Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AIM update opens to scam popup?


  • Please log in to reply

#1
Tylinos

Tylinos

    Member

  • Member
  • PipPip
  • 78 posts

So, even though most people have abandoned it, I still use AIM to talk with a few friends every so often.  Today, I turned it on to find an automated message saying that the version I'm using (along with third party applications like Pidgin) will be unable to sign in starting in late March, and that I should update to the newest version.  I went to AIM's website, got the newest version download, and started it up.

The very first thing that happened was a pop-up box appearing over AIM with the following:

** YOUR COMPUTER HAS BEEN BLOCKED **

Error # 268D3

Please call us immediately at: +18889699461

And provide your computer ID: 43191

Do not ignore this critical alert.
If you close this page, your computer access will be disabled to prevent further damage to our network.

Your computer has alerted us that it has been infected with a virus and spyware.  The following information is being stolen:

> Facebook Login
> Credit Card Details
> Email Account Login
> Photos stored on this computer
You must contact us immediately so that our engineers can walk you through the removal process over the phone.  Please call us within the next 5 minutes to prevent you computer from being disabled.

Obviously just a scam, but I immediately disabled my internet connection just in case.  Turned out to be a good thing, too, because closing the box prompted it to attempt to open up multiple windows in my browser trying to load a website. (tojeod dot com, plus some string of letters and numbers that I didn't copy down.  Probably better not to link it directly anyway.) I closed everything out and did a scan, and it doesn't seem to have actually infected my computer or anything, hence why I'm not posting in the malware section.  Trying to open AIM a second time produced the same results.

Basically, it doesn't appear to be damaging my computer (though the tojeod popup might if allowed to connect), but it leaves AIM completely inaccessible.  Does anyone have insight into this?  I assume it's coming through the ad bar on AIM, but I'd have thought the people over at AOL would've noticed that already.

If anyone plans testing this themselves, I'd highly recommend being ready to disable your internet at a moment's notice, or at least testing on a backup computer that you're not worried about.

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

Are you sure you were on the real AIM website?  Could a DNS hijacker have sent you to a fake one?  Was it:

https://my.screenname.aol.com/something? 

 

I downloaded the AIM install program and asked Avast to look at it.  It claimed it was OK.  

 

The message may indicate you have malware so it wouldn't hurt to do a FRST scan and start a thread in our malware section.


  • 0

#3
Tylinos

Tylinos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Are you sure you were on the real AIM website?  Could a DNS hijacker have sent you to a fake one?  Was it:
https://my.screenname.aol.com/something? 

Yes. I went to the official AIM website, which redirected to the website you mentioned, and used the Windows download link at the bottom.



EDIT: I uninstalled AIM and tried re-installing it once again from the AIM website, this time keeping an eye on Task Manager.

There was no fake warning box this time, but multiple instances of Firefox started opening on their own, so I immediately disabled my internet. The computer locked up for a while as its memory got completely overtaken by this. (According to the Processes count, nearly fifty instances of Firefox had tried to open.)

Anyway, once everything was working again, the last remaining Firefox window had tried going to art dot bridlewaycreated dot com (Like before, I don't want to create an actual link here.), but couldn't open with the internet still off.

Edited by Tylinos, 28 February 2017 - 11:06 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

You may have picked up some adware somewhere:

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

    • 0

    #5
    Tylinos

    Tylinos

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    # AdwCleaner v6.043 - Logfile created 01/03/2017 at 00:20:09
    # Updated on 27/01/2017 by Malwarebytes
    # Database : 2017-01-27.1 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (X86)
    # Username : Owner - OWNER-243CE5A22
    # Running from : C:\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    [-] Service deleted: nethfdrv
    [-] Service deleted: NethxxpService
    [-] Service deleted: ServiceUpdater


    ***** [ Folders ] *****

    [-] Folder deleted: C:\Program Files\Common Files\Software Update Utility


    ***** [ Files ] *****

    [-] File deleted: C:\Program Files\Common Files\config\uninstinethnfd.exe
    [-] File deleted: C:\WINDOWS\system32\hfnapi.dll
    [-] File deleted: C:\WINDOWS\system32\hfpapi.dll
    [-] File deleted: C:\WINDOWS\system32\installd.exe
    [-] File deleted: C:\WINDOWS\system32\nethtsrv.exe
    [-] File deleted: C:\WINDOWS\system32\netupdsrv.exe
    [-] File deleted: C:\WINDOWS\system32\drivers\nethfdrv.sys


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****

    [-] Task deleted: AmiUpdXp


    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\dnUpdate
    [-] Key deleted: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    [-] Key deleted: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    [-] Key deleted: HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\dream.capture
    [-] Key deleted: HKLM\SOFTWARE\Classes\dream.capture.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\Updater.AmiUpd
    [-] Key deleted: HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}
    [-] Key deleted:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    [-] Key deleted:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    [-] Key deleted: HKU\S-1-5-21-1177238915-162531612-1614895754-1003\Software\APN PIP
    [-] Key deleted: HKU\S-1-5-21-1177238915-162531612-1614895754-1003\Software\OffersWizard
    [-] Key deleted: HKU\S-1-5-21-1177238915-162531612-1614895754-1003\Software\PIP
    [-] Key deleted: HKU\S-1-5-21-1177238915-162531612-1614895754-1003\Software\Softonic
    [-] Key deleted: HKU\S-1-5-21-1177238915-162531612-1614895754-1003\Software\YahooPartnerToolbar
    [-] Key deleted:

    HKU\S-1-5-21-1177238915-162531612-1614895754-1003\Software\Microsoft\Windows\CurrentVersion\App

    Management\ARPCache\OffersWizard
    [-] Key deleted:

    HKU\S-1-5-21-1177238915-162531612-1614895754-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Offe

    rsWizard
    [#] Key deleted on reboot: HKCU\Software\APN PIP
    [#] Key deleted on reboot: HKCU\Software\OffersWizard
    [#] Key deleted on reboot: HKCU\Software\PIP
    [#] Key deleted on reboot: HKCU\Software\Softonic
    [#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
    [-] Key deleted: HKLM\SOFTWARE\firstsearch
    [-] Key deleted: HKLM\SOFTWARE\PIP
    [-] Key deleted: HKLM\SOFTWARE\Video Player
    [-] Key deleted: HKLM\SOFTWARE\VideoPlayerV3
    [-] Key deleted: HKLM\SOFTWARE\Webexp Enhanced
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OffersWizard
    [-] Key deleted:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Player
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webexp Enhanced
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App

    Management\ARPCache\OffersWizard
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App

    Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inethnfd
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video Player
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Webexp Enhanced
    [-] Key deleted: HKU\S-1-5-21-1177238915-162531612-1614895754-1003\Software\Microsoft\Internet

    Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
    [-] Data restored: HKU\S-1-5-21-1177238915-162531612-1614895754-1003\Software\Microsoft\Internet

    Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet

    Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet

    Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
    [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\OffersWizard update
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\dnu.EXE


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [6892 Bytes] - [01/03/2017 00:20:09]
    C:\AdwCleaner\AdwCleaner[S0].txt - [6563 Bytes] - [01/03/2017 00:17:59]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7038 Bytes] ##########



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.1 (02.11.2017)
    Operating System: Microsoft Windows XP x86
    Ran by Owner (Administrator) on Wed 03/01/2017 at 0:26:14.14
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 27

    Successfully deleted: C:\Documents and Settings\Owner\Application Data\5226 (Folder)
    Successfully deleted: C:\Documents and Settings\Owner\Application Data\8703 (Folder)
    Successfully deleted: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0pk56hf.default\user.js (File)
    Successfully deleted: C:\Documents and Settings\Owner\Application Data\swvupdater (Folder)
    Successfully deleted: C:\Program Files\MediaWatchV1 (Folder)
    Successfully deleted: C:\Program Files\VideoPlayerV3 (Folder)
    Successfully deleted: C:\awh103.tmp (File)
    Successfully deleted: C:\awh114.tmp (File)
    Successfully deleted: C:\awh127.tmp (File)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XC6A76R (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\75XQUXPU (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CKMIYX6S (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\E023U7BI (Temporary Internet Files Folder)
    Successfully deleted: C:\Program Files\GUT4.tmp (File)
    Successfully deleted: C:\Program Files\webexpenhancedv1 (Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4XC6A76R (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\75XQUXPU (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CKMIYX6S (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E023U7BI (Temporary Internet Files Folder)



    Registry: 7

    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0649b301-b4e3-4535-b993-f9bf7e9300e9} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2562cf37-7135-41a5-bf04-06ee4a7a922c} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74e8b34a-5117-43e6-851f-4adeadf09672} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{804b261d-b7c9-44db-b7fd-6895e3b7c56d} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87dc1839-678a-4a72-bd8b-4060d9c4beee} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da33e83d-a4b6-4c54-9157-357cadb2d05c} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f82b629c-2ac3-480d-a45c-4bba84943b4e} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 03/01/2017 at 0:31:23.93
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    I haven't yet tried installing AIM again, and will wait until your response before doing so.
    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,788 posts
    • MVP

    Looks like you did have some adware.  I'm not supposed to run FRST outside of the malware forum but you can do the online ESET scan and see if it finds something else:

     

    Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
     
    # Check Scan Archives
    # Push the Start button.
    # ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    # When the scan completes, push LIST OF THREATS FOUND
    # Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    # Push the BACK button.
    # Push Finish
    # Once the scan is completed, you may close the window.
    # Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    # Copy and paste that log as a reply.
     
     
    Let's also try the bitdefender quickscan.
     
     
    When it finishes there is a View Report option at the bottom.  Click on it and copy and paste the report (even if it says nothing found).

    • 0

    #7
    Tylinos

    Tylinos

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts

    C:\AdwCleaner\quarantine\files\ucumptzbwbkiytqucoowofdqsrzfxonj.back a variant of Win32/RiskWare.NetFilter.C application
    C:\AdwCleaner\quarantine\files\xxpbalhvoqvtrbmuteoafneugkxotmha.back a variant of Win32/RiskWare.NetFilter.L application
    C:\AdwCleaner\quarantine\files\zvmfntdrkngrqnlgtnyztmwtbrwfznli.back a variant of Win32/RiskWare.NetFilter.U application
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dpkhoaoaommibgggmfnojkjhdicopkmn\1.1_1\ffMediaViewV1alpha6679chaction.js Win32/AdWare.BetterSurf.G application
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elcdmgmlgeijkclfopjdaohcooedaefa\1.1_0\ffVideoPlayerV3beta1971chaction.js Win32/AdWare.BetterSurf.G application
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjgdbiaahgccamkccamochciklpncndk\1.1_0\ffMediaViewV1alpha7083chaction.js Win32/AdWare.BetterSurf.G application
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbanljkgmmjdmnocpbpfodbajoliecak\1.1_0\ffWebexpEnhancedV1alpha569chaction.js Win32/AdWare.BetterSurf.G application
    C:\Documents and Settings\Owner\Local Settings\Application Data\{666557FB-1385-42FB-8E9D-F5A3570FCD47}\OffersWizard.exe a variant of Win32/Adware.OffersWizard.A application
    C:\Documents and Settings\Owner\Local Settings\Application Data\{666557FB-1385-42FB-8E9D-F5A3570FCD47}\OffersWizardData.dll Win32/Adware.OffersWizard.A application
    C:\Documents and Settings\Owner\Local Settings\Application Data\{666557FB-1385-42FB-8E9D-F5A3570FCD47}\OffersWizardDll.dll a variant of Win32/Adware.OffersWizard.A application
    C:\Documents and Settings\Owner\Local Settings\Temp\applinstall.exe a variant of Win32/AdWare.BetterSurf.C application
    C:\Documents and Settings\Owner\Local Settings\Temp\CSM55.tmp Win32/Adware.Mongoose application
    C:\Documents and Settings\Owner\Local Settings\Temp\drvinstal.exe multiple threats,a variant of Win32/RiskWare.NetFilter.B application,a variant of Win64/Riskware.NetFilter.C application,a variant of Win32/RiskWare.NetFilter.C application,a variant of Win32/RiskWare.NetFilter.D application
    C:\Documents and Settings\Owner\Local Settings\Temp\of3w34604.exe a variant of Win32/Adware.OffersWizard.A application
    C:\Documents and Settings\Owner\Local Settings\Temp\set-app.exe a variant of Win32/AdWare.BetterSurf.C application
    C:\Documents and Settings\Owner\Local Settings\Temp\setapp.exe multiple threats,a variant of Win32/AdWare.BetterSurf.C application,Win32/AdWare.BetterSurf.G application
    C:\Documents and Settings\Owner\Local Settings\Temp\Setup.exe multiple threats,a variant of Win32/AdWare.BetterSurf.C application,Win32/AdWare.BetterSurf.G application
    C:\Documents and Settings\Owner\Local Settings\Temp\Setup1.exe multiple threats,a variant of Win32/AdWare.BetterSurf.C application,Win32/AdWare.BetterSurf.G application
    C:\Documents and Settings\Owner\Local Settings\Temp\Setup2.exe multiple threats,a variant of Win32/AdWare.BetterSurf.C application,Win32/AdWare.BetterSurf.G application
    C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha933\ch\MediaPlayerV1alpha933.crx Win32/AdWare.BetterSurf.G application
    C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha933\ff\chrome\content\ffMediaPlayerV1alpha933ffaction.js Win32/AdWare.BetterSurf.G application
    C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha933\ie\MediaPlayerV1alpha933.dll a variant of Win32/AdWare.BetterSurf.C application
    C:\Program Files\MediaViewV1\MediaViewV1alpha6679\ch\MediaViewV1alpha6679.crx Win32/AdWare.BetterSurf.G application
    C:\Program Files\MediaViewV1\MediaViewV1alpha6679\ff\chrome\content\ffMediaViewV1alpha6679ffaction.js Win32/AdWare.BetterSurf.G application
    C:\Program Files\MediaViewV1\MediaViewV1alpha6679\ie\MediaViewV1alpha6679.dll a variant of Win32/AdWare.BetterSurf.C application
    C:\Program Files\MediaViewV1\MediaViewV1alpha7083\ch\MediaViewV1alpha7083.crx Win32/AdWare.BetterSurf.G application
    C:\Program Files\MediaViewV1\MediaViewV1alpha7083\ff\chrome\content\ffMediaViewV1alpha7083ffaction.js Win32/AdWare.BetterSurf.G application
    C:\Program Files\MediaViewV1\MediaViewV1alpha7083\ie\MediaViewV1alpha7083.dll a variant of Win32/AdWare.BetterSurf.C application
    C:\Program Files\RichMediaViewV1\RichMediaViewV1release2041\ie\RichMediaViewV1release2041.dll a variant of Win32/AdWare.BetterSurf.C application
    C:\WINDOWS\Temp\2d703a18-5aec-48e0-2661-1e152f4a2f5e.exe multiple threats,Win32/RiskWare.NetFilter.U application,a variant of Win32/RiskWare.NetFilter.L application,a variant of Win64/Riskware.NetFilter.C application,a variant of Win32/RiskWare.NetFilter.C application,a variant of Win32/RiskWare.NetFilter.D application
    C:\WINDOWS\Temp\443f45b7-9d4b-401a-1b89-f4724b4b226b.exe multiple threats,Win32/RiskWare.NetFilter.S application,a variant of Win32/RiskWare.NetFilter.L application,a variant of Win64/Riskware.NetFilter.C application,a variant of Win32/RiskWare.NetFilter.C application,a variant of Win32/RiskWare.NetFilter.D application
    C:\WINDOWS\Temp\689e6772-38e5-4111-859f-e65e3ebaf53d.exe multiple threats,Win32/RiskWare.NetFilter.U application,a variant of Win32/RiskWare.NetFilter.L application,a variant of Win64/Riskware.NetFilter.C application,a variant of Win32/RiskWare.NetFilter.C application,a variant of Win32/RiskWare.NetFilter.D application


    QuickScan 32-bit v0.9.9.152
    ---------------------------
    Scan date: Wed Mar 01 18:57:58 2017
    Machine ID: 4E3A6013



    No infection found.
    -------------------



    Processes
    ---------
    (verified) Firefox 816 C:\Program Files\Mozilla Firefox\firefox.exe
    (verified) Firefox 3384 C:\Program Files\Mozilla Firefox\plugin-container.exe
    (verified) Microsoft® Windows® Operating System 788 C:\WINDOWS\explorer.exe
    (verified) Microsoft® Windows® Operating System 892 C:\WINDOWS\system32\csrss.exe
    (verified) Microsoft® Windows® Operating System 2764 C:\WINDOWS\system32\ctfmon.exe
    (verified) Microsoft® Windows® Operating System 980 C:\WINDOWS\system32\lsass.exe
    (verified) Microsoft® Windows® Operating System 3864 C:\WINDOWS\system32\notepad.exe
    (verified) Microsoft® Windows® Operating System 968 C:\WINDOWS\system32\services.exe
    (verified) Microsoft® Windows® Operating System 528 C:\WINDOWS\system32\smss.exe
    (verified) Microsoft® Windows® Operating System 160 C:\WINDOWS\system32\spoolsv.exe
    (verified) Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1252 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1324 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1448 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1596 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1664 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 2248 C:\WINDOWS\system32\taskmgr.exe
    (verified) Microsoft® Windows® Operating System 3392 C:\WINDOWS\system32\wbem\wmiprvse.exe
    (verified) Microsoft® Windows® Operating System 924 C:\WINDOWS\system32\winlogon.exe
    (verified) Microsoft® Windows® Operating System 1132 C:\WINDOWS\system32\wscntfy.exe


    Network activity
    ----------------
    Process firefox.exe (816) connected on port 443 (HTTP over SSL) --> 54.149.31.115
    Process firefox.exe (816) connected on port 443 (HTTP over SSL) --> 216.58.217.174
    Process firefox.exe (816) connected on port 443 (HTTP over SSL) --> 52.42.115.213
    Process firefox.exe (816) connected on port 80 (HTTP) --> 172.217.7.174
    Process firefox.exe (816) connected on port 80 (HTTP) --> 23.43.165.113
    Process firefox.exe (816) connected on port 80 (HTTP) --> 216.58.218.226
    Process firefox.exe (816) connected on port 443 (HTTP over SSL) --> 52.40.206.20
    Process firefox.exe (816) connected on port 443 (HTTP over SSL) --> 52.42.115.213
    Process firefox.exe (816) connected on port 80 (HTTP) --> 72.21.91.29
    Process firefox.exe (816) connected on port 80 (HTTP) --> 173.194.68.147
    Process firefox.exe (816) connected on port 80 (HTTP) --> 172.217.5.226
    Process plugin-container.exe (3384) connected on port 80 (HTTP) --> 23.43.165.51
    Process plugin-container.exe (3384) connected on port 80 (HTTP) --> 23.54.181.163
    Process plugin-container.exe (3384) connected on port 80 (HTTP) --> 72.21.91.29

    Process svchost.exe (1252) listens on ports: 135 (RPC)


    Autoruns and critical files
    ---------------------------
    (verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (unsigned) ATI Desktop Component C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    (unsigned) ATI External Event Utility for NT, W2K C:\WINDOWS\system32\ati2evxx.dll
    (verified) BCM Modem Messaging Applet C:\WINDOWS\BCMSMMSG.exe
    (verified) CyberLink MediaLibray Service C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
    (verified) Microsoft® Windows® Operating System c:\WINDOWS\system32\userinit.exe
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
    (verified) MUI StartMenu Application C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    (unsigned) PSDrvCheck.exe C:\WINDOWS\system32\PSDrvCheck.exe
    (verified) Virtual CloneDrive C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wpdshserviceobj.dll
    (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


    Browser plugins
    ---------------
    (verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    (verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    (verified) Adobe Content Decryption Module for Fir C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0pk56hf.default\gmp-eme-adobe\17\eme-adobe.dll
    (verified) Bitdefender QuickScan C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0pk56hf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    (unsigned) gmpopenh264.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0pk56hf.default\gmp-gmpopenh264\1.1\gmpopenh264.dll
    (verified) gmpopenh264.dll C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0pk56hf.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
    (verified) Google Update C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
    (verified) Java Deployment Toolkit 7.0.110.21 C:\WINDOWS\system32\npDeployJava1.dll
    (verified) Java™ Platform SE 7 U11 c:\program files\Java\jre7\bin\jp2ssv.dll
    (verified) Java™ Platform SE 7 U11 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    (verified) Messenger C:\Program Files\Messenger\msmsgs.exe
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
    (verified) NPSWF32_23_0_0_205.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll
    (unsigned) QuickTime Plug-in 7.1.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    (unsigned) QuickTime Plug-in 7.1.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    (unsigned) QuickTime Plug-in 7.1.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    (unsigned) QuickTime Plug-in 7.1.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    (unsigned) QuickTime Plug-in 7.1.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    (verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    (verified) Soda PDF 3D Reader C:\Program Files\Soda PDF 3D Reader\np-previewer.dll
    (unsigned) VLC Web Plugin C:\Program Files\VideoLAN\VLC\npvlc.dll
    (verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    Missing files
    -------------
    File not found: C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\AIM\aim.exe
    --> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"AIM for Windows"


    Scan
    ----
    MD5: b8ff5528c19e81b85a800bfcf41f16d4 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0pk56hf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    MD5: b1c853e7285e224a69695be88ed31a2c C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0pk56hf.default\gmp-eme-adobe\17\eme-adobe.dll
    MD5: 7cc4965741508bb6ac40e366f5190cf0 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0pk56hf.default\gmp-gmpopenh264\1.1\gmpopenh264.dll
    MD5: ac8327b0d820f6177ceefff995a76080 C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0pk56hf.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
    MD5: ba8c06cd6f89badc2d500e3ba06334cd C:\Documents and Settings\Owner\Local Settings\Application Data\MEGAsync\ShellExtX32.dll
    MD5: d654525c0902c21118ad29217e4ecb49 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    MD5: 8824078bda1635639aae125d24b85383 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    MD5: 30693433e65cc95b63c7bb69e0a23140 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
    MD5: 048ea4b978851788e9f5e8e4f081df7a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    MD5: 24718289ea5b3e91f2f42c46eccb1335 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    MD5: db55a9f0d92f14edff3e829d507fe9d7 C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    MD5: 2a21fe60a9bc5247bd8c57409a2b97f8 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    MD5: f9d90eec96e97411869e120e52b1ae0a C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
    MD5: dd7423abbe2913e70d50e9318ad57ee4 C:\Program Files\Google\Update\GoogleUpdate.exe
    MD5: 6c1ed83a1f2ea042ffea4c02bd5cbb50 c:\program files\Java\jre7\bin\jp2ssv.dll
    MD5: 9ace8e163cf9e77a3068c987ac14f4f5 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
    MD5: a5c14075b571af1c9592595be724d9d2 c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    MD5: f4604e259459f5a0d5be6914a6d4c5fb C:\Program Files\Mozilla Firefox\api-ms-win-core-console-l1-1-0.dll
    MD5: e205de17a85b0c3352a6857ef9b3c6dd C:\Program Files\Mozilla Firefox\api-ms-win-core-datetime-l1-1-0.dll
    MD5: 405bb6a7cd56cbf5276c3a8dc631963d C:\Program Files\Mozilla Firefox\api-ms-win-core-debug-l1-1-0.dll
    MD5: 9a4fc3727aaf02c3285b47df5ee56244 C:\Program Files\Mozilla Firefox\api-ms-win-core-errorhandling-l1-1-0.dll
    MD5: 6b937fe1eff0e440b124bbb9334df34d C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-1-0.dll
    MD5: ea4ae42721460002dc31515f295ad1c4 C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll
    MD5: ad895b2a99a3ec18f1690bbac1e2037a C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll
    MD5: 0a0084d4b3635e4d8ebab587dcfcc16c C:\Program Files\Mozilla Firefox\api-ms-win-core-handle-l1-1-0.dll
    MD5: 0aeaf9ce58cbd0af1e30d03b45c21f81 C:\Program Files\Mozilla Firefox\api-ms-win-core-heap-l1-1-0.dll
    MD5: 13bbf7740afc464172b00f9638bc4f81 C:\Program Files\Mozilla Firefox\api-ms-win-core-interlocked-l1-1-0.dll
    MD5: 8f239c629f09e1b49cf1f03304ab8e69 C:\Program Files\Mozilla Firefox\api-ms-win-core-libraryloader-l1-1-0.dll
    MD5: 41a0d67ba3833d230f1229ff058be057 C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll
    MD5: 536f07c04c316aac61ab64a492ed9191 C:\Program Files\Mozilla Firefox\api-ms-win-core-memory-l1-1-0.dll
    MD5: 87b1814412cdac3d08fad8dd3a79ebad C:\Program Files\Mozilla Firefox\api-ms-win-core-namedpipe-l1-1-0.dll
    MD5: 87e0ef2d5df6f6e18e6ea9171e3d77e7 C:\Program Files\Mozilla Firefox\api-ms-win-core-processenvironment-l1-1-0.dll
    MD5: 066874ff22e1c100dc56c4ae76d2e1c2 C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-0.dll
    MD5: f43a8e9cd787b6d91bb29dbb8eb1a4e5 C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll
    MD5: a616102234ec5ab394ff1c77da34f6c0 C:\Program Files\Mozilla Firefox\api-ms-win-core-profile-l1-1-0.dll
    MD5: 0ae94670fbd69ed5f8c923b75ce2c0bd C:\Program Files\Mozilla Firefox\api-ms-win-core-rtlsupport-l1-1-0.dll
    MD5: 4c745dc13735b4822ff160cb18b61e22 C:\Program Files\Mozilla Firefox\api-ms-win-core-string-l1-1-0.dll
    MD5: a0dfbd2a68a979d1152e2b9153bb497b C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-1-0.dll
    MD5: 2674310f6fc087862b215b26a5d6da5b C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll
    MD5: 1a16ab59d63a2d6a37d3abd032958631 C:\Program Files\Mozilla Firefox\api-ms-win-core-sysinfo-l1-1-0.dll
    MD5: fd14fcd1550f17701fbf239645b606fa C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll
    MD5: 1b5a116daf8d01fdd0488666803db17f C:\Program Files\Mozilla Firefox\api-ms-win-core-util-l1-1-0.dll
    MD5: bc0be695e63548171105c57d2e9b98e7 C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll
    MD5: 6bfbf95b7253f32a77bacdf119b678f3 C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll
    MD5: 07ba5f40c64134e5749df0e8cfee082e C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll
    MD5: cb4e401ce4fc657ccebb85f96840cc8b C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll
    MD5: b53d96644f5774fe29ba8bb12d6e5f66 C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll
    MD5: 49a69484b524c6f9fd641e015dd15154 C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll
    MD5: 66f65b59dff2f8927dc3c8045d8c3a0a C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll
    MD5: 11218c9f81404a51d1eb6b56ba60f9ab C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll
    MD5: d67520bff673cab4b2ed1af12de37a1f C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll
    MD5: e65f76759251845fa1e6a3cf41b5f231 C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll
    MD5: 1622347a34eba068916713cf28f46b67 C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll
    MD5: f7af6bb63229721005c8ac85dc86f5c2 C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll
    MD5: b2a2affaebe900ede45d730c75d811cc C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll
    MD5: 2ef2b10e5f65fb054d2d54bda54d230b C:\Program Files\Mozilla Firefox\firefox.exe
    MD5: da4ea4acb19b938544d22e34bcd53a34 C:\Program Files\Mozilla Firefox\freebl3.dll
    MD5: 23a5b410eaf32364ac7edc2ccc175b36 C:\Program Files\Mozilla Firefox\lgpllibs.dll
    MD5: 3a8f97e74fd376d5d6a040fa951b2662 C:\Program Files\Mozilla Firefox\mozglue.dll
    MD5: d25c3ff7a4cbbffc7c9fff4f659051ce C:\Program Files\Mozilla Firefox\msvcp140.dll
    MD5: 24b07e74cc7d36b79789feed121807ce C:\Program Files\Mozilla Firefox\nss3.dll
    MD5: a8aec06698b6a650db4a6012906903e0 C:\Program Files\Mozilla Firefox\nssckbi.dll
    MD5: 37ae69d2ee27f5591b2ac5e87948a5b9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
    MD5: 59a510daf4f88960434612f83fdc85e2 C:\Program Files\Mozilla Firefox\plugin-container.exe
    MD5: f51ecbba611c75e47578295d5241630f C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    MD5: aa83c46239fb8a71254dc01ff1c568e2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    MD5: aa83c46239fb8a71254dc01ff1c568e2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    MD5: aa83c46239fb8a71254dc01ff1c568e2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    MD5: aa83c46239fb8a71254dc01ff1c568e2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    MD5: aa83c46239fb8a71254dc01ff1c568e2 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    MD5: f378291cb1bae8a3972c6ea1287078c9 C:\Program Files\Mozilla Firefox\softokn3.dll
    MD5: d2c5233317767ee9329f470c39b046b1 C:\Program Files\Mozilla Firefox\ucrtbase.dll
    MD5: a2523ea6950e248cbdf18c9ea1a844f6 C:\Program Files\Mozilla Firefox\vcruntime140.dll
    MD5: adf79a49e942c91d1fc9863cbfdd6b58 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    MD5: 7c15061cd0372487903b07b9bb03afad C:\Program Files\Skype\Updater\Updater.exe
    MD5: dccb796007c0aacde1fdffbe577e590f C:\Program Files\Soda PDF 3D Reader\crash-handler-ws.exe
    MD5: 6b5f912f4b3cc69275a59d6e353ebd20 C:\Program Files\Soda PDF 3D Reader\np-previewer.dll
    MD5: 7a7a6c387ad14a7a72294b8ad79e41a5 C:\Program Files\Soda PDF 3D Reader\ws.exe
    MD5: a843fc35574ecfd9e7a41c5505a9921b C:\Program Files\VideoLAN\VLC\npvlc.dll
    MD5: 835b8f5523f2dc6b3f09b52dea5b7623 C:\Program Files\WinRAR\RarExt.dll
    MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.dll
    MD5: 2d99607f21ff368c0e335a2d91a052a1 C:\WINDOWS\BCMSMMSG.exe
    MD5: 2bb75b7f548d82a099125d0c5971de7d C:\WINDOWS\explorer.exe
    MD5: a81135541c9d4ebce43efa8ad31395b4 C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
    MD5: f6f213095d33ed25c57721c19289d9cf C:\WINDOWS\system32\aac_parser.ax
    MD5: 036a60aff77f1dab4f41bc7605c477e3 C:\WINDOWS\system32\ac3DX.ax
    MD5: 0dc29a1fa52d445db14ddf16e272e6d1 C:\WINDOWS\system32\ati2evxx.dll
    MD5: a2eaeb497ca29ecaeaf0df66ad85c57d C:\WINDOWS\system32\ati2evxx.exe
    MD5: b9a3c3118afb46256eb1fb7aead41d3e C:\WINDOWS\system32\avcodec-lav-55.dll
    MD5: 1fcdabb982425872b735107bd9ff5a6c C:\WINDOWS\system32\avfilter-lav-4.dll
    MD5: c5cf3fc2308dd955fa43e465fb302f43 C:\WINDOWS\system32\avformat-lav-55.dll
    MD5: 22fc70ab04d0f26e16ae0a754f320059 C:\WINDOWS\system32\avisynth.dll
    MD5: 496679f1f962516f90a9781db168ff44 C:\WINDOWS\system32\avresample-lav-1.dll
    MD5: 0c547f59b0bf7308b2030270efa9af85 C:\WINDOWS\system32\avutil-lav-52.dll
    MD5: fc6d1d80588d371f0321e15a75b2f8f2 C:\WINDOWS\system32\browser.dll
    MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
    MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
    MD5: 59af12635de27d06019977bcf8621bba C:\WINDOWS\system32\crypt32.dll
    MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
    MD5: cde62eefa40916e2ee7f211b8b99f938 C:\WINDOWS\system32\cscdll.dll
    MD5: 693ad11c59926428871c11fa3c348a2a C:\WINDOWS\system32\csrsrv.dll
    MD5: 59e291838ae2c88f5f71108e4845a84b C:\WINDOWS\system32\devil.dll
    MD5: c51de19619d50cbd03708647aca10e70 C:\WINDOWS\system32\dhcpcsvc.dll
    MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\system32\dimsntfy.dll
    MD5: 64aa11d53a4a84cdf43370d7036517c3 C:\WINDOWS\system32\dnsapi.dll
    MD5: d977659ae4d8ece5286d99d1ed34614d C:\WINDOWS\system32\dnsrslvr.dll
    MD5: f6b7b1ecd7b41736bdb6ff4b092bcb79 C:\WINDOWS\system32\drivers\afd.sys
    MD5: 4f9cbbf95e8f7a0d4c0edcfe3b78102e C:\WINDOWS\system32\drivers\asapiW2k.sys
    MD5: 492bd2a5f65f218d4ede5764a3bb67e9 C:\WINDOWS\system32\drivers\ati2mtag.sys
    MD5: e727776a56a51b7e6b7c87c02ea8b405 C:\WINDOWS\system32\drivers\bcm4sbxp.sys
    MD5: 41347688046d49cde0f6d138a534f73d C:\WINDOWS\system32\drivers\BCMSM.sys
    MD5: 3003c21e5e1f04ba84fc8e705a65db2b C:\WINDOWS\system32\drivers\BCMWL5.SYS
    MD5: 4b0a100eaf5c49ef3cca8c641431eacc C:\WINDOWS\system32\drivers\cdrom.sys
    MD5: 47b6aaec570f2c11d8bad80a064d8ed1 C:\WINDOWS\system32\drivers\disk.sys
    MD5: d71233d7ccc2e64f8715a20428d5a33b C:\WINDOWS\system32\drivers\ElbyCDIO.sys
    MD5: fb2fccc70f7174c7bf64f48e96d3adf4 C:\WINDOWS\system32\drivers\mrxsmb.sys
    MD5: f7b1ad991491f02af6da70b00b8bf114 C:\WINDOWS\system32\drivers\mup.sys
    MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\drivers\ndistapi.sys
    MD5: 9282bd12dfb069d3889eb3fcc1000a9b C:\WINDOWS\system32\drivers\ndproxy.sys
    MD5: 2553f7c60b8d291b5a812245e6d4da6e C:\WINDOWS\system32\drivers\ohci1394.sys
    MD5: e73bd25036809bc973050a898246d5b7 C:\WINDOWS\system32\drivers\PcleMBox.sys
    MD5: 77050c6615f6eb5402f832b27fd695e0 C:\WINDOWS\system32\drivers\rdbss.sys
    MD5: c7d9bc54354b8c706abf172d48313f1b C:\WINDOWS\system32\drivers\rdpwd.sys
    MD5: 743d7d59767073a617b1dcc6c546f234 C:\WINDOWS\system32\drivers\rspndr.sys
    MD5: 9b390283569ea58d43d2586032b892f5 C:\WINDOWS\system32\drivers\srv.sys
    MD5: 5813d453ef8ce49d607c255cf128aceb C:\WINDOWS\system32\drivers\stac97.sys
    MD5: 367de8e5f638c091f49273144274f629 C:\WINDOWS\system32\drivers\tcpip.sys
    MD5: 152ee0baa614388273a0b9ae9c9fd5a0 C:\WINDOWS\system32\drivers\usbehci.sys
    MD5: fce98c43b5c5db8e0da8ea0e2b45e044 C:\WINDOWS\system32\drivers\VClone.sys
    MD5: f17f6226bdc0cd5f0bef0daf84d29bec C:\WINDOWS\system32\es.dll
    MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\esent.dll
    MD5: 1c0d6c10f3e6b8ec4938ecf2aba862ed C:\WINDOWS\system32\gdi32.dll
    MD5: 9b01daddb84be0d130856b6c16af8a61 C:\WINDOWS\system32\HLaudio.dll
    MD5: b7f0bfec0b2d12c15410f085bd543663 C:\WINDOWS\system32\HLsplit.dll
    MD5: 425e27b1b646485a1161c1097ee7e61d C:\WINDOWS\system32\HLvideo.dll
    MD5: 0a878aa66e4dd3e2608192a1eccd9f8f C:\WINDOWS\system32\hnetcfg.dll
    MD5: 59570ca554c9d75e72241ac3252e84bd C:\WINDOWS\system32\ieframe.dll
    MD5: 47464ca4943f82e1b8fcb2c57da15f83 C:\WINDOWS\system32\iertutil.dll
    MD5: 2557b78a91d24e68c8873b04d7d6d9bb C:\WINDOWS\system32\imagehlp.dll
    MD5: 556425c1b864b582c879f9802bbc7210 C:\WINDOWS\system32\IntelQuickSyncDecoder.dll
    MD5: 4f10a2fa76b5bd54cd68afa94e8adb39 C:\WINDOWS\system32\ipnathlp.dll
    MD5: 4260bdcd96976da6f44e9ca8b2e029e5 C:\WINDOWS\system32\kerberos.dll
    MD5: 6fe42512ab1b89f32a7407f261b1d2d0 C:\WINDOWS\system32\kernel32.dll
    MD5: 1a498f4583841437d156398bdd637369 C:\WINDOWS\system32\libbluray.dll
    MD5: 355c90cf387e6d7ff5ce8e221d85cb17 C:\WINDOWS\system32\localspl.dll
    MD5: 5c53aeac3fd476088e7985c842b9b048 C:\WINDOWS\system32\lsasrv.dll
    MD5: e288bcb3e135dac497b49847ccdced00 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll
    MD5: 7ed9af3e29a3f6a22b7b039cde5e7d32 C:\WINDOWS\system32\mscms.dll
    MD5: c393dabd629594d19a41d81a113385bd C:\WINDOWS\system32\msgina.dll
    MD5: 06b8485fb1da9a552b10ab978cd1ac85 C:\WINDOWS\system32\msvcrt.dll
    MD5: 290c1a30defc723bbe10910ac2d6f6d0 C:\WINDOWS\system32\mswsock.dll
    MD5: b09522f4dc34d8019042f67a7068a442 C:\WINDOWS\system32\msxml3.dll
    MD5: 6f8dcd60628da34ab303ceadb5186043 C:\WINDOWS\system32\netapi32.dll
    MD5: 06cf9eedb7e827205c6948c9daf56974 C:\WINDOWS\system32\netlogon.dll
    MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\netshell.dll
    MD5: 5e28284f9b5f9097640d58a73d38ad4c C:\WINDOWS\system32\notepad.exe
    MD5: 053e986a84f5ee271d38896b8079157d C:\WINDOWS\system32\npDeployJava1.dll
    MD5: 15ce4dbc22fab90b3ca5352af1fff81c C:\WINDOWS\system32\ntdll.dll
    MD5: 30fe5893927f94cbbc84c2bdd0765093 C:\WINDOWS\system32\ntdsapi.dll
    MD5: 7eadba6d371c60cca9e4db57c28c8045 C:\WINDOWS\system32\oakley.dll
    MD5: 1d604a51408d039e5692160c2dc44ff7 C:\WINDOWS\system32\odbc32.dll
    MD5: 7d9dde1ab4b00ddb173f5a16e9206517 C:\WINDOWS\system32\ole32.dll
    MD5: eff03460e542eea6b0abdec6bf19c897 C:\WINDOWS\system32\oleaut32.dll
    MD5: a6f9109756357e84a214fb8e2653e07a C:\WINDOWS\system32\OptimFROG.dll
    MD5: 9c300a0ca0a6cbd50d22b3d725edea30 C:\WINDOWS\system32\psbase.dll
    MD5: 39d31d333c39caa9a13b738804b43284 C:\WINDOWS\system32\PSDrvCheck.exe
    MD5: afff5c71fb6d60f8a0486c5d5118c24d C:\WINDOWS\system32\raschap.dll
    MD5: c84b060a6181a2e70de0a77142df975e C:\WINDOWS\system32\rastls.dll
    MD5: 7cbd08fddd92c5dcfc03332c861ba664 C:\WINDOWS\system32\RLOFRDec.ax
    MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\rpcrt4.dll
    MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
    MD5: 26f1193092b9ac2586deb38dd1cbb25c C:\WINDOWS\system32\schannel.dll
    MD5: ed0ce2deec594778004306e3fa8cac33 C:\WINDOWS\system32\setupapi.dll
    MD5: dd7758db700bd511255b064c2d9106b3 C:\WINDOWS\system32\sfc_os.dll
    MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\shdocvw.dll
    MD5: 0e235315c8ff6d9c0198f1e74604a681 C:\WINDOWS\system32\shell32.dll
    MD5: fe04792b53c9633ae1e6f86b2e9c1e5a C:\WINDOWS\system32\shimeng.dll
    MD5: 888cd7b39c37e13a2419becfaaf0a28c C:\WINDOWS\system32\shsvcs.dll
    MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
    MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 C:\WINDOWS\system32\srvsvc.dll
    MD5: 7aa2dccf7b0a7a9de2e34b5937ca7c09 C:\WINDOWS\system32\swscale-lav-2.dll
    MD5: a3336ebd2527f6eb214f4593dcf67f6c C:\WINDOWS\system32\sxs.dll
    MD5: 71904b089f4a0d8f6bc46ce52a457836 C:\WINDOWS\system32\TAKDSDecoder.ax
    MD5: 6d8bdea7fb2e1a8461acd4970627e95a C:\WINDOWS\system32\TAKDSDecoder.dll
    MD5: e2b32b10acc5d97623275aafb67e5f03 C:\WINDOWS\system32\tapisrv.dll
    MD5: 2cd1c3506a85b38e2d17e61aded175c4 C:\WINDOWS\system32\taskmgr.exe
    MD5: 7a014d2211ff90c76f20b776822b332e C:\WINDOWS\system32\termsrv.dll
    MD5: c332870084db9164f465d6f1b7472728 C:\WINDOWS\system32\urlmon.dll
    MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\WINDOWS\system32\userinit.exe
    MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\usp10.dll
    MD5: 9d39d9e07c180127252e176ec2b41487 C:\WINDOWS\system32\utildll.dll
    MD5: 0dfa4d5e8205614eda53394e637812e4 C:\WINDOWS\system32\vdmdbg.dll
    MD5: 9f8a0d0cbb2fa265a754516128c00e22 C:\WINDOWS\system32\w32time.dll
    MD5: 96512aaf1286eb1c880b7c41eb49f06e C:\WINDOWS\system32\wbem\cimwin32.dll
    MD5: 4306fa2f1099d7c606139255fdb62b19 C:\WINDOWS\system32\wbem\framedyn.dll
    MD5: 4af40b1cc33d92fd6f45d8560509cfcb C:\WINDOWS\system32\winDCE32.dll
    MD5: d0a8a9fad0a3ecc77d545498651c79eb C:\WINDOWS\system32\winhttp.dll
    MD5: 5aacf4b4dee1972b7952e8a747122232 C:\WINDOWS\system32\wininet.dll
    MD5: d1bac55bc35a0ca735aea19f609f2b22 C:\WINDOWS\system32\winlogon.exe
    MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\winmm.dll
    MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\system32\winrnr.dll
    MD5: b23423313519c522e0e73ba170d3ce71 C:\WINDOWS\system32\winsrv.dll
    MD5: ba529c83ad2f49693de42ffbde8d37ae C:\WINDOWS\system32\wintrust.dll
    MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\wlnotify.dll
    MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe
    MD5: 1a617835452eee5060976c9b9f5fe635 C:\WINDOWS\system32\wuapi.dll
    MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll
    MD5: aae1a6ffba2b0436e91795120f48c461 C:\WINDOWS\system32\wuauserv.dll
    MD5: 5caf91e865fe0c85048a233e594544d2 C:\WINDOWS\system32\wudfplatform.dll
    MD5: 3458eda96e30fbd0477a2800d3fb1909 C:\WINDOWS\system32\wups.dll
    MD5: ff53377df21a723403c28825977212c5 C:\WINDOWS\system32\wzcdlg.dll
    MD5: 349b8d2bb755e8c3b0e3e82a87663e55 C:\WINDOWS\system32\wzcsvc.dll
    MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
    MD5: 1b3b381e1aab46f7b321a46150d890cb C:\WINDOWS\system32\xpsp3res.dll
    MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
    MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
    MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    No file uploaded.

    Scan finished - communication took 1 sec
    Total traffic - 0.01 MB sent, 0.71 KB recvd
    Scanned 583 files and modules - 128 seconds

    ==============================================================================


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,788 posts
    • MVP

    Uninstall your old Java programs.  If you must run Java it has to be kept up-to-date which last time I looked was Version 8 Update 121.  You're still at 7.

     

    Looks like ESET & Bitdefender think you are clean so see if you can run AIM now.

     

    If not let me know and I'll have this moved to malware so we can run FRST and maybe see what is happening.


    • 0

    #9
    Tylinos

    Tylinos

      Member

    • Topic Starter
    • Member
    • PipPip
    • 78 posts
    Everything seems to be working perfectly fine now! Thanks a ton!
    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,788 posts
    • MVP

    Glad I could help. Time to clean up:

     

    If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
     
    If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
     
    If you are a Facebook user get the FB Purity extension for your browser:
    This will stop all of the suggested pages and ads so that Facebook loads much quicker.
     
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP