Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is vxlsnyaiet64.exe? (Background process on Windows 8.1 PC)


  • Please log in to reply
10 replies to this topic

#1 lenny11

lenny11

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:03 AM

Posted 30 June 2014 - 03:59 PM

I have recently purchased a Dell PC which has Windows8.1 OS.  There is a background process running called vxlsnyaiet64.exe which I can't identify.  When I tried to find drivers for a slide scanner I accidentally downloaded a load of stuff that caused all sorts of adverts to come up.  I removed all programs that appear to have been installed at that time but am wondering if this vxlsny.... was installed at that time.  Can anyone help me?

 

Thanks


Edited by hamluis, 30 June 2014 - 04:24 PM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dennis96411

dennis96411

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 30 June 2014 - 04:07 PM

Apparently it is a file dropped by some adware: https://answers.microsoft.com/en-us/windows/forum/windows_7-system/vxlsnyaiet64exe-file-restoration/81fad98a-bf37-4291-93f0-faa54fd25418

More information: http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Adware:Win32/Adpeak

I'll let the gurus come in and help you with this.


Edited by dennis96411, 30 June 2014 - 04:08 PM.


#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 30 June 2014 - 04:48 PM

Please download Junkware Removal Tool and save it on your desktop.

 


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please attach the JRT log.


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.     



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,406 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:03 PM

Posted 01 July 2014 - 11:52 AM

I would suggest running Malwarebytes as well.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.

 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 lenny11

lenny11
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:03 AM

Posted 02 July 2014 - 03:13 PM

Many thanks for your responses.  I have carried out the suggestions from bith Lazerchicken and dc3.
The log from Junk Removal tool is:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by cshells on 01/07/2014 at 22:14:14.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer
~~~ Files
 
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Program Files (x86)\viewpoint"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Users\cshells\documents\optimizer pro"
 
~~~ Event Viewer Logs were cleared
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/07/2014 at 22:17:51.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
AdwCleaner produced this log and removed quite a lot of junk including the process I was concerned about:
 
# AdwCleaner v3.214 - Report created 01/07/2014 at 22:24:34
# Updated 29/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : cshells - DELL-3847
# Running from : C:\Users\cshells\Desktop\adwcleaner_3.214.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : vxlsnyaiet64
 
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\374311380 
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Users\cshells\AppData\Local\Temp\NetCrawl
Folder Deleted : C:\Users\cshells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
File Deleted : C:\Users\cshells\AppData\Roaming\aps.scan.quick.results
File Deleted : C:\Users\cshells\AppData\Roaming\aps.scan.results
File Deleted : C:\Users\cshells\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Windows\Tasks\APSnotifierPP1.job
File Deleted : C:\Windows\System32\Tasks\APSnotifierPP1
File Deleted : C:\Windows\Tasks\APSnotifierPP2.job
File Deleted : C:\Windows\System32\Tasks\APSnotifierPP2
File Deleted : C:\Windows\Tasks\APSnotifierPP3.job
File Deleted : C:\Windows\System32\Tasks\APSnotifierPP3
 
***** [ Shortcuts ] *****
 
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\suprasavings
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Supra Savings
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
 
***
-\\ Internet Explorer v11.0.9600.17126
 
-\\ Mozilla Firefox v30.0 (en-GB)
 
[ File : C:\Users\cshells\AppData\Roaming\Mozilla\Firefox\Profiles\rag602ec.default\prefs.js ]
 
*************************
AdwCleaner[R0].txt - [4014 octets] - [01/07/2014 22:22:37]
AdwCleaner[S0].txt - [3854 octets] - [01/07/2014 22:24:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3914 octets] ##########
 
Minitoolbox produced the following log:
 
MiniToolBox by Farbar  Version: 25-06-2014
Ran by cshells (administrator) on 01-07-2014 at 22:31:55
Running from "C:\Users\cshells\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
========================= IP Configuration: ================================
 
Dell Wireless 1705 802.11b/g/n (2.4GHZ) = Wi-Fi (Media disconnected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
popd
# End of IPv4 configuration
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Dell-3847
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-71-CC-00-B7-AC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 12-71-CC-00-B7-AB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F8-BC-12-6D-83-54
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Dell Wireless 1705 802.11b/g/n (2.4GHZ)
   Physical Address. . . . . . . . . : 00-71-CC-00-B7-AB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...00 71 cc 00 b7 ac ......Bluetooth Device (Personal Area Network)
  5...12 71 cc 00 b7 ab ......Microsoft Wi-Fi Direct Virtual Adapter
  4...f8 bc 12 6d 83 54 ......Realtek PCIe GBE Family Controller
  3...00 71 cc 00 b7 ab ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/01/2014 10:26:15 PM) (Source: Perflib) (User: )
Description: rdyboost4
 
Error: (07/01/2014 10:26:13 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/01/2014 10:26:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.1.0.14, time stamp: 0x433d11f9
Faulting module name: MSVCRT.dll, version: 7.0.9600.16384, time stamp: 0x52158ff5
Exception code: 0xc0000005
Fault offset: 0x00009c7e
Faulting process id: 0xab0
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3
Faulting package full name: CALMAIN.exe4
Faulting package-relative application ID: CALMAIN.exe5
 
System errors:
=============
Error: (07/01/2014 10:26:14 PM) (Source: Service Control Manager) (User: )
Description: The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/01/2014 10:25:18 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Microsoft Office Sessions:
=========================
Error: (07/01/2014 10:26:15 PM) (Source: Perflib)(User: )
Description: rdyboost4
 
Error: (07/01/2014 10:26:13 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/01/2014 10:26:13 PM) (Source: Application Error)(User: )
Description: CALMAIN.exe8.1.0.14433d11f9MSVCRT.dll7.0.9600.1638452158ff5c000000500009c7eab001cf9573158e3882C:\Program Files 
 
(x86)\Canon\CAL\CALMAIN.exeC:\Windows\SYSTEM32\MSVCRT.dll53634c42-0166-11e4-8263-0071cc00b7ac
 
=========================== Installed Programs ============================
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
AOL UK Toolbar (HKLM-x32\...\AOL UK Toolbar) (Version:  - AOL)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
ArcSoft PhotoBase 3 (HKLM-x32\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version:  - )
ArcSoft PhotoStudio 5 (HKLM-x32\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version:  - )
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM-x32\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon PhotoRecord (HKLM-x32\...\{37A54340-6655-4FFC-BC4C-0B945764DA4B}) (Version: 02.02.04002 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities CP Printer Guide (HKLM-x32\...\InstallShield_{B4A6DE2E-5E84-4F1D-B26A-EAB0D42ED932}) (Version: 5.0.0 - Canon)
Canon Utilities Digital Photo Professional 2.2 (HKLM-x32\...\DPP) (Version: 2.2.0.1 - )
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version:  - Canon Inc.)
CanoScan LiDE20,30 Manual (HKLM-x32\...\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}) (Version:  - )
CP Printer Guide (x32 Version: 5.0.0 - Canon) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.6603 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.3214 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.3123 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.3126 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (x32 Version: 12.0.3205.55 - CyberLink Corp.) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell Update (HKLM-x32\...\{1D817B4D-A183-48C0-8463-FCC39459367B}) (Version: 1.0.1014.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Jasc Digital Camera Support v5.01 (HKLM-x32\...\{CCF08FE4-C3CD-475B-9960-9F53EAF1808C}) (Version: 5.01.0000 - Jasc Software Inc)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 
 
- Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 
 
9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 
 
- Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA Control Panel 332.35 (Version: 332.35 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
OpticFilm 7400 (HKLM-x32\...\{F2902CE1-C69F-4878-9E5D-6756733F6683}) (Version: 4.2.0 - )
Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.06.0000 - Jasc Software Inc)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros 
 
Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor 
 
Corp.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WD Quick View (HKLM-x32\...\{324C58C7-A292-4523-A943-91DE1EB6A1FE}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6ABA2F3-9759-48CD-B25B-A07A811E92E4}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{72fda14f-5a07-49d5-b7f7-202377e9b522}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
 
========================= Devices: ================================
 
========================= Memory info: ===================================
Percentage of memory in use: 18%
Total physical RAM: 8142.95 MB
Available physical RAM: 6629.05 MB
Total Pagefile: 9422.95 MB
Available Pagefile: 7662.75 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.38 MB
 
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:916.03 GB) (Free:801.05 GB) NTFS
 
========================= Users: ========================================
User accounts for \\DELL-3847
 
Administrator            cshells                  Guest                    
Jennyren                 
 
**** End of log ****
 
As I said above, I also installed Malwarebytes and carried out a scan.  A number of potential threats were found and I have quarentined them all.  This resulted in another backgound process being identified and removed.  The log did not materialise at the end but I found it, an XML file. I impprted the XML file in to MS Word 2010 and this is the result:
 
2014/07/01 22:50:42 +0100
mbam-log-2014-07-01 (22-50-40).xml
yes
 
2.00.2.1012
v2014.07.01.08
v2014.07.01.01
trial
enabled
enabled
disabled
 
Windows 8.1
x64
cshells
NTFS
 
threat
completed
306425
447
1
0
2
0
0
2
7
0
 
enabled
enabled
enabled
enabled
disabled
disabled
enabled
enabled
enabled
 
C:\Program Files (x86)\898DEBAE-54F2-4102-AE1C-A02B2223833C\SupraSavingsService64.exe
PUP.Optional.SupraSavings.A
delete-on-reboot
2108
5c006238265568ce30660ffb679d4bb5
 
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SupraSavingsService64
PUP.Optional.SupraSavings.A
success
5c006238265568ce30660ffb679d4bb5
 
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings
PUP.Optional.SupraSavings.A
success
560637632d4e1f1778cac8fdab5727d9
 
C:\Program Files\SupraSavings
PUP.Optional.SupraSavings.A
success
ee6e4e4c4b30a88e4f86970640c20ef2
 
C:\Program Files\SupraSavings\SSL
PUP.Optional.SupraSavings.A
success
ee6e4e4c4b30a88e4f86970640c20ef2
 
C:\Temp\InstallFilter64.msi
PUP.Optional.AdPeak.A
success
c29a01999cdff83e8602132ac63ad12f
 
C:\Temp\t.msi
PUP.Optional.SupraSavings.A
success
f06ce3b7d6a50f2731290a6d6e96c739
 
C:\Users\cshells\AppData\Local\Temp\nsbD6D4.tmp
PUP.Optional.SearchProtect.A
success
bf9dddbd4e2db58123ee3f53ff02eb15
 
C:\Users\cshells\AppData\Local\Temp\nsc64EC.exe
PUP.Optional.Conduit.A
success
9dbfd2c85b2033037975196e23de41bf
 
C:\Users\cshells\AppData\Local\Temp\nsj83A1.exe
PUP.Optional.Conduit.A
success
5c000c8ee695f64034ba0186c53cb749
 
C:\Users\cshells\AppData\Local\Temp\nsr7CA3.exe
PUP.Optional.Conduit.A
success
a6b667334e2d4aecb23ccfb87d842bd5
 
C:\Program Files (x86)\898DEBAE-54F2-4102-AE1C-A02B2223833C\SupraSavingsService64.exe
PUP.Optional.SupraSavings.A
delete-on-reboot
5c006238265568ce30660ffb679d4bb5
 
So what should I use to read an XML file?
 
Is my PC still infected?  Any further feedback would be welcome.  I activated pre-installed McAfee LiveSafe when i got the PC 12 days ago, which appears to be up to date and working.  I assume that this was a self inflicted issue when I downloaded what I thought was a driver updated (for a scanner) but turned out to be junk.
Thanks again.


#6 MalwareAbort

MalwareAbort

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 02 July 2014 - 10:13 PM

Hi,

 

You can actually export the result as a .txt file using the drop down export log button :)

Restart your pc, rerun a Malwarebytes scan, if anything is found please let us know!


"Imagine a world without malware"


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 08 July 2014 - 12:06 PM

lenny11

 

 

Still having issues? Sorry for the late reply. 



#8 lenny11

lenny11
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:03 AM

Posted 08 July 2014 - 01:58 PM

I have had no issues since following your advice and that of dc3; the junk now appears to have been cleared.  I will be vigilant in what I'm installing when searching for drivers again.  Thanks for your help and advice.



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 PM

Posted 08 July 2014 - 08:53 PM

Lets run another check before we call this solved.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the eset online scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the icon to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I
  • accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and Remove Found Threats
  • Click Advanced settingsand select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button


#10 xharpspah

xharpspah

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 02 December 2014 - 04:15 PM

Thanks all for the help.  It worked for me and resolved an aggrivating problem I just spent 4 to 5 hours on.  This solution only took 10 minutes.  Next time I will check here first.  And, I'm going to run the Cleaner regularly.  Here's my log file from AdwClearner. 

 

# AdwCleaner v4.103 - Report created 02/12/2014 at 15:12:56
# Updated 01/12/2014 by Xplode
# Database : 2014-12-02.2 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : xharp_000 - BOBSCOMPUTER
# Running from : C:\Users\xharp_000\Downloads\adwcleaner_4.103.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Level Quality Watcher
Service Deleted : netfilter64
Service Deleted : vxlsnyaiet64
[#] Service Deleted : CouponArificService64

***** [ Files / Folders ] *****

Folder Deleted : C:\iolo
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\ProgramData\VisualBee
[!] Folder Deleted : C:\ProgramData\iolo
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files (x86)\Search Extensions
Folder Deleted : C:\Program Files (x86)\iolo
Folder Deleted : C:\Program Files (x86)\f552dd4c52e3
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\iolo
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Users\xharp_000\AppData\Local\emaze
Folder Deleted : C:\Users\xharp_000\AppData\Local\VisualBeeExe
Folder Deleted : C:\Users\xharp_000\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\xharp_000\AppData\Roaming\iolo
Folder Deleted : C:\Users\xharp_000\Documents\Optimizer Pro
File Deleted : C:\WINDOWS\System32\drivers\netfilter64.sys
File Deleted : C:\Users\xharp_000\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\xharp_000\AppData\Roaming\Mozilla\Firefox\Profiles\9c62mlaa.default\searchplugins\trovi-search.xml

***** [ Scheduled Tasks ] *****

Task Deleted : RocketTab Update Task
Task Deleted : RocketTab

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{d9a96531-b093-4d07-9e4c-9704a365c441}]
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Salus]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\RocketTabInstalled
Key Deleted : HKCU\Software\SmileysWeLove
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Bull
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\RocketTab
Key Deleted : HKLM\SOFTWARE\SavingsBullFilter
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\Salus
Key Deleted : HKLM\SOFTWARE\WordProser_1.10.0.2
Key Deleted : HKLM\SOFTWARE\couponarific
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Salus
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
Key Deleted : [x64] HKLM\SOFTWARE\couponarific

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

*************************

AdwCleaner[R0].txt - [5259 octets] - [02/12/2014 15:09:41]
AdwCleaner[S0].txt - [4567 octets] - [02/12/2014 15:12:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4627 octets] ##########



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,406 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:03 PM

Posted 03 December 2014 - 09:06 AM

Hi xharpspah, welcome to Bleeping Computer.

 

You should start your own topic.  This topic is quite old and most members will not bother to read it.  

 

If you think that you may still be infected I would suggest opening a topic in the Am I Infected forum.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users