Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Low disk space [Solved]

Started by tomvilfroy , Apr 19 2014 12:54 PM

  • This topic is locked This topic is locked

#31
tomvilfroy
Posted 15 May 2014 - 10:39 AM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Also I have noticed this twice in the past few days (might help in what you are tying to look for)

 

Norton is reporting a high computer usage of Windows Installer.   Sadly I am not installing any programs at that time (nor have installed any programs in the past few hours either).

Clicked on the high alert notice from Norton, and here is the info from File Insight via copy to clipboard and pasted here :

 

 

Filename: msiexec.exe
Full Path: c:\windows\system32\msiexec.exe

____________________________



Details
Reliable,  Many Users,  Mature,  Trusted





Origin
Downloaded from
Unknown





Activity
Actions performed: 85



____________________________



Developers
Microsoft Corporation


Version
4.5.6002.18005


Identified
4/28/2014 at 4:58:30 PM


Last Used
5/15/2014 at 1:51:03 PM


Startup Item
Yes


____________________________


Reliable
With typical use this program crashes very infrequently.

Many Users
Millions of users in the Norton Community have used this file.

Mature
This file was released more than 31 days 4 years 9 months ago.

Trusted
Norton has given this file a trusted rating.


____________________________





Source File:
msiexec.exe




____________________________

Performance

____________________________

Avg. Resource Usage: Moderate
Avg. CPU Usage: Moderate
Avg. Memory Usage: Moderate

____________________________

Performance Alert


Process ID
13656


CPU
 99% of at least one CPU.


Memory
Normal


Handles Count
Normal


Disk Read Activity
Normal


Disk Write Activity
Normal

____________________________

System Change

c:\windows\installer\427c25.ipi
\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress
c:\users\tom\appdata\local\temp\~df8fbb.tmp
c:\windows\installer\msi1e3d.tmp
c:\windows\installer\msi1eda.tmp
c:\windows\installer\msi236d.tmp
c:\windows\installer\msi2477.tmp
c:\windows\installer\msi2514.tmp
c:\windows\installer\msi2573.tmp
c:\windows\installer\msi1e2c.tmp
c:\config.msi\427c26.rbs
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\427c26.rbs
C:\Config.Msi\427c26.rbsLow
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
C59EB89BF67E64248B6EEB8BEE97D160
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
C59EB89BF67E64248B6EEB8BEE97D160
C:\Windows\Downloaded Program Files\dwusplay.dll
C59EB89BF67E64248B6EEB8BEE97D160
C:\Windows\Downloaded Program Files\dwusplay.exe
C59EB89BF67E64248B6EEB8BEE97D160
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C:\Windows\Downloaded Program Files\isusweb.dll
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
C59EB89BF67E64248B6EEB8BEE97D160
c:\windows\installer\msi25f2.tmp
c:\windows\installer\msi2621.tmp
C:\Config.Msi\427c26.rbs
C:\Config.Msi\427c26.rbsLow
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
c:\users\tom\appdata\local\temp\~dff0e8.tmp
c:\windows\installer\msi277b.tmp
RegFilesHash
RegFiles0000
Sequence
SessionHash
Owner
\REGISTRY\USER\S-1-5-21-4257781629-3628011693-409112458-1002\Software\Microsoft\RestartManager\Session0000
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
c:\windows\installer\427c27.mst
\REGISTRY\USER\S-1-5-21-4257781629-3628011693-409112458-1002\Software\Microsoft\RestartManager\Session0000
Owner
SessionHash
Sequence
c:\windows\installer\msi2950.tmp
c:\windows\installer\msi2951.tmp
c:\windows\installer\msi2f98.tmp
c:\windows\installer\msi3026.tmp
c:\windows\installer\msi3056.tmp
c:\windows\installer\msi30e3.tmp
c:\windows\installer\msi322c.tmp
c:\windows\installer\msi326b.tmp
c:\windows\installer\msi3411.tmp
c:\windows\installer\msi3431.tmp
c:\windows\installer\msi3599.tmp
c:\windows\installer\msi3b93.tmp
c:\windows\installer\msi3bc3.tmp
c:\windows\installer\msi3c31.tmp
c:\windows\installer\msi3c9f.tmp
RegFiles0000
RegFilesHash
c:\windows\installer\msi3ea3.tmp
c:\windows\installer\msi3f02.tmp
c:\windows\installer\4b4b259.ipi
c:\windows\installer\msi23ef.tmp
C:\Config.Msi\4b4b25a.rbs
C:\Config.Msi\4b4b25a.rbs
____________________________


File Thumbprint - SHA:
cf87a909560e59aede01d49dbaecb17c244f80f6b6afed37d8a8b0c1e1b00164
File Thumbprint - MD5:
ac545df9370a3e1bf538e403abe51cc0
 


Edited by tomvilfroy, 15 May 2014 - 01:58 PM.

  • 0

Advertisements

#32
tomvilfroy
Posted 16 May 2014 - 09:24 AM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Gosh, didn't know Norton had that big of report file.   Sorry about that..thought it was real small.


  • 0

#33
crooleeck
Posted 17 May 2014 - 01:36 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Hi, I'm very sorry that I have missed your aswers.

 

Please rerun AdwCleaner once more and click Scan option, please post the log.


  • 0

#34
tomvilfroy
Posted 18 May 2014 - 11:16 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

here is the adwcleaner log :

 

# AdwCleaner v3.209 - Report created 18/05/2014 at 23:11:01
# Updated 18/05/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Tom - OWNERR
# Running from : C:\Users\Tom\Desktop\Downloads\adwcleaner_3.209.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update WiseEnhance
Service Found : Util WiseEnhance

***** [ Files / Folders ] *****

File Found : C:\Users\owner\daemonprocess.txt
File Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\kx43be6t.default\user.js
File Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nq43kb59.default-1370981831842\user.js
File Found : C:\Users\Tom\daemonprocess.txt
Folder Found : C:\Program Files (x86)\WiseEnhance
Folder Found : C:\Users\owner\AppData\Local\Mobogenie
Folder Found : C:\Users\Tom\AppData\Local\Mobogenie
Folder Found : C:\Users\Tom\Documents\Mobogenie

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseEnhance
Key Found : HKCU\Software\WiseEnhance
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\WiseEnhance
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF227C2C-9D69-4f51-9B20-4B0A70E65EB0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\Software\WiseEnhance
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{BF227C2C-9D69-4f51-9B20-4B0A70E65EB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseEnhance
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19518


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Krystin\AppData\Roaming\Mozilla\Firefox\Profiles\3gc28118.default\prefs.js ]


[ File : C:\Users\NewKrystin\AppData\Roaming\Mozilla\Firefox\Profiles\xmk0ybxf.default\prefs.js ]


[ File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\hpefdh0c.default\prefs.js ]


[ File : C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\3gc28118.default\prefs.js ]


[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\kx43be6t.default\prefs.js ]


[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nq43kb59.default-1370981831842\prefs.js ]


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Krystin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\NewKrystin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd
Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb

[ File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [42784 octets] - [05/04/2014 11:58:15]
AdwCleaner[R1].txt - [42106 octets] - [05/04/2014 12:03:47]
AdwCleaner[R2].txt - [2035 octets] - [19/04/2014 15:10:35]
AdwCleaner[R3].txt - [6359 octets] - [18/05/2014 23:11:01]
AdwCleaner[S0].txt - [1610 octets] - [05/04/2014 12:01:34]
AdwCleaner[S1].txt - [42725 octets] - [05/04/2014 12:04:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [6540 octets] ##########
 


  • 0

#35
crooleeck
Posted 20 May 2014 - 09:26 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Step 1:

  • run AdwCleaner, scan again and then select Clean
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be showed, please copy content and post in next replay

Step 2:
OTL fix:
Please copy following script:

:Commands
[CreateRestorePoint]

 

:otl
SRV - [2014/05/14 09:03:23 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe -- (Update WiseEnhance)
SRV - [2014/05/14 08:32:40 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe -- (Util WiseEnhance)
IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - SOFTWARE\Classes\CLSID\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d}\InprocServer32 File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mobilegeni daemon] "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe" File not found

:files
C:\Program Files (x86)\WiseEnhance
C:\Program Files (x86)\Mobogenie

:commands
[emptytemp]

Run OTL, under Custom Scan/Fixes paste it. Close all windows except OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.

In your next post I want to see both removal logs. 


  • 0

#36
tomvilfroy
Posted 21 May 2014 - 12:13 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Adwcleaner log :

 

# AdwCleaner v3.210 - Report created 21/05/2014 at 11:47:40
# Updated 19/05/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Tom - OWNERR
# Running from : C:\Users\Tom\Desktop\Downloads\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update WiseEnhance
[#] Service Deleted : Util WiseEnhance

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files (x86)\WiseEnhance
[!] Folder Deleted : C:\Users\owner\AppData\Local\Mobogenie
[!] Folder Deleted : C:\Users\Tom\AppData\Local\Mobogenie
[!] Folder Deleted : C:\Users\Tom\Documents\Mobogenie
File Deleted : C:\Users\owner\daemonprocess.txt
File Deleted : C:\Users\Tom\daemonprocess.txt
File Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\kx43be6t.default\user.js
File Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nq43kb59.default-1370981831842\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF227C2C-9D69-4f51-9B20-4B0A70E65EB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\WiseEnhance
Key Deleted : HKLM\Software\WiseEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseEnhance
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseEnhance

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19518


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Krystin\AppData\Roaming\Mozilla\Firefox\Profiles\3gc28118.default\prefs.js ]


[ File : C:\Users\NewKrystin\AppData\Roaming\Mozilla\Firefox\Profiles\xmk0ybxf.default\prefs.js ]


[ File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\hpefdh0c.default\prefs.js ]


[ File : C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\3gc28118.default\prefs.js ]


[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\kx43be6t.default\prefs.js ]


[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nq43kb59.default-1370981831842\prefs.js ]


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Krystin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\NewKrystin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd
Deleted [Extension] : dhkplhfnhceodhffomolpfigojocbpcb

[ File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [42784 octets] - [05/04/2014 11:58:15]
AdwCleaner[R1].txt - [42106 octets] - [05/04/2014 12:03:47]
AdwCleaner[R2].txt - [2035 octets] - [19/04/2014 15:10:35]
AdwCleaner[R3].txt - [6684 octets] - [18/05/2014 23:11:01]
AdwCleaner[R4].txt - [6744 octets] - [21/05/2014 11:45:27]
AdwCleaner[S0].txt - [1610 octets] - [05/04/2014 12:01:34]
AdwCleaner[S1].txt - [42725 octets] - [05/04/2014 12:04:44]
AdwCleaner[S2].txt - [5653 octets] - [21/05/2014 11:47:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5713 octets] ##########
 


  • 0

#37
tomvilfroy
Posted 21 May 2014 - 12:34 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Seems something is amiss with that copy and paste for OTL....here it is:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <    :otl> in the current context!
Error: Unable to interpret <    SRV - [2014/05/14 09:03:23 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe -- (Update WiseEnhance)> in the current context!
Error: Unable to interpret <    SRV - [2014/05/14 08:32:40 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe -- (Util WiseEnhance)> in the current context!
Error: Unable to interpret <    IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - SOFTWARE\Classes\CLSID\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d}\InprocServer32 File not found> in the current context!
Error: Unable to interpret <    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context!
Error: Unable to interpret <    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found> in the current context!
Error: Unable to interpret <    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found> in the current context!
Error: Unable to interpret <    O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <    O4 - HKLM..\Run: [mobilegeni daemon] "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe" File not found> in the current context!
Error: Unable to interpret <    :files> in the current context!
Error: Unable to interpret <    C:\Program Files (x86)\WiseEnhance> in the current context!
Error: Unable to interpret <    C:\Program Files (x86)\Mobogenie> in the current context!
Error: Unable to interpret <    :commands> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: dub_cm_auto
 
User: Krystin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NewKrystin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 104286152 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 706 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
 
User: Test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Tom
->Temp folder emptied: 5995011 bytes
->Temporary Internet Files folder emptied: 17500823 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6706520 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 11423 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 861184 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64252 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 129.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05212014_121141

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET8793.tmp scheduled to be moved on reboot.
C:\Windows\temp\MSI670ec.LOG moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#38
tomvilfroy
Posted 21 May 2014 - 12:35 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

One other item.   when I open the Window Task Manager, I see a csrss.exe process with no User name nor description in either of the 2 columns.  Same also applies to the with winlogon.exe process.   Don't recall seeing any processes like that with no name nor description.


Edited by tomvilfroy, 21 May 2014 - 01:24 PM.

  • 0

#39
crooleeck
Posted 22 May 2014 - 01:43 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Hi there ;)
 

when I open the Window Task Manager, I see a csrss.exe process with no User name nor description in either of the 2 columns. Same also applies to the with winlogon.exe process. Don't recall seeing any processes like that with no name nor description.

There is nothing to worry about. Try click "Show processes from all users" and check user name.
 

Seems something is amiss with that copy and paste for OTL

 
Indeed. Please try to run this:
 

:PROCESSES
KILLALLPROCESSES

:otl
SRV - [2014/05/14 09:03:23 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe -- (Update WiseEnhance)
SRV - [2014/05/14 08:32:40 | 000,317,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe -- (Util WiseEnhance)
IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - SOFTWARE\Classes\CLSID\{e917fc61-7f80-4f1f-a882-cdffffbe4c8d}\InprocServer32 File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mobilegeni daemon] "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe" File not found

:files
C:\Program Files (x86)\WiseEnhance
C:\Program Files (x86)\Mobogenie

:Commands
[Reboot]

 
Run OTL, under Custom Scan/Fixes paste it. Close all windows except OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.


  • 0

#40
tomvilfroy
Posted 23 May 2014 - 04:08 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Ran fix in OTL but no log was displayed at end (after reboot).  Did not see a log file either under C:\_OTL directory


Edited by tomvilfroy, 23 May 2014 - 04:09 PM.

  • 0

Advertisements

#41
crooleeck
Posted 26 May 2014 - 02:15 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
OK, let's check another area:
 
Step 1 - ESET Online Scanner:
ESET Online Scanner:

Note: The below instructions relate to running the scan with Google Chrome only. You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the Google Chrome icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan...
  • In the window that now appears called Launch ESET Online Scanner
  • Double-click on esetsmartinstaller_enu.exe to download the ESET Smart Installer
  • Then in the lower left hand corner of the browser window double click on esetgc1.jpg >> follow the prompts
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on: Start
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do nottouch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on: Finish
    • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic.
  • Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
     
    Step 2 - MBAM:
    bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)
    • Select the language and click OK.
    • Accept the agreement
    • Make sure a checkmark is placed next to Enable the Free Trial and Launch Malwarebytes' Anti-Malware, then click on finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Scan Now".
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click on Quarantine All,.
    • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
    • Upon restart, launch Malwarebytes Antimalware and select History.
    • Double click on the last scan done, then on Copy to Clipboard.
    • To submit your reply, click on Add Reply, then right click on the window and select Paste.
    • Submit your reply.
  • Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

  • 0

#42
tomvilfroy
Posted 26 May 2014 - 08:23 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
In regards to the first scan, do you know approximately how long it might take to do the scan? Since I do have to disable my virus scanner and thus plan appropriately to do it and then re-enable it afterwards.

Edited by tomvilfroy, 26 May 2014 - 08:24 PM.

  • 0

#43
crooleeck
Posted 28 May 2014 - 01:25 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
There is no constant maximum. it depends to a lot of conditions, like quantity or size files, usually one-two hours. Twelve means something is wrong.
  • 0

#44
tomvilfroy
Posted 01 June 2014 - 03:28 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Sorry been sick this past week..and just remembered I didn't do the above...


  • 0

#45
tomvilfroy
Posted 03 June 2014 - 01:26 PM

tomvilfroy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

ESET Online scanner log :

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe.vir    a variant of Win32/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\WiseEnhance.FirstRun.exe.vir    a variant of MSIL/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\WiseEnhanceUninstall.exe.vir    Win32/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe.vir    a variant of Win32/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\WiseEnhance.BrowserAdapter.exe.vir    a variant of Win32/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\WiseEnhance.PurBrowse64.exe.vir    a variant of Win64/BrowseFox.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\WiseEnhanceBAApp.dll.vir    a variant of Win32/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}.dll.vir    a variant of Win32/BrowseFox.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\plugins\WiseEnhance.Bromon.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\plugins\WiseEnhance.BrowserAdapterS.dll.vir    probably a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\plugins\WiseEnhance.CompatibilityChecker.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\plugins\WiseEnhance.FFUpdate.dll.vir    a variant of MSIL/BrowseFox.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\plugins\WiseEnhance.IEUpdate.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseEnhance\bin\plugins\WiseEnhance.PurBrowseG.dll.vir    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Tom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.5.zip.vir    a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Tom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Tom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Tom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir    a variant of Android/Mobserv.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Tom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application
C:\Program Files (x86)\WiseEnhance\bin\WiseEnhance.BrowserAdapter.exe    a variant of Win32/BrowseFox.I potentially unwanted application
C:\Program Files (x86)\WiseEnhance\bin\WiseEnhanceBAApp.dll    a variant of Win32/BrowseFox.I potentially unwanted application
C:\Program Files (x86)\WiseEnhance\bin\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}.dll    a variant of Win32/BrowseFox.K potentially unwanted application
 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP