WiredWX Hobby Weather ToolsLog in

 


descriptioncassiopesa virus  Emptycassiopesa virus

more_horiz
Running Windows 7 professional. I have Symantec as security.
I clicked a bad link and got a virus. Pop up started then it wouldn't let me on internet.
Ran symantec full scan, uninstalled programs from that day. Got internet working again, but think it could still be infected. Ran Adwcleaner and Malware as you directed. These are the logs:


Adwcleaner:
# AdwCleaner v4.207 - Logfile created 04/07/2015 at 11:23:28
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Ralph - RD-LAPTOP
# Running from : C:\Users\Ralph\Downloads\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : cherimoya
[#] Service Deleted : csrcc
[#] Service Deleted : FindingDiscount
[#] Service Deleted : RuntimeManager
[#] Service Deleted : shopperz Updater
[#] Service Deleted : YahooAUService
[#] Service Deleted : 8dadad2f-d980-4b45-ab50-b9af125601a7

***** [ Files / Folders ] *****

Folder Deleted : C:\FinanceAlert
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Fighters
Folder Deleted : C:\ProgramData\Windows Discount
Folder Deleted : C:\ProgramData\FlashBeat
Folder Deleted : C:\Program Files (x86)\Windows Discount
Folder Deleted : C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager
Folder Deleted : C:\Program Files (x86)\gmsd_us_005010021
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Users\Ralph\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Ralph\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Ralph\AppData\Local\gmsd_us_005010021
Folder Deleted : C:\Users\Ralph\AppData\LocalLow\visi_coupon
Folder Deleted : C:\Users\Ralph\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Ralph\AppData\LocalLow\YahooCouponAddOn
Folder Deleted : C:\Users\Ralph\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Ralph\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Ralph\AppData\Roaming\One System Care
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\cherimoya.sys

***** [ Scheduled tasks ] *****

Task Deleted : Inst_Rep
Task Deleted : Installer_ytd
Task Deleted : SmartWeb Upgrade Trigger Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_005010021]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Fighters
Key Deleted : HKCU\Software\genieo
Key Deleted : HKCU\Software\Max Computer Cleaner
Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\shopperz
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\shopperz
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\FlashBeat\FlashBeat32.dll
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:47574
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.130

[C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8871 bytes] - [04/07/2015 11:22:02]
AdwCleaner[S0].txt - [8488 bytes] - [04/07/2015 11:23:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8547 bytes] ##########




Malware Log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/4/2015
Scan Time: 11:45 AM
Logfile: malware2.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.04.02
Rootkit Database: v2015.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ralph

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353367
Time Elapsed: 21 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Installsmk_6985\DCytdkietut_tutdk_setup.exe, 3672, Delete-on-Reboot, [e1e111cc3f4b89adf2e131213bc7758b]
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Installsmk_6985\DCytdkietut_tutdk_setup.exe, 3640, Delete-on-Reboot, [e1e111cc3f4b89adf2e131213bc7758b]

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [0bb7d8055436cf67771d0cf3e71c48b8],
PUP.Optional.GeForce.A, HKU\S-1-5-18\SOFTWARE\Ge-Force-nv, Quarantined, [378b26b76129ac8ab29f028bce37ab55],
PUP.Optional.GeForce.A, HKU\S-1-5-18\SOFTWARE\Ge-Force-nv-ie, Quarantined, [c2003aa3187254e2b1a0a9e48580916f],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [6062e6f7eb9f06303dbcc0d3d233f50b],
PUP.Optional.GeForce.A, HKU\S-1-5-21-680637505-960891526-3987170074-1000\SOFTWARE\Ge-Force-nv-ie, Quarantined, [d4ee4d90751577bf88c9791411f4b749],
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-680637505-960891526-3987170074-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}, Quarantined, [764cab32ee9cf04666a8c0dd14f14db3],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3c9ce603-44cc-4997-a166-239e6186c6ef}, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\CLSID\{3C9CE603-44CC-4997-A166-239E6186C6EF}, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\Extension.Raqai.1, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\Extension.Raqai, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.Raqai, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Extension.Raqai, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3C9CE603-44CC-4997-A166-239E6186C6EF}, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.Raqai.1, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Extension.Raqai.1, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3C9CE603-44CC-4997-A166-239E6186C6EF}, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C9CE603-44CC-4997-A166-239E6186C6EF}, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKU\S-1-5-21-680637505-960891526-3987170074-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3C9CE603-44CC-4997-A166-239E6186C6EF}, Quarantined, [477b9647305a5dd91c314b1105016d93],
PUP.Optional.Shopperz.A, HKU\S-1-5-21-680637505-960891526-3987170074-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3C9CE603-44CC-4997-A166-239E6186C6EF}, Quarantined, [477b9647305a5dd91c314b1105016d93],

Registry Values: 10
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz, C:\Program Files\shopperz\Ewhxbh.exe, Quarantined, [3d8599446d1d2e08e6ee8f819e669868]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz64, C:\Program Files\shopperz\Ewhxbh64.exe, Quarantined, [f8ca568795f568ce09cc48c833d15da3]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{3c9ce603-44cc-4997-a166-239e6186c6ef}, C:\Program Files\shopperz\Firefox, Quarantined, [08ba904d7812bf77008287096f96b848]
PUP.Optional.Cassiopesa.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Tny_Cassiopesa\\, Quarantined, [952d25b88901ad89f8e9a5f46b9a9868]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{3c9ce603-44cc-4997-a166-239e6186c6ef}, C:\Program Files\shopperz\Firefox, Quarantined, [e1e1f3eaa4e6f0460e745a367f86728e]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-680637505-960891526-3987170074-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|URL, http://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_27&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0F0D0E0CyDzy0F0F0DtAtN0D0Tzu0StCtByBzytN1L2XzutAtFtCtCtFtAtFtCtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyE0AtDzztAyEtAtCtGyC0ByCtDtGyCzztByCtGtBtB0EtDtGyEtCyBtCyC0B0BtDtD0FtAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0DtB0ByDtBtDtBtGyBtA0B0FtGyEzyyD0DtGzz0B0EzztGyC0D0AtAtAyB0EzytB0EyC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztBtB&cr=1381603550&ir=, Quarantined, [764cab32ee9cf04666a8c0dd14f14db3]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-680637505-960891526-3987170074-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|TopResultURLFallback, http://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_27&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0F0D0E0CyDzy0F0F0DtAtN0D0Tzu0StCtByBzytN1L2XzutAtFtCtCtFtAtFtCtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyE0AtDzztAyEtAtCtGyC0ByCtDtGyCzztByCtGtBtB0EtDtGyEtCyBtCyC0B0BtDtD0FtAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0DtB0ByDtBtDtBtGyBtA0B0FtGyEzyyD0DtGzz0B0EzztGyC0D0AtAtAyB0EzytB0EyC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztBtB&cr=1381603550&ir=, Quarantined, [17ab18c5d3b7cc6ace4006979a6b60a0]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-680637505-960891526-3987170074-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|FaviconPath, C:\Users\Ralph\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico, Quarantined, [2d95d5084842cd6928e6cecfd92c21df]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-680637505-960891526-3987170074-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}, Cassiopesa, Quarantined, [b111b32ac9c17fb797777d206e97f20e]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-680637505-960891526-3987170074-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|DisplayName, Cassiopesa, Quarantined, [8141518c0882c2740e009ffee025a65a]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.GlobalUpdate.A, C:\Users\Ralph\AppData\Local\Temp\comh.172550, Quarantined, [21a1c6176822fc3a3a33a23b40c344bc],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro, Quarantined, [4d756d707d0da591a5c47e644fb423dd],

Files: 72
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Installsmk_6985\DCytdkietut_tutdk_setup.exe, Delete-on-Reboot, [e1e111cc3f4b89adf2e131213bc7758b],
PUP.Optional.EORezo, C:\$Recycle.Bin\S-1-5-21-680637505-960891526-3987170074-1000\$R0KWNUW.exe, Quarantined, [f8ca439a870363d3fccb711f5caaf40c],
PUP.Optional.Tuto4PC.A, C:\$Recycle.Bin\S-1-5-21-680637505-960891526-3987170074-1000\$RH35RRV.exe, Quarantined, [239f02dbcfbb89ad5463d7b92bdb6c94],
PUP.Optional.Tuto4PC.A, C:\$Recycle.Bin\S-1-5-21-680637505-960891526-3987170074-1000\$RPZ06KO.exe, Quarantined, [3a887f5e4a403ff71e99ccc442c48d73],
PUP.Optional.Tuto4PC.A, C:\$Recycle.Bin\S-1-5-21-680637505-960891526-3987170074-1000\$RE8NZS2\myoffergroup_us6.exe, Quarantined, [576b1fbee4a62a0c14a3246cb4528a76],
PUP.Optional.Tuto4PC.A, C:\Users\Ralph\AppData\Local\Temp\is-1P1I9.tmp\package_SByoutube_installer_multilang.tmp, Quarantined, [6d55edf0ccbeb77f8d2addb317ef7c84],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-4I2N3.tmp\393.exe, Quarantined, [7e447667d6b44fe703d078f960a2b848],
PUP.Optional.Tuto4PC.A, C:\Users\Ralph\AppData\Local\Temp\is-4I2N3.tmp\package_bubbledock_installer_multilang.exe, Quarantined, [42803e9ffa9067cf28396e9911f1a45c],
PUP.Optional.Tuto4PC.A, C:\Users\Ralph\AppData\Local\Temp\is-4I2N3.tmp\package_ceppink_installer_multilang.exe, Quarantined, [ebd703da5634a4926bf65aad56ace719],
PUP.Optional.Tuto4PC.A, C:\Users\Ralph\AppData\Local\Temp\is-4I2N3.tmp\package_SByoutube_installer_multilang.exe, Quarantined, [952d607d890165d1eb76798e4eb4fa06],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-DR1V5.tmp\393.exe, Quarantined, [c6fc4796ec9eea4c53801958956d6d93],
PUP.Optional.Tuto4PC.A, C:\Users\Ralph\AppData\Local\Temp\is-DR1V5.tmp\package_bubbledock_installer_multilang.exe, Quarantined, [4f73924b3c4ef5413a279770cf33d927],
PUP.Optional.Tuto4PC.A, C:\Users\Ralph\AppData\Local\Temp\is-DR1V5.tmp\package_ceppink_installer_multilang.exe, Quarantined, [f1d1eeef7f0bcf6730317d8aca38e21e],
PUP.Optional.Tuto4PC.A, C:\Users\Ralph\AppData\Local\Temp\is-DR1V5.tmp\package_SByoutube_installer_multilang.exe, Quarantined, [fbc7677615758da973ee63a45aa8659b],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\package_pmediaconverter_installer_multilang.exe, Quarantined, [fac86f6ed9b12313ddf6b6bbc73bbe42],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\436.exe, Quarantined, [7c46dffe404a81b57d56cfa2b64cbd43],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\464.exe, Quarantined, [6c5609d4bdcd37ffbb186a07d72b4db3],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\465.exe, Quarantined, [0eb4b02d048674c281527af719e9a957],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\480.exe, Quarantined, [ebd76a7371197cbab2210c650ff357a9],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\491.exe, Quarantined, [239ff6e7e2a8a98daf24c1b0b2503dc3],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\package_airwebbar_installer_multilang.exe, Quarantined, [bc067e5fdbafd95db81b531e758d8c74],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\package_bubbledock_installer_multilang.exe, Quarantined, [9b27a13cdcaebb7b05ceef8240c206fa],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\package_BubbleSound_installer_multilang.exe, Quarantined, [8141c716b8d2280e7e55fe7334ce4ab6],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\package_priceless_p_installer_multilang.exe, Quarantined, [ad15aa3397f3e5510bc88ae755adb54b],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\package_SByoutube_installer_multilang.exe, Quarantined, [655d528b404ab97d14bfff7262a07f81],
Adware.EoRezo, C:\Users\Ralph\AppData\Local\Temp\is-QVTHR.tmp\package_superpct_installer_multilang.exe, Quarantined, [10b2c617e2a862d49f34d29f7e8407f9],
PUP.Optional.ModGoog, C:\Users\Ralph\AppData\Local\Temp\comh.172550\globalupdateBroker.exe, Quarantined, [2c9616c7cfbbba7c509414391ae8b848],
PUP.Optional.ModGoog, C:\Users\Ralph\AppData\Local\Temp\comh.172550\globalupdateOnDemand.exe, Quarantined, [3c86c815ec9eee48da0ad97409f9956b],
PUP.Optional.ModGoog, C:\Users\Ralph\AppData\Local\Temp\comh.172550\goopdate.dll, Quarantined, [5c66ba23ff8b59ddc1232f1e00028878],
PUP.Optional.ModGoog, C:\Users\Ralph\AppData\Local\Temp\comh.172550\goopdateres_en.dll, Quarantined, [af139944f496a195f6ee89c4b64c4db3],
PUP.Optional.ModGoog, C:\Users\Ralph\AppData\Local\Temp\comh.172550\psmachine.dll, Quarantined, [d2f06d70dab07eb8766e81cc57abf709],
PUP.Optional.ModGoog, C:\Users\Ralph\AppData\Local\Temp\comh.172550\psuser.dll, Quarantined, [41817d60c5c51224d90b50fd59a9ad53],
PUP.Optional.CheckOffer, C:\Users\Ralph\AppData\Local\Temp\nsl147C.tmp\nsCBHTML5.dll, Quarantined, [15ad3e9f4c3e0e283a4b4e16ea186799],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Temp\nsw5C54.tmp\DCytdkietut_tutdk_setup.exe, Quarantined, [ad152fae8505da5c5281262c15ed8779],
PUP.Optional.GeForce.A, C:\Users\Ralph\AppData\Local\Temp\Install_11557\ins_geforce.exe, Quarantined, [a71b69749ceef64050f854ee23df54ac],
PUP.Optional.SafeInstall.A, C:\Users\Ralph\Downloads\filewhiz.exe, Quarantined, [8f338558a3e702348eb14145ed1445bb],
PUP.Optional.SafeInstall, C:\Users\Ralph\Downloads\javainstaller_setup.exe, Quarantined, [744edd003159112593553674867f05fb],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_10437\DCytdkietut_tutdk_setup.exe, Quarantined, [bf03f5e8652581b5448fdb77db2737c9],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Installgeforce_23524\DCytdkietut_tutdk_setup.exe, Quarantined, [4c7605d804869a9c0ac97fd327db8a76],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Installshopperpro_23524\DCytdkietut_tutdk_setup.exe, Quarantined, [dae8d20b90fa86b0448f6ae816ec7090],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Installytd_18012\DCytdkietut_tutdk_setup.exe, Quarantined, [1fa34c912d5de74f2fa409495ca6a35d],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_11271\DCytdkietut_tutdk_setup.exe, Quarantined, [18aaefee1476e254349fbf9344bed030],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_12696\DCytdkietut_tutdk_setup.exe, Quarantined, [f4ce914c8dfd5adcab28153d42c0f709],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_13293\DCytdkietut_tutdk_setup.exe, Quarantined, [17ab1ac39cee70c6676c78da758d2fd1],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_13505\DCytdkietut_tutdk_setup.exe, Quarantined, [4e745e7fcac03ff7458efc56c939659b],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_15029\DCytdkietut_tutdk_setup.exe, Quarantined, [7c4602db16740a2c3f9494be7b87f20e],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_15160\DCytdkietut_tutdk_setup.exe, Quarantined, [f7cbdc01e7a30a2c12c1c2908082d62a],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_15903\DCytdkietut_tutdk_setup.exe, Quarantined, [f6cc2cb1f79368ce11c292c05aa8e51b],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_16977\DCytdkietut_tutdk_setup.exe, Quarantined, [9a289845f397a09601d2331f8a7814ec],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_19541\DCytdkietut_tutdk_setup.exe, Quarantined, [2b97b12c6327d4628f447dd5f012aa56],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_19628\DCytdkietut_tutdk_setup.exe, Quarantined, [5d651ac3632740f691429fb308fa8d73],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_19854\DCytdkietut_tutdk_setup.exe, Quarantined, [fac87e5f4644989ebb1840127989e719],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_21258\DCytdkietut_tutdk_setup.exe, Quarantined, [16acba23ef9b75c17c57e1711be77c84],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_21722\DCytdkietut_tutdk_setup.exe, Quarantined, [7b47ad30325875c1736031215fa331cf],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_23623\DCytdkietut_tutdk_setup.exe, Quarantined, [aa1811cc5d2d73c30ec594be57abdd23],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_24246\DCytdkietut_tutdk_setup.exe, Quarantined, [21a14a930585f83e389b2230758d728e],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_27798\DCytdkietut_tutdk_setup.exe, Quarantined, [d6ec6d70b0da191d726151016f932bd5],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_28110\DCytdkietut_tutdk_setup.exe, Quarantined, [586a796493f76acce1f268ea0bf76c94],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_30655\DCytdkietut_tutdk_setup.exe, Quarantined, [467c86578cfe280e03d0044e41c1b848],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_4010\DCytdkietut_tutdk_setup.exe, Quarantined, [d2f0617c107ac175d8fbd9795fa343bd],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_4420\DCytdkietut_tutdk_setup.exe, Quarantined, [39895b828406e5515c77a9a945bd728e],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_5640\DCytdkietut_tutdk_setup.exe, Quarantined, [f5cd5984f892b77f854ece84d131bd43],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_7270\DCytdkietut_tutdk_setup.exe, Quarantined, [caf81dc08cfe0b2bddf6e96908fa53ad],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_7276\DCytdkietut_tutdk_setup.exe, Quarantined, [b40e0bd25139e155e8ebf260bd45a45c],
PUP.Optional.SpeedBit, C:\Users\Ralph\AppData\Local\Installer\Install_8018\DCytdkietut_tutdk_setup.exe, Quarantined, [d0f264791c6eda5c617272e07092bc44],
PUP.Optional.Shopperz.A, C:\Windows\System32\Tasks\Dlvfecrd, Quarantined, [7052e7f63357033391ff04f84bb86a96],
PUP.Optional.PastaLeads.A, C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, Quarantined, [3c86b627107a4fe7ea2ebc4abf458c74],
PUP.Optional.PastaLeads.A, C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, Quarantined, [c5fd8b52d6b41e1819ffe91d4db78779],
PUP.Optional.WombatService.A, C:\ProgramData\Service1291\Service1291.exe, Quarantined, [586a914cf199ea4cf6f3d6c7af56c13f],
PUP.Optional.GlobalUpdate.A, C:\Users\Ralph\AppData\Local\Temp\comh.172550\globalupdateHelper.msi, Quarantined, [21a1c6176822fc3a3a33a23b40c344bc],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbiw.sys, Quarantined, [4d756d707d0da591a5c47e644fb423dd],
PUP.Optional.Cassiopesa, C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://www.cassiopessa.com/?f=7&a=csp_installertech_15_27&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0F0D0E0CyDzy0F0F0DtAtN0D0Tzu0StCtByBzytN1L2XzutAtFtCtCtFtAtFtCtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyE0AtDzztAyEtAtCtGyC0ByCtDtGyCzztByCtGtBtB0EtDtGyEtCyBtCyC0B0BtDtD0FtAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0DtB0ByDtBtDtBtGyBtA0B0FtGyEzyyD0DtGzz0B0EzztGyC0D0AtAtAyB0EzytB0EyC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztBtB&cr=1381603550&ir="]}}), Replaced,[42800ecf5535fb3bf2911d7be3233ec2]

Physical Sectors: 0
(No malicious items detected)


(end)

descriptioncassiopesa virus  EmptyRe: cassiopesa virus

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptioncassiopesa virus  EmptyRe: cassiopesa virus

more_horiz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.1 (07.05.2015:1)
OS: Windows 7 Professional x64
Ran by Ralph on Sun 07/05/2015 at 21:41:30.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Installer_smk



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9EE849A1-E4EC-4C3B-B839-999EC681672E}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\LavasoftTcpService.dll
Successfully deleted: [File] C:\Windows\syswow64\LavasoftTcpService.ini
Successfully deleted: [File] C:\Windows\syswow64\LavasoftTcpServiceOff.ini



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\osdownloader
Successfully deleted: [Folder] C:\Users\Ralph\appdata\local\installer
Successfully deleted: [Folder] C:\Users\Ralph\appdata\locallow\company
Successfully deleted: [Folder] C:\ProgramData\28341ff220e0446c9fff27c4493d622e
Successfully deleted: [Folder] C:\ProgramData\Service1291



~~~ Chrome


[C:\Users\Ralph\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Ralph\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Ralph\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Ralph\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/05/2015 at 21:45:22.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptioncassiopesa virus  EmptyRe: cassiopesa virus

more_horiz
Results of screen317's Security Check version 1.004
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 25
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (43.0.2357.124)
Google Chrome (43.0.2357.130)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

descriptioncassiopesa virus  EmptyRe: cassiopesa virus

more_horiz
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
************************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the cassiopesa virus  EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on cassiopesa virus  EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the cassiopesa virus  EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check cassiopesa virus  EsetAcceptTerms
•Click the cassiopesa virus  EsetStart button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check cassiopesa virus  EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push cassiopesa virus  EsetListThreats
•Push cassiopesa virus  EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the cassiopesa virus  EsetBack button.
•Push cassiopesa virus  EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptioncassiopesa virus  EmptyRe: cassiopesa virus

more_horiz
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\csrcc.exe.vir a variant of Win32/Toolbar.Perion.R potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Elibeh64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Mbeodyei64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.K potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ralph\AppData\Local\Temp\Install_5229\ins_shopperpro.exe Win32/SpeedBit.B.gen potentially unwanted application deleted - quarantined
C:\Users\Ralph\AppData\Local\Temp\Install_6050\ins_shopperpro.exe a variant of Win32/SpeedBit.D potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ralph\AppData\Local\Temp\Install_7588\ins_shopperpro.exe Win32/SpeedBit.B.gen potentially unwanted application deleted - quarantined
C:\Users\Ralph\AppData\Local\Temp\is-F7JEA.tmp\dm.exe a variant of Win32/Adware.EoRezo.AZ application cleaned by deleting - quarantined
C:\Users\Ralph\AppData\Local\Temp\is-LE85H.tmp\TUTOBUN.exe multiple threats cleaned by deleting - quarantined
C:\Users\Ralph\AppData\Local\Temp\is-PMP1K.tmp\TUTOBUN.exe multiple threats cleaned by deleting - quarantined
C:\Users\Ralph\AppData\Local\Temp\is-QRDE1.tmp\dm.exe a variant of Win32/Adware.EoRezo.AZ application cleaned by deleting - quarantined
C:\Users\Ralph\AppData\Local\Temp\nssD676.tmp\CommonsDll.dll a variant of Win32/Amonetize.CT potentially unwanted application cleaned by deleting - quarantined

descriptioncassiopesa virus  EmptyRe: cassiopesa virus

more_horiz
java has been updated

descriptioncassiopesa virus  EmptyRe: cassiopesa virus

more_horiz
How's your computer working now? Any other issues?

descriptioncassiopesa virus  EmptyRe: cassiopesa virus

more_horiz
the internet works, however symantec keeps popping up with viruses quarentined.

descriptioncassiopesa virus  EmptyRe: cassiopesa virus

more_horiz
dallfam31 wrote:
the internet works, however symantec keeps popping up with viruses quarentined.

Ok. Symantec is doing its job. Are they really frequent?

descriptioncassiopesa virus  EmptyRe: cassiopesa virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum