Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what is server++.exe


  • Please log in to reply
8 replies to this topic

#1 a445xc454

a445xc454

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 09 May 2013 - 11:32 PM

Recently. I experienced something weird. Whenever I started my PC a couple of cmd files popped up for a fraction of a second. There are no performance issues. When I looked into start up option in c-cleaner it showed me server++.exe which i don't know about. So, are both of them related & is server++.exe a kind of threat. Or is it normal.

Attached Files


Edited by hamluis, 10 May 2013 - 09:51 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 AM

Posted 09 May 2013 - 11:55 PM

Hello and Welcome -

I am not 100% sure of server++.exe, but server.exe is known to be an infection.

We can have a quick look now, and if it is bad, this can be moved to Malware Removal areas -

 

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 
Click Go and copy / paste the result (Result.txt).

 

Thank You -



#3 a445xc454

a445xc454
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 10 May 2013 - 01:18 AM

MiniToolBox by Farbar  Version:21-04-2013
Ran by asdf (administrator) on 10-05-2013 at 11:37:36
Running from "C:\Users\asdf\Downloads\Programs"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Broadcom 802.11n Network Adapter = Wireless Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : asdf-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
PPP adapter NULL:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : NULL
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 106.204.185.61(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 122.160.120.56
                                       202.56.230.7
   Primary WINS Server . . . . . . . : 10.11.12.13
   Secondary WINS Server . . . . . . : 10.11.12.14
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : E6-A7-43-C9-15-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 26-66-D6-73-C9-2B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-38-48
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::99b9:14d5:10d4:8ff2%19(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 1191706663
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-1D-4C-01-26-66-D6-73-C9-2B
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{810B3E57-456B-4344-AC1C-2680B5785232}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{F1946277-4B80-4046-989B-B2979FEF2C1D}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{6D69F531-5724-40C7-AF8A-AA5FA2755FAB}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{BF831D26-7F7D-4AFB-8DA5-5CCDFA68E8DC}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter 6TO4 Adapter:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #39
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:6acc:b93d::6acc:b93d(Preferred) 
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 122.160.120.56
                                       202.56.230.7
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  ABTS-North-Static-056.120.160.122.airtelbroadband.in
Address:  122.160.120.56
 
Name:    google.com
Addresses:  2404:6800:4002:802::1008
 173.194.36.99
 173.194.36.100
 173.194.36.101
 173.194.36.102
 173.194.36.103
 173.194.36.104
 173.194.36.105
 173.194.36.110
 173.194.36.96
 173.194.36.97
 173.194.36.98
 
 
Pinging google.com [173.194.36.97] with 32 bytes of data:
Reply from 173.194.36.97: bytes=32 time=266ms TTL=54
Reply from 173.194.36.97: bytes=32 time=256ms TTL=54
 
Ping statistics for 173.194.36.97:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 256ms, Maximum = 266ms, Average = 261ms
Server:  ABTS-North-Static-056.120.160.122.airtelbroadband.in
Address:  122.160.120.56
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=573ms TTL=50
Reply from 206.190.36.45: bytes=32 time=602ms TTL=50
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 573ms, Maximum = 602ms, Average = 587ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 41...........................NULL
 12...e6 a7 43 c9 15 cd ......Broadcom 802.11n Network Adapter
 10...26 66 d6 73 c9 2b ......Realtek PCIe FE Family Controller
 19...08 00 27 00 38 48 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #39
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         On-link    106.204.185.61     31
   106.204.185.61  255.255.255.255         On-link    106.204.185.61    286
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
     192.168.56.0    255.255.255.0         On-link      192.168.56.1   4501
     192.168.56.1  255.255.255.255         On-link      192.168.56.1   4501
   192.168.56.255  255.255.255.255         On-link      192.168.56.1   4501
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link      192.168.56.1   4502
        224.0.0.0        240.0.0.0         On-link    106.204.185.61     31
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link      192.168.56.1   4501
  255.255.255.255  255.255.255.255         On-link    106.204.185.61    286
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 21   1040 2002::/16                On-link
 21    296 2002:6acc:b93d::6acc:b93d/128
                                    On-link
 19    276 fe80::/64                On-link
 19    276 fe80::99b9:14d5:10d4:8ff2/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/10/2013 09:34:00 AM) (Source: RasClient) (User: )
Description: CoId={0FFAB2BC-B084-445E-BD0F-F8B0E695DD5B}: The user asdf-PC\asdf dialed a connection named NULL which has failed. The error code returned on failure is 692.
 
Error: (05/10/2013 09:33:58 AM) (Source: RasClient) (User: )
Description: CoId={C5203369-C232-4AB5-9BE0-375B36B7DE4D}: The user asdf-PC\asdf dialed a connection named NULL which has failed. The error code returned on failure is 692.
 
Error: (05/08/2013 03:46:38 PM) (Source: ESENT) (User: )
Description: WinMail (2740) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (05/08/2013 11:40:56 AM) (Source: MsiInstaller) (User: asdf-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}
 
Error: (05/07/2013 03:27:08 PM) (Source: MsiInstaller) (User: asdf-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}
 
Error: (05/07/2013 01:35:45 PM) (Source: Application Hang) (User: )
Description: The program VirtualBox.exe version 4.2.12.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17f8
 
Start Time: 01ce4af7fbf62ca4
 
Termination Time: 11
 
Application Path: C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
 
Report Id:
 
Error: (05/07/2013 00:17:26 PM) (Source: MsiInstaller) (User: asdf-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929}
 
Error: (05/06/2013 04:15:07 PM) (Source: MsiInstaller) (User: asdf-PC)
Description: Product: Ask Toolbar -- Error 1905.Module C:\Program Files\Ask.com\GenericAskToolbar.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.
 
Error: (05/06/2013 03:28:16 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Removed Ask Toolbar.). Additional information: 0xc0000022.
 
Error: (05/06/2013 03:03:19 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16470 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7b8
 
Start Time: 01ce4a3cb057efdb
 
Termination Time: 32
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
 
System errors:
=============
Error: (05/09/2013 04:59:27 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (05/08/2013 06:10:32 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
 
Error: (05/08/2013 06:10:32 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147943515.
 
Error: (05/08/2013 06:10:32 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%109
 
Error: (05/08/2013 11:46:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147467243
 
Error: (05/08/2013 11:41:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
 
Error: (05/07/2013 03:27:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
 
Error: (05/07/2013 02:05:45 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 14:04:44 on ?07-?05-?2013 was unexpected.
 
Error: (05/07/2013 01:51:36 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (05/07/2013 00:25:38 PM) (Source: Microsoft-Windows-Application-Experience) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-04 11:57:47.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-04 11:57:47.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-04 11:57:47.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-04 11:57:47.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-04 11:57:47.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-04 11:57:47.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-04 11:57:47.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-04 11:57:47.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-04 11:57:47.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-04 11:57:47.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.03(T))
Broadcom 802.11 Network Adapter (Version: 5.60.48.42)
CCleaner (Version: 4.01)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco PEAP Module (Version: 1.1.6)
Foxit Reader (Version: 5.4.5.124)
Google Chrome (Version: 26.0.1410.64)
Google Update Helper (Version: 1.3.21.145)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)
Internet Download Manager
Kaspersky Anti-Virus 2013 (Version: 13.0.1.4190)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Oracle VM VirtualBox 4.2.12 (Version: 4.2.12)
Password Generator Professional 2007
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek WLAN Driver (Version: 2.00.0013)
Reliance 3G (Version: 1.0.0.1)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
TOSHIBA Web Camera Application (Version: 2.0.1.5)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
VLC media player 2.0.6 (Version: 2.0.6)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 52%
Total physical RAM: 1906.67 MB
Available physical RAM: 910.84 MB
Total Pagefile: 3813.34 MB
Available Pagefile: 2338.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.04 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:151.04 GB) (Free:123.59 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:146.95 GB) (Free:113.39 GB) NTFS
5 Drive h: (Reliance 3G) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\ASDF-PC
 
Administrator            asdf                     Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
07-05-2013 06:31:48 Windows Update
07-05-2013 09:51:27 Windows Update
08-05-2013 05:46:33 Windows Update
08-05-2013 06:06:19 Windows Update
08-05-2013 08:41:36 Windows Update
08-05-2013 09:54:49 Windows Update
09-05-2013 09:30:30 Windows Update
09-05-2013 11:20:48 Windows Update
 
**** End of log ****
 

Also I did't mentioned that KSN network showed that file as trusted and had more than a million user & surprisingly the application name is Microsoft® Visual Studio® 2005.  So now  I am confused.



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 AM

Posted 10 May 2013 - 02:38 AM

You have Microsoft Visual C++ 2008 and Microsoft Visual C++ 2010 both installed and listed in your Errors, but not in Office Errors.
First reset your Hosts file from this M/soft Fix it http://go.microsoft.com/?linkid=9668866 Click on the link, then click Run and follow any given directions

 

Next -
Download Malwarebytes Anti-Malware Free and install it to desktop.
Check for Updates, if not done during the download. You should be able to delete anything found in the scan (ask if not sure).
Run a Quick Scan only and a log file will open when finished -
Please copy / paste that log back here. Then Reboot if anything is removed.

 

Next -
Download SUPERAntiSpyware Free  and install it to desktop.
Check for Updates if not done during the download.

Run a Quick Scan only and Delete all found items.
Post the Log file back here after it completes -

 

Finally -
Please download AdwCleaner by Xplode onto your desktop.
*Close all open programs and internet browsers as your computer will reboot when the scan ends.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with OK.
*Your computer will be rebooted automatically. A text file will open after the restart.
*Please post the contents of that logfile with your next reply.
*You can also find the logfile at C:\AdwCleaner[S1].txt as well.



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:09 PM

Posted 10 May 2013 - 09:50 AM

http://www.spywareremove.com/file/serverexe-353289/

 

Topic moved from Win 7 to Am I Infected.

 

Good luck :).

 

Louis



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 AM

Posted 10 May 2013 - 05:27 PM

Thank you for the link Louis -

@ a445xc454 - The infection needs removal as soon as you can, please follow the steps above -

When you finish those ...............
Please download Junkware Removal Tool by thisisu to your desktop.
* Shut down your protection software now to avoid potential conflicts. (Antivirus)
* Run the tool by double-clicking it -
* If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Restart your Antivirus as soon as the scan is completed
* Post the contents of JRT.txt into your next message.

To finish cleaning any Temp Files that need removal -
Please download TFC, or Temp File Cleaner from BleepingComputer downloads
Usage Instructions:
* Download TFC from the download link above and save the file on your desktop.
* Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
* Double-click on the TFC icon.
* When the program opens, click on the Start button. 
* TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
* When done, press OK to reboot your computer and finish the cleanup.
If your computer will not Auto Reboot, please reboot yourself to be sure it has completed the job

Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

 

Thank You -



#7 a445xc454

a445xc454
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 11 May 2013 - 02:13 AM

mbam-log-2013-05-10 (16-45-16):

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.05.10.03
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
asdf :: ASDF-PC [administrator]
 
Protection: Enabled
 
10-05-2013 PM 04:45:16
mbam-log-2013-05-10 (16-45-16).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196148
Time elapsed: 7 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4BVT7W84-U0CI-Y243-V47H-476OLP4YID88} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{4BVT7W84-U0CI-Y243-V47H-476OLP4YID88} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{4BVT7W84-U0CI-Y243-V47H-476OLP4YID88} (Backdoor.Agent) -> Quarantined and deleted successfully.
 
Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKLM (Backdoor.Agent) -> Data: C:\Windows\system32\install\server++.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent) -> Data: C:\Windows\system32\install\server++.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.Agent) -> Data: C:\Windows\system32\install\server++.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent) -> Data: C:\Windows\system32\install\server++.exe -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Windows\System32\install\server++.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Users\asdf\AppData\Roaming\QFsOE\miner.dll (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\asdf\AppData\Roaming\QFsOE\program.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
 
(end)
 

SUPERAntiSpyware Scan Log - 05-11-2013 - 12-02-21:

 

SUPERAntiSpyware Scan Log

 
Generated 05/11/2013 at 12:02 PM
 
Application Version : 5.6.1018
 
Core Rules Database Version : 10385
Trace Rules Database Version: 8197
 
Scan type       : Quick Scan
Total Scan Time : 00:08:21
 
Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
 
Memory items scanned      : 586
Memory threats detected   : 0
Registry items scanned    : 30617
Registry threats detected : 0
File items scanned        : 7598
File threats detected     : 137
 
Adware.Tracking Cookie
.northclicks.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
publishers.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.publishers.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.publishers.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.publishers.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.adreactor.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findmp3files.blogspot.in [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findmp3files.blogspot.in [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
netmediablog.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oracle.112.2o7.net [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cdn1.simple2advertise.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cdn1.simple2advertise.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cdn1.simple2advertise.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
articles.timesofindia.indiatimes.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.adotube.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads1.solocpm.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads1.solocpm.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicktrackprofit.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicktrackprofit.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfair.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfair.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfair.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.in.omgpm.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.in.omgpm.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.in.omgpm.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myroitracking.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mymedialocker.blogspot.in [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mymedialocker.blogspot.in [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mymedialocker.blogspot.in [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mymedialocker.blogspot.in [ C:\USERS\ASDF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 

 

 

 

AdwCleaner Log :

 

 

# AdwCleaner v2.300 - Logfile created 05/11/2013 at 12:04:43
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : asdf - ASDF-PC
# Boot Mode : Normal
# Running from : C:\Users\asdf\Downloads\Programs\adwcleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\Users\asdf\AppData\Local\PackageAware
 
***** [Registry] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\PIP
Key Found : HKU\S-1-5-21-3930778117-3180904539-2778996188-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registry is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\asdf\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [1869 octets] - [11/05/2013 12:04:43]
 
########## EOF - C:\AdwCleaner[R1].txt - [1929 octets] ##########
 
 
Unfortunately, JRT.exe showed an error "No 7-zip archive". Temp file cleaner cleaned 39 MB of files.
My problem is solved now and server++.exe is gone. both from start-up and actual location. Now no cmd file is popping up & my PC is running fine.
 
-Thanks for your help. Is there a possibility that some threats are still undetected. Can you advice me to avoid such things in future.

Edited by a445xc454, 11 May 2013 - 02:14 AM.


#8 a445xc454

a445xc454
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 11 May 2013 - 03:38 AM

Okay, JRT worked out here's the report

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by asdf on 11-05-2013 at 13:59:36.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" 
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11-05-2013 at 14:05:23.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Thanks for your help.

Edited by a445xc454, 11 May 2013 - 03:41 AM.


#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:09 AM

Posted 11 May 2013 - 04:40 AM

Hi -

So far this looks very good. Please now Update and Re-run Malwarebytes to be sure that it returns a clean scan -

 

Keep Malwarebytes and SUPERAntiSpyware on your computer. Update them, and run a scan at least once every week.

But open AdwCleaner program and remove it as it can not be updated and needs to be reinstalled to be updated, same with JRT program.

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users