Solved Browser loading spam webpages on its own

[delobe]

So, I leave my computer without any browser pages open, and I return to find a page open with a spam/product website open. One website was trying to download/upgrade adobe flash, but it was obviously fake.

So why is my computer opening fake websites on its own? I haven't caught it in the act, yet.

This is obviously some virus of some sort. But I cannot find it with scans.

Thank you for any help with this.

BTW it is not constantly opening pages, but it always happens when I am away/ not looking da**it.

 

[Tookeri]

Try scan with Malwarebytes | Free Anti-Malware Detection & Removal Software

It may be caused by a PUP - Potentially Unwanted Program. Antivirus don't detect these but Malwarebytes Anti-malware does.

 

[Gator]

Hi delobe, can you try running AdwCleaner

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

1. Right-click on AdwCleaner.exe and select Run as administrator.
2. Click Scan and let the scan run.
3. When it finishes, click Clean, following the on screen prompts
4. After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

 

[delobe]

Hi delobe, can you try running AdwCleaner

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

1. Right-click on AdwCleaner.exe and select Run as administrator.
2. Click Scan and let the scan run.
3. When it finishes, click Clean, following the on screen prompts
4. After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Hi, I have used your method and a few things were found like Babylon, spigot,

here is the log,

I will update if the problem is solved.

Thanks

# AdwCleaner v3.308 - Report created 30/08/2014 at 17:20:02
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : delobe - DELOBE-PC
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\delobe\AppData\Roaming\DigitalSites
***** [ Scheduled Tasks ] *****
Task Deleted : Digital Sites
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239

-\\ Google Chrome v36.0.1985.143
[ File : C:\Users\delobe\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Homepage] : hxxps://uk.search.yahoo.com/?type=888596&fr=spigot-yhp-ch
*************************
AdwCleaner[R0].txt - [2024 octets] - [30/08/2014 17:18:28]
AdwCleaner[S0].txt - [1885 octets] - [30/08/2014 17:20:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1945 octets] ##########

 

[Gator]

Hi, looks like Adw picked up a couple search hijacks which may mean more is underneath.

The following guides may have similar tasks so if you completed a task in one or before reading this guide, you can go ahead and skip it.
Babylon removal
Remove Babylon Search hijack (Uninstall Guide)
Spigot removal
Remove SearchSettings.exe by Spigot (Virus Removal Guide)

Please post any logs after running a scan so we can review them.

 

[andrew129260]

Some good progress has been made, but lets dig deeper.


1.) Download herdprotect: (choose the portable version)

Download herdProtect - Free Anti-Malware Platform

2.) Run the scan.

3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

DO NOT REMOVE ANYTHING YET. I will advise if anything needs removed when I receive the log.

Attached Images

 

[delobe]

2nd scan - malwarebytes

Malwarebytes has now given a clean scan:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 30/08/2014
Scan Time: 19:31:50
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.30.06
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: delobe
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370363
Time Elapsed: 3 min, 38 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

 

[delobe]

Hitman scan clean

HitmanPro 3.7.9.224
[URL="http://www.hitmanpro.com"]www.hitmanpro.com[/URL]
   Computer name . . . . : DELOBE-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : delobe-PC\delobe
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-08-30 19:43:06
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 53s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2
   Objects scanned . . . : 1,853,675
   Files scanned . . . . : 46,384
   Remnants scanned  . . : 592,343 files / 1,214,948 keys
Cookies _____________________________________________________________________
   C:\Users\delobe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\delobe\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com

 

[delobe]

herdprotect

Hi, so the final scan (or partial scan to give it credit) was done by herdprotect. Here are the results. Unfortunately it seems to have picked up quite a few files that I believe are harmless, such as game .exe's and other files and programs I recognise. Thanks. So it looked like the first ad cleaner has probably solved this.
Saved date: 30/08/2014 21:22:35
Files detected: 71
Files scanned: 10,386
Processes scanned: 100
Modules scanned: 856
ASEPs scanned: 428
Downloads scanned: 0
Deep analysis: 581/342
---------------------------------------------------------------------------------
Files
---------------------------------------------------------------------------------
File path: c:\gaming mouse\gaming 3.exe
Publisher:
MD5: 2a8995f3ab6964e941c641ab5e7d454e
SHA-1: 39dd17834174a32539c76149295bd9a5a46d1d9b
Created: 26/08/2009 04:51:08
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
---------------------------------------------------------------------------------
File path: c:\windows\syswow64\c2mp\traymenu.exe
Publisher:
Signer: Cole Williams
MD5: 6973ea0307cbee6a51ec2c8b3f726874
SHA-1: 88c0e24c4843505b9261bd661f6aed69d9f0ed98
Created: 24/02/2013 20:04:04
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.ColeWilliams.I (Adware)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\stardock\fences\fences.exe
Publisher: Stardock Corporation
Signer: Stardock Corporation
MD5: ec1959d9e06d31f72640883f471233bf
SHA-1: 368bcb9694d923f817170b3805d96321b4c66b18
Created: 22/05/2014 13:57:41
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GEN.F47V0820 (Undefined)
---------------------------------------------------------------------------------
File path: c:\windows\updreg.exe
Publisher: Creative Technology Ltd.
MD5: c419df63e0121d72411285780c2fc6cc
SHA-1: 1b9682064bc79c310c7b253d0cef2f4fa440a80d
Created: 11/07/2013 16:10:14
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.Startup.CreativeTechnology.G
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\axvlc.dll
Publisher: VideoLAN
MD5: 2b12698ed5dd2ea144666b3d23c8140f
SHA-1: 533385cb084852cb17853746a5a1046baaa49686
Created: 28/02/2014 10:47:34
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Trojan.JS.Redirector.MX (Undefined)
---------------------------------------------------------------------------------
File path: c:\users\delobe\appdata\local\temp\quarantine.exe
Publisher:
MD5: e481cc9de3d806ed7e7dfc68507a41cf
SHA-1: 1542f2ce0adc3ef27a981c0509a2ecc5c29c8e36
Created: 06/08/2014 16:48:25
Detections: 2
Determination: Ignore detections (false positive)
- CMC Antivirus as Trojan.Win32.Generic!O (Undefined)
- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)
---------------------------------------------------------------------------------
File path: c:\windows\syswow64\dischandler.exe
Publisher:
Signer: Cole Williams
MD5: ad6bb9bd64fcdb13fbe6aa105d92a55c
SHA-1: 92b2fdba9279e0a31cdbb7238d2bff207638b190
Created: 24/02/2013 21:14:24
Detections: 2
Determination: Inconclusive
- Reason Heuristics as PUP.ColeWilliams.L (Adware)
- SUPERAntiSpyware as Trojan.Agent/Gen-Tracur (Undefined)
---------------------------------------------------------------------------------
File path: c:\windows\syswow64\mkv2vfr.exe
Publisher:
MD5: 522c51bb6ac679bfdc3d0deeb4be7268
SHA-1: d7e6dd58a7a51a3281537dbdd7f05d1d45fd165d
Created: 08/09/2011 15:00:10
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Trojan.Heur.Lq0@uSR9FBn (Undefined)
---------------------------------------------------------------------------------
File path: c:\users\delobe\appdata\roaming\gamemaker-studio\5piceide.exe
Publisher: YoYo Games Ltd
Signer: YoYo Games Ltd.
MD5: a2ca19e665e4e3c2840513ba3526e12f
SHA-1: 5491be0b5ae8f7ec28b364fc0d9c8b1290ac0e2a
Created: 22/02/2014 13:04:46
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Trojan/Scar.aqot (Undefined)
---------------------------------------------------------------------------------
File path: c:\users\delobe\appdata\roaming\gamemaker-studio\ffmpeg.exe
Publisher:
MD5: ac16924bd1e9cb44860fb840938d0b5c
SHA-1: 6c3b1329a9ad70fb05d32e62a4bfbb13c2799b42
Created: 22/02/2014 13:04:50
Detections: 1
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.Malware.Generic.a.(kcloud) (Undefined)
---------------------------------------------------------------------------------
File path: c:\users\delobe\appdata\roaming\gamemaker-studio\windows8\native\arm\winmetrorunner.exe
Publisher:
MD5: 86d4020b072a640f157abc1903ad966d
SHA-1: fdbcf291c89b1c1862a0f7e7e94fe5a009df9163
Created: 22/02/2014 13:04:55
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-DTR.K
---------------------------------------------------------------------------------
File path: c:\users\delobe\appdata\roaming\gamemaker-studio\makensis\contrib\uis\modern.exe
Publisher:
MD5: 2454c9f16190dc9600acfd19ebc28523
SHA-1: d21035886f03136da923036a7614ec088e1b0a01
Created: 22/02/2014 13:04:53
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
---------------------------------------------------------------------------------
File path: c:\users\delobe\appdata\roaming\gamemaker-studio\makensis\contrib\uis\modern_headerbmp.exe
Publisher:
MD5: 4e7a7cccf1f2a93bf3084ca02ceb7ef6
SHA-1: b0142d920a421d8d7ef8468b6079ef99f3c6003a
Created: 22/02/2014 13:04:53
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
---------------------------------------------------------------------------------
File path: c:\program files\vs revo group\revo uninstaller pro\unins000.exe
Publisher:
MD5: 34f60bd0324e34fc392a6dd7100da2c3
SHA-1: 452143640494f34ea38d0205ac2eb3bdcafbe809
Created: 15/04/2014 23:33:02
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Worm/Win32.WhiteIce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\uninstall.exe
Publisher:
MD5: afb50b144bff686db8545d5d629a2eb4
SHA-1: b68fdc54286b14807f14c365e5325ebccb2d350c
Created: 26/10/2013 13:18:19
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\greenshot\unins000.exe
Publisher:
MD5: e3f6ab8f5c5b262949795fab1bcc348d
SHA-1: 8120368d021ef880aebc2b72e5c3d50d25fbf02a
Created: 09/05/2014 20:25:47
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\gimp 2\uninst\unins000.exe
Publisher:
Signer: Open Source Developer,Jernej Simončič
MD5: dcae21a3b9ed59ef050abd39daa50ab6
SHA-1: 022deab1a546dd83490d7501759469174ae7534e
Created: 27/10/2013 15:21:43
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\gimp 2\32\bin\gspawn-win32-helper-console.exe
Publisher:
MD5: 9d384d7961c7dfa4ef7b72e27c4311d1
SHA-1: 2e519a01b668e10349402ac1b27120738d00d050
Created: 27/10/2013 15:21:46
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\gimp 2\32\bin\gspawn-win32-helper.exe
Publisher:
MD5: 8077c14cc3f7517d6851247116d7516f
SHA-1: 5b0bc63c60a6598f833403d455f277fc6a4a197f
Created: 27/10/2013 15:21:46
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\common files\autodesk shared\directconnect2015 (64-bit)\java\jre1.6.0_03\bin\java-rmi.exe
Publisher: Sun Microsystems, Inc.
MD5: f4ee0e9a3c8963528c8db929078e44ef
SHA-1: 67845507b439cf69caddafb7e0619dd4bb1dc786
Created: 16/07/2012 09:11:17
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Agent.tcq (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\common files\autodesk shared\directconnect2014 (64-bit)\setup_dc\setup\setup\senddmp.exe
Publisher: Autodesk, Inc.
Signer: Autodesk, Inc.
MD5: a247de4972def7b451aedb2b4ca8ca86
SHA-1: 84d7e64c0454223cd6b15ffd66fa209a5efd6b16
Created: 26/09/2011 21:58:50
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\common files\autodesk shared\directconnect2014 (64-bit)\java\jre1.6.0_03\bin\java-rmi.exe
Publisher: Sun Microsystems, Inc.
MD5: f4ee0e9a3c8963528c8db929078e44ef
SHA-1: 67845507b439cf69caddafb7e0619dd4bb1dc786
Created: 16/07/2012 09:11:17
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Agent.tcq (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autohotkey\au3_spy.exe
Publisher: DaloozaSoft
MD5: 71e128e297a3817f8396a5b862c1ea01
SHA-1: 83eb0b50548f8d89c1c97c6767f66b0cdc584d9c
Created: 16/04/2014 19:42:53
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\composite2014\wiretap\bin\wiretap_client_tool.exe
Publisher:
MD5: bfc6f35bdb6f410b98dac2629ee51b8c
SHA-1: b659ed96c264881cf497aeedc7b029a32cee8d4f
Created: 28/02/2013 14:39:52
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Runouce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\composite2014\wiretap\bin\wiretap_create_node.exe
Publisher:
MD5: 6b70108907a808ceb6cb29f5c66226cc
SHA-1: 239ec77091fba5103da0a931d206fbfd4d713ef3
Created: 28/02/2013 14:39:52
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Runouce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\composite2014\wiretap\bin\wiretap_destroy_node.exe
Publisher:
MD5: 72ac7a77eae06f59cb9fc616a52efa9d
SHA-1: 25745296f4769301bc679ba128237493577a401a
Created: 28/02/2013 14:39:52
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Runouce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\composite2014\wiretap\bin\wiretap_dump_translations.exe
Publisher:
MD5: f5b327dc35150b58c57dc6728eab96ca
SHA-1: 37b4e19501335ee9efe26306d418c6e24be11f69
Created: 28/02/2013 14:39:52
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Runouce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\composite2014\wiretap\bin\wiretap_get_metadata.exe
Publisher:
MD5: ae3653c7875220b91b04f32813825780
SHA-1: f671738532f7f2a1d84b8cc28b9eb6f7d43214aa
Created: 28/02/2013 14:39:52
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Runouce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\composite2014\wiretap\bin\wiretap_get_node_type.exe
Publisher:
MD5: ff7beff5b1faf90a56dab2728c3190ef
SHA-1: 1a4b14fdd20fe998a4c21b5be2d624d8e70b4fd1
Created: 28/02/2013 14:39:52
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Runouce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\composite2014\wiretap\bin\wiretap_resolve_path.exe
Publisher:
MD5: dde57afd637122e7660efda5de01625d
SHA-1: 731ce57d83bfae5e76b7945567d3b6607915ec64
Created: 28/02/2013 14:39:52
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Runouce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\composite2014\wiretap\bin\wiretap_server_dump.exe
Publisher:
MD5: c553fdeb7795242b3a8c9a14d36caeb5
SHA-1: cb49abb4e230a1ad7c52f16edbfb03db012fae10
Created: 28/02/2013 14:39:52
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Runouce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\composite2014\wiretap\bin\wiretap_set_metadata.exe
Publisher:
MD5: ba09ac7621b69855b21747105aa5a039
SHA-1: 8789570588aa2bf132211ff0ac22ef28ae81d7ca
Created: 28/02/2013 14:39:54
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Runouce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\composite2014\wiretap\bin\wiretap_translate_path.exe
Publisher:
MD5: 71dfcc91d50f7fa9ac88bfd238ec04da
SHA-1: 8348db091618a7fffc515de777fe4061d7c84c04
Created: 28/02/2013 14:39:54
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Runouce (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\3ds max design 2014\processharness.exe
Publisher: Autodesk Inc.
MD5: 1701f5875783c5e9e12eeb17516aef53
SHA-1: 25d18f460f37e72b48f9aafb442af072a292f8aa
Created: 21/07/2012 09:36:50
Detections: 3
Determination: Inconclusive
- Trend Micro House Call as TROJ_GEN.F47V0211 (Undefined)
- Antiy Labs AVL as Trojan[:HEUR]/Win32.AGeneric (Undefined)
- Kingsoft AntiVirus as Win32.Troj.Undef.(kcloud) (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\3ds max design 2014\senddmp.exe
Publisher: Autodesk, Inc.
Signer: Autodesk, Inc.
MD5: a247de4972def7b451aedb2b4ca8ca86
SHA-1: 84d7e64c0454223cd6b15ffd66fa209a5efd6b16
Created: 26/09/2011 21:58:50
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\3ds max design 2014\sketchupreader.exe
Publisher:
MD5: 0e05099f2f9e6b898db5c8405aa01d14
SHA-1: 980667da76e6cef1e0fce24f95a6e3a893db3f4f
Created: 09/11/2011 21:32:26
Detections: 1
Determination: Inconclusive
- Malwarebytes as Backdoor.Bot (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\3ds max design 2014\setup\setup\senddmp.exe
Publisher: Autodesk, Inc.
Signer: Autodesk, Inc.
MD5: a247de4972def7b451aedb2b4ca8ca86
SHA-1: 84d7e64c0454223cd6b15ffd66fa209a5efd6b16
Created: 26/09/2011 21:58:50
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\plugins\video_output\libcaca_plugin.dll
Publisher:
MD5: 14291d1aa9d232259b555896207dc6c6
SHA-1: 6cf1cd77c94df162e41207d3f931884816227832
Created: 28/02/2014 10:48:08
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.Graftor.126730 (Adware)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\plugins\video_filter\libgaussianblur_plugin.dll
Publisher:
MD5: b64c2fcc4d4daafb9c23fc8bba32bfc7
SHA-1: 57b0c692604748ba5656f86666ce00691c4a1e6c
Created: 28/02/2014 10:48:08
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.Graftor.126730 (Adware)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\plugins\stream_out\libstream_out_setid_plugin.dll
Publisher:
MD5: 8d6b0e356ea0eddfbcb9d20c9388e85e
SHA-1: 0121168745591bae84a93510d1bbc8f8090efc92
Created: 28/02/2014 10:48:08
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.Graftor.120011 (Adware)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\plugins\stream_filter\libsmooth_plugin.dll
Publisher:
MD5: 4b3fca98e9fe3366e601aaf536d0fc5c
SHA-1: f486f8c9cc32c33ad6424d08fb90e9693a8c114f
Created: 28/02/2014 10:48:06
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Graftor.88842 (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\plugins\sse2\libi422_yuy2_sse2_plugin.dll
Publisher:
MD5: 76edb7effb54f21ed0bd07456b558d78
SHA-1: dcd664a47402bc345aaea42555190bd6ff40a4be
Created: 28/02/2014 10:47:42
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Trojan.VIZ.Gen (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
Publisher:
MD5: 787230c09a905e317214aa0310733259
SHA-1: 34a0fd5a5c7cdfefba504c525704b341b461cfa9
Created: 28/02/2014 10:48:10
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.Graftor.120011 (Adware)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\plugins\mux\libmux_wav_plugin.dll
Publisher:
MD5: 2c7018cf7e5ce4daa99f48131f16bc96
SHA-1: d847c2b16128c96bd283f21d3154d9840f8910ef
Created: 28/02/2014 10:47:40
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Adware.BHO.WVI (Adware)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\plugins\demux\libmpgv_plugin.dll
Publisher:
MD5: dbf88d706814ac1cd241db03f8888a87
SHA-1: 09f7a4da6bf14461d36478d66e943212bc80ddc4
Created: 28/02/2014 10:47:58
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.Graftor.126730 (Adware)
---------------------------------------------------------------------------------

 

[delobe]

File path: c:\program files\videolan\vlc\plugins\demux\libsmf_plugin.dll
Publisher:
MD5: 10d12ca5b73abd21f83f5cedd964667a
SHA-1: 10913c46c673949aa46e874ce43eec854f6824ce
Created: 28/02/2014 10:47:58
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as Troj.W32.Monder (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\plugins\demux\libvoc_plugin.dll
Publisher:
MD5: d9e53665e889d6f16527f0dd68aed304
SHA-1: 95a07569d87a5418559bc24c4bdc97bd5a185b77
Created: 28/02/2014 10:48:00
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.Graftor.126730 (Adware)
---------------------------------------------------------------------------------
File path: c:\program files\videolan\vlc\plugins\codec\liba52_plugin.dll
Publisher:
MD5: fa169405099b6b0c569b9de742b6fe1e
SHA-1: f9bd807c3fbc1bfb82fd67151454210374e04352
Created: 28/02/2014 10:47:46
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Adware.Graftor.126730 (Adware)
---------------------------------------------------------------------------------
File path: c:\program files\smarttechnology\software\controllers\25a4f72c_5a88_4168_809a_55bf002dc6b1.dll
Publisher: Saitek
MD5: d8c9e6306714ff282d8bce7d251450a9
SHA-1: 2880c544d9ff8bdac07847ed83026317f2390174
Created: 16/04/2013 17:36:22
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Win32.ExplorerHijack.IC4@aifXKQfO (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\smarttechnology\software\controllers\771bc0c8_ed85_46e1_9413_8aaabaa85d3e.dll
Publisher: Saitek
MD5: 540d5a9dc10219e49c741c506351ff96
SHA-1: 456753feb39709487c66c645ff4f872b32fb93a8
Created: 16/04/2013 17:36:52
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\side effects software\houdini 13.0.401\mozilla\mfc71.dll
Publisher: Microsoft Corporation
MD5: f35a584e947a5b401feb0fe01db4a0d7
SHA-1: 664dc99e78261a43d876311931694b6ef87cc8b9
Created: 02/05/2014 05:53:16
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Clod867.Trojan (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\side effects software\houdini 13.0.401\mozilla\components\gkwidget.dll
Publisher:
MD5: 10e3d1e3910417519616362cddd1e76d
SHA-1: d23c066dfb61d374f4327f1416e64860b4d026ec
Created: 02/05/2014 05:53:02
Detections: 1
Determination: Ignore detections (false positive)
- Prevx as Heuristic: Suspicious Self Modifying File (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\gimp 2\lib\gimp\2.0\modules\libcolor-selector-wheel.dll
Publisher:
Signer: Jernej Simoncic
MD5: 1353c2d5e64faf8362452994d2c969f5
SHA-1: 0b4208d5f7e96c0daf00350eb5ae7f8d8fc240ac
Created: 27/10/2013 15:21:49
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K
---------------------------------------------------------------------------------
File path: c:\program files\gimp 2\lib\gegl-0.2\color-temperature.dll
Publisher:
MD5: 72b145214a2a47f8cd4127326c42ff6a
SHA-1: e4a86ec1f600396219ecbac17c894dbc2868134e
Created: 27/10/2013 15:21:51
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K
---------------------------------------------------------------------------------
File path: c:\program files\gimp 2\bin\libhunspell-1.3-0.dll
Publisher:
MD5: 18146503fff13108dae46125ef3f983b
SHA-1: 652b2dbdfa6c2c16cadda4cdc303eee741b46d30
Created: 27/10/2013 15:21:50
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Trojan.Malware.Obscu.Gen.009 (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\gimp 2\32\bin\libcairo-2.dll
Publisher:
MD5: cac1d2e933190e6bb37830442b39413b
SHA-1: 23edea367d05fcba4b4fac1d202ce548efacdddd
Created: 27/10/2013 15:21:46
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\gimp 2\32\bin\libgcc_s_sjlj-1.dll
Publisher:
MD5: de8ce6565e02de0ffa2be1e75297d79c
SHA-1: 9965db491ab8a093f605d5950f000b3df5bf4df8
Created: 27/10/2013 15:21:47
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.TsCabk (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\daum\potplayer\atextout64.dll
Publisher: gdipp Project
MD5: 0bdcfc02a5ef74c44a7fdfffa54ff380
SHA-1: 09080ec15b06e7c7945b298e2319e112c7b40fcf
Created: 14/05/2013 07:37:48
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GEN.F47V0820 (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\3ds max design 2014\stdplugs\shineexp\libjpeg.dll
Publisher:
MD5: cfa95100c44ff7611467604c031b53cd
SHA-1: faa4b365d5de17015859338513eca2621a48f8ed
Created: 15/09/2011 04:28:30
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files\autodesk\3ds max design 2014\stdplugs\(massfx)\physx_2.8.5\physx4dcc_physxupdateloader64.dll
Publisher:
MD5: 02bbda9e4e03c7a388cc2cbb73562781
SHA-1: 7bad0278e3de7186e5f4883f5a1c6f45baef9c20
Created: 31/01/2012 04:38:58
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Adware.SMSHoax (Adware)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\stardock\windowblinds\deelevate.exe
Publisher: Stardock Corporation
Signer: Stardock Corporation
MD5: 629b6671ced1f1992d0f331b0dc97862
SHA-1: d4f166395f6a90d486aeba3014f1d36fd6580353
Created: 10/03/2014 14:51:50
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1
---------------------------------------------------------------------------------
File path: c:\program files (x86)\stardock\windowblinds\uninstall.exe
Publisher: Indigo Rose Corporation
Signer: Stardock Corporation
MD5: 2a7d606d10a2d01a00fa96b630496d07
SHA-1: 26f754d1c5474ad1e27fe831700025b3fe2a4aa0
Created: 28/08/2014 17:22:35
Detections: 6
Determination: Adware
- avast! as Win32:Mindspark-A [PUP] (Adware)
- VIPRE Antivirus as MyWebSearch.J (Adware)
- Kingsoft AntiVirus as Win32.Troj.Undef.(kcloud) (Undefined)
- AVG as Zango (Undefined)
- Trend Micro House Call as TROJ_GEN.F47V1001 (Undefined)
- Bkav FE as HW32.CDB (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\stardock\iconpackager\uninstall.exe
Publisher: Indigo Rose Corporation
Signer: Stardock Corporation
MD5: 2bbc6e779f1a735e6d8bc677bcc1381f
SHA-1: ec382783e4f5040aca649cf1feb632b646b2523f
Created: 27/08/2014 23:53:14
Detections: 6
Determination: Adware
- avast! as Win32:Mindspark-A [PUP] (Adware)
- VIPRE Antivirus as MyWebSearch.J (Adware)
- Kingsoft AntiVirus as Win32.Troj.Undef.(kcloud) (Undefined)
- AVG as Zango (Undefined)
- Trend Micro House Call as TROJ_GEN.F47V1001 (Undefined)
- Bkav FE as HW32.CDB (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\elaborate bytes\virtualclonedrive\devcon.exe
Publisher: Windows (R) Codename Longhorn DDK provider
MD5: 199d1bc0981bd26099e0870057164bbb
SHA-1: 0e731f61fd6b37855459f575c86225b8e0c507fd
Created: 09/11/2008 15:55:53
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Cloddd7.Trojan (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\elaborate bytes\virtualclonedrive\vcd-uninst.exe
Publisher:
MD5: a875b95baecce25525234afd7f34e754
SHA-1: 231bea9eb0553584ba2072378c1c36cd2706aa4a
Created: 26/07/2013 18:20:14
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\common files\eainstaller\crysis 3\cleanup.exe
Publisher: Electronic Arts, Inc.
Signer: Electronic Arts
MD5: 39142adebe099e58a5e6eb541084228a
SHA-1: f3f7ecf10573b631f8e7bd053eb25bef86acfdbb
Created: 04/12/2013 17:03:09
Detections: 1
Determination: Ignore detections (false positive)
- NANO AntiVirus as Trojan.Win32.Click.cqoalk (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\blades of exile\blades of exile character editor.exe
Publisher:
MD5: a1e8c8920f721420c76feefffe012f6d
SHA-1: 92aefcabf2ec867858b2a7b991a7afa9b0e4a718
Created: 25/02/2012 04:24:08
Detections: 3
Determination: Inconclusive
- Quick Heal as (Suspicious) - DNAScan
- Dr.Web as Trojan.Packed (Undefined)
- Vba32 AntiVirus as BScope.Trojan.MTA.0230 (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\blades of exile\blades of exile scenario editor.exe
Publisher:
MD5: 3e1c7caf605d9eccfe576076f18cb18a
SHA-1: 4c7fabc7b4d96a2bb135503dfc599a517773f5d6
Created: 25/02/2012 04:24:08
Detections: 3
Determination: Inconclusive
- Quick Heal as (Suspicious) - DNAScan
- Vba32 AntiVirus as BScope.Trojan.MTA.0230 (Undefined)
- IKARUS anti.virus as Backdoor.Win32.Swrort (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\blades of exile\blades of exile.exe
Publisher:
MD5: 141b20712efd6132ea284cc722062735
SHA-1: 2cdc5783d4dc5fcae504a70d98cfe2837e540be7
Created: 25/02/2012 04:24:08
Detections: 2
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious-BAY.K
- IKARUS anti.virus as Backdoor.Win32.Swrort (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\origin\mediaservice\wmfengine.dll
Publisher:
MD5: 5c29e76d4a33d4a4725176adedf7cbec
SHA-1: e1261bf35895d4dc022dfe8a0d02791c1da32c7e
Created: 10/05/2014 13:33:13
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Trojan.Agent.JS.T (Undefined)
---------------------------------------------------------------------------------
File path: c:\program files (x86)\origin\imageformats\qgif.dll
Publisher:
MD5: ef4cdfe341294a971b3cfb4753ebcdaa
SHA-1: e3b855db8288deb9c9691599c0f0c9fd2f7a7296
Created: 10/05/2014 13:33:05
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Win32.Runouce.B@mm (Undefined)

 

[delobe]

I have a feeling herdprotect has just brought up a lot of false positives. But I shall scan again as it requires in an hour and 15

 

[andrew129260]

Herdprotect is an advanced tool like hijack this was. It is not meant to delete everything like I stated, so many things it finds are not threats.

I will wait for the final log, and to make it easier please attach it-not copy paste it into the thread.

 

[delobe]

herdprotect 2nd scan

Revealed the uninstall files for my stardock programs to be removed. But I think this is also a false positive.

But thanks.

scan save file attached.

After a week with no further problems I shall mark this thread as solved.

 

[andrew129260]

Log looks fine.

 

[delobe]

Log looks fine.

Thanks!

 

[andrew129260]

I know this is a very long wall of text, But following the below will greatly reduce your chances of becoming infected again.

I advise you to install and use the following Free security programs/solutions so you do not get infected again:

-Panda antivirus -You can only have 1 antivirus installed at a time, I recommend using this one and uninstalling what you are using now.

-Malwarebytes

-Superantispyware

-Unchecky

-Should I remove it

-Web of Trust

-Set up open dns

Run the first 3 listed and scan around once every 2 weeks. (Panda updates automatically, others you need to pay for that feature.) Make sure you update them before scanning. Unfortunately no program out there is a silver bullet-there is no one program to protect you entirely. So due to this, it is necessary to have a couple of products to help keep you safe on all fronts.

Panda Cloud Antivirus: Panda cloud AV is a great free program that uses the cloud (the internet) to scan your pc for threats. This antivirus works very well at detecting the newest threats, as well as some unknown ones that have not yet been discovered. For information on how to use it, the manual is located here.


Malwarebytes: This is a great program to use to scan your pc for malware that your antivirus might possibly miss or not look for. A guide on how to use it can be found here.

Superantispyware: This is a great second opinion scanner which will scan for spyware and other types of PUPS. (Potentially unwanted programs.)

Unchecky: is a program that aims to keep unwanted programs from entering your pc when installing a new program. Most programs give you the option of express install or custom install. When you do a regular install of most applications, they add toolbars and other unwanted items to your pc. If you choose the custom option however, you can avoid most of these unwanted programs by unchecking them and then clicking next. This program does this for you automatically. It removes the checkmarks so that when you click next and next your way through the install proccess, you do not get a bunch of junk on your system. Keep in mind though, this is how most people get unwanted spyware etc on there pc. When installing any new program, google it and see if it has good reviews. Then during the install don't just click next and rush through it. Take your time to read what is in front of you, and uncheck anything you do not want.

The best part about unchecky is it's a install and forget. It updates automatically. And works to prevent unnecessary programs from sneaking in during software installs.


Should I remove it: This is not a malware scanner. What it does is it looks at all of the installed programs on your PC and gives you a percentage % of how many people uninstall the software. If the percentage % is high, I would remove it as it is most likely not a good program. It also gives a ton of information about what the program does and how it behaves.

WOT: (web of trust) is a very helpful browser addon that works with all web browsers and helps you to avoid nasty sites that have been known to host malware and the like. It uses a rating system by users as well as there own internal site investigations to place websites into categories and mark whether or not they are safe. It is a good tool to help you avoid clicking on a bad link in the first place.

Open DNS: is a service that helps you block known malware sites before they even reach your PC entirely. It also can be configured to block adult sites, and filter out other web sites based on categories. All for free. Not only does it protect your computers, but other devices as well.

For more information, see here:

https://support.opendns.com/entries/26514730-Web-Content-Filtering-and-Security

If it looks to advanced for you, it actually isn't very hard to set up. See the very first link above (set up open dns) which will take you to the setup page. You do not need to create an account if you wish not to. There is a link in the bottom right hand corner to avoid making an account if you do not want it. They have directions on how to apply it to your computer, or your router so that every device on your network can be protected.


Making windows security better for you and anyone using your PC:

Use the help and support which is found in your start menu for easy answer to questions and common tasks. The browse help (the blue book in the help an support window) will allow you to browse all the help documents Microsoft has available for the versions of windows you are using. Questions like how to uninstall a program, burn a cd can all be found there.

Keep windows up to date by using windows update and checking for updates frequently, or let Microsoft automatically update your pc which is the default setting.

Make sure your software that you use is up to date. This prevents security issues in the first place.

Adobe flash is a common one that should always be updated. You can download the newest version here. When any software prompts to update, and you recognize the name of the software-Do so. Software updates are important, and should be done regularly. Most programs checks for updates automatically.

Uninstall unwanted/un-needed programs.

Make a habit every now and then and go into control panel-uninstall a program. This lists all the software installed on your PC. If you see any software you do not use or need, uninstall it. If the software has your PC manufacturer mentioned in it, you can leave it alone.


I also suggest using a standard user account in windows, and only using an admin account when you need to install software. If you have family members sharing your pc, create standard user accounts for them. See this link below on how to do so:

http://www.sevenforums.com/tutorials/181024-user-account-create.html


Why use a standard user account instead of an administrator account?

When using a standard account and you make a change or install a program that affects the whole system, UAC will prompt you to continue. Make sure the setting or program you are tying to install is listed, then click yes to continue. If you are just browsing the web and the prompt appears with a program you have not heard of, or do not know what it is, it is much safer to click no then yes. No will block the action, and if you were trying to do something, you can always start it again and choose yes.

UAC makes this easy, see here:

What is user account control (UAC)?

I also suggest choosing always notify for UAC:

What are User Account Control settings?


Those are my recommendations to you, and I Highly suggest you follow them. Should you have any questions, post back.

Do not feel like you need to do everything above, if your computer knowledge is limited do what you are able and feel comfortable doing. If you read all the instructions though you should be able to do it yourself.

With the solution provided above, your risk of malware infection drops considerably.