Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Anyone know what this is - 1.colorpicturemode.me [Solved]


  • This topic is locked This topic is locked

#1
medic

medic

    Member

  • Member
  • PipPip
  • 74 posts

if you click it it takes you to some page that makes you think it is norton or mcaffee.

 

screen shot attached it shows as a notification in chrome.

 

 

Attached Thumbnails

  • screen shot.png

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hello, medic.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

  • 0

#3
medic

medic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Was hoping someone knew what it was off the bat.  here are the files.

 

 

thanks

 

Attached Files


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, medic.
 
It seems to me that the pop up is a spam alert.
 
I have some comments and instructions for you, regarding your logs, but please first adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
============================================
 
My first comments and instructions:
 
1. RAM
 
These lines are from your logs:
 

Percentage of memory in use: 94%
Total physical RAM: 32714.05 MB
Available physical RAM: 1653.83 MB

 
A percentage of 94% of the 4GB RAM you have, is in use. This makes the computer difficult to run. If you keep all those programs running, you definitely need additional RAM. This is something you have to consider after we finish with the cleaning procedure.
 
 
2. Many unnecessary (??) programs
 
You have so many programs installed (some of them probably are preinstalled from when you bought the computer) and I wonder if you really need or use them. Many of them are system optimizers or graphics utilities. I see that you play games and perhaps you need them, but have in mind that registry cleaners, system optimizers, driver boosters and the like may cause more problems than they claim to fix. It is your computer and certainly your choice. My recommendation is to uninstall programs like the following:
 

EasyTune 
EasyTuneEngineService 
Fast Boot 
Gigabyte Speed 
RivaTuner Statistics Server 
MSI Afterburner 
MSI Kombustor 

 
Also, do you need Team Viewer?
 
If you decide to uninstall any of the above, as well as other programs you may not use/need, please do the following:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the programs you want to uninstall.
  • Select the programs, one by one, and click Uninstall.
  • Restart the computer.

 

3. Many Chrome extensions
 
You have so many Chrome extension in every Chrome profile you have! Do you use all of them? Since the pop-up is from Chrome, it's not strange one of these extensions to be the cause. No need to do something for this now, but have in mind that it is possible the tools we are going to use to detect some of them as adware.
 
 
4. Google Drive Sync at start-up:
 
Are you aware that Google Drive sync is enable at start up? If Google Drive is set up to sync at startup, specific files in the TEMP folder are created every time you start your computer. We are going to delete them in a next fix, but they will continue to be created at every startup. In case you want to stop this:

  • Click Backup & Sync in your Taskbar/Notification area using Cloud icon.
  • Click the 3 dots to open Settings.
  • Click the Preferences option - usually the 5th one down from the top.
  • Select the Settings section located on the right side of the popup.
  • Clear that checkbox for Open Backup & Sync on system startup, save the changes and reboot.
  • You can also check i the Google drive sync is enabled at start up if you do the following:
    • Right click anywhere on your Taskbar and choose Task Manager.
    • If you don't see the tab Start-up, click More Details.
    • Choose the Start-up tab.
    • Check in the list if Google Drive Sync is enabled. If yes, click on it and choose Disable.

 

5. AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

6. Run Malwarebytes

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • What programs did you uninstall (if any)
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#5
medic

medic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Nothing removed.

Attached Files


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, medic.
 
You mean you didn't uninstall any program?
 
Malwarebytes found nothing, but AdwCleaner detected some stuff.
 
 

1. AdwCleaner (Clean mode)

The findings in Folders and Chromium parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed. Among them is the Amazon Assistant for Chrome and remnants from IObit Advanced System Care. Since you have a product by IObit, I have to ask you if you intentionally installed IObit Software Updater. If not, please go on and uninstall it.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. It is an EPSON product, named EPSONCUSTOMERRESEARCHPARTICIPATION and I will also ask you to remove it.
 
To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check the item found.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The fresh FRST logs, Addition.txt and FRST.txt

  • 0

#7
medic

medic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Latest.

 

I wanted to keep my amazon toolbar but the pop up continued even when I took the other stuff out so I removed it also.  

Attached Files


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, medic.
 
It seems that some RAM is released now. This is good.
 
However, with so many Chrome extensions, optimizers/tuners and the Google Drive sync on, it's difficult to say right now what is the source of the problem.
 
Let's do this fix for now and please give me your feedback after that.

1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy:: ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
BHO: No Name -> {4622318C-A9BB-4D2C-898C-10A9656A2B11}' -> No File
FirewallRules: [UDP Query User{8C2CD61D-E24F-47DD-88E7-305E5C220BB7}C:\fahclient\fahclient.exe] => (Allow) C:\fahclient\fahclient.exe => No File
FirewallRules: [TCP Query User{8FFB5AAF-2671-405E-92D5-1C9DBC70D8BD}C:\fahclient\fahclient.exe] => (Allow) C:\fahclient\fahclient.exe => No File
HKLM-x32\...\Run: [EasySettingBox] => [X]
GroupPolicy\User: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
C:\WINDOWS\system32\Tasks\AVAST Software
C:\Users\aemtp\AppData\Roaming\AVG
C:\WINDOWS\system32\Drivers\staport.sys
C:\WINDOWS\system32\Drivers\asw4b0c4acbc4f029df.tmp
C:\WINDOWS\system32\Drivers\aswb9a08bc49eb1dd0d.tmp
C:\WINDOWS\system32\Drivers\asw283d75214625d12e.tmp
C:\WINDOWS\system32\Drivers\aswd35ee59496dd0c8a.tmp
C:\WINDOWS\system32\avgBoot.exe
C:\WINDOWS\system32\Drivers\aswed71c87c035442df.tmp
C:\WINDOWS\system32\Drivers\asw8ad8069a9c016236.tmp
C:\WINDOWS\system32\Drivers\asw99b3cb18f36afa93.tmp
C:\WINDOWS\system32\Drivers\asw67fc997623db1cca.tmp
C:\WINDOWS\system32\Drivers\asw4477054a23f32c17.tmp
C:\WINDOWS\system32\Drivers\asw1cd0838a14a0562a.tmp
C:\WINDOWS\system32\Drivers\aswa2a73b537aa7038e.tmp
C:\WINDOWS\system32\Drivers\aswa999eea98712beef.tmp
C:\WINDOWS\system32\Drivers\aswdd4f6c06fcd545f0.tmp
C:\WINDOWS\system32\Drivers\aswa1581da92070e9a3.tmp
C:\WINDOWS\system32\Drivers\aswab10d82ed2e7dee5.tmp
C:\Program Files\Common Files\AVG
C:\ProgramData\AVG
C:\Users\aemtp\Downloads\avg_antivirus_free_setup.exe
virustotal: C:\Users\aemtp\AppData\Local\ars.cache;C:\Users\aemtp\AppData\Local\census.cache;C:\Users\aemtp\AppData\Local\housecall.guid.cache;C:\Users\aemtp\AppData\Local\keyfile3.drm;C:\Program Files (x86)\IObit\Software Updater\SUInit.exe;C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe;C:\Program Files\thinkorswim\jxbrowser\v18\bin\chromium.exe
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

 

1. The fixlog.txt

2. Your feedback about how is the computer running now


  • 0

#9
medic

medic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

If it helps to know this just started a day or two ago when I downloaded something from an "unsafe" website.  It was some lawyer's website of course.  not sure if giving you the site will help but I can try to find it.

 

what will that script do?  There are multiple programs in there I need.

 

I have deleted AVG btw - it was constantly popping up and bothering me.


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, medic.

 

No need to search again for the malicious site.

 

The script will not remove any installed program. Please proceed to the fix and provide feedback.


  • 0

Advertisements


#11
medic

medic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

So far no more pop ups thanks!

 

 

Attached Files


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, medic.
 
Good news!
 
The log above indicates that some functions of IObit Software Updater you have installed in the computer are detected by some antivirus programs as malicious.
 
https://www.virustot...ea9b-1616365477
 
https://www.virustot...2ef5-1616354961
 
If you do not really need it, please uninstall it.

1. Uninstall IObit Software Updater

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
IObit Software Updater
  • Select the above program and click Uninstall.
  • Restart the computer.

 

2. Eset online scan

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

3. FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

 

In your next reply please post:

  1. The Eset.txt
  2. The fresh FRST logs, FRST.txt and Addition.txt

  • 0

#13
medic

medic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
4/4/2021 18:19:07
Files scanned: 1641613
Detected files: 76
Cleaned files: 76
Total scan time 03:50:25
Scan status: Finished
C:\Users\aemtp\Downloads\iobit-software-updater-setup (1).exe a variant of Win32/IObit.AQ potentially unwanted application,a variant of Win32/IObit.AS potentially unwanted application cleaned by deleting
 
C:\Users\aemtp\Downloads\iobit-software-updater-setup (2).exe a variant of Win32/IObit.AQ potentially unwanted application,a variant of Win32/IObit.AS potentially unwanted application cleaned by deleting
 
C:\Users\aemtp\Downloads\iobit-software-updater-setup.exe a variant of Win32/IObit.AQ potentially unwanted application,a variant of Win32/IObit.AS potentially unwanted application cleaned by deleting
 
C:\Users\aemtp\Downloads\setup-lightshot.exe a variant of Win32/Yandex.K potentially unwanted application cleaned by deleting
 
D:\Users\Medic\Desktop\sd drive stuff\spsetup129.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
D:\Users\Medic\Desktop\AirDroid_Desktop_Client_3.4.2.0.exe Win32/FusionCore.L potentially unwanted application,Win32/FusionCore.P potentially unwanted application cleaned by deleting
 
D:\Users\Medic\Downloads\ccsetup524.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
D:\Users\Medic\Downloads\ccsetup552.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
D:\Users\Medic\Downloads\setup-lightshot (1).exe a variant of Win32/Yandex.K potentially unwanted application cleaned by deleting
 
E:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting
 
E:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3306061\plugins\TBVerifier.dll.vir a variant of Win32/Toolbar.Conduit.AM potentially unwanted application cleaned by deleting
 
E:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
E:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c15.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
E:\Program Files (x86)\AVG\Setup\avgOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
E:\Program Files (x86)\Nmap\ncat.exe a variant of Win32/NetTool.Ncat.A potentially unsafe application cleaned by deleting
 
E:\Program Files (x86)\Radio-Plug-In\Radio-Plug-In.exe a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Program Files (x86)\Radio-Plug-In\RadioPlayerPlugin.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Program Files (x86)\Radio-Plug-In\RadioPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Program Files (x86)\Radio-Plug-In\RadioPluginUpdater.exe a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.60_0\client.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.60_0\common.js.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.63_0\client.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.63_0\common.js.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.63_1\client.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.63_1\common.js.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 11\Cache\f_0002d4 JS/Agent.OCJ trojan cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 11\Cache\f_0002ff JS/Agent.OCJ trojan cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 11\Cache\f_000300 JS/Agent.OCJ trojan cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ccjleegmemocfpghkhpjmiccjcacackp\1.1.1_0\js\background.js JS/Adware.OpenCleaner.A application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.56_0\client.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.56_0\common.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.56_0\popupTab2.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.2.70_0\client.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.2.70_0\common.js.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.2.70_0\popupTab2.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.52_0\client.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.52_0\common.js.v0.0.1.min.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.52_0\popupTab2.js JS/Adware.Agent.X application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.2.6.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.2.7.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.2.8.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.2.8.1\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.2.9.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.3.0.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.3.1.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.3.2.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.3.3.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.3.4.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.3.5.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.3.6.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.3.7.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.3.8.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.3.9.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.4.0.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.4.1.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.4.2.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.4.3.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.4.4.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.4.5.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.4.6.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.4.7.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.4.8.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.4.9.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.5.0.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.5.1.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.5.2.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.5.3.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.5.4.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.5.4.1\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.5.4.3\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.5.5.5\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\LocalLow\Radio-Plug-In\Plugins\TvPlayerPlugin\bin\1.5.6.0\TvPlayerPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\Roaming\Radio-Plug-In\RadioPluginCore.1.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\Roaming\Radio-Plug-In\RadioPluginCore.dll a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\AppData\Roaming\Radio-Plug-In\RadioPluginUpdater.exe a variant of Win32/Orzilia.A potentially unwanted application cleaned by deleting
 
E:\Users\Medic\Google Drive ([email protected])\Documents\nmap-6.46-setup.exe a variant of Win32/NetTool.Ncat.A potentially unsafe application cleaned by deleting
 

Attached Files


  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, medic.
 
It seems that Eset completed the job for us.
 
Just a last fix:

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\aemtp\AppData\Roaming\IObit
C:\Program Files (x86)\IObit
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

How is the computer running now? Any remaining questions/concerns?


  • 0

#15
medic

medic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Running good, I have to run the last script but the problem is gone.

 

Thanks for the help, as soon as I run the last script I will post it.

 

Thanks


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP