Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to uninstall or remove oxy and pilefile


  • Please log in to reply
13 replies to this topic

#1 babingan

babingan

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 07 April 2014 - 03:39 AM

yesterday i install a program, and accidently downloaded this program called pilefile reminder or oxy

 

i tried to uninstall it but when I click uninstall it does nothing and something pops up to run the program and says "You dont have sufficient access to uninstall pilefile. Please contact your administrator.".

 

i tried uninstalled via safe mode but does nothing

 

please help, how to unistall

 

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:16 PM

Posted 07 April 2014 - 07:11 AM

Hello babingan -

I have asked for your duplicate topic to be removed, we only want it once -

 

You can usually uninstall PileFile downloader from your computer by using the Add/Remove Program feature in the Window's Control Panel.

The program may also be labled as Savings Scout, or several other similar names (they are the same program).

So please follow all directions and report back at the end of these scans.

 

1. On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, > Programs, do one of the following:
Windows Vista/7/8: Click Uninstall a Program.
Windows XP: Click Add or Remove Programs.

 

2. When you find the program PileFile downloader, or any unknown program, click it, and then do one of the following:
Windows Vista / 7 / 8: Click Uninstall.
Windows XP: Click the Remove or Change/Remove tab
(to the right of the program).

 

3. Follow the prompts. A progress bar shows you how long it will take to remove PileFile downloader.

 

4. If for some reason uninstallation fails, please run all of the following programs.

 

First -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Download MiniToolBox, Save it to your desktop to run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
 Click Go and copy / paste the result (Result.txt).

 

Next -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Please post the rKill logs back here.

 

 

Important: Do not reboot your computer until you complete the next step.

 

 

Now: -

* Please download AdwCleaner by Xplode and save to your Desktop.
* NOTE : Please close or save all work, as the computer will be Rebooted
* XP users, Double-click on AdwCleaner.exe to run the tool.
* Vista / Windows 7 / 8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
* If you see any which you do not want removed, remove the check mark next to it, or post the Ro.txt log back here first.

* Next: Click on the Clean button (only once) to remove the selected items. 
* You will receive a message telling you that all programs will be close so that the infections can be removed. 
* Click on OK, and then OK again to confirm the reboot.
* When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 

Copy and Paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Please tell us if anything is better after running these scans.



#3 babingan

babingan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 07 April 2014 - 08:19 AM

this is the result of checkup.txt

 

Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Bitdefender Antivirus   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Google Chrome 31.0.1650.4  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender vsserv.exe  
 Bitdefender Bitdefender bdagent.exe  
 Bitdefender Bitdefender pmbxag.exe  
 Bitdefender Bitdefender antispam32 bdapppassmgr.exe
 Bitdefender Bitdefender updatesrv.exe  
 Bitdefender Bitdefender SafeBox safeboxservice.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#4 babingan

babingan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 07 April 2014 - 08:21 AM

Result.txt

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by USER (administrator) on 07-04-2014 at 20:20:26
Running from "C:\Users\USER\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lm.licenses.adobe.com

========================= IP Configuration: ================================

TP-LINK Wireless USB Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : USER-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TP-LINK Wireless USB Adapter
   Physical Address. . . . . . . . . : A0-F3-C1-19-25-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e9fd:ec0:dbf9:a5ce%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 07 April 2014 14:33:16
   Lease Expires . . . . . . . . . . : 10 April 2014 14:33:16
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 312538049
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-B5-FF-73-D8-50-E6-51-28-4D
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D8-50-E6-51-28-4D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0BB77DA7-89D5-4B55-BD16-992725AB1A9C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:14b2:1677:3f57:fef9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::14b2:1677:3f57:fef9%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  2404:6800:4003:807::1000
      74.125.200.102
      74.125.200.139
      74.125.200.113
      74.125.200.100
      74.125.200.101
      74.125.200.138


Pinging google.com [74.125.200.138] with 32 bytes of data:
Reply from 74.125.200.138: bytes=32 time=97ms TTL=47
Reply from 74.125.200.138: bytes=32 time=68ms TTL=47

Ping statistics for 74.125.200.138:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 68ms, Maximum = 97ms, Average = 82ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=444ms TTL=49
Reply from 206.190.36.45: bytes=32 time=394ms TTL=49

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 394ms, Maximum = 444ms, Average = 419ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...a0 f3 c1 19 25 b8 ......TP-LINK Wireless USB Adapter
 11...d8 50 e6 51 28 4d ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    281
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:5ef5:79fd:14b2:1677:3f57:fef9/128
                                    On-link
 12    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::14b2:1677:3f57:fef9/128
                                    On-link
 12    281 fe80::e9fd:ec0:dbf9:a5ce/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/07/2014 02:28:20 PM) (Source: Software Protection Platform Service) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (04/07/2014 02:43:21 AM) (Source: Application Hang) (User: )
Description: The program SM?RTP.exe version 4.96.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 874

Start Time: 01cf51d029a60ba9

Termination Time: 266

Application Path: C:\Program Files (x86)\Smadav\SM?RTP.exe

Report Id: b2a06383-bdc3-11e3-b0e7-d850e651284d

Error: (04/07/2014 02:38:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/04/2014 07:20:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: speed.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: speed.exe, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0025aa2c
Faulting process id: 0x4854
Faulting application start time: 0xspeed.exe0
Faulting application path: speed.exe1
Faulting module path: speed.exe2
Report Id: speed.exe3

Error: (04/04/2014 07:20:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: speed.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: speed.exe, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0025aa27
Faulting process id: 0x2cb4
Faulting application start time: 0xspeed.exe0
Faulting application path: speed.exe1
Faulting module path: speed.exe2
Report Id: speed.exe3

Error: (04/03/2014 04:57:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4e9569dd
Faulting module name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4e9569dd
Exception code: 0xc0000005
Fault offset: 0x0036828a
Faulting process id: 0x10ec
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3

Error: (04/03/2014 04:56:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4e9569dd
Faulting module name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4e9569dd
Exception code: 0xc0000005
Fault offset: 0x0036828a
Faulting process id: 0xfa4
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3

Error: (04/03/2014 04:17:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4e9569dd
Faulting module name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4e9569dd
Exception code: 0xc0000005
Fault offset: 0x0036828a
Faulting process id: 0xf68
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3

Error: (04/02/2014 10:38:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: TWCU.exe, version: 0.0.0.0, time stamp: 0x4ec62206
Faulting module name: TWCU.exe, version: 0.0.0.0, time stamp: 0x4ec62206
Exception code: 0xc0000005
Fault offset: 0x00005df2
Faulting process id: 0xabc
Faulting application start time: 0xTWCU.exe0
Faulting application path: TWCU.exe1
Faulting module path: TWCU.exe2
Report Id: TWCU.exe3

Error: (03/31/2014 09:36:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/07/2014 02:33:09 PM) (Source: Service Control Manager) (User: )
Description: The Protect Monitor service failed to start due to the following error:
%%1053

Error: (04/07/2014 02:33:09 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Protect Monitor service to connect.

Error: (04/07/2014 02:30:54 PM) (Source: Service Control Manager) (User: )
Description: The Protect Monitor service failed to start due to the following error:
%%1053

Error: (04/07/2014 02:30:54 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Protect Monitor service to connect.

Error: (04/07/2014 02:28:20 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated with the following error:
%%2

Error: (04/07/2014 02:26:16 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avc3
gzflt
spldr
trufos

Error: (04/07/2014 02:26:10 PM) (Source: Service Control Manager) (User: )
Description: The Protect Monitor service failed to start due to the following error:
%%1053

Error: (04/07/2014 02:26:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Protect Monitor service to connect.

Error: (04/07/2014 02:25:57 PM) (Source: Service Control Manager) (User: )
Description: The Link-Layer Topology Discovery Responder service failed to start due to the following error:
%%646

Error: (04/07/2014 02:25:57 PM) (Source: Service Control Manager) (User: )
Description: The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error:
%%646


Microsoft Office Sessions:
=========================
Error: (04/07/2014 02:28:20 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800700026.1.7601.17514

Error: (04/07/2014 02:43:21 AM) (Source: Application Hang)(User: )
Description: SM?RTP.exe4.96.0.187401cf51d029a60ba9266C:\Program Files (x86)\Smadav\SM?RTP.exeb2a06383-bdc3-11e3-b0e7-d850e651284d

Error: (04/07/2014 02:38:23 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0"C:\Windows\System32\systemcpl.dll

Error: (04/04/2014 07:20:26 PM) (Source: Application Error)(User: )
Description: speed.exe0.0.0.000000000speed.exe0.0.0.000000000c00000050025aa2c485401cf5000419f994aC:\Users\USER\Desktop\speed.exeC:\Users\USER\Desktop\speed.exe8081d22c-bbf3-11e3-aae9-d850e651284d

Error: (04/04/2014 07:20:12 PM) (Source: Application Error)(User: )
Description: speed.exe0.0.0.000000000speed.exe0.0.0.000000000c00000050025aa272cb401cf500035464130C:\Users\USER\Desktop\speed.exeC:\Users\USER\Desktop\speed.exe780fd504-bbf3-11e3-aae9-d850e651284d

Error: (04/03/2014 04:57:57 PM) (Source: Application Error)(User: )
Description: Photoshop.exe13.0.0.04e9569ddPhotoshop.exe13.0.0.04e9569ddc00000050036828a10ec01cf4f22f94c4389C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exeC:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe6e188b83-bb16-11e3-aace-d850e651284d

Error: (04/03/2014 04:56:13 PM) (Source: Application Error)(User: )
Description: Photoshop.exe13.0.0.04e9569ddPhotoshop.exe13.0.0.04e9569ddc00000050036828afa401cf4f1d8dc958caC:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exeC:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe2ffce494-bb16-11e3-aace-d850e651284d

Error: (04/03/2014 04:17:22 PM) (Source: Application Error)(User: )
Description: Photoshop.exe13.0.0.04e9569ddPhotoshop.exe13.0.0.04e9569ddc00000050036828af6801cf4f1b180db77eC:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exeC:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exec3237417-bb10-11e3-aace-d850e651284d

Error: (04/02/2014 10:38:46 PM) (Source: Application Error)(User: )
Description: TWCU.exe0.0.0.04ec62206TWCU.exe0.0.0.04ec62206c000000500005df2abc01cf4e84c06206a9C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exeC:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exee064c1e5-ba7c-11e3-9be0-d850e651284d

Error: (03/31/2014 09:36:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0"C:\Windows\System32\systemcpl.dll


CodeIntegrity Errors:
===================================
  Date: 2014-04-07 14:32:36.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 14:30:21.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 14:25:57.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 11:22:02.254
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 11:05:34.632
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 10:53:59.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 02:40:59.055
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 02:27:54.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 02:13:27.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-06 21:56:50.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

ACDSee 9 Photo Manager (Version: 9.0.108)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.1)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Help Manager (Version: 4.0.244)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0409.2219.38230)
AMD Media Foundation Decoders (Version: 1.0.80409.2207)
AMD VISION Engine Control Center (Version: 2013.0409.2219.38230)
AVG SafeGuard toolbar (Version: 18.0.5.292)
Bitdefender Total Security (Version: 17.26.0.1106)
bl (Version: 1.0.0)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41)
Borland C++ 5.02
Call of Duty® 2 (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center InstallProxy (Version: 2013.0409.2219.38230)
Catalyst Control Center Localization All (Version: 2013.0409.2219.38230)
Catalyst Control Center Profiles Mobile (Version: 2013.0409.2219.38230)
CCC Help Chinese Standard (Version: 2013.0409.2218.38230)
CCC Help Chinese Traditional (Version: 2013.0409.2218.38230)
CCC Help Czech (Version: 2013.0409.2218.38230)
CCC Help Danish (Version: 2013.0409.2218.38230)
CCC Help Dutch (Version: 2013.0409.2218.38230)
CCC Help English (Version: 2013.0409.2218.38230)
CCC Help Finnish (Version: 2013.0409.2218.38230)
CCC Help French (Version: 2013.0409.2218.38230)
CCC Help German (Version: 2013.0409.2218.38230)
CCC Help Greek (Version: 2013.0409.2218.38230)
CCC Help Hungarian (Version: 2013.0409.2218.38230)
CCC Help Italian (Version: 2013.0409.2218.38230)
CCC Help Japanese (Version: 2013.0409.2218.38230)
CCC Help Korean (Version: 2013.0409.2218.38230)
CCC Help Norwegian (Version: 2013.0409.2218.38230)
CCC Help Polish (Version: 2013.0409.2218.38230)
CCC Help Portuguese (Version: 2013.0409.2218.38230)
CCC Help Russian (Version: 2013.0409.2218.38230)
CCC Help Spanish (Version: 2013.0409.2218.38230)
CCC Help Swedish (Version: 2013.0409.2218.38230)
CCC Help Thai (Version: 2013.0409.2218.38230)
CCC Help Turkish (Version: 2013.0409.2218.38230)
ccc-utility64 (Version: 2013.0409.2219.38230)
Cheat Engine 6.3
Command & Conquer Generals (Version: 0.50.0000)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
Corel Graphics - Windows Shell Extension (Version: 16.0.0.707)
Corel Graphics - Windows Shell Extension (Version: 16.0.707)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.0.707)
Corel Shell Extension - 64Bit (Version: 14.0)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0)
CorelDRAW Graphics Suite X4 - Content (Version: 14.0)
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0)
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0)
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0)
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0)
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.0)
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.0)
CorelDRAW Graphics Suite X4 - PP (Version: 14.0)
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0)
CorelDRAW Graphics Suite X4 (Version: 14.0)
CorelDRAW Graphics Suite X6 - Capture (Version: 16.0)
CorelDRAW Graphics Suite X6 - Common (Version: 16.0)
CorelDRAW Graphics Suite X6 - Connect (Version: 16.0)
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.0)
CorelDRAW Graphics Suite X6 - Draw (Version: 16.0)
CorelDRAW Graphics Suite X6 - EN (Version: 16.0)
CorelDRAW Graphics Suite X6 - Filters (Version: 16.0)
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.0)
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0)
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.0)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.0)
CorelDRAW Graphics Suite X6 - Redist (Version: 16.0)
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.0)
CorelDRAW Graphics Suite X6 - VBA (Version: 16.0)
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.0)
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.0)
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.0)
CorelDRAW Graphics Suite X6 (Version: 16.0)
CorelDRAW Graphics Suite X6 (Version: 16.0.0.707)
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (Version: 1.0)
FilesFrog Update Checker
foobar2000 v1.3.1 (Version: 1.3.1)
FormatFactory 2.70 (Version: 2.70)
Foxit Reader 5.1 (Version: 5.1.4.104)
GOM Player (Version: 2.1.37.5085)
Google Chrome (Version: 33.0.1750.154)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.5111.1712)
Google Update Helper (Version: 1.3.23.9)
Internet Download Manager
K-Lite Mega Codec Pack 3.7.0 (Version: 3.7.0)
MagicDisc 2.7.106
Mango Skin Pack 2.0-X86 (Version: 2.0-X86)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00)
Microsoft Visual Basic for Applications 7.1 (x86) English (Version: 7.1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MiniLyrics (Version: 7.6.41)
Mobogenie
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
Nero 7 Essentials (Version: 7.03.1303)
neroxml (Version: 1.0.0)
Oxy
PDF Settings CS6 (Version: 11.0)
ph (Version: 1.0.0)
PileFile reminder
qone8 uninstaller
Realtek Ethernet Controller Driver (Version: 7.67.1226.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6767)
SMADAV version 9.6.1 (Version: 9.6.1)
SpeedUpMyComputer (Version: 38.1)
TL-WN721N/TL-WN722N Driver (Version: 1.0.0)
TP-LINK Wireless Configuration Utility (Version: 1.0.0)
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.4.99.69)
VLC media player 1.1.11 (Version: 1.1.11)
Winamp (Version: 5.52 )
Winamp Detector Plug-in (Version: 1.0.0.1)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 4052.18 MB
Available physical RAM: 1962.83 MB
Total Pagefile: 8102.55 MB
Available Pagefile: 6055.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.29 MB

========================= Partitions: =====================================

1 Drive c: (SYSTEM) (Fixed) (Total:97.56 GB) (Free:47.32 GB) NTFS
2 Drive d: (DATA I) (Fixed) (Total:180.66 GB) (Free:136.08 GB) NTFS
3 Drive e: (DATA II) (Fixed) (Total:187.44 GB) (Free:153.61 GB) NTFS
5 Drive g: (CGX4_PGRM) (CDROM) (Total:2.66 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\USER-PC

Administrator            Guest                    USER                     


**** End of log ****
 



#5 babingan

babingan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 07 April 2014 - 08:23 AM

Rkill.txt

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/07/2014 08:22:03 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\srvany.exe (PID: 1684) [WD-HEUR]
 * C:\Windows\KMService.exe (PID: 2156) [WD-HEUR]
 * C:\Users\USER\AppData\Local\Temp\Download_C4A7\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe (PID: 4408) [T-HEUR]
 * C:\Windows\SysWOW64\notepad.exe (PID: 3768) [WD-HEUR]
 * C:\Windows\SysWOW64\notepad.exe (PID: 4772) [WD-HEUR]

5 proccesses terminated!

Possibly Patched Files.

 * C:\Windows\Explorer.EXE

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * C:\Windows\System32\user32.dll : 1.008.640 : 01/15/2011 10:53 PM : e573bd9ab55c8e333c202b9e255f972e [NoSig]
 +-> C:\Windows\SysWOW64\user32.dll : 833.024 : 03/15/2014 08:25 PM : 2c9cc9f492ca596b1b9fc1ae5e916356 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1.008.640 : 07/14/2009 08:41 AM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1.008.128 : 01/15/2011 10:53 PM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833.024 : 07/14/2009 08:11 AM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833.024 : 01/15/2011 10:54 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

 * C:\Windows\explorer.exe : 2.903.552 : 01/15/2011 10:53 PM : 143eed300b8efd981683a3ecf4c6bfaa [NoSig]
 +-> C:\Windows\Mango Skin Pack\Backup\explorer.exe : 2.872.320 : 01/15/2011 10:53 PM : ac4c51eb24aa95b77f705ab159189e24 [Pos Repl]
 +-> C:\Windows\SysWOW64\explorer.exe : 2.616.320 : 01/15/2011 10:54 PM : 40d777b7a95e00593eb1568c68514493 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2.868.224 : 07/14/2009 08:39 AM : c235a51cb740e45ffa0ebfb9bafcda64 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe : 2.872.320 : 01/15/2011 10:53 PM : ac4c51eb24aa95b77f705ab159189e24 [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2.613.248 : 07/14/2009 08:14 AM : 15bc38a7492befe831966adb477cf76f [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe : 2.616.320 : 01/15/2011 10:54 PM : 40d777b7a95e00593eb1568c68514493 [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 activate.adobe.com
  127.0.0.1 practivate.adobe.com
  127.0.0.1 lm.licenses.adobe.com

Program finished at: 04/07/2014 08:22:27 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)
 



#6 babingan

babingan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 07 April 2014 - 08:44 AM

AdwCleaner[R0].txt

 

# AdwCleaner v3.023 - Report created 07/04/2014 at 20:28:07
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : MgAssistService

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qone8.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\USERs\USER\Desktop\Mobogenie.lnk
File Found : C:\Windows\System32\Tasks\AmiUpdXp
File Found : C:\Windows\Tasks\AmiUpdXp.job
Folder Found : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Folder Found : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\df3r8vhc.default\Extensions\quick_start@gmail.com
Folder Found C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Mobogenie
Folder Found C:\ProgramData\AVG SafeGuard toolbar
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\RegClean
Folder Found C:\USERs\USER\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\USERs\USER\AppData\Local\FilesFrog Update Checker
Folder Found C:\USERs\USER\AppData\Local\FilesFrog Update Checker
Folder Found C:\USERs\USER\AppData\Local\Mobogenie
Folder Found C:\USERs\USER\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Folder Found C:\USERs\USER\AppData\Roaming\OpenCandy
Folder Found C:\USERs\USER\AppData\Roaming\Oxy
Folder Found C:\USERs\USER\Documents\Mobogenie

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W )
Shortcut Found : C:\Users\USER\Desktop\Google Chrome.lnk ( hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W
Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Escolade
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\smarttweak
Key Found : HKCU\Software\Somoto
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Escolade
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\Somoto
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\qone8Software
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\df3r8vhc.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://start.qone8.com/newtab/?type=nt&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W");
Line Found : user_pref("browser.search.defaultenginename", "qone8");
Line Found : user_pref("browser.search.selectedEngine", "qone8");
Line Found : user_pref("browser.startup.homepage", "hxxp://start.qone8.com/?type=hp&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W");

-\\ Google Chrome v

[ File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [12681 octets] - [07/04/2014 20:28:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12742 octets] ##########
 


AdwCleaner[S0].txt

 

 

# AdwCleaner v3.023 - Report created 07/04/2014 at 20:34:21
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : MgAssistService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\RegClean
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\USERs\USER\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\USERs\USER\AppData\Local\FilesFrog Update Checker
Folder Deleted : C:\USERs\USER\AppData\Local\Mobogenie
Folder Deleted : C:\USERs\USER\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\USERs\USER\AppData\Roaming\OpenCandy
Folder Deleted : C:\USERs\USER\AppData\Roaming\Oxy
Folder Deleted : C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Folder Deleted : C:\USERs\USER\Documents\Mobogenie
Folder Deleted : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\df3r8vhc.default\Extensions\quick_start@gmail.com
Folder Deleted : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
File Deleted : C:\USERs\USER\Desktop\Mobogenie.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qone8.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\USER\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\qone8Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\df3r8vhc.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://start.qone8.com/newtab/?type=nt&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W");
Line Deleted : user_pref("browser.search.defaultenginename", "qone8");
Line Deleted : user_pref("browser.search.selectedEngine", "qone8");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.qone8.com/?type=hp&ts=1396855714&from=mp3&uid=ST500DM002-1BD142_Z3TT302WXXXXZ3TT302W");

*************************

AdwCleaner[R0].txt - [12871 octets] - [07/04/2014 20:28:07]
AdwCleaner[S0].txt - [10987 octets] - [07/04/2014 20:34:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11048 octets] ##########
 



#7 babingan

babingan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 07 April 2014 - 08:55 AM

thank you very much for your help

 

oxy and pilefile still running, and i cant unistall it

 

before i did your instruction my cpu usage is always 90 % or above

 

and now my cpu usage is normal, always under 50 %

 

what must i do again to remove oxy and pilefile



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:16 PM

Posted 07 April 2014 - 05:32 PM

Hi -

Please look in Control Panel > Programs and Features, and I need to know if any of these are listed...

PileFile reminder
Oxy

SpeedUpMyComputer << (the program that installed these problems)

 

If they are listed we can remove them from there.

 

Is this Monster Warlord Hack and Cheats Download Downloader.exe now gone ??

It was installed illegally from a Torrent or other downloader.



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:16 PM

Posted 07 April 2014 - 05:52 PM

You can print this if you like, as you may not be able to see all options while starting.

 

Please scan your computer with ESET Online Scanner

Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3a and 3b in this post

1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
b - Double click on the  icon on your desktop.
4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take quite some time (first time scans are always longer).Allow 2 hours
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.



#10 babingan

babingan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 08 April 2014 - 01:26 AM

pilefile and oxy still on controlpanel

speedupmycomputer has uninstalled

 

for Monster Warlord Hack and Cheats Download Downloader.exe is still on the desktop.

 

now i did your next instruction



#11 babingan

babingan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 08 April 2014 - 02:12 AM

result of eset

 

C:\Users\All Users\IePluginService\PluginService.exe    a variant of Win32/ELEX.AD potentially unwanted application    
C:\Users\All Users\WPM\wprotectmanager.exe    a variant of Win32/ELEX.AE potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\USERs\USER\AppData\Roaming\OpenCandy\A628D751932047748FED1330C7FDF12B\Mobogenie_Setup_2.2.2_507.exe.vir    Win32/Mobogenie.B potentially unwanted application    deleted - quarantined
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\adobe.cs6.all.products.activator.(x32.y.x64)_up01-MPT.exe    a variant of Win32/HackTool.Patcher.T potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe    a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\PCData\dgen.exe    a variant of Win64/BitCoinMiner.U potentially unsafe application    deleted - quarantined
C:\ProgramData\IePluginService\PluginService.exe    a variant of Win32/ELEX.AD potentially unwanted application    deleted (after the next restart) - quarantined
C:\ProgramData\WPM\wprotectmanager.exe    a variant of Win32/ELEX.AE potentially unwanted application    deleted (after the next restart) - quarantined
C:\Users\USER\AppData\Local\Temp\CheatEngine63Clean.exe    a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\setup.exe    a variant of Win32/Amonetize.AJ potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\setup__1546.exe    a variant of Win32/Amonetize.AJ potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmp1605.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmp24DB.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmp2E44.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmp658C.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmp786B.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmpAE98.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmpBE43.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmpED3F.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmpEE65.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmpFC2D.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_11CB\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_53D9\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_70BC\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_7ABA\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_7C43\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_9B16\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_9DE3\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_9E9F\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_9FA8\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_A17C\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_AFAF\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_B77B\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_C4A7\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_D5E4\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_D8D1\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_F2D6\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Download_FFB2\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\fullpackage_temp1396550990\tmp\wpm.exe    a variant of Win32/ELEX.AE potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\fullpackage_temp1396878439\tmp\desk365.exe    a variant of Win32/ELEX.Y potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\fullpackage_temp1396878439\tmp\SupTab.exe    a variant of Win32/ELEX.AD potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\fullpackage_temp1396878439\tmp\wpm.exe    a variant of Win32/ELEX.AE potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_31B\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_3255\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_38EB\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_472\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_6DDF\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_9696\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_9E9F\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_B98E\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_BB91\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_DC59\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_DCF6\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_E715\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_E780\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\Monster Warlord Hack and Cheats DownloadDownload_F0F2\Monster_Warlord_Hack_and_Cheats_Download_Downloader.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmp6388\Bundle.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\tmp71EF\Bundle.exe    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Users\USER\AppData\Roaming\Oxy\oxyinst.exe    a variant of Win32/BundleInstaller.D potentially unwanted application    deleted - quarantined
C:\Users\USER\Desktop\downloads\Adobe CS6 All Products Activator (x32 & x64)\Adobe CS6 All Products Activator (x32 & x64)\adobe.cs6.all.products.activator.(x32.y.x64)_up01-MPT.exe    a variant of Win32/HackTool.Patcher.T potentially unsafe application    deleted - quarantined
C:\Users\USER\Desktop\downloads\Adobe CS6 All Products Activator (x32 & x64) 2012.[waqarr]\Adobe CS6 All Products Activator (x32 & x64)\Adobe CS6 All Products Activator (x32 & x64)\adobe.cs6.all.products.activator.(x32.y.x64)_up01-MPT.exe    a variant of Win32/HackTool.Patcher.T potentially unsafe application    deleted - quarantined
C:\Users\USER\Downloads\internet-download-manager-6.19 Build 2.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\USER\Downloads\MangoSkinPack_downloader_by_SkinPack.exe    Win32/Somoto.A potentially unwanted application    deleted - quarantined
C:\Users\USER\Downloads\MiniLyricsv7641.exe    a variant of Win32/OpenInstall potentially unwanted application    deleted - quarantined
C:\Users\USER\Downloads\Programs\CheatEngine63.exe    a variant of Win32/Somoto.A potentially unwanted application    deleted - quarantined
C:\Users\USER\Downloads\Programs\FLVPlayerSetup-fBRq0CU.exe    Win32/Somoto.A potentially unwanted application    deleted - quarantined
C:\Users\USER\Downloads\Programs\Nicky romero vs avicii i could be the one.exe    a variant of Win32/InstalleRex.P potentially unwanted application    deleted - quarantined
C:\Users\USER\Downloads\Programs\Setup__5213_il8503.exe    a variant of Win32/Amonetize.AJ potentially unwanted application    deleted - quarantined
C:\Windows\KMService.exe    Win32/HackKMS.A potentially unsafe application    deleted (after the next restart) - quarantined
C:\Windows\Temp\tmp000061f0\tmp0000035c    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
C:\Windows\Temp\tmp000061f0\tmp0000035e    a variant of Win32/Amonetize.Z potentially unwanted application    deleted - quarantined
E:\cod@2\Crack&Keygen\Keygen.exe    a variant of Win32/Keygen.CU potentially unsafe application    deleted - quarantined
E:\kuliah\PhotoScape_V3.6.2.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
 



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:16 PM

Posted 08 April 2014 - 02:25 AM

.

This looks much better, do you still have all the same problems, as you did not leave me a report ........



#13 babingan

babingan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 08 April 2014 - 03:39 AM

pilefile and oxy still on controlpanel and i can't uninstall



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:16 PM

Posted 08 April 2014 - 03:58 AM

Please follow the instructions in  This Prep Guide starting at Step #6.
NOTE - If you cannot complete a step, skip it and continue.

 

 Once the 2 DDS logs are created, then make a NEW TOPIC and post them to =>
Virus, Trojan, Spyware, and Malware Removal Logs area  with a brief idea of your problem.

 

They can use other tools to remove the program that I can not use in this area.

 

Please post back here with a link to the new topic so we can close this one to stop any bad advice being posted.

 

If HelpBot replies, please follow its Step #1 and the team will be notified.

 

Many other people are being hit with the same thing, and we are having problems removing it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users