Author Topic: malware? virus? (Read 13793 times)

REDACTED · « **on:** April 17, 2015, 04:13:16 PM »

Avast keeps giving alerts....

these are the URL's with location

http://blackfight.info/4141/BorderlineSystem_142667215115901.dll
C:\Windows\System32\svchost.exe

http://blackfight.info/4141/SeekerFoobar_142667093444337.dll
C:\Windows\System32\svchost.exe

http://blackled.info/4141/BorderlineRunner_142669490011429.dll
C:\Windows\System32\svchost.exe

http://blackfight.info/4141/CutterSystem_142669222904981.dll
C:\Windows\System32\svchost.exe

http://blackled.info/4141/LinkModule_142666989833768.dll
C:\Windows\System32\svchost.exe

I am about to reinstall windows... but I don't know if I should... how do I get rid of whatever it is? Any help would be greatly appreciated!

Rednose · « **Reply #1 on:** April 17, 2015, 04:16:47 PM »

Hi mrsg81469, welcome to the forum

We can help you with this type of infection !

Please follow this turtorial https://forum.avast.com/index.php?topic=53253.0 and attach the requested logs in your next reply.
As soon as an expert is online and available he/she will help you.

Greetz, Red.

Pondus · « **Reply #2 on:** April 17, 2015, 04:19:28 PM »

Quote

I am about to reinstall windows... but I don't know if I should

no need to do that. Essexboy remove this evry day here so follow instructions in the guide given

REDACTED · « **Reply #3 on:** April 17, 2015, 07:36:41 PM »

I ran malwarebytes and it did not detect anything today although I still get the alerts...but here are my logs from yesterday... Also when I look at the logs it says malware protection disabled but in the program the boxes are checked off to enable on start-up.. Is that normal?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/16/2015
Scan Time: 7:54:47 AM
Logfile: malware.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.16.03
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Home

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393554
Time Elapsed: 3 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\TrayIcons, Quarantined, [1d263736f79362d4d9726c501de6a759],

Files: 45
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\0783cda0179d64360c688b8aa2c825f1.0, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\0a7b4732362c02e88c8ab362287cacae, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\17e08085896e8dd1a98cbb03ac3df336, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\2024ca1e7ac031de48bd392e3da2dea5.0, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\2ffe51ee1dd78ba3b9a576635c901b01, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\3b560efb777bd1cb909a1a46868c99ef, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\537f43c5af97f2f6f2b9379377e194be, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\5f500f7594b58869da6f39328e803594, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\82ec7361d8ba2956b4dbdf99ad3e25d3, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\90cc9c001f140839d25f1efe503999d7, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\a2b03d62eeaf55382198311b779895d1, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\a32ecd0b2995f85de8edcaf9a2d223f0, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\d557ad356461f0f4f077132e77569635.0, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.FreeCauseTB.A, C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\healthreport\FCTB\{e3cf95f7-8178-d3b4-3957-61b28eea4d80}\101075\tb.xml, Quarantined, [2d166b024743f442c7029bf4a0630ff1],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\azygmou.dat, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\dgapi.js, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\dgmain.js, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\dgmain_app_bg.js, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\dgmain_app_cs.js, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\jquery4toolbar.js, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\7a727ea691ca4c783024b61fd35ef0e8_gb, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\29c726c70fa66389578f5986eedd9ce4, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\29c726c70fa66389578f5986eedd9ce4_expire, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\29c726c70fa66389578f5986eedd9ce4_gb, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\33143a2945258575fcad33e73ceb74c6, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\33143a2945258575fcad33e73ceb74c6_expire, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\33143a2945258575fcad33e73ceb74c6_gb, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\3ab6cfcad30baf81fac23ae3890bffc8, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\3ab6cfcad30baf81fac23ae3890bffc8_expire, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\3ab6cfcad30baf81fac23ae3890bffc8_gb, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\7a727ea691ca4c783024b61fd35ef0e8, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\7a727ea691ca4c783024b61fd35ef0e8_expire, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\7c0022298b948a99e406a6310bffea7f, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\7c0022298b948a99e406a6310bffea7f_expire, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\7c0022298b948a99e406a6310bffea7f_gb, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\8b8b6fa7b099d5977098f1ed10d61b11, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\8b8b6fa7b099d5977098f1ed10d61b11_expire, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\8b8b6fa7b099d5977098f1ed10d61b11_gb, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\8f43b50088266b9870b42ce6ef7ffbde, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\8f43b50088266b9870b42ce6ef7ffbde_expire, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\8f43b50088266b9870b42ce6ef7ffbde_gb, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\ff4319b9fd1980249b99b4ad16274961, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\ff4319b9fd1980249b99b4ad16274961_expire, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\cache\ff4319b9fd1980249b99b4ad16274961_gb, Quarantined, [1d263736f79362d4d9726c501de6a759],
PUP.Optional.EazyZoom.A, C:\Users\Home\AppData\LocalLow\eazyzoom\content\TrayIcons\logo.ico, Quarantined, [1d263736f79362d4d9726c501de6a759],

Physical Sectors: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/16/2015
Scan Time: 8:04:31 AM
Logfile: malware2.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.16.03
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Home

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 526474
Time Elapsed: 18 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, E:\Downloads\office_2013-win8\Microsoft Office 2013 Professional Plus Windows 8\DAEMONToolsPro550-0388.exe, Quarantined, [aa99214c8802de582a9faa7eda2cfe02],

Physical Sectors: 0
(No malicious items detected)

(end)

essexboy · « **Reply #4 on:** April 17, 2015, 07:45:38 PM »

If you could attach the FRST logs we will stop the alerts

REDACTED · « **Reply #5 on:** April 17, 2015, 07:47:34 PM »

Here are the FRST and addition logs... I just figured out how to attach so sorry about the previous post...

REDACTED · « **Reply #6 on:** April 17, 2015, 07:51:31 PM »

Here is the aswMBR log..

essexboy · « **Reply #7 on:** April 17, 2015, 07:56:36 PM »

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\Extensions\mypoints@500friends.com [2015-04-12]
FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\Extensions\weidunewtab@gmail.com [2015-04-12]
FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\Extensions\openlinkintab@piro.sakura.ne.jp.xpi [2015-04-12]
FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-04-12]
FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\Extensions\{e23e1101-6cde-4b94-b415-508a7cde8628}.xpi [2015-04-12]
2015-03-27 09:32 - 2015-03-27 09:32 - 00003102 _____ () C:\Windows\System32\Tasks\{9CB8CE4C-EEE9-41A5-AE28-35F28FB5C0B0}
2015-03-27 09:29 - 2015-03-27 09:29 - 00003172 _____ () C:\Windows\System32\Tasks\{B214421E-8CC1-4064-B197-63724FE6477B}
2015-03-27 01:49 - 2015-03-27 01:49 - 00000000 ____D () C:\ProgramData\d0ffa7d60000669d
2015-03-27 00:43 - 2015-03-27 01:59 - 00000000 ____D () C:\ProgramData\{69eb3576-45e9-1db2-69eb-b357645ed5d9}
2015-03-27 00:43 - 2015-03-27 00:43 - 00000000 ____D () C:\ProgramData\10864421869464621889
2015-03-26 23:56 - 2015-04-17 12:56 - 00000288 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-03-26 23:56 - 2015-03-27 01:00 - 00000000 ____D () C:\Users\Home\AppData\Roaming\UpdaterEX
2015-03-26 23:56 - 2015-03-26 23:56 - 00003224 _____ () C:\Windows\System32\Tasks\UpdaterEX
Task: {6FF11187-91C7-4148-97F8-AEF03ECACC47} - System32\Tasks\UpdaterEX => C:\Users\Home\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Home\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

REDACTED · « **Reply #8 on:** April 17, 2015, 08:12:16 PM »

here's the fixlist log...

REDACTED · « **Reply #9 on:** April 17, 2015, 08:13:46 PM »

and here's the contents of the adwcleaner log..

# AdwCleaner v4.201 - Logfile created 17/04/2015 at 14:07:27
# Updated 08/04/2015 by Xplode
# Database : 2015-04-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Home - HOME-PC
# Running from : C:\Users\Home\Downloads\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

Not Deleted : CouponPrinterService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Users\Home\AppData\Roaming\Store
Folder Deleted : C:\Users\Home\AppData\Roaming\WTools
Folder Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\644e123b-2c45-22b2-f17b-20b29ee5605b
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.5

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.4 (x86 en-US)

-\\ Google Chrome v42.0.2311.90

[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchdominion.info/?l=1&q={searchTerms}&pid=22194&r=2015/03/27&hid=12080285119392740158&lg=EN&cc=US
[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

*************************

AdwCleaner[R0].txt - [34318 bytes] - [17/04/2015 14:05:51]
AdwCleaner[S0].txt - [2577 bytes] - [17/04/2015 14:07:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2636 bytes] ##########

REDACTED · « **Reply #10 on:** April 17, 2015, 08:21:08 PM »

sorry, did the fixlist as opposed to fix log! Here is that...

essexboy · « **Reply #11 on:** April 17, 2015, 08:24:32 PM »

Could you confirm the alerts have now ceased

REDACTED · « **Reply #12 on:** April 17, 2015, 08:26:50 PM »

I am not sure how to tell, they would just happen... is there a way to manually check?

essexboy · « **Reply #13 on:** April 17, 2015, 08:27:53 PM »

Reboot the computer as that is when they first appear

REDACTED · « **Reply #14 on:** April 17, 2015, 08:35:09 PM »

You're awesome! I haven't had an alert as of yet! Any idea where it came from? I typically use firefox but after firefox updated I can no longer access my college site so I have to use chrome for that. I do A LOT of legal research online and I am assuming I got it somewhere when doing that... Is there anything I can do to prevent further issues like this?

Author Topic: malware? virus? (Read 13793 times)

REDACTED

malware? virus?

Rednose

Re: malware? virus?

Pondus

Re: malware? virus?

REDACTED

Re: malware? virus?

essexboy

Re: malware? virus?

REDACTED

Re: malware? virus?

REDACTED

Re: malware? virus?

essexboy

Re: malware? virus?

REDACTED

Re: malware? virus?

REDACTED

Re: malware? virus?

REDACTED

Re: malware? virus?

essexboy

Re: malware? virus?

REDACTED

Re: malware? virus?

essexboy

Re: malware? virus?

REDACTED

Re: malware? virus?