Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded a fake file


  • Please log in to reply
9 replies to this topic

#1 ViroDox

ViroDox

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:32 AM

Posted 01 July 2013 - 05:48 PM

I was trying to download something from the download site Sendspace when I ended up downloading using one of those fake download buttons and I didn't realize it until it started asking me if I wanted useless adware. Scanned the file, afraid it might have downloaded additional malware.

https://www.virustotal.com/en/file/fcafc2237c238f590dbd935377d8a8caad6fc21d693da4887330c945eb991d38/analysis/

 

Windows 7 Professional

Asus N53S

 

Thanks,

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 01 July 2013 - 06:08 PM

Hello -

Download Security Check by Screen317 from Here
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

I'd like you to scan your machine with ESET OnlineScan
1.Hold down Control and click HERE to open ESET OnlineScan in a new window.
2.Click the ESET Online Scanner button.
3.NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

1.Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
2.Double click on the ESET Online Scanner icon on your desktop.

 

 4.Check "YES, I accept the Terms of Use."
 5.Click the Start button.
 6.Accept any security warnings from your browser.
 7.Under scan settings, check "Scan Archives" and "Remove found threats"
8.Click Advanced settings and select the following:

 

Scan potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth technology

 

 9.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (from 1 to 3 hours is not unusual)
10.When the scan completes, click List Threats
11.Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12.Click the Back button.
13.Click the Finish button

 

 

Thank You -


Edited by noknojon, 01 July 2013 - 07:35 PM.


#3 Dumil

Dumil

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 01 July 2013 - 06:42 PM

Hello ViroDox,

 

My name is Alex and I'm in no way associated with Bleeping C. I live in the Netherlands and while I was looking around here I came across your post.

I think your main concern is the fact that there is more malware on your pc after your described download.

Do you use any malware protection and firewall?

Is your pc acting normal? Boot, shutdown, speed etc.

Did you run a second opinion scan on your pc? If not...download Malwarebytes anti malware, install and run a full scan. Do the same with Emsisoft emergency kit and let me know if anything is detected. I'll check back here tomorrow. Btw Emsisoft is a so-called portable application and needs no install.

 

Regards,

Alex



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 01 July 2013 - 07:30 PM

Thank you Dumil, I have taken care of those problems in my post -



#5 ViroDox

ViroDox
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:32 AM

Posted 01 July 2013 - 09:54 PM

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.202  
 Mozilla Firefox 21.0 Firefox out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 

=================================================

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Arumuga (administrator) on 01-07-2013 at 19:46:07
Running from "C:\Users\Arumuga\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
na.leagueoflegends.com/
na.leagueoflegends.com
leagueoflegends.com
leagueoflegends.com/
pvp.net
pvp.net/
www.na.leagueoflegends.com/
www.na.leagueoflegends.com
www.leagueoflegends.com
www.leagueoflegends.com/
www.pvp.net
www.pvp.net/
 
========================= IP Configuration: ================================
 
Atheros AR9002WB-1NG Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.2.15 metric=1 
 
publish=Yes
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.60.1 metric=1 
 
publish=Yes
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.254.1 metric=1 
 
publish=Yes
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : aganesan
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 22-08-CA-28-A1-D5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-08-CA-27-14-DD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
   Physical Address. . . . . . . . . : 00-08-CA-28-A1-D5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::206f:ec53:4abd:4610%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.15(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, June 30, 2013 10:00:31 AM
   Lease Expires . . . . . . . . . . : Thursday, July 04, 2013 1:40:21 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 335546570
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-1B-E0-8A-54-04-A6-41-F7-6B
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 54-04-A6-41-F7-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.gateway.2wire.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3c81:5c3:51a2:867d(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3c81:5c3:51a2:867d%11(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{6BAE78C1-EDE8-4362-9DA6-189E8C0BB1F1}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{7C9DAA15-CEEC-4CB2-B861-67A1792AFFAA}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  mymodem
Address:  192.168.2.1
 
Name:    google.com
Addresses:  2607:f8b0:400b:807::100e
 184.150.183.99
 184.150.183.104
 184.150.183.103
 184.150.183.108
 184.150.183.89
 184.150.183.123
 184.150.183.93
 184.150.183.118
 184.150.183.114
 184.150.183.98
 184.150.183.94
 184.150.183.88
 184.150.183.113
 184.150.183.84
 184.150.183.109
 184.150.183.119
 
 
Pinging google.com [184.150.183.99] with 32 bytes of data:
Reply from 184.150.183.99: bytes=32 time=66ms TTL=58
Reply from 184.150.183.99: bytes=32 time=79ms TTL=58
 
Ping statistics for 184.150.183.99:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 66ms, Maximum = 79ms, Average = 72ms
Server:  mymodem
Address:  192.168.2.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=92ms TTL=51
Reply from 98.138.253.109: bytes=32 time=62ms TTL=51
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 92ms, Average = 77ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...22 08 ca 28 a1 d5 ......Microsoft Virtual WiFi Miniport Adapter
 14...00 08 ca 27 14 dd ......Bluetooth Device (Personal Area Network)
 12...00 08 ca 28 a1 d5 ......Atheros AR9002WB-1NG Wireless Network Adapter
 10...54 04 a6 41 f7 6b ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.15     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link      192.168.2.15     26
  169.254.255.255  255.255.255.255         On-link      192.168.2.15    281
      192.168.2.0    255.255.255.0         On-link      192.168.2.15    281
     192.168.2.15  255.255.255.255         On-link      192.168.2.15    281
    192.168.2.255  255.255.255.255         On-link      192.168.2.15    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.2.15    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.2.15    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      169.254.0.0      255.255.0.0     192.168.2.15       1
      169.254.0.0      255.255.0.0     192.168.60.1       1
      169.254.0.0      255.255.0.0    192.168.254.1       1
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:9d38:6ab8:3c81:5c3:51a2:867d/128
                                    On-link
 12    281 fe80::/64                On-link
 11    306 fe80::/64                On-link
 12    281 fe80::206f:ec53:4abd:4610/128
                                    On-link
 11    306 fe80::3c81:5c3:51a2:867d/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/01/2013 11:58:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5024
 
Error: (07/01/2013 11:58:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5024
 
Error: (07/01/2013 11:58:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/01/2013 11:58:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4010
 
Error: (07/01/2013 11:58:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4010
 
Error: (07/01/2013 11:58:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/01/2013 11:58:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error: (07/01/2013 11:58:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
 
Error: (07/01/2013 11:58:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/01/2013 11:58:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
 
System errors:
=============
Error: (06/30/2013 10:02:06 AM) (Source: Service Control Manager) (User: )
Description: The AFBAgent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/29/2013 07:45:29 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on 
 
transport \Device\NetBT_Tcpip_{BBD5771C-ADFA-4D30-995B-9BD559B902DF}.
The backup browser is stopping.
 
Error: (06/28/2013 04:33:00 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on 
 
transport \Device\NetBT_Tcpip_{BBD5771C-ADFA-4D30-995B-9BD559B902DF}.
The backup browser is stopping.
 
Error: (06/28/2013 11:19:33 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on 
 
transport \Device\NetBT_Tcpip_{BBD5771C-ADFA-4D30-995B-9BD559B902DF}.
The backup browser is stopping.
 
Error: (06/28/2013 07:47:00 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on 
 
transport \Device\NetBT_Tcpip_{BBD5771C-ADFA-4D30-995B-9BD559B902DF}.
The backup browser is stopping.
 
Error: (06/27/2013 05:34:53 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on 
 
transport \Device\NetBT_Tcpip_{BBD5771C-ADFA-4D30-995B-9BD559B902DF}.
The backup browser is stopping.
 
Error: (06/27/2013 09:44:27 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on 
 
transport \Device\NetBT_Tcpip_{BBD5771C-ADFA-4D30-995B-9BD559B902DF}.
The backup browser is stopping.
 
Error: (06/26/2013 06:58:30 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on 
 
transport \Device\NetBT_Tcpip_{BBD5771C-ADFA-4D30-995B-9BD559B902DF}.
The backup browser is stopping.
 
Error: (06/26/2013 06:48:56 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on 
 
transport \Device\NetBT_Tcpip_{C76A5779-6CA2-459E-82C0-92AF137EEC3D}.
The backup browser is stopping.
 
Error: (06/26/2013 06:44:15 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer 
 
ARUMUGA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_
 
{C76A5779-6CA2-459E-82C0-92AF137EEC3D}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (07/01/2013 11:58:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5024
 
Error: (07/01/2013 11:58:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5024
 
Error: (07/01/2013 11:58:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/01/2013 11:58:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4010
 
Error: (07/01/2013 11:58:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4010
 
Error: (07/01/2013 11:58:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/01/2013 11:58:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error: (07/01/2013 11:58:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
 
Error: (07/01/2013 11:58:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/01/2013 11:58:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.4)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Help Manager (Version: 4.0.244)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Alcor Micro USB Card Reader (Version: 1.8.17.26026)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcGIS Desktop (Version: 9.3.1770)
ASUS FancyStart (Version: 1.1.0)
ASUS LifeFrame3 (Version: 3.0.21)
ASUS Live Update (Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.44)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0031)
ASUS Video Magic (Version: 6.0.4710)
ASUS Virtual Camera (Version: 1.0.21)
ASUS_Screensaver
Atheros Client Installation Program (Version: 7.0)
ATK Package (Version: 1.0.0008)
Audacity 2.0.3 (Version: 2.0.3)
AutoHotkey 1.1.11.01 (Version: 1.1.11.01)
Battlefield 3™ (Version: 1.6.0.0)
Battlelog Web Plugins (Version: 2.1.7)
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Bonjour (Version: 3.0.0.10)
Borderlands 2
CamStudio Lossless Codec v1.5 (Version: 1.5)
CamStudio version 2.7 (Version: 2.7)
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 4.1
Canon MX420 series MP Drivers
Canon My Printer
CCleaner (Version: 4.02)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
CyberLink MediaEspresso (Version: 6.0.1123_32710)
CyberLink PowerDirector (Version: 8.0.3327)
CyberLink PowerDVD 10 (Version: 10.0.2312.52)
Dark Souls Prepare to Die Edition (Version: 1.0.0000.130)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Ditto
Dropbox (Version: 2.0.22)
ESN Sonar (Version: 0.70.4)
ETDWare PS/2-x64 7.0.5.16_WHQL (Version: 7.0.5.16)
Evernote v. 4.6.6 (Version: 4.6.6.8360)
ExpressGate Cloud (Version: 2.1.88.405)
F.lux
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Fast Boot (Version: 1.0.9)
Freemake Video Converter version 3.1.2 (Version: 3.1.2)
Freemake Video Downloader (Version: 3.5.1)
FreeMind (Version: 0.9.0)
Fresco Logic USB3.0 Host Controller (Version: 3.0.116.3)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 9.17.10.2932)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 21 (Version: 7.0.210)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
lightshot-4.3.0.0 (Version: 4.3.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6123.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 
 
14.0.5120.5000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50826.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.3.5500.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219)
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (Version: 10.0.40219)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.40219)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetLogo 5.0.4 (Version: 5.0.4)
Notepad++ (Version: 6.3.2)
NVIDIA Control Panel 320.18 (Version: 320.18)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Graphics Driver 320.18 (Version: 320.18)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA Optimus 4.11.9 (Version: 4.11.9)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
Origin (Version: 9.1.15.109)
PDF Settings CS6 (Version: 11.0)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6334)
Rosetta Stone Version 3 (Version: 3.4.5.0)
saFe savae (Version: )
SafeSaver 1.74
Scribblenauts Unlimited
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Sketchpad
Skype™ 6.5 (Version: 6.5.158)
SonicMaster (Version: 1.00.0000)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
Super Hexagon (Version: 1.0)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.10)
TeamViewer 8 (Version: 8.0.18051)
TI-Nspire™ CAS Student Software (Version: 3.2.0.1219)
TogglDesktop (Version: 4.94.0)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB2.0 UVC 2M WebCam (Version: 5.8.55133.207)
Vegas Pro 11.0 (Version: 11.0.370)
VirtualCloneDrive
Visual Basic for Applications ® Core - English (Version: 6.5.10.32)
Visual Basic for Applications ® Core (Version: 6.5.10.32)
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 2.0.7 (Version: 2.0.7)
WCF RIA Services V1.0 SP1 (Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 
 
04/19/2012 2.3.1.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows XP Mode (Version: 1.3.7600.16423)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
Wireless Console 3 (Version: 3.0.19)
XChat 2 (remove only)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 31%
Total physical RAM: 14241.06 MB
Available physical RAM: 9692.93 MB
Total Pagefile: 28480.3 MB
Available Pagefile: 23922.78 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.73 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:156.25 GB) (Free:44.63 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:269.51 GB) (Free:159.13 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\AGANESAN
 
Administrator            Arumuga                  Guest                    
UpdatusUser              
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****
 

=================================================

 

C:\Users\All Users\saFe savae\51d20a7d23e3b.dll a variant of Win32/Adware.MultiPlug.I application
C:\ProgramData\saFe savae\51d20a7d23e3b.dll a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\Users\Arumuga\AppData\Local\Google\Chrome\User Data\Default\Extensions\abinegbinpfghapbdljamhebjllbldfg\1\51d20a7d23c004.35115340.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Arumuga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZW26GP\51d20a7d3cb03[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Arumuga\AppData\Roaming\Mozilla\Firefox\Profiles\cz41h0hh.default\extensions\xgdkgdol@dvrwak.com\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
 

 

 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 01 July 2013 - 10:19 PM

Well that cleaned up a bit of garbage -

 

Update your Malwarebytes Anti-Malware and run a Quick Scan only
Please post the results back here

 

 

Also : Download SUPERAntiSpyware Free (aka SAS)
* Double-click SAS -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be sure it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer after you post the log.

 

 

Now 2 extra tools to help clear unwanted bits -

 

Please download AdwCleaner by Xplode onto your desktop.
*Close all open programs and internet browsers.
*You may need to disable your Antivirus while the program runs
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
*NOTE : Your computer will be rebooted automatically.
*A text file will open after the restart.
*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Also : Please download Junkware Removal Tool by thisisu to your desktop.
*Shut down your protection software now to avoid potential conflicts.
*Run the tool by double-clicking it -
*If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
*The tool will open and start scanning your system.
*Please be patient as this can take a while to complete depending on your system's specifications.
*On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
*Post the contents of JRT.txt into your next message.

 

Now be sure to re-enable your Antivirus again

 

 

Thanks -



#7 ViroDox

ViroDox
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:32 AM

Posted 01 July 2013 - 11:27 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.01.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Arumuga :: AGANESAN [administrator]
 
7/1/2013 11:59:52 PM
mbam-log-2013-07-01 (23-59-52).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250820
Time elapsed: 4 minute(s), 35 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

===========================

 

SUPERAntiSpyware Scan Log

 
Generated 07/01/2013 at 08:12 PM
 
Application Version : 5.6.1020
 
Core Rules Database Version : 10578
Trace Rules Database Version: 8390
 
Scan type       : Complete Scan
Total Scan Time : 01:17:24
 
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
 
Memory items scanned      : 685
Memory threats detected   : 0
Registry items scanned    : 85488
Registry threats detected : 0
File items scanned        : 122252
File threats detected     : 153
 
Adware.Tracking Cookie
C:\Users\Arumuga\AppData\Roaming\Microsoft\Windows\Cookies\PH2QYJKJ.txt [ /c.atdmt.com ]
C:\Users\Arumuga\AppData\Roaming\Microsoft\Windows\Cookies\MI5DH7DO.txt [ /doubleclick.net ]
C:\USERS\ARUMUGA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZKPUQBK1.txt [ Cookie:arumuga@c.atdmt.com/ ]
C:\USERS\ARUMUGA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NTDKGEZ6.txt [ Cookie:arumuga@atdmt.com/ ]
C:\USERS\ARUMUGA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XJ93CWQW.txt [ Cookie:arumuga@doubleclick.net/ ]
C:\USERS\ARUMUGA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XS0LN8VL.txt [ Cookie:arumuga@serving-sys.com/ ]
C:\USERS\ARUMUGA\Cookies\PH2QYJKJ.txt [ Cookie:arumuga@c.atdmt.com/ ]
C:\USERS\ARUMUGA\Cookies\MI5DH7DO.txt [ Cookie:arumuga@doubleclick.net/ ]
.imrworldwide.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quickfind.kassad.in [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pulse-analytics-beacon.reutersmedia.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
app.quotemedia.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.question-defense.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.question-defense.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tripod.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.highbeam.122.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atrack.allposters.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.harrahs.112.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
quickfind.kassad.in [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quickfind.kassad.in [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quickfind.kassad.in [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quickfind.kassad.in [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
quickfind.kassad.in [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teen.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teen.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teen.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teen.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gotquestions.org [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gotquestions.org [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.gotquestions.org [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bonniercorp.122.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.canwestglobal.112.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.toplist.eu [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.toplist.cz [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.wileypublishing.112.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nhl.112.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pcworldcommunication.122.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cmp.112.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.complex.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.complex.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.thinkeyetracking.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.thinkeyetracking.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dennispublishing.112.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insight.torbit.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
demandmedia.trc.taboola.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
demandmedia.trc.taboola.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
demandmedia.trc.taboola.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
demandmedia.trc.taboola.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
demandmedia.trc.taboola.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
demandmedia.trc.taboola.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.namco.122.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hearstmagazines.112.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.meta.wikimedia.org [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.commons.wikimedia.org [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediawiki.org [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
species.wikimedia.org [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
incubator.wikimedia.org [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insight-beacon.torbit.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.geeksaresexy.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.geeksaresexy.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.geeksaresexy.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.ankama.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.elitepvpers.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitepvpers.org [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
findicons.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
findicons.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findicons.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findicons.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findicons.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.iconfinder.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.iconfinder.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.iconfinder.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.iconfinder.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.elitepvpers.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.elitepvpers.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitepvpers.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitepvpers.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.elitepvpers.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\ARUMUGA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 
Trojan.Agent/Gen-Prorat
C:\PROGRAM FILES (X86)\NETLOGO 5.0.4\EXTENSIONS\GOGO\WINDOWS\WINDOWSGOGOINSTALLER_32.EXE
 

============================

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Arumuga on Tue 07/02/2013 at  0:21:56.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Arumuga\AppData\Roaming\mozilla\firefox\profiles\cz41h0hh.default\minidumps [3 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Arumuga\appdata\local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/02/2013 at  0:25:50.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
===============================
 
# AdwCleaner v2.303 - Logfile created 07/02/2013 at 00:14:56
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Arumuga - AGANESAN
# Boot Mode : Normal
# Running from : C:\Users\Arumuga\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Users\Arumuga\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saFe savae
Folder Deleted : C:\ProgramData\saFe savae
Folder Deleted : C:\Users\Arumuga\AppData\Local\Google\Chrome\User Data\Default\Extensions\abinegbinpfghapbdljamhebjllbldfg
Folder Deleted : C:\Users\Arumuga\AppData\Roaming\Mozilla\Firefox\Profiles\cz41h0hh.default\extensions\xgdkgdol@dvrwak.com
Folder Deleted : C:\Users\Arumuga\AppData\Roaming\SendSpace
 
***** [Registry] *****
 
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\safesa~1\sprote~1.dll
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{41721117-5205-432B-7534-B865041E5028}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Users\Arumuga\AppData\Roaming\Mozilla\Firefox\Profiles\cz41h0hh.default\prefs.js
 
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.51d20a7d23d52.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Arumuga\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [3191 octets] - [02/07/2013 00:00:37]
AdwCleaner[S1].txt - [3184 octets] - [02/07/2013 00:14:56]
 
########## EOF - C:\AdwCleaner[S1].txt - [3244 octets] ##########

Edited by ViroDox, 01 July 2013 - 11:43 PM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 02 July 2013 - 12:44 AM

Hi -

Update  Mozilla Firefox 21.0 Firefox out of Date! (if you use it)
Update Java to Version 7 Update 25. If you have the Java Icon in Control Panel, open it and the second tab is Update.

Remove any other versions of Java, as they can be a security risk -
 

To finally remove old Temp Files >
Download TFC by Old Timer to your desktop
 •Close any open windows.
•Double click the TFC icon to run the program
•TFC will close all open programs itself in order to run,
•Click the Start button to begin the process.
•Allow TFC to run uninterrupted.
•The program should not take long to finish it's job
•Once its finished it should automatically reboot your machine,
•if it doesn't, please manually reboot to ensure a complete clean

I think this is a better cleaner than CCleaner - Run it at the end of each day (keep it)

Keep SUPERAntiSpyware and update, then run a weekly scan.

 

Open AdwCleaner and hit Uninstall (the program has no updater)
Right click > Delete JRT as no updater also
It is better to reinstall these if needed

 

Right click any logs remaining on desktop and Delete -

 

Please post any questions that you may have about anything else.
Do you have any other problems / concerns or else, as I think you seem clean now -

 

I will keep this topic on watch for another week, if you seem to have problems.

 

 

Thank you for responding to all my ideas as quickly as you have (some drag it over days)

 

Regards and Safe Surfing -


Edited by noknojon, 02 July 2013 - 12:46 AM.


#9 ViroDox

ViroDox
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:32 AM

Posted 02 July 2013 - 09:34 AM

Thank you very much for all your help, updated my programs and I'm probably going to be following your guidelines for weekly scans, maybe even cleaning my temporary files as well.



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 02 July 2013 - 06:59 PM

I will keep this on watch for a week and see how you go -

Update and Re-run SUPERAntiSpyware every few days this week as it may find a few more bits still -

 

Regards -


Edited by noknojon, 02 July 2013 - 07:01 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users