This topic is locked
Also, in Chrome, I get popup windows:
Malware infested Windows 7 computer [Solved]
Started by
rpjaway
, Nov 19 2013 09:01 PM
#31
Posted 15 January 2014 - 09:46 PM
rpjaway
- Topic Starter
-
- Member
-
- 42 posts
Member
Also, in Chrome, I get popup windows:
#32
Posted 15 January 2014 - 09:46 PM
rpjaway
- Topic Starter
-
- Member
-
- 42 posts
Member
New quick scan OLT log:
OTL logfile created on: 1/15/2014 10:35:19 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.93 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 47.36% Memory free
5.85 Gb Paging File | 3.98 Gb Available in Paging File | 68.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 107.38 Gb Free Space | 72.09% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/11 21:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/05 11:51:14 | 000,686,744 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2006/12/23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
========== Modules (No Company Name) ==========
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/09/05 11:51:14 | 000,686,744 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
========== Services (SafeList) ==========
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/08 16:40:34 | 003,386,608 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/02/08 16:40:08 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/02/08 16:39:48 | 000,621,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/02/08 16:39:14 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/03/23 23:07:58 | 001,039,776 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2010/03/23 23:07:58 | 000,031,136 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/13 23:11:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/24 10:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/04 07:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2013/02/05 10:00:26 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/02/01 16:28:08 | 012,312,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/23 09:22:54 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/23 05:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/07/15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/21 12:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/04/05 22:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2010/02/26 15:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/03 16:40:44 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/04 13:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...CA&dcc=CA&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 86 C5 35 0B 10 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{A696FF12-263D-459E-8BA5-61A6B65AFDAE}: "URL" = http://search.yahoo....petb&type=10741
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff [2014/01/11 21:53:26 | 000,000,000 | ---D | M]
[2013/12/17 22:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2014/01/11 21:53:26 | 000,000,000 | ---D | M] (Video Player) -- C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA205\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA783\FF
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: flash-Enhancer = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej\2.1_0\
CHR - Extension: Video Player = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacpddlljnoajgoegknocfeoniaimlod\1.1_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Widget context = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp\3.0_0\
O1 HOSTS File: ([2014/01/15 19:38:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A67D53-978A-4EAD-9DC8-C6D9FF3672A4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87D8D90F-A1D1-4780-9468-93D4526CBC90}: DhcpNameServer = 206.248.154.22 206.248.154.170 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCA34FEB-9FD9-4134-9F50-9BBFAEBE609C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/11 21:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayerV3
[2013/12/17 22:17:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/15 22:33:58 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 22:33:58 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 22:30:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/15 22:26:46 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/15 22:26:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/15 22:26:17 | 2357,608,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/15 22:11:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 19:38:39 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/01/11 21:54:15 | 000,000,170 | ---- | M] () -- C:\extensions.ini
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/12/21 22:12:43 | 000,000,170 | ---- | C] () -- C:\extensions.ini
[2013/11/22 23:52:30 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2013/06/06 14:12:40 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/12/29 20:09:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2013/11/24 12:07:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games
========== Purity Check ==========
< End of report >
OTL logfile created on: 1/15/2014 10:35:19 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.93 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 47.36% Memory free
5.85 Gb Paging File | 3.98 Gb Available in Paging File | 68.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 107.38 Gb Free Space | 72.09% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/11 21:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/05 11:51:14 | 000,686,744 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2006/12/23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
========== Modules (No Company Name) ==========
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/09/05 11:51:14 | 000,686,744 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
========== Services (SafeList) ==========
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/08 16:40:34 | 003,386,608 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/02/08 16:40:08 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/02/08 16:39:48 | 000,621,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/02/08 16:39:14 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/03/23 23:07:58 | 001,039,776 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2010/03/23 23:07:58 | 000,031,136 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/13 23:11:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/24 10:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/04 07:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2013/02/05 10:00:26 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/02/01 16:28:08 | 012,312,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/23 09:22:54 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/23 05:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/07/15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/21 12:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/04/05 22:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2010/02/26 15:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/03 16:40:44 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/04 13:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...CA&dcc=CA&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 86 C5 35 0B 10 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{A696FF12-263D-459E-8BA5-61A6B65AFDAE}: "URL" = http://search.yahoo....petb&type=10741
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff [2014/01/11 21:53:26 | 000,000,000 | ---D | M]
[2013/12/17 22:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2014/01/11 21:53:26 | 000,000,000 | ---D | M] (Video Player) -- C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA205\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA783\FF
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: flash-Enhancer = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej\2.1_0\
CHR - Extension: Video Player = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacpddlljnoajgoegknocfeoniaimlod\1.1_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Widget context = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp\3.0_0\
O1 HOSTS File: ([2014/01/15 19:38:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A67D53-978A-4EAD-9DC8-C6D9FF3672A4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87D8D90F-A1D1-4780-9468-93D4526CBC90}: DhcpNameServer = 206.248.154.22 206.248.154.170 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCA34FEB-9FD9-4134-9F50-9BBFAEBE609C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/11 21:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayerV3
[2013/12/17 22:17:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/15 22:33:58 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 22:33:58 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 22:30:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/15 22:26:46 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/15 22:26:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/15 22:26:17 | 2357,608,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/15 22:11:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 19:38:39 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/01/11 21:54:15 | 000,000,170 | ---- | M] () -- C:\extensions.ini
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/12/21 22:12:43 | 000,000,170 | ---- | C] () -- C:\extensions.ini
[2013/11/22 23:52:30 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2013/06/06 14:12:40 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/12/29 20:09:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2013/11/24 12:07:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games
========== Purity Check ==========
< End of report >
#33
Posted 18 January 2014 - 09:31 AM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
Hello rpjaway,
If there is pop-up advertising showing "rvzr-a.akamaihd.net" in the address, and yours is, the issue appears to be due to advertising that happens to redirect to a service which uses that particular Akamai domain for the ads or a "doggy browser extension" (such as those listed below) doing the same.
These are the two most common solutions to eliminating the pop-up ads.
1. Open your browser and disable (uncheck) all extensions. Make a list, then one by one, re-enable each extension to see if the pop-ups start appearing again with that particular extension. Once you identify the responsible extension...permanently remove it but let me know which one it was.
* How to disable extensions in Google Chrome
*How to uninstall Extensions in Google Chrome
Please see Here for additional information on "rvzr-a.akamaihd.net"
Thanks
Joe
If there is pop-up advertising showing "rvzr-a.akamaihd.net" in the address, and yours is, the issue appears to be due to advertising that happens to redirect to a service which uses that particular Akamai domain for the ads or a "doggy browser extension" (such as those listed below) doing the same.
Define Ext 1
Download keeper 1.6
DDoowload keeper 1.6
DoWnlOad KeeEper 1.6
DownnlOadd KeepEr 1.6
DowLOAd keePer 1.6
MyShooper
VisualBee
Voice Search
WordOv
These are the two most common solutions to eliminating the pop-up ads.
1. Open your browser and disable (uncheck) all extensions. Make a list, then one by one, re-enable each extension to see if the pop-ups start appearing again with that particular extension. Once you identify the responsible extension...permanently remove it but let me know which one it was.
* How to disable extensions in Google Chrome
*How to uninstall Extensions in Google Chrome
Please see Here for additional information on "rvzr-a.akamaihd.net"
Thanks
Joe
#34
Posted 18 January 2014 - 10:00 AM
rpjaway
- Topic Starter
-
- Member
-
- 42 posts
Member
Very good!
I disabled all 3 of the extensions on the computer. Reneabling one at a time, it seems they all had slightly different malware behavior. What sort of anti-malware tool could I install to prevent a reinfection like this in the future?
Here's the extensions I removed:
Only one problem noticed now: this guy seems to have reinstalled itself somehow...
I disabled all 3 of the extensions on the computer. Reneabling one at a time, it seems they all had slightly different malware behavior. What sort of anti-malware tool could I install to prevent a reinfection like this in the future?
Here's the extensions I removed:
Only one problem noticed now: this guy seems to have reinstalled itself somehow...
#35
Posted 18 January 2014 - 10:46 AM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
Hello rpjaway,
Thanks for the quick reply and listing the extensions. Let me review the Adware:Win32/BetterSurf issue and I'll provide instruction for you.
Thanks
Joe
Thanks for the quick reply and listing the extensions. Let me review the Adware:Win32/BetterSurf issue and I'll provide instruction for you.
Thanks
Joe
#36
Posted 18 January 2014 - 12:10 PM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
Hello rpjaway,
Lets run adwCleaner again.
Double-click AdwCleaner.exe to run the tool again.
Then
Lets run junkware removal tool again too.
Next
Lets also do a scan with Malwarebytes.
Please download Malwarebytes' Anti-Malware to your desktop from Here. Scroll down to the bottom left for Free version.
Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
In your next reply post the following logs.
Tell me how things are.
Thanks
Joe
Lets run adwCleaner again.
Double-click AdwCleaner.exe to run the tool again.
- Click the Scan button.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator. - AdwCleaner will begin to scan your computer like it did before.
- After the scan has finished...
This time click on the Clean button. - Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Copy and paste the contents of that logfile in your next reply.
- A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Then
Lets run junkware removal tool again too.
- Disable your protection software now to avoid potential conflicts.
- Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Next
Lets also do a scan with Malwarebytes.
Please download Malwarebytes' Anti-Malware to your desktop from Here. Scroll down to the bottom left for Free version.
Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
In your next reply post the following logs.
- AdwCleaner[S0].txt
- JRT.txt
- MBAM Log report.
Tell me how things are.
Thanks
Joe
#37
Posted 18 January 2014 - 04:23 PM
rpjaway
- Topic Starter
-
- Member
-
- 42 posts
Member
OK! Log files coming as I finish them:
# AdwCleaner v3.017 - Report created 18/01/2014 at 17:19:40
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\User\AppData\Local\genienext
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Google Chrome v32.0.1700.76
[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4567 octets] - [22/11/2013 19:37:25]
AdwCleaner[R1].txt - [935 octets] - [23/11/2013 00:23:12]
AdwCleaner[R2].txt - [3114 octets] - [11/01/2014 23:45:15]
AdwCleaner[R3].txt - [1253 octets] - [18/01/2014 16:46:19]
AdwCleaner[S0].txt - [4707 octets] - [22/11/2013 19:38:30]
AdwCleaner[S1].txt - [999 octets] - [23/11/2013 00:24:07]
AdwCleaner[S2].txt - [3209 octets] - [12/01/2014 00:16:55]
AdwCleaner[S3].txt - [1181 octets] - [18/01/2014 17:19:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1241 octets] ##########
# AdwCleaner v3.017 - Report created 18/01/2014 at 17:19:40
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\User\AppData\Local\genienext
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Google Chrome v32.0.1700.76
[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4567 octets] - [22/11/2013 19:37:25]
AdwCleaner[R1].txt - [935 octets] - [23/11/2013 00:23:12]
AdwCleaner[R2].txt - [3114 octets] - [11/01/2014 23:45:15]
AdwCleaner[R3].txt - [1253 octets] - [18/01/2014 16:46:19]
AdwCleaner[S0].txt - [4707 octets] - [22/11/2013 19:38:30]
AdwCleaner[S1].txt - [999 octets] - [23/11/2013 00:24:07]
AdwCleaner[S2].txt - [3209 octets] - [12/01/2014 00:16:55]
AdwCleaner[S3].txt - [1181 octets] - [18/01/2014 17:19:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1241 octets] ##########
#38
Posted 18 January 2014 - 04:31 PM
rpjaway
- Topic Starter
-
- Member
-
- 42 posts
Member
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Sat 01/18/2014 at 17:25:59.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/18/2014 at 17:31:42.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Sat 01/18/2014 at 17:25:59.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/18/2014 at 17:31:42.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#39
Posted 18 January 2014 - 04:59 PM
rpjaway
- Topic Starter
-
- Member
-
- 42 posts
Member
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.18.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
User :: USER-PC [administrator]
Protection: Enabled
1/18/2014 5:37:29 PM
mbam-log-2014-01-18 (17-37-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203065
Time elapsed: 3 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 8
HKCU\Software\AmiExt\IE plugin (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\AmiExt\flash-Enhancer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update GreyGray (PUP.Optional.Greygray.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flash-Enhancer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{66B51873-B53D-42EC-BC1A-862EB4DB041D} (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKCR\Interface\{D01C1E11-ED7A-4791-8408-E63EECDA48FF} (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Player (Adware.VPlayer) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 14
C:\Program Files (x86)\AmiExt\flashEnhancer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ch (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\core (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205 (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ch (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\icons (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\icons\default (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ie (Adware.VPlayer) -> Quarantined and deleted successfully.
Files Detected: 29
C:\Users\User\Downloads\Chrome_Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\FlashPlayersetup__3873_i171728933_il7.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\FlashPlayersetup__3873_i171729227_il7.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\FlashPlayersetup__3873_i171729807_il7.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\FlashPlayersetup__3873_i171729834_il7.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\setup (1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\setup (2).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\uninstall.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ch\flashEnhancer.crx (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiStorage.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\core\core.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amiextension.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amihelper.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amilocal.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\chaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\chback.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\ffaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\hostutils.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\ieaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\uninstall.exe (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ch\VideoPlayerV3beta205.crx (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome.manifest (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\install.rdf (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\ffVideoPlayerV3beta205.js (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\ffVideoPlayerV3beta205ffaction.js (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\overlay.xul (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\icons\Thumbs.db (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\icons\default\VideoPlayerV3beta205_32.png (Adware.VPlayer) -> Quarantined and deleted successfully.
(end)
www.malwarebytes.org
Database version: v2014.01.18.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
User :: USER-PC [administrator]
Protection: Enabled
1/18/2014 5:37:29 PM
mbam-log-2014-01-18 (17-37-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203065
Time elapsed: 3 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 8
HKCU\Software\AmiExt\IE plugin (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\AmiExt\flash-Enhancer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update GreyGray (PUP.Optional.Greygray.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flash-Enhancer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{66B51873-B53D-42EC-BC1A-862EB4DB041D} (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKCR\Interface\{D01C1E11-ED7A-4791-8408-E63EECDA48FF} (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Player (Adware.VPlayer) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 14
C:\Program Files (x86)\AmiExt\flashEnhancer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ch (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\core (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205 (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ch (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\icons (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\icons\default (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ie (Adware.VPlayer) -> Quarantined and deleted successfully.
Files Detected: 29
C:\Users\User\Downloads\Chrome_Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\FlashPlayersetup__3873_i171728933_il7.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\FlashPlayersetup__3873_i171729227_il7.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\FlashPlayersetup__3873_i171729807_il7.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\FlashPlayersetup__3873_i171729834_il7.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\setup (1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\setup (2).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\User\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\uninstall.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ch\flashEnhancer.crx (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiStorage.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\core\core.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amiextension.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amihelper.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amilocal.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\chaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\chback.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\ffaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\hostutils.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\ieaddon.js (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\uninstall.exe (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ch\VideoPlayerV3beta205.crx (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome.manifest (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\install.rdf (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\ffVideoPlayerV3beta205.js (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\ffVideoPlayerV3beta205ffaction.js (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\overlay.xul (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\icons\Thumbs.db (Adware.VPlayer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff\chrome\content\icons\default\VideoPlayerV3beta205_32.png (Adware.VPlayer) -> Quarantined and deleted successfully.
(end)
#40
Posted 18 January 2014 - 05:04 PM
rpjaway
- Topic Starter
-
- Member
-
- 42 posts
Member
Everything seems to be running perfectly. No sign of malware at the moment!
Wow, THANKS!!!!
Wow, THANKS!!!!
#41
Posted 18 January 2014 - 05:06 PM
rpjaway
- Topic Starter
-
- Member
-
- 42 posts
Member
I told Microsoft Security Essentials to remove Adware:Win32/BetterSurf
#42
Posted 18 January 2014 - 05:09 PM
rpjaway
- Topic Starter
-
- Member
-
- 42 posts
Member
There was a taskbar item for Mobogenie. The icon looked orphaned (probably because you removed the actual virus tool). So I removed the icon from the taskbar.
#43
Posted 20 January 2014 - 07:55 AM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
OK.
Let me get back to you a bit later today.
Thanks
Joe
Let me get back to you a bit later today.
Thanks
Joe
#44
Posted 20 January 2014 - 03:42 PM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
Hello rpjaway,
Lets run an online scan to double check things.
ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Please post the ESET Log in your next reply.
Thanks
joe
Lets run an online scan to double check things.
ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go >>HERE<< then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the
icon to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt").
- Copy and paste that log as a reply to this topic.
- Now click on:
(Selecting Uninstall application on close if you so wish)
Please post the ESET Log in your next reply.
Thanks
joe
#45
Posted 21 January 2014 - 07:40 PM
rpjaway
- Topic Starter
-
- Member
-
- 42 posts
Member
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\lollipop\lollipop_01120253.exe.vir a variant of Win32/Skintrim.LT trojan
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\SwvUpdater\Updater.exe.vir a variant of Win32/Amonetize.AB application
C:\Users\User\Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso a variant of MSIL/HackKMS.A application
C:\Users\User\Downloads\minecraft-setup (1).exe Win32/DownloadAdmin.G application
C:\Users\User\Downloads\minecraft-setup (2).exe Win32/DownloadAdmin.G application
C:\Users\User\Downloads\minecraft-setup.exe Win32/DownloadAdmin.G application
C:\Users\User\Downloads\setup (3).exe a variant of Win32/Bundlore.B application
C:\Users\User\Downloads\setup (4).exe a variant of Win32/Bundlore.B application
C:\Windows\Installer\MSI1196.tmp a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\Installer\MSIEC54.tmp a variant of Win32/Bundled.Toolbar.Ask.F application
C:\_OTL\MovedFiles\01152014_193838\C_Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll a variant of Win32/Amonetize.X application
C:\_OTL\MovedFiles\01152014_193838\C_Users\User\AppData\Roaming\newnext.me\nengine.dll Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\lollipop\lollipop_01120253.exe.vir a variant of Win32/Skintrim.LT trojan
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\SwvUpdater\Updater.exe.vir a variant of Win32/Amonetize.AB application
C:\Users\User\Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso a variant of MSIL/HackKMS.A application
C:\Users\User\Downloads\minecraft-setup (1).exe Win32/DownloadAdmin.G application
C:\Users\User\Downloads\minecraft-setup (2).exe Win32/DownloadAdmin.G application
C:\Users\User\Downloads\minecraft-setup.exe Win32/DownloadAdmin.G application
C:\Users\User\Downloads\setup (3).exe a variant of Win32/Bundlore.B application
C:\Users\User\Downloads\setup (4).exe a variant of Win32/Bundlore.B application
C:\Windows\Installer\MSI1196.tmp a variant of Win32/Bundled.Toolbar.Ask.F application
C:\Windows\Installer\MSIEC54.tmp a variant of Win32/Bundled.Toolbar.Ask.F application
C:\_OTL\MovedFiles\01152014_193838\C_Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll a variant of Win32/Amonetize.X application
C:\_OTL\MovedFiles\01152014_193838\C_Users\User\AppData\Roaming\newnext.me\nengine.dll Win32/NextLive.A application
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
