Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

awesomehp & nengine.dll - log to analyse


  • This topic is locked This topic is locked
2 replies to this topic

#1 poiuytrewq86

poiuytrewq86

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 01 March 2014 - 04:34 AM

hey
 
i'm trying to delete awesomehp and related bugs. Also trying to figure out why during start the system shows information about problem with loading nengine.dll
can anyone take a look at the log from malwarebytes and help to analyse it?
 
_______________________________________________________________________________
 
Registry Keys Detected: 7
HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> No action taken.
HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} (PUP.Optional.SupTab.A) -> No action taken.
HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} (PUP.Optional.SupTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab (PUP.Optional.SupTab.A) -> No action taken.
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.
 
Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Awesomehp.A) -> Bad: (http://www.awesomehp.com/?type=hp&ts=1393328436&from=amt&uid=SamsungXSSDX840XSeries_S19HNEAD216067P) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Awesomehp.A) -> Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1393328436&from=amt&uid=SamsungXSSDX840XSeries_S19HNEAD216067P) Good: (iexplore.exe) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.Awesomehp.A) -> Bad: (http://www.awesomehp.com/web/?type=ds&ts=1393328436&from=amt&uid=SamsungXSSDX840XSeries_S19HNEAD216067P&q={searchTerms}) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Awesomehp.A) -> Bad: (http://www.awesomehp.com/?type=hp&ts=1393328436&from=amt&uid=SamsungXSSDX840XSeries_S19HNEAD216067P) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> No action taken.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Awesomehp.A) -> Bad: (http://www.awesomehp.com/?type=hp&ts=1393328436&from=amt&uid=SamsungXSSDX840XSeries_S19HNEAD216067P) Good: (http://www.google.com) -> No action taken.
 
Folders Detected: 28
C:\Program Files (x86)\SupTab (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\js (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\en-US (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\es-419 (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\es-ES (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\fr-BE (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\fr-CA (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\fr-CH (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\fr-FR (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\fr-LU (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\it-CH (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\it-IT (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\pl (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\pt-BR (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\ru (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\ru-MO (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\tr-TR (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\vi-VI (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\zh-CN (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\zh-TW (PUP.Optional.SupTab.A) -> No action taken.
C:\Users\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.
C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> No action taken.
C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> No action taken.
 
Files Detected: 102
C:\Program Files (x86)\SupTab\SupTab.dll (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe (PUP.Optional.IePluginService.A) -> No action taken.
C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36QDJ0AP\Setup[2].exe (PUP.Optional.Surftastic.A) -> No action taken.
C:\Users\AppData\Local\Temp\fullpackage_temp1393328424\package1.zip (PUP.Optional.SkyTech.A) -> No action taken.
C:\Users\AppData\Local\Temp\fullpackage_temp1393328424\QQBrowserFrame.dll (PUP.Optional.SkyTech.A) -> No action taken.
C:\Users\AppData\Local\Temp\fullpackage_temp1393328424\tmp\SupTab.exe (PUP.Optional.SupTab.A) -> No action taken.
C:\Users\AppData\Local\Temp\NeroInstallFiles\NERO20131212105334547\ISSetupPrerequisites\opencandy\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\AppData\Roaming\SupTab\SupTab.dll (PUP.Optional.SupTab.A) -> No action taken.
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\awesomehp.xml (PUP.Optional.Awesomehp.A) -> No action taken.
C:\Program Files (x86)\SupTab\install.data (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\BHOEnabler.exe (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\uninstall.exe (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\indexIE.html (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\indexIE8.html (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\style.css (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\ver.txt (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\default_logo.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\icon128.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\icon16.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\icon48.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\loading.gif (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\0.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\1.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\10.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\11.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\12.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\13.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\14.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\15.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\16.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\17.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\18.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\19.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\2.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\20.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\21.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\22.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\23.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\24.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\25.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\26.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\27.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\28.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\29.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\3.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\30.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\31.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\32.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\33.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\34.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\35.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\36.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\37.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\38.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\39.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\4.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\40.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\41.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\42.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\43.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\44.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\45.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\46.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\47.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\5.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\6.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\7.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\8.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\img\weather\9.png (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\js\background.js (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\js\ga.js (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\js\jquery-base.js (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\js\js.js (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\js\xagainit.js (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json (PUP.Optional.SupTab.A) -> No action taken.
C:\Users\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx (PUP.Optional.NewTab.A) -> No action taken.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.
C:\Users\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.
C:\ProgramData\IePluginService\update\conf (PUP.Optional.IePluginService.A) -> No action taken.
 
(end)
 


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 AM

Posted 01 March 2014 - 05:43 AM

Hey,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 AM

Posted 18 March 2014 - 05:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users