Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'NewPlayer', 'Speed Up My PC' and ' 'Search' icons have suddenly appeared...


  • Please log in to reply
33 replies to this topic

#1 whereangelsplay

whereangelsplay

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 10 July 2014 - 09:23 AM

Hi all!

 

OK, I've just encountered a problem (surely some kind of virus) while using my dad's computer (I've gotten into the habit of using his as opposed to this one as it's newer and quicker...). So, here's the thing.

 

I was watching a Youtube clip of a quiz show as I often do, using an incognito Chrome browser (again, as I do every day), when all of a sudden a new tab opened recommending some kind of video update installation. There was a big arrow (I think it was green) pointing down to install, and I followed it and 'installed' whatever I did. The browser I had open closed immediately, which I didn't think much of, and it opened a new Internet Explorer window, which I closed. I opened a new Chrome page to resume watching Youtube, and again, after a couple of minutes or so it suddenly closed itself. This happened again and then I noticed new icons appearing on my desktop; one after another there was 'NewPlayer', 'Speed Up My PC' and a blue magnifying glass icon saying 'Search'. I pressed the power button on the laptop to turn it off, and when I turned it back on again it went straight to the 'Speed Up My PC' thing, and I don't think I could close it down. 

 

I'm completely awful when it comes to technology... really not computer literate at all... but it's quite clear to me there's some sort of virus going on. I don't know about the anti-virus situation on the laptop (foolish of me, I know... like I said, it's my dad's and I just pick it up and use it from time to time). I think it has Norton on it, but I think that might be the free version that's on there when you get it that's since expired. Any help on this at all would be very gratefully received. Thanks everyone! :)



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:00 AM

Posted 14 July 2014 - 04:25 AM

Hi whereanglesplay and welcome to BleepingComputer! :)

 

:step1: Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

* Check mainly if there are any files you do not wish to delete.

NOW :
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.

* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
• NOTE : Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

:step2: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

What we need in your next reply:

  • adwcleaner log
  • JRT log

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 whereangelsplay

whereangelsplay
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 14 July 2014 - 06:30 PM

Hi Sirawit,

 

Thank you so much for your reply and help.

 

There's good news and bad news. I followed the steps and managed to do the first part. I have AdwCleaner[S0].txt log saved on my computer (remember that I'm using a different laptop to write this message!). However, after my laptop rebooted, I can no longer connect to the Internet; it keeps saying 'Unable to connect to the proxy server'. I assume the virus has done this, as this never normally happens, and I've checked the Internet connectivity, which is fine. This unfortunately means I can't get on the Internet to download the Junkware Removal Tool and complete the second part. I'm not sure what to do. Would you like me to send the AdwCleaner log anyway?



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:00 AM

Posted 15 July 2014 - 08:25 AM

You can use other computer to download and transfer tools and logs to/from your infected computer. Any media will be fine. (Like CD, Flash drive, etc.)
But please copy/paste tools to the desktop of infected computer!
 
If you use flash drive, please follow steps below before doing anything:
 
In the clean computer, please download and install Panda USB Vaccine, make sure all unwanted programs options are unchecked. After the program finished installing, plug the flash drive in your cleaned computer, please wait for Panda USB Vaccine to finished its process, the flash drive will now be vaccinated and ready to use.
 
 

After you download JRT and copied that to your media, please also download this to diagnose your internet:

Download MiniToolBox, Save it to your flash drive and copy it to desktop of infected computer.
Close any Firefox browsers you may have open
Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs

Click Go and copy / paste the result (Result.txt).

 

 

 

To summarize, please do these steps:

  1. In your clean computer, vaccinate your flash drive with Panda USB Vaccine.
  2. Download JRT and Minitoolbox to your flash drive.
  3. Go to infected computer and copy tools to desktop.
  4. Run tools as instructed before.
  5. Copy these logs to your flash drive: JRT.txt, Minitoolbox.txt and adwcleaner[S0].txt
  6. Go to clean computer and do a virus scan of your flash drive.
  7. Then copy/paste content of logs here.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 whereangelsplay

whereangelsplay
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 15 July 2014 - 11:10 AM

Hi again Sirawit,

 

I followed your instructions, and I have the logs to paste to you. I should say that Step 6 (Go to clean computer and do a virus scan of your flash drive) was the only one I didn't do as I didn't know what it meant or how to do it. I just clicked on vaccinate computer, but I'm not sure that's what you meant. Anyway, I got the logs, so that's the main thing. The only other thing I should say is that I had a bit of trouble with the MiniToolBox when transferring it to my infected laptop. I ran the scan a couple of times and then it pasted the log to the desktop, but within a few seconds a message popped up from Norton saying "Sonar has removed MiniToolBox" and the 'Result' log disappeared from the desktop. I tried it again, dragging the program from the USB to the desktop and ran the scan again, and the same thing happened, - the log just disappeared from the desktop. I did it a third time and this time I managed to transfer the icon from the desktop to the USB before it got deleted. However, there were still messages from Norton saying "Auto-protect is processing threat". I don't know what any of it means, but I thought I'd best tell you. :)

 

Anyway, here are the logs below:

 

Here is the AdwCleaner[S0] log:

 

# AdwCleaner v3.215 - Report created 14/07/2014 at 23:53:22
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : aparkinson - APARKINSON-HP
# Running from : C:\Users\aparkinson\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : NewPlayerUpdaterService
Service Deleted : Wajam Internet Enhancer Service
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\NewPlayer
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\fst_gb_58
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\APARKI~1\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\aparkinson\AppData\Local\globalUpdate
Folder Deleted : C:\Users\aparkinson\AppData\Local\LPT
Folder Deleted : C:\Users\aparkinson\AppData\Local\NewPlayer
Folder Deleted : C:\Users\aparkinson\AppData\Local\Smartbar
Folder Deleted : C:\Users\aparkinson\AppData\Local\WeatherAlerts
Folder Deleted : C:\Users\aparkinson\AppData\Local\fst_gb_58
Folder Deleted : C:\Users\aparkinson\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\aparkinson\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\aparkinson\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\aparkinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
File Deleted : C:\Users\Public\Desktop\speedupmypc.lnk
File Deleted : C:\Users\aparkinson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
File Deleted : C:\Users\aparkinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
File Deleted : C:\Users\aparkinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
File Deleted : C:\Users\aparkinson\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\Users\aparkinson\Desktop\NewPlayer.lnk
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
File Deleted : C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
File Deleted : C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
File Deleted : C:\Windows\Tasks\SpeedUpMyPC Startup.job
File Deleted : C:\Windows\System32\Tasks\SpeedUpMyPC Startup
File Deleted : C:\Windows\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-1.job
File Deleted : C:\Windows\System32\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-1
File Deleted : C:\Windows\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-11.job
File Deleted : C:\Windows\System32\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-11
File Deleted : C:\Windows\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-2.job
File Deleted : C:\Windows\System32\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-2
File Deleted : C:\Windows\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-3.job
File Deleted : C:\Windows\System32\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-3
File Deleted : C:\Windows\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-4.job
File Deleted : C:\Windows\System32\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-4
File Deleted : C:\Windows\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-5.job
File Deleted : C:\Windows\System32\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-5
File Deleted : C:\Windows\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-5_user.job
File Deleted : C:\Windows\System32\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-5_user
File Deleted : C:\Windows\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-6.job
File Deleted : C:\Windows\System32\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-6
File Deleted : C:\Windows\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-7.job
File Deleted : C:\Windows\System32\Tasks\f8f73356-a5b7-4f75-980c-2e33e9f42e31-7
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\aparkinson\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\aparkinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Shortcut Disinfected : C:\Users\aparkinson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_gb_58]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0059599.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0059599.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0059599.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0059599.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951199}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952299}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956699}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544954499}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511951199}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511951199}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951199}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952299}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956699}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\NewPlayer
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoftToday_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbCS6PLJWiShVYW5XUwGlRSVwFenqRqX6QEmxc2qsZz_JL6fgwagXs2olQj_3A6BgMAFALHsgyUBk4Fnc9cD2HxGfKmY2u3bmhMlI-iGWHpDToKGUYAeqzv8QSoDlNReCz_DPbmt7YpzRePu_qPIE3cgi4wSKw5RwMi19wLphuCkivwh1vw,,
Deleted [Homepage] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbCS6PLJWiShVYW5XUwGlRSVwFenqRqX6QEmxc2qsZz_JL6fgwagXs2olQj_3A6BgMAFALHsgyUBk4Fnc9cD2HxGfKmY2u3bmhMlI-iGWHpDToKGUYAeqzv8QSoDlNReCz_DPbmt7YpzRePu_qPIE3cgi4wSKw5RwMi19wLphuCkivwh1vw,,
 
*************************
 
AdwCleaner[R0].txt - [16410 octets] - [14/07/2014 23:49:07]
AdwCleaner[S0].txt - [12658 octets] - [14/07/2014 23:53:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12719 octets] ##########

 

 
 
Here is the JRT log:
 
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by aparkinson on 15/07/2014 at 16:14:37.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\aparkinson\appdata\local\{4B1E3B35-D56A-4303-8ED2-892185FC7983}
Successfully deleted: [Empty Folder] C:\Users\aparkinson\appdata\local\{5EC13393-5476-49F5-96B3-EAC9E744CFA2}
Successfully deleted: [Empty Folder] C:\Users\aparkinson\appdata\local\{95CC1630-AC7B-480E-A5EA-916682B21BFC}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/07/2014 at 16:29:28.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
And finally, here is the MiniToolBox 'Result' log:
 
MiniToolBox by Farbar  Version: 06-07-2014
Ran by aparkinson (administrator) on 15-07-2014 at 16:39:38
Running from "C:\Users\aparkinson\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is enabled.
ProxyServer: http=127.0.0.1:51245;https=127.0.0.1:51245
 
 
 
 
 


#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:00 AM

Posted 15 July 2014 - 11:20 AM

I mean when you plug your flash drive back to your clean computer, use your antivirus (not panda usb vaccine) to do a full scan of your flash drive since there maybe chance your infected machine have a malware that can attack your flash drive.

 

Well, its lucky that part of Minitoolbox reveals that unusual proxy settings. :)

 

Please follow these steps:

1. Go to Control Panel > Internet Options

2. Go to Connections Tab

3. Click Lan Settings.

4. Uncheck the third checkbox. (Use a proxy server for your LAN...)

5. Close all windows.

 

For now, your internet is most likely normal again.

 

Please download Minitoolbox again, and disable Norton real time protection first before run the tool as instructed before, antivirus programs sometimes think our tool is a malware, but it just a false positive. :)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 whereangelsplay

whereangelsplay
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 15 July 2014 - 12:01 PM

Hi Sirawit,

 

I've just disabled Norton and run the MiniToolBox scan again. Would you like me to post the log here?



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:00 AM

Posted 15 July 2014 - 12:02 PM

Yes. :)

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 whereangelsplay

whereangelsplay
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 15 July 2014 - 12:02 PM

By the way, I'm using my 'infected' laptop again now because the Internet is working again. Thanks for that! :)



#10 whereangelsplay

whereangelsplay
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 15 July 2014 - 12:03 PM

Here is the log:

 

 

MiniToolBox by Farbar  Version: 06-07-2014
Ran by aparkinson (administrator) on 15-07-2014 at 18:00:21
Running from "C:\Users\aparkinson\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
ProxyServer: http=127.0.0.1:51245;https=127.0.0.1:51245
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : aparkinson-HP
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dlink.com
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : dlink.com
   Description . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 20-10-7A-74-A9-A7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6094:8e06:c62c:9242%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 15 July 2014 17:34:24
   Lease Expires . . . . . . . . . . : 16 July 2014 17:52:58
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 320868474
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-FF-3D-8D-28-92-4A-44-6C-09
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : dlink.com
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 28-92-4A-44-6C-09
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.dlink.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : dlink.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:28fb:1fd:3f57:fefc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::28fb:1fd:3f57:fefc%14(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com.dlink.com
Address:  92.242.132.16
 
 
Pinging google.com [173.194.41.134] with 32 bytes of data:
Reply from 173.194.41.134: bytes=32 time=33ms TTL=56
Reply from 173.194.41.134: bytes=32 time=35ms TTL=56
 
Ping statistics for 173.194.41.134:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 33ms, Maximum = 35ms, Average = 34ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com.dlink.com
Address:  92.242.132.16
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=128ms TTL=46
Reply from 98.139.183.24: bytes=32 time=128ms TTL=46
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 128ms, Maximum = 128ms, Average = 128ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...20 10 7a 74 a9 a7 ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter
 11...28 92 4a 44 6c 09 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:9d38:90d7:28fb:1fd:3f57:fefc/128
                                    On-link
 13    281 fe80::/64                On-link
 14    306 fe80::/64                On-link
 14    306 fe80::28fb:1fd:3f57:fefc/128
                                    On-link
 13    281 fe80::6094:8e06:c62c:9242/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/15/2014 05:34:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/15/2014 04:35:12 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (07/15/2014 05:34:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
 
=========================== Installed Programs ============================
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60928.0618 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 1.00.0000 - AMD) Hidden
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Anki (HKLM-x32\...\Anki) (Version:  - )
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.0.4528 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}) (Version: 4.5.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
video MediaPlay-Air (HKLM-x32\...\video MediaPlay-Air) (Version: 1.34.7.1 - enter)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo Community Smartbar (HKLM-x32\...\{3BC7022B-CDE0-4664-9AB6-E3EC25CE644A}) (Version: 11.63.66.17714 - Linkury Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
**** End of log ****


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:00 AM

Posted 15 July 2014 - 12:08 PM

No problems, Minitoolbox had removed some bad settings, but we will check more thoroughly. :)

 

Online Gaming Warning!

Online gaming sites are a security risk which can make your computer susceptible to a large number of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

More specifically, I noticed you had WildTangent on your computer.
WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:

  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from

For that reason I would suggest you uninstalled it via add/remove.

 

Uninstall this one -> HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

Reboot after the uninstallation.<- Important.

 

 

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on YesFailure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 whereangelsplay

whereangelsplay
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 15 July 2014 - 05:58 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 15/07/2014
Scan Time: 23:23:03
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.15.14
Rootkit Database: v2014.07.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: aparkinson
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294373
Time Elapsed: 22 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 9
PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\FrEeSoFtOdAy, Quarantined, [33a7bde2196233031d55c8f523df857b], 
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\video MediaPlay-Air, Quarantined, [b525dfc02b501620f784bb5f7391c23e], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [2fab5847334846f090ee8f2df111be42], 
PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3BC7022B-CDE0-4664-9AB6-E3EC25CE644A}, Quarantined, [4595f0af91ea87af4f1f32902ed45fa1], 
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlay-Air, Quarantined, [d901801f483388ae1865de3cfa0ad828], 
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-4057275638-2276002309-4238422031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlay-Air, Quarantined, [6377920d7efdb581d1acef2be420827e], 
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\video MediaPlay-Air, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
 
Registry Values: 1
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [2fab5847334846f090ee8f2df111be42]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 19
PUP.Optional.WeatherAlerts, C:\Users\aparkinson\AppData\Local\Local_Weather_LLC, Quarantined, [a238356a89f2bb7bc168307242c03ec2], 
PUP.Optional.WeatherAlerts, C:\Users\aparkinson\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_0his4fc4zfhwkssw311jaan1jn1zvuub, Quarantined, [a238356a89f2bb7bc168307242c03ec2], 
PUP.Optional.WeatherAlerts, C:\Users\aparkinson\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_0his4fc4zfhwkssw311jaan1jn1zvuub\1.4.0.0, Quarantined, [a238356a89f2bb7bc168307242c03ec2], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.FreeSoftwareToday.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrEeSoFtOdAy, Quarantined, [b525d5caf68538fe1768e8d053afaa56], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\userCode, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\icons, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\icons\actions, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\api, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\popupResource, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnaojefanpmakfgcaliphepgoiiafmpf, Delete-on-Reboot, [ebefc1de453637ffb2924674ba48dd23], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dnaojefanpmakfgcaliphepgoiiafmpf_0, Delete-on-Reboot, [6773b6e9fb8052e4b68f34869171c937], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
 
Files: 131
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Temp\33EDtmp\setup.exe, Quarantined, [6e6cc9d6d1aaad897ee2ee5ed42ce020], 
PUP.Optional.FreeSoft, C:\Users\aparkinson\AppData\Local\Temp\349Atmp\freesofttoday.exe, Quarantined, [8456e5baaecd181e24ca582844bd9e62], 
PUP.Optional.WeatherAlerts.A, C:\Users\aparkinson\AppData\Local\Temp\3517tmp\desktopweatheralertssetup.exe, Quarantined, [ca1096091368dd5979a58547b64e49b7], 
PUP.Optional.SupraSavings.A, C:\Users\aparkinson\AppData\Local\Temp\35F4tmp\f978377c-b7d4-4536-8e10-14ca97b13394.exe, Quarantined, [9941524d82f9c2741acb5aea20e233cd], 
PUP.Optional.NewPlayer.A, c:\Users\aparkinson\AppData\Local\Temp\32A2tmp\newvideoplayersetup.exe, Quarantined, [c911c2dd314a2f07cf42d7af01006a96], 
PUP.Optional.Wajam.A, C:\Users\aparkinson\AppData\Local\Temp\3301tmp\wajam_download.exe, Quarantined, [508afca3dc9f38feea26fc4b887842be], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\126f3ec.msi, Quarantined, [63779f00cdae2214c241256633cef50b], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI3CEB.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [34a62679e794e3537fb3ec423ec22dd3], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dnaojefanpmakfgcaliphepgoiiafmpf_0.localstorage, Delete-on-Reboot, [ffdb643bdd9ebe78cd42db403aca01ff], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dnaojefanpmakfgcaliphepgoiiafmpf_0.localstorage-journal, Quarantined, [84569d027cff1f1753bc60bb8f758d73], 
PUP.Optional.WeatherAlerts, C:\Users\aparkinson\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_0his4fc4zfhwkssw311jaan1jn1zvuub\1.4.0.0\user.config, Quarantined, [a238356a89f2bb7bc168307242c03ec2], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\1293297481.mxaddon, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\360-59599.crx, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\59599.crx, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\59599.xpi, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\background.html, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\bgNova.html, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\f8f73356-a5b7-4f75-980c-2e33e9f42e31-11.exe, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\f8f73356-a5b7-4f75-980c-2e33e9f42e31-2.exe, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\f8f73356-a5b7-4f75-980c-2e33e9f42e31-4.exe, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\f8f73356-a5b7-4f75-980c-2e33e9f42e31-5.exe, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\f8f73356-a5b7-4f75-980c-2e33e9f42e31.crx, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\Uninstall.exe, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\utils.exe, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-bho.dll, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-bho64.dll, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-codedownloader.exe, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-nova.dll, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-novainstaller.exe, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air.ico, Quarantined, [0fcbd8c7a3d867cf005904b4ac562cd4], 
PUP.Optional.FreeSoftwareToday.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrEeSoFtOdAy\Freesofttoday.lnk, Quarantined, [b525d5caf68538fe1768e8d053afaa56], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\background.html, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\chromeCoreFilesIndex.txt, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\manifest.json, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\popup.html, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\Settings.json, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\manifest.xml, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins.json, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\1.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\102.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\104.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\13.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\14.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\155.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\17.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\177.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\182.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\183.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\184.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\19.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\191.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\193.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\195.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\207.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\21.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\211.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\22.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\220.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\221.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\226.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\242.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\244.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\246.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\262.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\263.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\267.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\28.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\287.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\4.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\47.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\64.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\7.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\72.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\78.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\80.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\9.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\91.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\93.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\plugins\97.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\userCode\background.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\extensionData\userCode\extension.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\icons\icon128.png, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\icons\icon16.png, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\icons\icon48.png, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\icons\actions\1.png, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\background.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\main.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\platformVersion.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\api\chrome.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\api\cookie.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\api\message.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\api\monitor.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\api\pageAction.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\api\pageActionBG.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\app_api.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\bg_app_api.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\consts.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\cookie_store.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\crossriderAPI.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\delegate.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\events.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\extensionDataStore.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\installer.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\logFile.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\logging.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\onBGDocumentLoad.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\reports.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\storageWrapper.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\updateManager.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\util.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\xhr.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\popupResource\newPopup.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.31_0\js\lib\popupResource\popup.js, Quarantined, [ba20237c2754999d4cf7c1f9d230827e], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnaojefanpmakfgcaliphepgoiiafmpf\000054.log, Delete-on-Reboot, [ebefc1de453637ffb2924674ba48dd23], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnaojefanpmakfgcaliphepgoiiafmpf\000055.ldb, Delete-on-Reboot, [ebefc1de453637ffb2924674ba48dd23], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnaojefanpmakfgcaliphepgoiiafmpf\CURRENT, Quarantined, [ebefc1de453637ffb2924674ba48dd23], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnaojefanpmakfgcaliphepgoiiafmpf\LOCK, Delete-on-Reboot, [ebefc1de453637ffb2924674ba48dd23], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnaojefanpmakfgcaliphepgoiiafmpf\LOG, Delete-on-Reboot, [ebefc1de453637ffb2924674ba48dd23], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnaojefanpmakfgcaliphepgoiiafmpf\LOG.old, Quarantined, [ebefc1de453637ffb2924674ba48dd23], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnaojefanpmakfgcaliphepgoiiafmpf\MANIFEST-000052, Delete-on-Reboot, [ebefc1de453637ffb2924674ba48dd23], 
PUP.Optional.CrossRider.A, C:\Users\aparkinson\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dnaojefanpmakfgcaliphepgoiiafmpf_0\1, Quarantined, [6773b6e9fb8052e4b68f34869171c937], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983\GoogleCrashHandler.exe, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983\GoogleUpdate.exe, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983\GoogleUpdateBroker.exe, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983\GoogleUpdateHelper.msi, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983\GoogleUpdateOnDemand.exe, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983\goopdate.dll, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983\goopdateres_en.dll, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983\npGoogleUpdate4.dll, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983\psmachine.dll, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
PUP.Optional.GlobalUpdate.A, C:\Users\aparkinson\AppData\Local\Temp\comh.446983\psuser.dll, Quarantined, [e3f78a154f2ce2542f1da01a639f3ac6], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:00 AM

Posted 16 July 2014 - 08:16 AM

Good, it deleted a lot of PUP too.

 

Now open adwcleaner again and click on Uninstall button.

 

Then do this scan:

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 whereangelsplay

whereangelsplay
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 16 July 2014 - 10:02 AM

Hi Sirawit!

 

Thanks again. Ok, I'm trying to uninstall adwcleaner but I'm not sure how. The problem is that I didn't save it to my desktop; I saved it in the Downloads folder. I just looked in there, and I have AdwCleaner and AdwCleaner [1] (I'm not sure why I downloaded it twice). I've tried right-clicking but there's no option to uninstall them. I also clicked on Control Panel to uninstall programs, but I couldn't find it listed there. So I'm just wondering, how can I uninstall it?



#15 TazzyOpz

TazzyOpz

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 16 July 2014 - 10:27 AM

Is ESETS Online Scanner Similar to Hitman Pro? I'm just curious.. I've never actually tried it out yet.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users