Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

w32.Dropper.Gen possible infection


  • Please log in to reply
4 replies to this topic

#1 EffectiveBones484

EffectiveBones484

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Howling Abyss
  • Local time:08:25 PM

Posted 09 April 2014 - 05:52 PM

Hello,
I just downloaded Xsplit, and Webroot told me I had w32.Dropper.Gen. I tried to remove it but nothing happened for a few seconds and I panicked and shut down my computer. It had told me it needed to do a windows update, and it forced me to do it. My mom just started the computer again and everything seemed fine. I did view the WOT scorecard for the website and scanned that particular file with VirusTotal and Malwarebytes. Nothing seemed to be wrong, so I think it might be a false positive. But I am not sure if this has anything to do with the Heartbleed (or whatever it's called) so I am still skeptical. I am using Windows 8.1. What should I do from here? Any help is appreciated.
The reason I panicked, by the way, is because something similar happened before and I have a general anxiety disorder diagnosis.

Edited by EffectiveBones484, 09 April 2014 - 05:52 PM.


BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:25 PM

Posted 09 April 2014 - 06:27 PM

I just downloaded Xsplit, and Webroot told me I had w32.Dropper.Gen.

Hello,

First it is no major life problem, as w32.Dropper.Gen is a very common term for almost any infection, major or minor.

Webroot may have jumped at the fact that a strange program was installed, but it may also be an infection.

 

We need to know where you downloaded Xsplit from, as it may have been any small item on the download page that caused this, plus your Antivirus may have captured the problem already, and no more action is needed.

 

A few quick scans may lead us in the direction we need to follow, as leaving your computer in a box will not Find it or Fix it.

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please download MiniToolBox to desktop and run it.
Checkmark following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

 

Do you have the current Malwarebytes Anti-Malware 2.0 installed ? If not please see below.

 

Please download and scan with Malwarebytes Anti-Malware 2.0. as shown.

When done, please post the complete results of your Malwarebytes scan for review.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
* Open Malwarebytes Anti-Malware.
* Click the History Tab at the top and select Application Logs.
* Select (check) the box next to Scan Log. Choose the most current scan.
* Click the View button.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
* Open Malwarebytes Anti-Malware.
* Click the Scan Tab at the top.
* Click the View detailed log link on the right..
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.

 

 

After those logs are posted follow with this -

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

* Un check any items you know to be good and then continue ........
* NOW : Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Last -

Clear Cache / Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator.
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.



#3 EffectiveBones484

EffectiveBones484
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Howling Abyss
  • Local time:08:25 PM

Posted 09 April 2014 - 07:21 PM

I downloaded Xsplit from https://www.xsplit.com/. I am pretty sure that's the official website... Anyway, I deleted the Xsplit installation files, just FYI.

 

Here are the logs requested:

 

Security Check:

Results of screen317's Security Check version 0.99.81  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Webroot SecureAnywhere   
Windows Defender         
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 DJ Java Decompiler v.3.12.12.96  
 Java 7 Update 51  
 Java SE Development Kit 7 Update 25
 Adobe Flash Player     12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Mini Tool Box:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Colin (administrator) on 09-04-2014 at 17:59:20
Running from "C:\Users\Colin\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (04/09/2014 05:57:56 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1274

Start Time: 01cf544ed0729125

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: c490f3fd-c042-11e3-beba-78e3b5bb740e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/09/2014 05:54:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (04/09/2014 05:47:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (04/09/2014 05:47:29 PM) (Source: Perflib) (User: )
Description: ASP.NET_2.0.50727

Error: (04/09/2014 05:47:29 PM) (Source: Perflib) (User: )
Description: ASP.NET_2.0.507278

Error: (04/09/2014 05:47:29 PM) (Source: Perflib) (User: )
Description: ASP.NET_1.1.43228

Error: (04/09/2014 05:47:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/09/2014 05:22:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/09/2014 05:01:26 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1518

Start Time: 01cf5446ec666d36

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: dfed4962-c03a-11e3-beba-78e3b5bb740e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/09/2014 04:42:14 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (04/09/2014 05:52:05 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (04/09/2014 05:51:25 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (04/09/2014 05:50:55 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (04/09/2014 05:50:25 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (04/09/2014 05:42:02 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (04/09/2014 05:41:32 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (04/09/2014 05:41:02 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (04/09/2014 05:40:05 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (04/09/2014 05:39:35 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (04/09/2014 05:39:05 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.


Microsoft Office Sessions:
=========================
Error: (04/09/2014 05:57:56 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20413127401cf544ed07291254294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exec490f3fd-c042-11e3-beba-78e3b5bb740emicrosoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/09/2014 05:54:38 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\$Recycle.Bin\S-1-5-21-3926095743-3760056856-852498300-1011\$RY3CL9V.exe

Error: (04/09/2014 05:47:39 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/09/2014 05:47:29 PM) (Source: Perflib)(User: )
Description: ASP.NET_2.0.50727

Error: (04/09/2014 05:47:29 PM) (Source: Perflib)(User: )
Description: ASP.NET_2.0.507278

Error: (04/09/2014 05:47:29 PM) (Source: Perflib)(User: )
Description: ASP.NET_1.1.43228

Error: (04/09/2014 05:47:27 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (04/09/2014 05:22:10 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (04/09/2014 05:01:26 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20413151801cf5446ec666d364294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exedfed4962-c03a-11e3-beba-78e3b5bb740emicrosoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/09/2014 04:42:14 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


CodeIntegrity Errors:
===================================
  Date: 2014-02-19 15:30:16.349
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

4 Elements II (Version: 2.2.0.98)
707 Great Games (Version: 1.00.0000)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adblock Plus for IE (32-bit and 64-bit) (Version: 1.1)
Adblock Plus for IE (Version: 1.1)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Age of Empires III (Version: 1.00.0000)
Age of Mythology
Age of Mythology - The Titans Expansion
AGEod's American Civil War
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Control Center (Version: 2013.0819.1344.22803)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Wireless Display v3.0 (Version: 1.0.0.13)
Apowersoft Free Screen Recorder V1.3.2 (Version: 1.3.2)
Apple Application Support (Version: 3.0.1)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0.2 (Version: 2.0.2)
Auto Mouse Mover 1.8.1 (Version: 1.8.1)
Bejeweled 3 (Version: 2.2.0.98)
Better BAT AI
Blender (Version: 2.69)
BlitzIn 3.0
Bonjour (Version: 3.0.0.10)
Build-a-lot 4 - Power Source (Version: 2.2.0.98)
CamStudio Lossless Codec v1.5 (Version: 1.5)
CamStudio version 2.7 (Version: 2.7)
Camtasia Studio 8 (Version: 8.1.2.1327)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.0819.1344.22803)
Catalyst Control Center InstallProxy (Version: 2013.0819.1344.22803)
Catalyst Control Center Localization All (Version: 2013.0819.1344.22803)
CCC Help Chinese Standard (Version: 2013.0819.1343.22803)
CCC Help Chinese Traditional (Version: 2013.0819.1343.22803)
CCC Help Czech (Version: 2013.0819.1343.22803)
CCC Help Danish (Version: 2013.0819.1343.22803)
CCC Help Dutch (Version: 2013.0819.1343.22803)
CCC Help English (Version: 2013.0819.1343.22803)
CCC Help Finnish (Version: 2013.0819.1343.22803)
CCC Help French (Version: 2013.0819.1343.22803)
CCC Help German (Version: 2013.0819.1343.22803)
CCC Help Greek (Version: 2013.0819.1343.22803)
CCC Help Hungarian (Version: 2013.0819.1343.22803)
CCC Help Italian (Version: 2013.0819.1343.22803)
CCC Help Japanese (Version: 2013.0819.1343.22803)
CCC Help Korean (Version: 2013.0819.1343.22803)
CCC Help Norwegian (Version: 2013.0819.1343.22803)
CCC Help Polish (Version: 2013.0819.1343.22803)
CCC Help Portuguese (Version: 2013.0819.1343.22803)
CCC Help Russian (Version: 2013.0819.1343.22803)
CCC Help Spanish (Version: 2013.0819.1343.22803)
CCC Help Swedish (Version: 2013.0819.1343.22803)
CCC Help Thai (Version: 2013.0819.1343.22803)
CCC Help Turkish (Version: 2013.0819.1343.22803)
ccc-utility64 (Version: 2013.0819.1344.22803)
Chessmaster 10th Edition (Version: 1.00.0000)
Civ3MultiTool (Version: 1.12.6)
CivAssist II (Version: 2.0.0)
Cradle Of Egypt Collector's Edition (Version: 2.2.0.98)
Cradle of Rome 2 (Version: 2.2.0.98)
CyberLink LabelPrint (Version: 2.5.2.5630)
CyberLink Media Suite 10 (Version: 10.0.2.2114)
CyberLink PhotoDirector (Version: 2.0.2.3317)
CyberLink PowerDirector 10 (Version: 10.0.2.2126)
CyberLink PowerDVD (Version: 10.0.8.5511)
D3DX10 (Version: 15.4.2368.0902)
Dasher
DJ Java Decompiler v.3.12.12.96 (Version: 1.8)
EA SPORTS online 2008
ESET Online Scanner v3
Europa Universalis IV
Farm Frenzy (Version: 2.2.0.98)
FATE: The Cursed King (Version: 2.2.0.97)
Final Drive Fury (Version: 2.2.0.95)
Fraps (remove only)
Free Sound Recorder v9.6.1
Free Studio version 2013 (Version: 6.1.10.812)
Free YouTube Download version 3.2.3.610 (Version: 3.2.3.610)
Gardenscapes: Mansion Makeover (Version: 3.0.2.32)
GIMP 2.8.4 (Version: 2.8.4)
gmax (Version: 4.4.0.125)
Google Chrome (Version: 33.0.1750.154)
Google Drive (Version: 1.14.6059.644)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.23.9)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
House of 1000 Doors: Family Secrets (Version: 2.2.0.98)
Hoyle Card Games (Version: 2.2.0.95)
HP Connected Music (Meridian - installer) (Version: v1.0)
HP Connected Remote (Version: 1.0.1218)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Games (Version: 1.0.3.0)
HP MyRoom (Version: 9.0.0.0)
HP Postscript Converter (Version: 3.1.3591)
HP Quick Start (Version: 1.0.4660.30220)
HP Registration Service (Version: 1.1.6232.4245)
HP Support Assistant (Version: 7.0.39.15)
HP Support Information (Version: 12.00.0000)
IDT Audio (Version: 1.0.6482.0)
iTunes (Version: 11.1.5.5)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250)
Java SE Development Kit 7 Update 25 (Version: 1.7.0.250)
Jewel Match 3 (Version: 2.2.0.98)
John Deere Drive Green (Version: 2.2.0.95)
Kerbal Space Program
League of Legends (Version: 3.0.0)
Leaguebot
Livestreamer 1.7.3
LogMeIn Hamachi (Version: 2.2.0.173)
Lua for Windows 5.1.4-46 (Version: 5.1.4.46)
Luxor Evolved (Version: 2.2.0.98)
Madden NFL 08
Magic ISO Maker v5.5 (build 0281)
Mahjongg Dimensions Deluxe: Tiles in Time (Version: 2.2.0.98)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office (Version: 14.0.6120.5004)
Microsoft Rise Of Nations
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)
Mortimer Beckett and the Crimson Thief Premium Edition (Version: 2.2.0.98)
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML4 Parser (Version: 1.0.0)
MuseScore 1.3 (Version: 1.3.0)
Mystery P.I. - Curious Case of Counterfeit Cove (Version: 2.2.0.98)
NASCAR The Game: 2013
Need for Speed™ ProStreet (Version: 1.0.1.0)
Network Addon Mod (Version: 32)
Open Broadcaster Software
OpenOffice 4.0.1 (Version: 4.01.9714)
Origin (Version: 9.1.10.2728)
OverDrive Media Console (Version: 3.2.20)
Pando Media Booster (Version: 2.6.0.7)
Peggle Nights (Version: 2.2.0.98)
Penguins! (Version: 2.2.0.98)
Pet Vet 3D Animal Hospital (Version: Pet Vet 3D Animal Hospital)
PFConfig 1.0.296 (Version: 1.0.296)
PFPortChecker 1.0.39 (Version: 1.0.39)
Photo Gallery (Version: 16.4.3505.0912)
Pirate101 (Version: 1.0.0)
PlayChess  (Version: )
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.98)
Portforward Static IP Address 1.0.47 (Version: 1.0.47)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (Version: 5.0.34.0)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
RealUpgrade 1.1 (Version: 1.1.0)
Recovery Manager (Version: 5.5.0.5826)
Risk (remove only)
Risk II (remove only)
Roads of Rome 3 (Version: 2.2.0.98)
RollerCoaster Tycoon 3 (Version: 1.00.000)
Royal Envoy 2 Collector's Edition (Version: 3.0.2.32)
RuneScape Launcher 1.2.3 (Version: 1.2.3)
Samsung Kies (Version: 2.6.1.13105_7)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0)
Scrabble Complete (Version: 1.00.000)
Screen Recorder (Version: 1.6)
Sid Meier's Civilization 4 - Beyond the Sword (Version: 3.19)
Sid Meier's Civilization 4 Complete (Version: 1.74)
Sid Meier's Civilization III: Complete
Sid Meier's Civilization IV Colonization (Version: 1.00)
Sid Meier's Civilization V
SimCity 4 Deluxe
SimCity™ (Version: 1.0.0.0)
SketchUp 2014 (Version: 14.0.4900)
SketchUp 8 (Version: 3.0.16846)
SmoothDraw version 4.0.4 (Version: 4.0.4)
SPORE™ (Version: 1.00.0000)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Tales of Lagoona (Version: 2.2.0.110)
Typing Instructor Deluxe (Version: 16.2)
Unity (Version: )
Unreal Development Kit: 2013-02
Update Installer for WildTangent Games App
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Webroot SecureAnywhere (Version: 8.0.4.68)
WildTangent Games (Version: 1.0.3.0)
WildTangent Games App for HP (Version: 4.0.11.2)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Wizard101 (Version: 1.0.0)
World Machine 2.3 Basic Edition
XSplit Broadcaster (Version: 1.3.1403.1202)
XviD Video Codec (remove only)
Youda Jewel Shop (Version: 3.0.2.32)
YTD Video Downloader 4.1 (Version: 4.1)
ZD Soft Screen Recorder (Version: 5.2.0)
Zuma's Revenge (Version: 2.2.0.98)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 7575.28 MB
Available physical RAM: 5897.24 MB
Total Pagefile: 8791.28 MB
Available Pagefile: 6952.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.94 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:886.17 GB) (Free:681.65 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:18.43 GB) (Free:2.26 GB) NTFS

========================= Users: ========================================

User accounts for \\FAMILYCOMPUTER2

Administrator            ASPNET                   catpu_000                
Colin                    Colin_3                  csbur_000                
Guest                    Kimberly                 


**** End of log ****
 

 

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/9/2014
Scan Time: 6:19:25 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.09.10
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Colin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393177
Time Elapsed: 8 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Going to do the AdwCleaner momentarily...



#4 EffectiveBones484

EffectiveBones484
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Howling Abyss
  • Local time:08:25 PM

Posted 09 April 2014 - 07:42 PM

AdwCleaner log:

# AdwCleaner v3.023 - Report created 09/04/2014 at 18:23:50
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Colin - FAMILYCOMPUTER2
# Running from : C:\Users\Colin\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\WINDOWS\SysWOW64\AI_RecycleBin
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\sab7gjtg.default\prefs.js ]


[ File : C:\Users\catpu_000\AppData\Roaming\Mozilla\Firefox\Profiles\i6mr442q.default\prefs.js ]


[ File : C:\Users\Colin_3\AppData\Roaming\Mozilla\Firefox\Profiles\ssvlbqbp.default\prefs.js ]


[ File : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\p2uplc6h.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\catpu_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\csbur_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Colin_3\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4956 octets] - [24/02/2014 20:32:07]
AdwCleaner[R1].txt - [1727 octets] - [15/03/2014 15:33:19]
AdwCleaner[R2].txt - [1920 octets] - [09/04/2014 18:22:17]
AdwCleaner[S0].txt - [5115 octets] - [24/02/2014 20:35:10]
AdwCleaner[S1].txt - [1792 octets] - [15/03/2014 15:34:31]
AdwCleaner[S2].txt - [1847 octets] - [09/04/2014 18:23:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1907 octets] ##########
 

TFC produced no log.

 

Computer is still behaving just fine, if that matters.



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:25 PM

Posted 09 April 2014 - 08:32 PM

Computer is still behaving just fine, if that matters.

This was all that I was looking for from your first reply (plus the logs)

 

It seems that Webroot removed or stopped any problems from going any further than just a warning.

From the program list you seem to download many games, and although your system can handle them, always be aware of the sites that you download them from.

While most "Direct downloads" from their legal sites are good, still take care with the origin (site) of the downloads.

 

You are running a good Antivirus, so please keep it updated with the amount of games installed.

It is also wise to uninstall any Free games that you have, once you are sure that you will not want to play it any more.

 

I just have a couple of your Errors to check on, but it seems that you escaped with only a scare this time.

 

I will keep an eye on this topic for a few days, but you seem OK now - :)

 

EXTRA -

Uninstall AdwCleaner as you have an old version. It can not be Updated, so use it and remove it.

Open the program and hit Uninstall, it will ask you to confirm with OK and may Reboot to clean out any Quarantined items.

Only install it when needed and remove it as Xplode is upgrading it on a regular basis.


Edited by noknojon, 09 April 2014 - 08:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users