [3683], [391427],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9B3AF98F-FC08-4C6A-A4ED-D0FC0C9519A8}|PATH, Quarantined, [3683], [317311],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CA7600EB-1AD7-4B48-97E0-15A92F61B64A}|PATH, Quarantined, [3683], [317311],1.0.5046
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CB2E14D2-CA7C-441C-B8FF-A9503B02E077}|PATH, Quarantined, [3683], [317311],1.0.5046
    Trojan.MalPack, HKU\S-1-5-21-1608285615-1653559005-1897046051-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|autotdvr, Quarantined, [3822], [518986],1.0.5046

    Registry Data: 11
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replaced, [3132], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [3132], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{06a09436-ec54-40f8-833d-f791067e2150}|NameServer, Replaced, [3132], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{06a09436-ec54-40f8-833d-f791067e2150}|DhcpNameServer, Replaced, [3132], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{4a187381-370a-4cb8-b58c-02295764b4c6}|NameServer, Replaced, [3132], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8df71173-8c0d-4349-bf74-2b2bdc07dd5d}|NameServer, Replaced, [3132], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8df71173-8c0d-4349-bf74-2b2bdc07dd5d}|DhcpNameServer, Replaced, [3132], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9a5ee39a-8b70-4791-a780-394cb6e9e962}|NameServer, Replaced, [3132], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d428092e-74a0-4104-ac1e-398f18095320}|NameServer, Replaced, [3132], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{fc9a982f-f52f-49ab-b1ed-e288d0806b8a}|NameServer, Replaced, [3132], [-1],0.0.0
    Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{fc9a982f-f52f-49ab-b1ed-e288d0806b8a}|DhcpNameServer, Replaced, [3132], [-1],0.0.0

    Data Stream: 0
    (No malicious items detected)

    Folder: 11
    PUP.Optional.SoftUpgrade, C:\PROGRAM FILES (X86)\SOFTUPGRADE, Quarantined, [5525], [260472],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES, Quarantined, [1109], [399420],1.0.5046
    PUP.Optional.InterStat, C:\USERS\RAYMOND\APPDATA\ROAMING\INTERSTATNOGUI, Quarantined, [1044], [333846],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3683], [391425],1.0.5046
    Adware.OnlineIO, C:\Users\Raymond\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1, Quarantined, [1109], [399763],1.0.5046
    Adware.OnlineIO, C:\Users\Raymond\AppData\Roaming\Microleaves\Online Application 2.7.0\install, Quarantined, [1109], [399763],1.0.5046
    Adware.OnlineIO, C:\Users\Raymond\AppData\Roaming\Microleaves\Online Application 2.7.0, Quarantined, [1109], [399763],1.0.5046
    Adware.OnlineIO, C:\USERS\RAYMOND\APPDATA\ROAMING\MICROLEAVES, Quarantined, [1109], [399763],1.0.5046
    Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\KOXLGDTUIP8V, Quarantined, [3132], [422713],1.0.5046

    File: 54
    Backdoor.Agent.E, C:\USERS\RAYMOND\APPDATA\ROAMING\file2.exe, Quarantined, [1555], [188828],1.0.5046
    PUP.Optional.SoftUpgrade, C:\WINDOWS\SYSTEM32\TASKS\SOFTUPGRADE, Quarantined, [5525], [260473],1.0.5046
    PUP.Optional.SoftUpgrade, C:\PROGRAM FILES (X86)\SOFTUPGRADE\SOFTUP.EXE, Quarantined, [5525], [260472],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G1, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G2, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G3, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G4, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G5, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G6, Quarantined, [3683], [317314],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\UPDATER_ONLINE_APPLICATION, Quarantined, [3683], [391429],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3683], [391431],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G1.job, Quarantined, [3683], [382506],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G2.job, Quarantined, [3683], [382506],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G3.job, Quarantined, [3683], [382506],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G4.job, Quarantined, [3683], [382506],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G5.job, Quarantined, [3683], [382506],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G6.job, Quarantined, [3683], [382506],1.0.5046
    PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\UPDATER_ONLINE_APPLICATION.JOB, Quarantined, [3683], [391430],1.0.5046
    Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES\Online Application\Online Application Updater.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk, Quarantined, [1109], [399420],1.0.5046
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini, Quarantined, [1109], [399420],1.0.5046
    PUP.Optional.InterStat, C:\USERS\RAYMOND\APPDATA\ROAMING\INTERSTATNOGUI\INTERSTATNOGUI.EXE, Quarantined, [1044], [333870],1.0.5046
    PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [3683], [391425],1.0.5046
    PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [3683], [391425],1.0.5046
    Adware.OnlineIO, C:\Users\Raymond\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi, Quarantined, [1109], [399763],1.0.5046
    PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14511], [352008],1.0.5046
    PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14511], [352008],1.0.5046
    Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476105],1.0.5046
    Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
    Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
    Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
    Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
    Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
    Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
    Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
    Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
    Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
    Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\KOXLGDTUIP8V\SETTINGS.INI, Quarantined, [3132], [422713],1.0.5046
    Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\config.ini, Quarantined, [3132], [422713],1.0.5046
    Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\Info.rtf, Quarantined, [3132], [422713],1.0.5046
    Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\koxlGDTuIp8V.cer, Quarantined, [3132], [422713],1.0.5046
    Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\koxlgdtuip8v.exe, Quarantined, [3132], [422713],1.0.5046
    Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\License.rtf, Quarantined, [3132], [422713],1.0.5046
    Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\unins000.dat, Quarantined, [3132], [422713],1.0.5046
    Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\unins000.exe, Quarantined, [3132], [422713],1.0.5046
    Trojan.MalPack, C:\USERS\RAYMOND\APPDATA\ROAMING\MICROSOFT\APPRSEUI\APHOIDER.EXE, Quarantined, [3822], [518986],1.0.5046
    Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\fantastique, Quarantined, [11400], [517318],1.0.5046
    Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\fantastiquefantastique, Quarantined, [11400], [517318],1.0.5046
    Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PERFORMANCES\PERFORMANCES.EXE, Quarantined, [11400], [517318],1.0.5046
    Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\fantastique, Quarantined, [11400], [-1],0.0.0
    Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\fantastiquefantastique, Quarantined, [11400], [-1],0.0.0

    Physical Sector: 0
    (No malicious items detected)


    (end)

    Thanks for the help everyone!

    -Raymond
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1209971

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice