I recently decided to download and try a new DVD creator program. Not sure where I came across the link. But if you do, avoid it, or you'll be getting the online version of the plague. The program is called Free DVD Maker from 77freeware.com.
First it installed a piece of crap called Pro_PC_Cleaner without my consent then it downloaded and installed another bunch of garbage including: sushileads, something called Heads?? if I remember correctly and included a nice rootkit virus at C:\WINDOWS\SYSTEM32\drivers\ogixmzh2mnnhbgf.sys.
Winpatrol - www.winpatrol.com is the program that alerted me of this driver trying to start up. So I immediately ran a scan with Malwarebytes - www.malwarebytes.org and Adwcleaner - www.bleepingcomputer.com/download/adwcleaner/ and my anti virus, Avira - www.avira.com/en/avira-free-antivirus also popped up with a warning about ogixmzh2mnnhbgf.sys.
Adwcleaner also deleted a file at C:\WINDOWS\efix.ini. Research imdicates that it may be a part of those fake adobe flash popup ads.
All scans where done in Safe mpde. Anyway I got rid of all that garbage before it was able to set in and then I had to get rid of one more piece of garbage, the Free DVD Maker. Good Riddance.
I deleted a bunch of stuff off my hard drive manually and below I've included a copy of my Malwarebytes log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 05/07/2015
Scan Time: 1:10 PM
Logfile: malware.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.07.05.03
Rootkit Database: v2015.07.05.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Terry
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372098
Time Elapsed: 33 min, 6 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 9
PUP.Optional.SushiLeads.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\sushileads, Quarantined, [28ff10ce5b2fdd59b92d98f810f601ff],
PUP.Optional.SushiLeads.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UNINSTALL.EXE, Quarantined, [28ff10ce5b2fdd59b92d98f810f601ff],
PUP.Optional.SushiLeads.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UNINSTALL.EXE, Quarantined, [28ff10ce5b2fdd59b92d98f810f601ff],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Quarantined, [df48e8f6d8b266d0dbf91984b64f4eb2],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [1215efef65250531b0244d50d431ac54],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Quarantined, [9493815d008aa98dab2bfe9f21e40bf5],
PUP.Optional.SushiLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SushiLeadsUpdaterService, Quarantined, [5fc814cabeccb2846bdfed11ff04d52b],
PUP.Optional.SushiLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SushiLeadsUpdaterService, Quarantined, [b4738d51c5c5b383ad9c619d50b3b848],
PUP.Optional.PastaLeads.C, HKU\S-1-5-21-4268456013-2658226445-50274876-1000\SOFTWARE\MICROSOFT\KanarCore, Quarantined, [8b9c1ac47e0ca39320c50b937a8b7e82],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 4
PUP.Optional.ProPCCleaner.A, C:\Users\Terry\AppData\Local\Pro_PC_Cleaner, Quarantined, [c26536a88efc2a0c6b651ae03bc88779],
PUP.Optional.ProPCCleaner.A, C:\Users\Terry\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_xfrt3hu2ec5vknmrnagnhswpaqprhwze, Quarantined, [c26536a88efc2a0c6b651ae03bc88779],
PUP.Optional.ProPCCleaner.A, C:\Users\Terry\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_xfrt3hu2ec5vknmrnagnhswpaqprhwze\2.9.5.0, Quarantined, [c26536a88efc2a0c6b651ae03bc88779],
PUP.Optional.SushiLeads.A, C:\ProgramData\sushileads, Quarantined, [57d0a836543658deba3e67941ee559a7],
Files: 6
PUP.Optional.PrxySvrRST, C:\WINDOWS\SYSTEM32\drivers\ogixmzh2mnnhbgf.sys, Delete-on-Reboot, [dbe740886a9678e7e39baadf3736d7b3],
PUP.Optional.SushiLeads.A, C:\Program Files (x86)\sushileads\uninstall.exe, Quarantined, [28ff10ce5b2fdd59b92d98f810f601ff],
PUP.Optional.SushiLeads.A, C:\Windows\System32\Tasks\SushiLeads, Quarantined, [22052cb2addd0f27b39059a5a95a9967],
PUP.Optional.ProPCCleaner.A, C:\Windows\System32\Tasks\ProPCCleaner_Start, Quarantined, [50d711cde9a1fd39de36445208fd3cc4],
PUP.Optional.ProPCCleaner.A, C:\Users\Terry\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_xfrt3hu2ec5vknmrnagnhswpaqprhwze\2.9.5.0\user.config, Quarantined, [c26536a88efc2a0c6b651ae03bc88779],
PUP.Optional.SushiLeads.A, C:\ProgramData\sushileads\ServiceConfig2.json, Quarantined, [57d0a836543658deba3e67941ee559a7],
Physical Sectors: 0
(No malicious items detected)
(end)