Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Any software to help remove kreapixel webplayer remote


  • Please log in to reply
19 replies to this topic

#1 mdog77

mdog77

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 26 February 2015 - 06:18 AM

hi, I inadvertently ended up with Kreapixel webplayer remote on my pc. : ( 

 

I have run malware-antibytes and I uninstalled all the crap I dumped with. Thing is though no matter how many times I try to remove webplayer remote from the "programs and features" it always seems to want to reinstall itself. 

 

Not only that but the text on the installer is in french and I don't speak french, hence I'm typing in english! lol!

 

Any advice or any tips appreciated. Thanks!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:06 AM

Posted 26 February 2015 - 08:26 AM

Give Revo Uninstaller a shot at it. Follow up with the other programs.

Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems

Use Revo in Advanced Mode.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 mdog77

mdog77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 26 February 2015 - 10:15 AM

thats great, thanks for the reply, neveer gunna try and get a free version of mario karts again! the schemers!



#4 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:06 AM

Posted 26 February 2015 - 10:56 AM

So....Revo found and removed the program?

 

That webplayer installs adware and possibly malware. You should run the programs I listed.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 mdog77

mdog77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 26 February 2015 - 11:00 AM

running the programs now. But I had run malware anti bytes and had already used adwcleaner earlier today. I don't have the log for it now. I have also gotten rid of all the other prgrams it put on the pc. But still webplayer remote remains in the programs and features list.

 

When I got to uninstall it, I get UAC asking if I want it to let kreapixel make changes to my computer. I refuse and close of the dialogue box just incase I get infected all over again.



#6 mdog77

mdog77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 26 February 2015 - 11:15 AM

By the looks of it I have already removed quite a bit of the junk that was there. But here is the log for the JRT scan.
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by paul on 26/02/2015 at 16:01:17.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/02/2015 at 16:04:29.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:06 AM

Posted 26 February 2015 - 11:18 AM

I'm still wondering if you used Revo.

Rerun AdwCleaner and MBAM after using Revo.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 mdog77

mdog77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 26 February 2015 - 11:27 AM

I did run revo, but it was not showing up on the list of programs. I ran it and emptied the system of junk files. thats probably why there isn't much in that log I posted.

 

I'm running ESET atm, nearly 20% done and no threats found so far. 



#9 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:06 AM

Posted 26 February 2015 - 11:32 AM

Okay...Eset can take more than hour...sometimes 2 or three hours...but it is worth it.

 

When Eset finishes:

Open CCleaner and click on Tools. Choose Startups. There you will see a list of Windows Startups and at the top of the page you will see

tabs for each browser and Scheduled Tasks. Please Copy and Paste the list of Windows Startups and Scheduled Tasks into your next post.

You can do that by clicking on the button in the bottom right of each page and copy and paste the lists.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 mdog77

mdog77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 26 February 2015 - 03:06 PM

Hi buddy! finally got the Eset finsihed and done the CCleaner as requested. here is the log from CCleaner.
 
14 files were cleaned and deleted from my system in total after the ESET scan. Sorry I forgot the log from the scan and pressed finsih. Bollocks!!!!!!!!
 
 
Windows Startups:
 
Yes HKCU:Run ApplePhotoStreams Apple Inc. F:\icloud\ApplePhotoStreams.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run DAEMON Tools Ultra Agent Disc Soft Ltd "F:\DAEMON Tools Ultra\DTAgent.exe" -autorun
Yes HKCU:Run GoogleChromeAutoLaunch_4BC6A3A146A3475CAD0E7CF8A223408D Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run ArcSoft Connection Service ArcSoft Inc. C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Yes HKLM:Run iTunesHelper Apple Inc. "F:\itunes\iTunesHelper.exe"
Yes HKLM:Run Raptr Raptr, Inc "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run XboxStat Microsoft Corporation "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
Yes HKLM:Run XFast LAN cFos Software GmbH C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
Yes Startup Common Adobe Reader Speed Launch.lnk Adobe Systems Incorporated C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
Yes Startup Common Adobe Reader Synchronizer.lnk Adobe Systems, Incorporated C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
 
 
 
Scheduled tasks:
 
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-TheDogzBollox-paul Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HATNB C:\Users\paul\AppData\Roaming\HATNB.exe /infocmdline=Y9ECjTc4+wxjxRCtgQcCl5IkKfn5aNiYDYOf1zCUtsNfZkPjJsxg/mXAyHZPn/FtvSLtWH35BWt9i4omvUWPszbF71nC7oPrt7bzAqCzXSsc0LmmOrwQd94wkhY+TGIjb59Kcj5FT+tfIrejD3aF3ek4ZR32ppALDfIFTctpa56sTtI/ceXGsEa4IvYp/Jl3yLOi87f/Kh4BZigSqrC9W4Ez5fmWikTTmUQHCzGcyFJYDBfVOSKA44+ynT3tP+Q7WN2OyBf5Qi4Fkc+Eh44I1yjDxuDObA1INqJsicyCwDhvxnUeTpAJvjII/4c2s3mmmE5dWdtRV42OKAtNJ6GitG4lpcxHdrfdDeEAkWU87tP7IfavhMdZXXoAQnP7/W7ZdxPFyTRvWOa8Ejzd9aGZPst2xJeebYrg3Tsj9HA9ToFBhhMTJTXhO+UpBR0hqJMiBgQUv5LCJTPk1ycS7tmYA0cox295vvOcy6J+FW5ZYDu79Oq2Ns+N+ilaaEtUURfz
Yes Task {3CB768C0-FA4A-4F83-BA29-33264FF84B1B} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Yes Task {6F1680D8-F3B6-4777-B519-63A72473F174} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Yes Task {868BDFE3-2838-492E-958F-AA59F53C1E37} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "F:\x-plane\X-Plane 10\xplane\Installer_Windows.exe" -d "F:\x-plane\X-Plane 10\xplane"
Yes Task {F13FC87A-0FD5-4A85-8A65-BA2A12A69659} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\paul\Desktop\panoramamaker6_retail_tbyb_all.exe -d C:\Users\paul\Desktop

Edited by mdog77, 26 February 2015 - 03:10 PM.


#11 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:06 AM

Posted 26 February 2015 - 03:36 PM

Disable these Startups: (use CCleaner by clicking on each item to highlight and choosing Disable on the right.)

Yes HKCU:Run ApplePhotoStreams Apple Inc. F:\icloud\ApplePhotoStreams.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run DAEMON Tools Ultra Agent Disc Soft Ltd "F:\DAEMON Tools Ultra\DTAgent.exe" -autorun
Yes HKCU:Run GoogleChromeAutoLaunch_4BC6A3A146A3475CAD0E7CF8A223408D Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run ArcSoft Connection Service ArcSoft Inc. C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Yes HKLM:Run iTunesHelper Apple Inc. "F:\itunes\iTunesHelper.exe"
Yes HKLM:Run Raptr Raptr, Inc "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run XboxStat Microsoft Corporation "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
Yes Startup Common Adobe Reader Speed Launch.lnk Adobe Systems Incorporated C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
Yes Startup Common Adobe Reader Synchronizer.lnk Adobe Systems, Incorporated C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
 
Disable these Tasks:
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-TheDogzBollox-paul Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled

Yes Task AutoKMS C:\Windows\AutoKMS\AutoKMS.exe (tsk..tsk...autoKMS.exe is installed when you crack Office.)

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes Task HATNB C:\Users\paul\AppData\Roaming\HATNB.exe /infocmdline=Y9ECjTc4+wxjxRCtgQcCl5IkKfn5aNiYDYOf1zCUtsNfZkPjJsxg/mXAyHZPn/FtvSLtWH35BWt9i4omvUWPszbF71nC7oPrt7bzAqCzXSsc0LmmOrwQd94wkhY+TGIjb59Kcj5FT+tfIrejD3aF3ek4ZR32ppALDfIFTctpa56sTtI/ceXGsEa4IvYp/Jl3yLOi87f/Kh4BZigSqrC9W4Ez5fmWikTTmUQHCzGcyFJYDBfVOSKA44+ynT3tP+Q7WN2OyBf5Qi4Fkc+Eh44I1yjDxuDObA1INqJsicyCwDhvxnUeTpAJvjII/4c2s3mmmE5dWdtRV42OKAtNJ6GitG4lpcxHdrfdDeEAkWU87tP7IfavhMdZXXoAQnP7/W7ZdxPFyTRvWOa8Ejzd9aGZPst2xJeebYrg3Tsj9HA9ToFBhhMTJTXhO+UpBR0hqJMiBgQUv5LCJTPk1ycS7tmYA0cox295vvOcy6J+FW5ZYDu79Oq2Ns+N+ilaaEtUURfz

Yes Task {3CB768C0-FA4A-4F83-BA29-33264FF84B1B} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Yes Task {6F1680D8-F3B6-4777-B519-63A72473F174} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Yes Task {868BDFE3-2838-492E-958F-AA59F53C1E37} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "F:\x-plane\X-Plane 10\xplane\Installer_Windows.exe" -d "F:\x-plane\X-Plane 10\xplane"
Yes Task {F13FC87A-0FD5-4A85-8A65-BA2A12A69659} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\paul\Desktop\panoramamaker6_retail_tbyb_all.exe -d C:\Users\paul\Desktop

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:06 AM

Posted 26 February 2015 - 03:42 PM

The ESET Online Scanner saves a log file after running. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.

 

Please find and post the log.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 mdog77

mdog77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 26 February 2015 - 03:53 PM

thanks found it! Disabled those tasks aswell!

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ff9ac7e8c1afaf45a6d9ef4d11c1648b
# engine=22662
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-26 07:58:48
# local_time=2015-02-26 07:58:48 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 10793004 177445778 0 0
# scanned=1403599
# found=14
# cleaned=14
# scan_time=13165
sh=AFAA605C0F5036B777B1A5269540A7804227BC73 ft=1 fh=3eb70ea2845d5af2 vn="Win32/Patched.NFY trojan (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dll"
sh=87F05F7AD2EEB2F376FABF4F02BE2A6AE5B8ED7D ft=1 fh=75dd6b693755e644 vn="a variant of Win32/Amonetize.DU potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000"
sh=87F05F7AD2EEB2F376FABF4F02BE2A6AE5B8ED7D ft=1 fh=75dd6b693755e644 vn="a variant of Win32/Amonetize.DU potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\paul\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000001"
sh=4495024B25F21088902FBD82FC915E621187FE85 ft=1 fh=cc5f08593bdd79bc vn="MSIL/MyPCBackup.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\paul\AppData\Local\Temp\CloudBackup5800.exe"
sh=59E8DEBDF59BB3B5882420264B3BD3B06BF04971 ft=1 fh=c71c00110e2f7687 vn="a variant of Win32/Adware.MultiPlug.DX application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\paul\AppData\Local\Temp\BB00\temp\TyHelpTFUO.xyz"
sh=D2BB233E0C892B9AABD672806CAA273D0ACF45EA ft=1 fh=f268f92af264fed1 vn="Win32/AdWare.EoRezo.AW application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\paul\AppData\Local\Temp\is-M0JHD.tmp\gentlemjmp_ieu.exe"
sh=AC1807D560157CF20B67F90348F65862916BB080 ft=1 fh=d692da334cfae246 vn="a variant of Win32/Adware.PicColor.L application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\paul\AppData\Local\Temp\is-R5PRI.tmp\PreCheck.exe"
sh=145D999C049F66E2EF9D0A687C042935EF4F4340 ft=1 fh=58b6f900ae64aa64 vn="a variant of MSIL/Solimba.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\paul\AppData\Local\Temp\n7134\s7134.exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q potentially unwanted application (deleted - quarantined)" ac=C fn="F:\BitTorrentBar\BitTorrentBarToolbarHelper1.exe"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application (deleted - quarantined)" ac=C fn="F:\BitTorrentBar\ldrtbBit0.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O potentially unwanted application (deleted - quarantined)" ac=C fn="F:\BitTorrentBar\prxtbBit0.dll"
sh=D1E4276CD4BECD62673458D3259E38E07E2344E1 ft=1 fh=99d4677c02598452 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="F:\BitTorrentBar\tbBit0.dll"
sh=8BD16B5CC95E869BCD12352D230FF993330D1CD6 ft=1 fh=890faa051f819b6b vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="F:\BitTorrentBar\tbBit1.dll"
sh=531F6334C001F16B894D538E70D9ABAD53FA7E14 ft=1 fh=50a7f8a70c377a68 vn="a variant of Win32/MediaGet.AE potentially unwanted application (deleted - quarantined)" ac=C fn="F:\My documents\guitarstuff\Tabs\tabs\guitar tabs\mediaget-admin-proxy.exe"

Edited by mdog77, 26 February 2015 - 03:56 PM.


#14 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:06 AM

Posted 26 February 2015 - 04:08 PM

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

 

Open CCleaner and click on Tools. Choose Uninstall and post that list of installed programs by clicking on the button on the bottom right of that page.

 

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 mdog77

mdog77
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 26 February 2015 - 04:22 PM

security check log:
 
Results of screen317's Security Check version 0.99.97  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader 8 Adobe Reader out of Date! 
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
installed programs;
 

7-Zip 9.20 (x64 edition) Igor Pavlov 10/08/2014 4.53 MB 9.20.00.0
AbiWord 2.8.6 AbiSource Developers 11/11/2014 2.8.6
Adobe Flash Player 16 ActiveX Adobe Systems Incorporated 04/02/2015 6.00 MB 16.0.0.305
Adobe Flash Player 16 NPAPI Adobe Systems Incorporated 04/02/2015 6.00 MB 16.0.0.305
Adobe Photoshop CC 2014 Adobe Systems Incorporated 13/08/2014 1.76 GB 15.0
Adobe Reader 8 Adobe Systems Incorporated 08/08/2014 115 MB 8.0.0
aerosoft's - Aerosoft Airport Pack aerosoft 30/09/2014 1.00
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 14/12/2014 26.7 MB 8.0.916.0
Apple Application Support Apple Inc. 10/08/2014 93.4 MB 3.0.6
Apple Mobile Device Support Apple Inc. 10/08/2014 21.3 MB 7.1.2.6
Apple Software Update Apple Inc. 10/08/2014 2.38 MB 2.1.3.127
ArcSoft WebCam Companion 3 ArcSoft 10/08/2014 3.0.15.182
Arma 2 Bohemia Interactive 09/08/2014
Arma 2: British Armed Forces Bohemia Interactive 09/08/2014
ARMA 2: British Armed Forces - Data cache removal 28/08/2014
Arma 2: Operation Arrowhead Bohemia Interactive 09/08/2014
Arma 2: Operation Arrowhead Beta (Obsolete) 09/08/2014
Arma 2: Private Military Company Bohemia Interactive 09/08/2014
Arma 3 Bohemia Interactive 09/08/2014
Arma 3 Tools Bohemia Interactive 12/09/2014
ArmA3Sync 1.4.53 The [S.o.E] team 23/12/2014 4.30 MB 1.4.53
Assassin's Creed IV Black Flag Ubisoft Montreal 09/10/2014
Awesomium Redistributable SIX Networks GmbH 27/11/2014 41.4 MB 1.7.4.2
BattlEye for OA Uninstall 28/08/2014
BattlEye Uninstall 27/08/2014
BDE Information Utility InterBase Installation Info (and BDE Information Utility) 13/09/2014
BinMake Uninstall 15/08/2014
BinPBO Personal Edition Uninstall 15/08/2014
BitTorrent BitTorrent Inc. 19/09/2014 7.9.2.34026
Blender Blender Foundation 26/08/2014 2.71
Bonjour Apple Inc. 10/08/2014 2.00 MB 3.0.0.10
Call of Duty: Modern Warfare 2 Infinity Ward 29/08/2014
Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 29/08/2014
CCleaner Piriform 26/02/2015 5.03
DAEMON Tools Ultra Disc Soft Ltd 30/09/2014 2.4.0.0280
DayZ Bohemia Interactive 12/12/2014
DCS World Eagle Dynamics 02/11/2014
DCS World 28/11/2014 322 MB 1.2.11.34087
Dead Island Techland 14/12/2014
Deadlight Tequila Works, S.L. 29/12/2014
ESET Online Scanner v3 26/02/2015
FaceTrackNoIR version 1.7 FaceTrackNoIR Team 29/08/2014 109 MB 1.7
FontToTga Uninstall 15/08/2014
FSM Editor Personal Edition Uninstall 15/08/2014
Google Chrome Google Inc. 09/08/2014 40.0.2214.115
Google Earth Google 13/08/2014 180 MB 7.1.2.2019
Google Satellite Maps Downloader 7.46 allmapsoft.com 21/02/2015
iCloud Apple Inc. 11/08/2014 156 MB 3.1.0.40
IL-2 Sturmovik: Cliffs of Dover 1C: Maddox Games 24/01/2015
Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 Intel Corporation 29/08/2014 23.2 MB 5.3.4.087
Iron Front : Liberation 1944 X1 Software 27/01/2015
iTunes Apple Inc. 10/08/2014 220 MB 11.3.1.2
Java 7 Update 71 Oracle 20/10/2014 119 MB 7.0.710
Java 8 Update 25 Oracle Corporation 20/10/2014 73.3 MB 8.0.250
L3DT Professional v11.11.3.1 (remove only) 16/09/2014
L3DT Professional v14.10.0.2 (remove only) 18/10/2014
L3DT Standard v11.11.3.1 (remove only) 10/08/2014
Malwarebytes Anti-Malware version 2.0.4.1028 Malwarebytes Corporation 26/02/2015 57.2 MB 2.0.4.1028
Medal of Honor™ Warfighter Electronic Arts 05/11/2014 378 MB 1.0.0.3
MICRODEM Freeware GIS Petmar Triilobite Breeding Ranch 13/09/2014 28.1 MB 12.20.2013
Microsoft .NET Framework 4.5.1 RC Microsoft Corporation 23/08/2014 38.8 MB 4.5.50861
Microsoft Flight Simulator SimConnect Client v10.0.62607.0 Microsoft Corporation 19/12/2014 142 KB 10.0.62607.0
Microsoft Flight Simulator X: Steam Edition Microsoft Game Studios 19/12/2014
Microsoft Office Professional Plus 2013 Microsoft Corporation 19/09/2014 15.0.4420.1017
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 02/10/2014 2.38 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 09/08/2014 572 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 15/08/2014 252 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 13/08/2014 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 11/11/2014 1.42 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24/08/2014 240 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 13/08/2014 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 13/08/2014 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 13/08/2014 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 17/02/2015 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 17/02/2015 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 17/02/2015 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 17/02/2015 17.1 MB 12.0.30501.0
Microsoft Xbox 360 Accessories 1.2 Microsoft 25/12/2014 7.78 MB 1.20.146.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 19/12/2014 1.22 MB 4.20.9818.0
Notepad++ Notepad++ Team 28/09/2014 6.6.9
NVIDIA PhysX NVIDIA Corporation 24/10/2014 116 MB 9.13.1220
OF Dragon Rising Codemasters 07/08/2014 1.02.0000
Open Broadcaster Software 12/11/2014
Origin Electronic Arts, Inc. 24/08/2014 9.4.20.386
Oxygen 2 Personal Edition Uninstall 15/08/2014
PBO Manager v.1.4 beta 17/08/2014 3.92 MB 1.4.0
Pool Nation Cherry Pop Games 20/11/2014
Raptr 14/12/2014
Realtek Ethernet Controller Driver Realtek 09/08/2014 7.44.421.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 10/08/2014 6.0.1.7004
Revo Uninstaller 1.95 VS Revo Group 26/02/2015 1.95
SketchUp 2015 Trimble Navigation Limited 03/12/2014 267 MB 15.1.105
Skype Click to Call Microsoft Corporation 09/08/2014 6.91 MB 7.3.16540.9015
Skype™ 7.0 Skype Technologies S.A. 06/01/2015 48.1 MB 7.0.102
Sniper Elite V2 Rebellion 06/02/2015
Sound Tools Uninstall 15/08/2014
Star Wars: Empire at War Gold Petroglyph 04/02/2015
State of Decay Undead Labs 18/12/2014
Steam Valve Corporation 09/08/2014
TexView 2 Uninstall 15/08/2014
TomTom HOME TomTom 04/01/2015 49.5 MB 2.9.8
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 04/01/2015 1.88 MB 1.0.2
Unity Unity Technologies ApS 17/12/2014 4.6.1f1
Unity Web Player Unity Technologies ApS 17/12/2014 12.0 MB 4.6.1f1
Uplay Ubisoft 09/10/2014 4.0
Visitor 3 Uninstall 15/08/2014
VLC media player VideoLAN 23/08/2014 2.1.5
Webplayer Remote Kreapixel 26/02/2015 1.07 MB 1.0.1   (here is the culprit!)
XFast LAN v6.61 cFos Software GmbH, Bonn 09/08/2014 6.61
yuPlay client 0.7.40 26/01/2015 5.90 MB
yWriter5 Spacejock Software 11/11/2014 5.64 MB
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users