Author Topic: [Resolved - K] Malware infections stopping spyware form working?  (Read 7250 times)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #15 on: May 26, 2015, 04:14:52 AM »
I want you to run ESET again, this time I want one option change as follow:

Make sure that Remove found threats is Checked.

I give full instructions again...

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is Checked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Next,

Install MCShield, connect you ext hard drive, the scan should run automatically...

Thanks,

Kevin...

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #16 on: May 26, 2015, 08:59:16 AM »
Hi Kevin

This is the log I found in the specified directory, after running the scan again with with "delete threats" checked.

I trust it has overwritten the previous log?

Will now re-attach external drive and run the scan on it.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=
# engine=23984
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-23 07:59:50
# local_time=2015-05-23 08:59:50 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10310646 184876240 0 0
# scanned=456874
# found=84
# cleaned=0
# scan_time=34883
sh=0ED4B9FCCE9A375DDF372F3368DF2C541215BBBE ft=1 fh=c71c00118bf034d2 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\Uninstall.exe.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Skydrive\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Skydrive\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0D99BE4B-B6B8-46F6-954E-43F4E309E06A.data"
sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1B46AE38-0110-46A6-B1CB-55055F88F3E4.data"
sh=F98CFF47A9866B20AE35B54676C9AE6205EA9092 ft=1 fh=8ff09098caced262 vn="Win32/Packed.ScrambleWrapper.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2F334E02-A066-44C9-AEBC-FF90C7610DDC.data"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\449BDFFA-DB25-430A-8205-673012A45E9C.data"
sh=A162B71CC53FE98776FD6F1336FFFAA201777F18 ft=1 fh=1b5a6455fb2a1ee5 vn="a variant of Win32/InstallCore.BH potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\62EBAD83-BA3F-43F2-83BD-C8C5A6BFDFCD.data"
sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\76B77A70-EF26-48C8-917D-74D83152487D.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7A80FC34-CE6E-4F22-AE6F-19A980A44729.data"
sh=63D8A233223061D42538AD5F8A1552A86C0420CA ft=1 fh=0b75d8cb754ba137 vn="multiple threats" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7AE66787-456F-4A94-B27D-78E792A21265.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8C581AF1-E674-4D0A-A756-A4B303F9959B.data"
sh=872918BB02B724FF42CF3239649BBE399F06BB7A ft=1 fh=b94ff4533a0bbc0d vn="a variant of Win32/bProtector.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8E5219FA-D1BE-40FA-AA46-5DC5602A1C30.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\985D6919-C257-410A-9791-43E5A790BF62.data"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A126B32C-DB0A-48AD-BF7E-4C6498B990D6.data"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A7DD3694-FA47-47F5-B4FF-7C31724F8849.data"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A87E1368-3160-4303-9A75-B745C0C14F2A.data"
sh=A162B71CC53FE98776FD6F1336FFFAA201777F18 ft=1 fh=1b5a6455fb2a1ee5 vn="a variant of Win32/InstallCore.BH potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D4160BC2-04D9-43AB-AD1D-FC1CD4BC4FF0.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FF70E1E5-34D5-4254-999F-4123FE74DFF3.data"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=16B519EE1642AB71302CF80521A1F2840B1DC142 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip"
sh=16B519EE1642AB71302CF80521A1F2840B1DC142 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip"
sh=56911BA04365C06368461AF8DCADCEFA94E127D6 ft=1 fh=2e9c8e48fae5b893 vn="a variant of Win32/SmartInline.A potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\AppData\Roaming\ii-download.com\ii-download.com\prerequisites\SmartInline\smartinline.exe"
sh=F66F477B53B39DF2C2C561D4AF1C7C8F87C89046 ft=1 fh=d0f38e5e390c9502 vn="Win32/Toolbar.Montiera.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\AppData\Roaming\Mozilla\Firefox\Profiles\Andrew Stucken\AppData\Roaming\Mozilla\Profiles\433yq68c.Andrew Stukken\extensions\ffxtlbr@delta.com\uninstall.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-Photo_Crop_Editor-ORG-10536710.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-ScreenHunter_Free-ORG-10063246(1).exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-ScreenHunter_Free-ORG-10063246.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi183-Infix_PDF_Editor-ORG-10391701.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi188-ZapGrab-ORG-75329767.exe"
sh=7E3775D2F7676449670C4E0DE78332FFCF54D9A8 ft=1 fh=748eca0038f890e5 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\FlashPlayer_V.51453454b.exe.part"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Andrew Stucken\Downloads\Shockwave_Installer_Slim(1).exe"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Andrew Stucken\Downloads\Shockwave_Installer_Slim.exe"
sh=CC3B0F691E7C2DBF420AA63B42AD5272AE58781E ft=1 fh=0072ff3393d764dd vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170(1).exe"
sh=CC3B0F691E7C2DBF420AA63B42AD5272AE58781E ft=1 fh=0072ff3393d764dd vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170(2).exe"
sh=83989CC14765D52D0ED271CE957308EE8D32FAB4 ft=1 fh=931f16acb365e0a6 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170.exe"
sh=0E8849B5BEBC329AD29F3BD052B02D0368CD269B ft=1 fh=42c65c8862f6f1e1 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\zipper_V.6685996.exe"
sh=1A43F9C0CF7AA6D4D52C1C6DAB494311246C6F51 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\edf7e1.msi"
sh=44902DFC96A8D337ED3853198B75E42B34899FAB ft=1 fh=29775c310e88ad96 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI1C.tmp"
sh=61B3FDF2953CA49F770A6A209B2EE80893204FFA ft=1 fh=4283fe3a030c4bea vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI7B09.tmp"
sh=E59194FD68C8FD20DD6082F63274E8771AE6A2E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"
sh=E59194FD68C8FD20DD6082F63274E8771AE6A2E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"
sh=1705DF90990509BF38CB43E3E850AF3B7FADE6E6 ft=0 fh=0000000000000000 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 1.zip"
sh=1536E88BC2FD7E89AE3B54A80A755CFD36AB381D ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 147.zip"
sh=88981141ABCA6BF74DD8F658696C99CACBBE9990 ft=0 fh=0000000000000000 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 148.zip"
sh=4AF7BB322C077A3B80052155CA69F569585A305F ft=0 fh=0000000000000000 vn="a variant of Win32/SoftPulse.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 149.zip"
sh=5EDE8AEF331A4F004B4758F11D2C2771459838D5 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.G potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 150.zip"
sh=7A6A342439F38EB22C17EA24DF6C135DB84FC50C ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 263.zip"
sh=3AE4F73C0716B0D15CD18571C17E2E6D01DFDB09 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 80.zip"
sh=9228ADEB9C007AE858A8FB70AFE58738A6AC0289 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-30 110010\Backup files 1.zip"
sh=CFB112BE9CC974D8081F171F6BAB21A076517D29 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-31 110001\Backup files 1.zip"
sh=1FC78E54F77880657A9739F58CB57A34451EFA37 ft=0 fh=0000000000000000 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-01 110001\Backup files 1.zip"
sh=84AC550F190231405641E113B4D21C4ED2449C73 ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 172.zip"
sh=B8A209D3BBC9080907BB190618681FE035AFB3DF ft=0 fh=0000000000000000 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 173.zip"
sh=9E18BC69077F5C027CE736C1426DC9A8E6FDA24A ft=0 fh=0000000000000000 vn="a variant of Win32/SoftPulse.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 174.zip"
sh=AA02D5A12F11DA46BF6B5000840A941F9A032E3C ft=0 fh=0000000000000000 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 175.zip"
sh=3F03C2DE0A5C93CB9D34BE2B7875812B0D5148D9 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 299.zip"
sh=2CAAC5F862534A4C70B507CA6CCC48D73A3D87B7 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 69.zip"
sh=E460A376AC2E29E2E7E91A4B2CDB1E230149F649 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-03 110001\Backup files 1.zip"
sh=E3AAA1D295A8453BCC930960E2279143E589A379 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-04 161731\Backup files 1.zip"
sh=F0E4613E8BCCD5149535F18DE05068AD5F1A21AD ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-05 110002\Backup files 1.zip"
sh=F9441B19DFF187C78FF210B07BC1C6E61DA6BE97 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-06 110002\Backup files 1.zip"
sh=125A45B8BA482897791653EC7A07C5C433B4ECF2 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-07 110002\Backup files 1.zip"
sh=161E4BE9E9EFD86D754D4E7ED79024A88466755E ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-08 110001\Backup files 1.zip"
sh=109E9935DDFDF9CBF779BBAFF56FC6FC5158C3C1 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-10 110003\Backup files 1.zip"
sh=023C94095D252841BB824B49B09F9CD59E9F2B6F ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-11 110005\Backup files 1.zip"
sh=963E0853E2A8F06227D6854DDFEDAC773AB3F3B8 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-12 110003\Backup files 1.zip"
sh=357FA2C6D57D2D06F7E30D3D07847CBF02AF56B9 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-13 110002\Backup files 1.zip"
sh=D8153EC65BB0D22F2BB8160ECC0EA85C53D1994B ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-14 110001\Backup files 1.zip"
sh=D7AB5A49DC6A6A56B27F81F85030B28E9D7C420C ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-15 110001\Backup files 1.zip"
sh=68B31BAD463692E7212B449C3EF6853EA6D30C05 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-17 110001\Backup files 1.zip"
sh=22120D336AFEE24AE5276E6E46B7A57897AFC728 ft=0 fh=0000000000000000 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-18 094457\Backup Files 2015-01-18 094457\Backup files 1.zip"
sh=6981BB92F5530AEB59A1A8CA43A1FB629FE6EE6D ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-18 094457\Backup Files 2015-01-19 110003\Backup files 171.zip"
sh=15548EE8ED901165A38EF692FF505A430C9D49C9 ft=0 fh=0000000000000000 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-18 094457\Backup Files 2015-01-19 110003\Backup files 172.zip"
# product=EOS
# version=8
# iexplore.exe=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=
# engine=24014
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-25 08:03:28
# local_time=2015-05-25 09:03:28 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10483664 185049258 0 0
# scanned=456926
# found=53
# cleaned=0
# scan_time=11440
sh=0ED4B9FCCE9A375DDF372F3368DF2C541215BBBE ft=1 fh=c71c00118bf034d2 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\Uninstall.exe.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Skydrive\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Skydrive\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0D99BE4B-B6B8-46F6-954E-43F4E309E06A.data"
sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1B46AE38-0110-46A6-B1CB-55055F88F3E4.data"
sh=F98CFF47A9866B20AE35B54676C9AE6205EA9092 ft=1 fh=8ff09098caced262 vn="Win32/Packed.ScrambleWrapper.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2F334E02-A066-44C9-AEBC-FF90C7610DDC.data"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\449BDFFA-DB25-430A-8205-673012A45E9C.data"
sh=A162B71CC53FE98776FD6F1336FFFAA201777F18 ft=1 fh=1b5a6455fb2a1ee5 vn="a variant of Win32/InstallCore.BH potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\62EBAD83-BA3F-43F2-83BD-C8C5A6BFDFCD.data"
sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\76B77A70-EF26-48C8-917D-74D83152487D.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7A80FC34-CE6E-4F22-AE6F-19A980A44729.data"
sh=63D8A233223061D42538AD5F8A1552A86C0420CA ft=1 fh=0b75d8cb754ba137 vn="multiple threats" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7AE66787-456F-4A94-B27D-78E792A21265.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8C581AF1-E674-4D0A-A756-A4B303F9959B.data"
sh=872918BB02B724FF42CF3239649BBE399F06BB7A ft=1 fh=b94ff4533a0bbc0d vn="a variant of Win32/bProtector.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8E5219FA-D1BE-40FA-AA46-5DC5602A1C30.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\985D6919-C257-410A-9791-43E5A790BF62.data"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A126B32C-DB0A-48AD-BF7E-4C6498B990D6.data"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A7DD3694-FA47-47F5-B4FF-7C31724F8849.data"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A87E1368-3160-4303-9A75-B745C0C14F2A.data"
sh=A162B71CC53FE98776FD6F1336FFFAA201777F18 ft=1 fh=1b5a6455fb2a1ee5 vn="a variant of Win32/InstallCore.BH potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D4160BC2-04D9-43AB-AD1D-FC1CD4BC4FF0.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FF70E1E5-34D5-4254-999F-4123FE74DFF3.data"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=16B519EE1642AB71302CF80521A1F2840B1DC142 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip"
sh=16B519EE1642AB71302CF80521A1F2840B1DC142 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe"
sh=56911BA04365C06368461AF8DCADCEFA94E127D6 ft=1 fh=2e9c8e48fae5b893 vn="a variant of Win32/SmartInline.A potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\AppData\Roaming\ii-download.com\ii-download.com\prerequisites\SmartInline\smartinline.exe"
sh=F66F477B53B39DF2C2C561D4AF1C7C8F87C89046 ft=1 fh=d0f38e5e390c9502 vn="Win32/Toolbar.Montiera.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\AppData\Roaming\Mozilla\Firefox\Profiles\Andrew Stucken\AppData\Roaming\Mozilla\Profiles\433yq68c.Andrew Stukken\extensions\ffxtlbr@delta.com\uninstall.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-Photo_Crop_Editor-ORG-10536710.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-ScreenHunter_Free-ORG-10063246(1).exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-ScreenHunter_Free-ORG-10063246.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi183-Infix_PDF_Editor-ORG-10391701.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi188-ZapGrab-ORG-75329767.exe"
sh=7E3775D2F7676449670C4E0DE78332FFCF54D9A8 ft=1 fh=748eca0038f890e5 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\FlashPlayer_V.51453454b.exe.part"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Andrew Stucken\Downloads\Shockwave_Installer_Slim(1).exe"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Andrew Stucken\Downloads\Shockwave_Installer_Slim.exe"
sh=CC3B0F691E7C2DBF420AA63B42AD5272AE58781E ft=1 fh=0072ff3393d764dd vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170(1).exe"
sh=CC3B0F691E7C2DBF420AA63B42AD5272AE58781E ft=1 fh=0072ff3393d764dd vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170(2).exe"
sh=83989CC14765D52D0ED271CE957308EE8D32FAB4 ft=1 fh=931f16acb365e0a6 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170.exe"
sh=0E8849B5BEBC329AD29F3BD052B02D0368CD269B ft=1 fh=42c65c8862f6f1e1 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\zipper_V.6685996.exe"
sh=1A43F9C0CF7AA6D4D52C1C6DAB494311246C6F51 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\edf7e1.msi"
sh=44902DFC96A8D337ED3853198B75E42B34899FAB ft=1 fh=29775c310e88ad96 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI1C.tmp"
sh=61B3FDF2953CA49F770A6A209B2EE80893204FFA ft=1 fh=4283fe3a030c4bea vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI7B09.tmp"
sh=E59194FD68C8FD20DD6082F63274E8771AE6A2E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"
sh=E59194FD68C8FD20DD6082F63274E8771AE6A2E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"
# product=EOS
# version=8
# iexplore.exe=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=
# engine=24029
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-26 02:47:47
# local_time=2015-05-26 03:47:47 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10551123 185116717 0 0
# scanned=457683
# found=53
# cleaned=51
# scan_time=9774
sh=16B519EE1642AB71302CF80521A1F2840B1DC142 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip"
sh=E59194FD68C8FD20DD6082F63274E8771AE6A2E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"
sh=0ED4B9FCCE9A375DDF372F3368DF2C541215BBBE ft=1 fh=c71c00118bf034d2 vn="Win32/AirAdInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\Uninstall.exe.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Skydrive\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Skydrive\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0D99BE4B-B6B8-46F6-954E-43F4E309E06A.data"
sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1B46AE38-0110-46A6-B1CB-55055F88F3E4.data"
sh=F98CFF47A9866B20AE35B54676C9AE6205EA9092 ft=1 fh=8ff09098caced262 vn="Win32/Packed.ScrambleWrapper.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2F334E02-A066-44C9-AEBC-FF90C7610DDC.data"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\449BDFFA-DB25-430A-8205-673012A45E9C.data"
sh=A162B71CC53FE98776FD6F1336FFFAA201777F18 ft=1 fh=1b5a6455fb2a1ee5 vn="a variant of Win32/InstallCore.BH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\62EBAD83-BA3F-43F2-83BD-C8C5A6BFDFCD.data"
sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\76B77A70-EF26-48C8-917D-74D83152487D.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7A80FC34-CE6E-4F22-AE6F-19A980A44729.data"
sh=63D8A233223061D42538AD5F8A1552A86C0420CA ft=1 fh=0b75d8cb754ba137 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7AE66787-456F-4A94-B27D-78E792A21265.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8C581AF1-E674-4D0A-A756-A4B303F9959B.data"
sh=872918BB02B724FF42CF3239649BBE399F06BB7A ft=1 fh=b94ff4533a0bbc0d vn="a variant of Win32/bProtector.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8E5219FA-D1BE-40FA-AA46-5DC5602A1C30.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\985D6919-C257-410A-9791-43E5A790BF62.data"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A126B32C-DB0A-48AD-BF7E-4C6498B990D6.data"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A7DD3694-FA47-47F5-B4FF-7C31724F8849.data"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A87E1368-3160-4303-9A75-B745C0C14F2A.data"
sh=A162B71CC53FE98776FD6F1336FFFAA201777F18 ft=1 fh=1b5a6455fb2a1ee5 vn="a variant of Win32/InstallCore.BH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D4160BC2-04D9-43AB-AD1D-FC1CD4BC4FF0.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FF70E1E5-34D5-4254-999F-4123FE74DFF3.data"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=16B519EE1642AB71302CF80521A1F2840B1DC142 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe"
sh=56911BA04365C06368461AF8DCADCEFA94E127D6 ft=1 fh=2e9c8e48fae5b893 vn="a variant of Win32/SmartInline.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\AppData\Roaming\ii-download.com\ii-download.com\prerequisites\SmartInline\smartinline.exe"
sh=F66F477B53B39DF2C2C561D4AF1C7C8F87C89046 ft=1 fh=d0f38e5e390c9502 vn="Win32/Toolbar.Montiera.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\AppData\Roaming\Mozilla\Firefox\Profiles\Andrew Stucken\AppData\Roaming\Mozilla\Profiles\433yq68c.Andrew Stukken\extensions\ffxtlbr@delta.com\uninstall.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-Photo_Crop_Editor-ORG-10536710.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-ScreenHunter_Free-ORG-10063246(1).exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-ScreenHunter_Free-ORG-10063246.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi183-Infix_PDF_Editor-ORG-10391701.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi188-ZapGrab-ORG-75329767.exe"
sh=7E3775D2F7676449670C4E0DE78332FFCF54D9A8 ft=1 fh=748eca0038f890e5 vn="Win32/DomaIQ.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\FlashPlayer_V.51453454b.exe.part"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\Shockwave_Installer_Slim(1).exe"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\Shockwave_Installer_Slim.exe"
sh=CC3B0F691E7C2DBF420AA63B42AD5272AE58781E ft=1 fh=0072ff3393d764dd vn="a variant of Win32/OpenInstall potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\WinZip170(1).exe"
sh=CC3B0F691E7C2DBF420AA63B42AD5272AE58781E ft=1 fh=0072ff3393d764dd vn="a variant of Win32/OpenInstall potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\WinZip170(2).exe"
sh=83989CC14765D52D0ED271CE957308EE8D32FAB4 ft=1 fh=931f16acb365e0a6 vn="a variant of Win32/OpenInstall potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\WinZip170.exe"
sh=0E8849B5BEBC329AD29F3BD052B02D0368CD269B ft=1 fh=42c65c8862f6f1e1 vn="Win32/DomaIQ.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Andrew Stucken\Downloads\zipper_V.6685996.exe"
sh=1A43F9C0CF7AA6D4D52C1C6DAB494311246C6F51 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\edf7e1.msi"
sh=44902DFC96A8D337ED3853198B75E42B34899FAB ft=1 fh=29775c310e88ad96 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\MSI1C.tmp"
sh=61B3FDF2953CA49F770A6A209B2EE80893204FFA ft=1 fh=4283fe3a030c4bea vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\MSI7B09.tmp"
sh=E59194FD68C8FD20DD6082F63274E8771AE6A2E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #17 on: May 26, 2015, 09:46:00 AM »
I installed MCShield ad re-attached the external hard drive but i did not run automatically - how do I run it manually?

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #18 on: May 26, 2015, 10:27:24 AM »
If MCShield is installed it will auto-check any connected drive, USB flash drives etc at boot. If you boot up and then connect an ext drive or USB flash drive etc, it should auto check. Those checks are default settings.

The checks are very quick, you should get MCShield report rise next to your clock from the system tray. If that is not happening double click the MCShield icon next to the clock, The GUI (general User Interface) should open. Under "General" select "defaults" ok that. Then under "Scanner" select "defaults" ok that. Close out GUI.

Reboot your system, when stable connect ext HD, MCShield should scan and give report...

If you cannot get MCShield to work do a custom scan with Malwarebytes after your ext HD is connected...

Open Malwarebytes, select "Scan" from upper menu bar. That will open "Select a Scan" options, Choose the middle one "Custom Scan" -->> then select "Configure Scan" in the new window on the left side pane Check mark the four option boxes, also ensure under PUP and PUM have "Treat as Malware" selected.

Then checkmark your drive letter or options of choice under the main pane window, when ready select "Scan Now"

To get the log:

Open Malwarebytes..

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Let me know there are any remaining issues or concerns.

Thanks,

Kevin


Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #19 on: May 27, 2015, 02:30:49 AM »
Hi Kevin


I had t lave the scan running overnight and I think a fresh scan somehow started subsequent to the one 
I did on the E@ drive...therefore I have ignored the first scab log, fated today, and am pasting the second and third in the list - I think the log pasted here is the correct one...


Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 26/05/2015 10:58:39, SYSTEM, ANDREWSTUCKEN, Protection, Malware Protection, Starting,
Protection, 26/05/2015 10:58:39, SYSTEM, ANDREWSTUCKEN, Protection, Malware Protection, Started,
Protection, 26/05/2015 10:58:39, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Starting,
Protection, 26/05/2015 10:58:40, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Started,
Update, 26/05/2015 11:02:31, SYSTEM, ANDREWSTUCKEN, Scheduler, Malware Database, 2015.5.25.5, 2015.5.26.2,
Protection, 26/05/2015 11:02:31, SYSTEM, ANDREWSTUCKEN, Protection, Refresh, Starting,
Protection, 26/05/2015 11:02:31, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Stopping,
Protection, 26/05/2015 11:02:31, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Stopped,
Protection, 26/05/2015 11:02:37, SYSTEM, ANDREWSTUCKEN, Protection, Refresh, Success,
Protection, 26/05/2015 11:02:37, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Starting,
Protection, 26/05/2015 11:02:37, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Started,
Protection, 26/05/2015 13:03:31, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Stopping,
Protection, 26/05/2015 13:03:31, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Stopped,
Protection, 26/05/2015 13:03:31, SYSTEM, ANDREWSTUCKEN, Protection, Malware Protection, Stopping,
Protection, 26/05/2015 13:03:38, SYSTEM, ANDREWSTUCKEN, Protection, Malware Protection, Stopped,
Protection, 26/05/2015 17:46:40, SYSTEM, ANDREWSTUCKEN, Protection, Malware Protection, Starting,
Protection, 26/05/2015 17:46:40, SYSTEM, ANDREWSTUCKEN, Protection, Malware Protection, Started,
Protection, 26/05/2015 17:46:40, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Starting,
Protection, 26/05/2015 17:46:44, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Started,
Update, 26/05/2015 18:00:09, SYSTEM, ANDREWSTUCKEN, Manual, Malware Database, 2015.5.26.2, 2015.5.26.5,
Protection, 26/05/2015 18:00:09, SYSTEM, ANDREWSTUCKEN, Protection, Refresh, Starting,
Protection, 26/05/2015 18:00:09, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Stopping,
Protection, 26/05/2015 18:00:09, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Stopped,
Protection, 26/05/2015 18:00:15, SYSTEM, ANDREWSTUCKEN, Protection, Refresh, Success,
Protection, 26/05/2015 18:00:15, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Starting,
Protection, 26/05/2015 18:00:15, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Started,
Update, 26/05/2015 20:05:04, SYSTEM, ANDREWSTUCKEN, Scheduler, Malware Database, 2015.5.26.5, 2015.5.26.6,
Protection, 26/05/2015 20:05:04, SYSTEM, ANDREWSTUCKEN, Protection, Refresh, Starting,
Protection, 26/05/2015 20:05:04, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Stopping,
Protection, 26/05/2015 20:05:05, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Stopped,
Protection, 26/05/2015 20:05:10, SYSTEM, ANDREWSTUCKEN, Protection, Refresh, Success,
Protection, 26/05/2015 20:05:10, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Starting,
Protection, 26/05/2015 20:05:11, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Started,
Update, 26/05/2015 21:59:22, SYSTEM, ANDREWSTUCKEN, Scheduler, Malware Database, 2015.5.26.6, 2015.5.26.7,
Protection, 26/05/2015 21:59:22, SYSTEM, ANDREWSTUCKEN, Protection, Refresh, Starting,
Protection, 26/05/2015 21:59:22, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Stopping,
Protection, 26/05/2015 21:59:22, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Stopped,
Protection, 26/05/2015 21:59:54, SYSTEM, ANDREWSTUCKEN, Protection, Refresh, Success,
Protection, 26/05/2015 21:59:54, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Starting,
Protection, 26/05/2015 21:59:54, SYSTEM, ANDREWSTUCKEN, Protection, Malicious Website Protection, Started,

(end)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #20 on: May 27, 2015, 08:22:16 AM »
You`ve posted a "Protection" log from Malwarebyes, I wanted to see the most recent "Scan" log...

Also give an updated on any remaining issues or concerns.

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #21 on: May 27, 2015, 08:53:50 AM »
Hi Kevin

My apologies.

Please find the scan log below.

RE: other issues, I am still finding that my Spamfighter software is disabled, although whether this is due to malware is another question. I have been waiting until this process as complete before I contacted their technical support again.

As a rather different issue, my host has just suspended my Wordpress website because of malware infections and have sent me a log o their scan.

However, I am snot sure if this is something to deal with on this forum?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27/05/2015
Scan Time: 08:40:59
Logfile:
Administrator: Yes

Version: 0.00.0.0000
Malware Database: v2015.05.27.01
Rootkit Database: v2015.05.24.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Andrew Stucken

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 531318
Time Elapsed: 23 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #22 on: May 27, 2015, 10:24:49 AM »
Thanks for those logs, run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Re-install the software for your spamfighter, see if that makes any difference.

Regarding your Wordpress website, check with your host and see if that is ok now.....

Let me know if any other remaining issues or concerns....

Thanks,

Kevin...

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #23 on: May 28, 2015, 01:27:13 AM »
Thanks, cleanup performed.

Spamfighter is still not working however.

Re: Wordpress, I would have t first contact iPage to get them to un-suspended the site but i suspect they will insist I upload a clean  copy.

FWIW here is the scan log they sent me:   

/awp-content/plugins/google-analytics-analyze/api.php
/wp-content/plugins/links-in-captions/locale.php
/wp-content/plugins/facebook-like-button/locale.php
/wp-content/plugins/facebook-like-button/inc/rec_fill_new.php
/wp-content/plugins/memory-bump/locale.php
/wp-content/plugins/db-backup/general.php
/wp-content/plugins/tinymce-spellcheck/meta.php
/wp-content/plugins/advanced-settings/general.php
/wp-content/plugins/app-your-wordpress-uppsite/locale.php
/wp-content/themes/expound/functions.php
/wp-content/themes/expound/content-nav.php
/wp-content/themes/expound/fonts/license_indesit.php
/wp-content/themes/mobile_pack_blue/functions.php
/wp-content/themes/mobile_pack_blue/entry-meta.php
/wp-content/themes/mobile_pack_green/functions.php
/wp-content/themes/mobile_pack_green/content-meta.php
/wp-content/themes/mobile_pack_base/functions.php
/wp-content/themes/mobile_pack_base/sidebar-archive.php
/wp-content/themes/mobile_pack_red/functions.php
/wp-content/themes/mobile_pack_red/sidebar-meta.php
/wp-content/themes/twentyfourteen/functions.php
/wp-content/themes/twentyfourteen/content-nav.php
/wp-content/themes/smallbiz/entry-nav.php
/wp-content/themes/smallbiz/functions.php
/wp-content/themes/smallbiz/widgets/nivo-slider/nivo-slider/themes/6e93e8d3_old.php
/wp-content/themes/smallbiz/widgets/picture-widget/tpl/form.html_old.php
/wp-content/themes/smallbiz/widgets/custom-html-widget/css/tinymce_new.php
/wp-content/themes/smallbiz/layouts/mobile/frontpage_ver1.php
/wp-content/themes/BlueBubble/content-meta.php
/wp-content/themes/BlueBubble/functions.php
/wp-content/themes/BlueBubble/includes/help/en/__MACOSX/assets/images/._htmlstructure_noversion.php
/wp-content/themes/BlueBubble/includes/help/portfolio/Armar-Portafolio-ES_indesit.php
/wp-admin/ms-locale.php
/wp-admin/user-edit_infoold.php
/wp-admin/js/edit-comments_old.php
/wp-admin/includes/class-wp-meta.php
/wp-admin/includes/class-wp-theme-install-list-table_prevv1.php
/wp-admin/css/colors/_mixins_bck_old.php
/wp-admin/css/colors/light/colors-rtl_infoold.php
/wp-admin/css/colors/midnight/colors-rtl.min_prevv1.php
/wp-admin/css/colors/sunrise/colors.min_prevv1.php
/wp-admin/css/colors/blue/colors_indesit.php
/wp-admin/css/colors/coffee/colors-rtl_backup.php
/wp-admin/images/media-button-image_indesit.php
/wp-includes/post-meta.php
/wp-includes/fonts/dashicons_old.php
/wp-includes/js/tinymce/plugins/colorpicker/plugin.min_bck_old.php
/wp-includes/js/tinymce/plugins/compat3x/plugin.min_backup.php
/wp-includes/js/tinymce/plugins/paste/plugin_old.php
/wp-includes/js/tinymce/plugins/wpdialogs/plugin.min_bck_old.php
/wp-includes/js/tinymce/plugins/fullscreen/plugin_infoold.php
/wp-includes/js/tinymce/themes/bcb545c0_new.php
/wp-includes/js/mediaelement/wp-mediaelement_prevv1.php
/wp-includes/SimplePie/HTTP/Parser_indesit.php
/wp-includes/SimplePie/Cache/DB_old.php
/wp-includes/theme-compat/rss-meta.php


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #24 on: May 28, 2015, 02:32:59 AM »
The recent scans we`ve run do not show anything obviously wrong with your system regarding Malware or Infection etc.

The log you post, what is that telling you, is it supposed to show something is wrong?

Regarding SpamFighter, not a program i`m familiar with. What exactly happens when you try to use it... I guess you`ve uninstalled and reistalled?

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #25 on: May 28, 2015, 02:49:48 AM »
Hi Kevin

Thanks for the all-clear on the malware.

Yes, I have uniinstalled and re-installed Spamfghter and have now contacted their technical support.

The Wordpress log is supposedly a log of a scan they performed demonstrating a malware infection.

They now want to sell me an expensive security product to remove the "infection".

I am not sure what i can do if they as suspended the site.

How could I scan for malware on Wordpress?

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #26 on: May 28, 2015, 03:53:34 AM »
I guess its not unusual for such websites to try and get some extra cash from you. Have a look at the following links, see if they help. I`m not experienced in website security, only PC`s

http://www.wpbeginner.com/plugins/how-to-scan-your-wordpress-site-for-potentially-malicious-code/

http://www.optimizesmart.com/malware-removal-checklist-for-wordpress-diy-security-guide/

The log that wordpress uploaded to you does not look sinistr to me, maybe worthwhile asking directly what is wrong. Also explain that you`ve had your PC professionally cleaned at SpywareHammer, maybe give a link to your thread for there perusal....

Kevin

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #27 on: May 28, 2015, 03:17:23 PM »
Hi Kevin

Good idea - and I would like to thank you for all your help.

Xhalkey

 

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #28 on: May 28, 2015, 03:27:41 PM »
You`re very welcome, it was a pleasure to work with you. What is the status now are we ok to close or do you need more help?

Thank you,

Kevin...

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #29 on: May 29, 2015, 02:31:00 AM »
Hi Kevin

It would be useful, in case I do show this thread to Spamfighter or iPage, if you could confirm, at least from looking at the logs I have supplied, that my machine has had a thorough clean up of malware infection?

Chalkey

 

Click Here