New Eases/Specialty virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Pengu

Thread Starter
Joined
Jan 27, 2004
Messages
291
Hello everyone

I am having an issue with this virus that appeared on my PC today, when I load Windows it loads up the default browser and plays an ad that I cannot see. Even when I close the window the ad is still playing in the backround. I tried too disable the process and delete the files but it keeps duplicating and hiding in hidden folders in different locations on the PC. I was able to remove some stuff with malwarebytes but the problem persists still.

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: AMD Ryzen 5 1600X Six-Core Processor, AMD64 Family 23 Model 1 Stepping 1
Processor Count: 12
RAM: 16330 Mb
Graphics Card: NVIDIA GeForce GTX 1060 6GB, -1 Mb
Hard Drives: C: 111 GB (29 GB Free); D: 931 GB (183 GB Free);
Motherboard: Micro-Star International Co., Ltd, X370 GAMING PRO CARBON (MS-7A32)
Antivirus: Windows Defender, Disabled

Malwarebytes log 1:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/9/18
Scan Time: 3:45 PM
Log File: 8dff459c-53c1-11e8-87f0-309c2307611b.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.5046
License: Free

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: GREEN\Raymond

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308787
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 1 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 2
Trojan.Dropper.NSIS, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSTD2D8.TMP\FT0RWD6OCF.EXE, Quarantined, [7907], [485739],1.0.5046
MachineLearning/Anomalous.95%, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSWE68F.TMP\CPSETUP.EXE, Quarantined, [0], [392687],1.0.5046

Module: 2
Trojan.Dropper.NSIS, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSTD2D8.TMP\FT0RWD6OCF.EXE, Quarantined, [7907], [485739],1.0.5046
MachineLearning/Anomalous.95%, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSWE68F.TMP\CPSETUP.EXE, Quarantined, [0], [392687],1.0.5046

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Trojan.Dropper.NSIS, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSTD2D8.TMP\FT0RWD6OCF.EXE, Quarantined, [7907], [485739],1.0.5046
MachineLearning/Anomalous.95%, C:\USERS\RAYMOND\APPDATA\LOCAL\TEMP\NSWE68F.TMP\CPSETUP.EXE, Quarantined, [0], [392687],1.0.5046

Physical Sector: 0
(No malicious items detected)


(end)


Malwarebytes Log 2

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/9/18
Scan Time: 4:06 PM
Log File: 8327878a-53c4-11e8-a2e9-309c2307611b.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.5046
License: Free

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: GREEN\Raymond

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308907
Threats Detected: 153
Threats Quarantined: 153
Time Elapsed: 0 min, 54 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 7
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
PUP.Optional.InterStat, C:\USERS\RAYMOND\APPDATA\ROAMING\INTERSTATNOGUI\INTERSTATNOGUI.EXE, Quarantined, [1044], [333870],1.0.5046

Module: 7
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
PUP.Optional.InterStat, C:\USERS\RAYMOND\APPDATA\ROAMING\INTERSTATNOGUI\INTERSTATNOGUI.EXE, Quarantined, [1044], [333870],1.0.5046

Registry Key: 48
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SOFTUPGRADE, Quarantined, [5525], [260473],1.0.5046
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{54E189D9-0671-4198-9E27-5D64CB31EDDF}, Quarantined, [5525], [260473],1.0.5046
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{54E189D9-0671-4198-9E27-5D64CB31EDDF}, Quarantined, [5525], [260473],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G1, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CA7600EB-1AD7-4B48-97E0-15A92F61B64A}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{CA7600EB-1AD7-4B48-97E0-15A92F61B64A}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G2, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CB2E14D2-CA7C-441C-B8FF-A9503B02E077}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{CB2E14D2-CA7C-441C-B8FF-A9503B02E077}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G3, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{099402FC-7F55-43F9-AC3B-8E6D80E429FE}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{099402FC-7F55-43F9-AC3B-8E6D80E429FE}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G4, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{74AD2294-6E5D-4B3A-A3D6-E8E92B3BFDE3}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{74AD2294-6E5D-4B3A-A3D6-E8E92B3BFDE3}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G5, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9B3AF98F-FC08-4C6A-A4ED-D0FC0C9519A8}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{9B3AF98F-FC08-4C6A-A4ED-D0FC0C9519A8}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G6, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{33AA6F5F-6A11-48CE-B37D-ED7CE6F18373}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{33AA6F5F-6A11-48CE-B37D-ED7CE6F18373}, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UPDATER_ONLINE_APPLICATION, Quarantined, [3683], [391429],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{86C06257-DA6F-4667-89A4-89C631C3363F}, Quarantined, [3683], [391429],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{86C06257-DA6F-4667-89A4-89C631C3363F}, Quarantined, [3683], [391429],1.0.5046
PUP.Optional.InterStat, HKU\S-1-5-21-1608285615-1653559005-1897046051-1001_Classes\APPLICATIONS\interstatnogui.exe, Quarantined, [1044], [463411],1.0.5046
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [7067], [246387],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Quarantined, [3683], [360190],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Quarantined, [3683], [317312],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3683], [339688],1.0.5046
PUP.Optional.InterStat, HKU\S-1-5-21-1608285615-1653559005-1897046051-1001\SOFTWARE\Interstatnogui, Quarantined, [1044], [333863],1.0.5046
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [7067], [246387],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3683], [398592],1.0.5046
Adware.VidSquare.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1, Quarantined, [7304], [372833],1.0.5046
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\koxlGDTuIp8V Updater, Quarantined, [3132], [494177],1.0.5046
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [2851], [260247],1.0.5046
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [2851], [260247],1.0.5046
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\fantastique, Quarantined, [11400], [517318],1.0.5046
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8CF06F58-C15B-4D9E-81EB-E5515DF68CA4}, Quarantined, [11400], [517318],1.0.5046
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{8CF06F58-C15B-4D9E-81EB-E5515DF68CA4}, Quarantined, [11400], [517318],1.0.5046
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\fantastiquefantastique, Quarantined, [11400], [517318],1.0.5046
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3C7C14AA-31F5-4FC9-902C-0EDA8319A290}, Quarantined, [11400], [517318],1.0.5046
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3C7C14AA-31F5-4FC9-902C-0EDA8319A290}, Quarantined, [11400], [517318],1.0.5046
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fantastique, Quarantined, [11400], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CF06F58-C15B-4D9E-81EB-E5515DF68CA4}, Quarantined, [11400], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CF06F58-C15B-4D9E-81EB-E5515DF68CA4}, Quarantined, [11400], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fantastiquefantastique, Quarantined, [11400], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C7C14AA-31F5-4FC9-902C-0EDA8319A290}, Quarantined, [11400], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C7C14AA-31F5-4FC9-902C-0EDA8319A290}, Quarantined, [11400], [-1],0.0.0

Registry Value: 15
PUP.Optional.InterStat, HKU\S-1-5-21-1608285615-1653559005-1897046051-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|INTERSTATNOGUI, Quarantined, [1044], [333870],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Quarantined, [3683], [333852],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Quarantined, [3683], [321304],1.0.5046
Adware.VidSquare.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1|DISPLAYNAME, Quarantined, [7304], [372833],1.0.5046
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\koxlGDTuIp8V Updater|IMAGEPATH, Quarantined, [3132], [494177],1.0.5046
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{06a09436-ec54-40f8-833d-f791067e2150}|NAMESERVER, Quarantined, [7655], [260226],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{099402FC-7F55-43F9-AC3B-8E6D80E429FE}|PATH, Quarantined, [3683], [317311],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{33AA6F5F-6A11-48CE-B37D-ED7CE6F18373}|PATH, Quarantined, [3683], [317311],1.0.5046
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{54E189D9-0671-4198-9E27-5D64CB31EDDF}|PATH, Quarantined, [5525], [260475],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{74AD2294-6E5D-4B3A-A3D6-E8E92B3BFDE3}|PATH, Quarantined, [3683], [317311],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{86C06257-DA6F-4667-89A4-89C631C3363F}|PATH, Quarantined, [3683], [391427],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9B3AF98F-FC08-4C6A-A4ED-D0FC0C9519A8}|PATH, Quarantined, [3683], [317311],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CA7600EB-1AD7-4B48-97E0-15A92F61B64A}|PATH, Quarantined, [3683], [317311],1.0.5046
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CB2E14D2-CA7C-441C-B8FF-A9503B02E077}|PATH, Quarantined, [3683], [317311],1.0.5046
Trojan.MalPack, HKU\S-1-5-21-1608285615-1653559005-1897046051-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|autotdvr, Quarantined, [3822], [518986],1.0.5046

Registry Data: 11
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replaced, [3132], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [3132], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{06a09436-ec54-40f8-833d-f791067e2150}|NameServer, Replaced, [3132], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{06a09436-ec54-40f8-833d-f791067e2150}|DhcpNameServer, Replaced, [3132], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{4a187381-370a-4cb8-b58c-02295764b4c6}|NameServer, Replaced, [3132], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8df71173-8c0d-4349-bf74-2b2bdc07dd5d}|NameServer, Replaced, [3132], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8df71173-8c0d-4349-bf74-2b2bdc07dd5d}|DhcpNameServer, Replaced, [3132], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9a5ee39a-8b70-4791-a780-394cb6e9e962}|NameServer, Replaced, [3132], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d428092e-74a0-4104-ac1e-398f18095320}|NameServer, Replaced, [3132], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{fc9a982f-f52f-49ab-b1ed-e288d0806b8a}|NameServer, Replaced, [3132], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{fc9a982f-f52f-49ab-b1ed-e288d0806b8a}|DhcpNameServer, Replaced, [3132], [-1],0.0.0

Data Stream: 0
(No malicious items detected)

Folder: 11
PUP.Optional.SoftUpgrade, C:\PROGRAM FILES (X86)\SOFTUPGRADE, Quarantined, [5525], [260472],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES, Quarantined, [1109], [399420],1.0.5046
PUP.Optional.InterStat, C:\USERS\RAYMOND\APPDATA\ROAMING\INTERSTATNOGUI, Quarantined, [1044], [333846],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3683], [391425],1.0.5046
Adware.OnlineIO, C:\Users\Raymond\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1, Quarantined, [1109], [399763],1.0.5046
Adware.OnlineIO, C:\Users\Raymond\AppData\Roaming\Microleaves\Online Application 2.7.0\install, Quarantined, [1109], [399763],1.0.5046
Adware.OnlineIO, C:\Users\Raymond\AppData\Roaming\Microleaves\Online Application 2.7.0, Quarantined, [1109], [399763],1.0.5046
Adware.OnlineIO, C:\USERS\RAYMOND\APPDATA\ROAMING\MICROLEAVES, Quarantined, [1109], [399763],1.0.5046
Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\KOXLGDTUIP8V, Quarantined, [3132], [422713],1.0.5046

File: 54
Backdoor.Agent.E, C:\USERS\RAYMOND\APPDATA\ROAMING\file2.exe, Quarantined, [1555], [188828],1.0.5046
PUP.Optional.SoftUpgrade, C:\WINDOWS\SYSTEM32\TASKS\SOFTUPGRADE, Quarantined, [5525], [260473],1.0.5046
PUP.Optional.SoftUpgrade, C:\PROGRAM FILES (X86)\SOFTUPGRADE\SOFTUP.EXE, Quarantined, [5525], [260472],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G1, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G2, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G3, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G4, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G5, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G6, Quarantined, [3683], [317314],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\UPDATER_ONLINE_APPLICATION, Quarantined, [3683], [391429],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [3683], [391431],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G1.job, Quarantined, [3683], [382506],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G2.job, Quarantined, [3683], [382506],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G3.job, Quarantined, [3683], [382506],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G4.job, Quarantined, [3683], [382506],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G5.job, Quarantined, [3683], [382506],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G6.job, Quarantined, [3683], [382506],1.0.5046
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\UPDATER_ONLINE_APPLICATION.JOB, Quarantined, [3683], [391430],1.0.5046
Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES\Online Application\Online Application Updater.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk, Quarantined, [1109], [399420],1.0.5046
Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini, Quarantined, [1109], [399420],1.0.5046
PUP.Optional.InterStat, C:\USERS\RAYMOND\APPDATA\ROAMING\INTERSTATNOGUI\INTERSTATNOGUI.EXE, Quarantined, [1044], [333870],1.0.5046
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [3683], [391425],1.0.5046
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [3683], [391425],1.0.5046
Adware.OnlineIO, C:\Users\Raymond\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi, Quarantined, [1109], [399763],1.0.5046
PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14511], [352008],1.0.5046
PUP.Optional.HijackHosts, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14511], [352008],1.0.5046
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476105],1.0.5046
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14509], [476106],1.0.5046
Adware.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\KOXLGDTUIP8V\SETTINGS.INI, Quarantined, [3132], [422713],1.0.5046
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\config.ini, Quarantined, [3132], [422713],1.0.5046
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\Info.rtf, Quarantined, [3132], [422713],1.0.5046
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\koxlGDTuIp8V.cer, Quarantined, [3132], [422713],1.0.5046
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\koxlgdtuip8v.exe, Quarantined, [3132], [422713],1.0.5046
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\License.rtf, Quarantined, [3132], [422713],1.0.5046
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\unins000.dat, Quarantined, [3132], [422713],1.0.5046
Adware.DNSUnlocker.ACMB2, C:\Program Files (x86)\koxlGDTuIp8V\unins000.exe, Quarantined, [3132], [422713],1.0.5046
Trojan.MalPack, C:\USERS\RAYMOND\APPDATA\ROAMING\MICROSOFT\APPRSEUI\APHOIDER.EXE, Quarantined, [3822], [518986],1.0.5046
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\fantastique, Quarantined, [11400], [517318],1.0.5046
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\fantastiquefantastique, Quarantined, [11400], [517318],1.0.5046
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PERFORMANCES\PERFORMANCES.EXE, Quarantined, [11400], [517318],1.0.5046
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\fantastique, Quarantined, [11400], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\fantastiquefantastique, Quarantined, [11400], [-1],0.0.0

Physical Sector: 0
(No malicious items detected)


(end)

Thanks for the help everyone!

-Raymond
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top