Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Accidently downloaded wrong file from ad


  • Please log in to reply
7 replies to this topic

#1 elvy

elvy

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 08 June 2015 - 09:47 PM

I ran Malwarebytes and Eset Oline scanner right away and it got rid of whatever was infecting me. I just wanted to post in here to confirm if I need to do anything else or not.

Here are the logs.

Mbam Log:
 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/06/08 20:28:39 -0500</date>
<logfile>mbam-log-2015-06-08 (20-28-36).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.01.6.1022</version>
<malware-database>v2015.06.08.05</malware-database>
<rootkit-database>v2015.06.02.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Jeremy</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>360636</objects>
<time>1492</time>
<processes>7</processes>
<modules>4</modules>
<keys>38</keys>
<values>12</values>
<datas>3</datas>
<folders>5</folders>
<files>44</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Program Files (x86)\Infonaut_1.10.0.13\Service\insvc.exe</path><vendor>PUP.Optional.Infonaut.A</vendor><action>delete-on-reboot</action><pid>1592</pid><hash>c2839028355538fe5672c3b22dd9f30d</hash></process>
<process><path>C:\Program Files (x86)\Swift Record\updateSwiftRecord.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>delete-on-reboot</action><pid>1036</pid><hash>fd486b4d5931ad89371d3f37f0167d83</hash></process>
<process><path>C:\Program Files (x86)\Swift Record\bin\utilSwiftRecord.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>delete-on-reboot</action><pid>2084</pid><hash>85c0536525652d0992c2b7bf32d415eb</hash></process>
<process><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.expext.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>delete-on-reboot</action><pid>3720</pid><hash>f74edddb8604e94d4212b4c237cf48b8</hash></process>
<process><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.PurBrowse64.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>delete-on-reboot</action><pid>3800</pid><hash>aa9b6e4a4e3ce74fa0b4d5a18a7c0ff1</hash></process>
<process><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.BrowserAdapter.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>delete-on-reboot</action><pid>3196</pid><hash>d76e2f89d7b375c15ef678fe1ee837c9</hash></process>
<process><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.BrowserAdapter64.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>delete-on-reboot</action><pid>3180</pid><hash>ab9aa6122169e45267ed6a0c52b42bd5</hash></process>
<module><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.expextdll.dll</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>delete-on-reboot</action><hash>4ef715a32565b77f183c383e3bcb10f0</hash></module>
<module><path>C:\Program Files (x86)\Swift Record\bin\211815387fbb4069b287194adafdb095.dll</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>delete-on-reboot</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></module>
<module><path>C:\ProgramData\FlashBeat\FlashBeat32.dll</path><vendor>PUP.Optional.FlashBeat.A</vendor><action>delete-on-reboot</action><hash>ff4607b1692138fe22ea12d0956e7888</hash></module>
<module><path>C:\ProgramData\FlashBeat\FlashBeat32.dll</path><vendor>PUP.Optional.FlashBeat.A</vendor><action>delete-on-reboot</action><hash>ff4607b1692138fe22ea12d0956e7888</hash></module>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\insvc_1.10.0.13</path><vendor>PUP.Optional.Infonaut.A</vendor><action>success</action><hash>c2839028355538fe5672c3b22dd9f30d</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Swift Record</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>fd486b4d5931ad89371d3f37f0167d83</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Swift Record</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>85c0536525652d0992c2b7bf32d415eb</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\innfd_1_10_0_13</path><vendor>PUP.Optional.Infonaut.A</vendor><action>success</action><hash>380d0fa9d6b453e3ffc999dce521ae52</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{21181538-7fbb-4069-b287-194adafdb095}Gw64</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>044193257218ef47d77d6610dd2917e9</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}</path><vendor>PUP.Optional.BrowseFox.A</vendor><action>success</action><hash>31145c5cddad60d6f7077c24df24fc04</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}</path><vendor>PUP.Optional.BrowseFox.A</vendor><action>success</action><hash>31145c5cddad60d6f7077c24df24fc04</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}</path><vendor>PUP.Optional.BrowseFox.A</vendor><action>success</action><hash>31145c5cddad60d6f7077c24df24fc04</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0759d61f-3673-416f-85d2-58b847e78ddf}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>162fe3d5b3d70e287d35c0a19b68956b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0759d61f-3673-416f-85d2-58b847e78ddf}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>162fe3d5b3d70e287d35c0a19b68956b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{06107761-a0fa-4eaa-9fc8-54f55102f354}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>162fe3d5b3d70e287d35c0a19b68956b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C38F40AD-70A5-465E-866F-506B378C4CEF}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>162fe3d5b3d70e287d35c0a19b68956b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C38F40AD-70A5-465E-866F-506B378C4CEF}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>162fe3d5b3d70e287d35c0a19b68956b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C38F40AD-70A5-465E-866F-506B378C4CEF}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>162fe3d5b3d70e287d35c0a19b68956b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{06107761-a0fa-4eaa-9fc8-54f55102f354}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>162fe3d5b3d70e287d35c0a19b68956b</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{06107761-a0fa-4eaa-9fc8-54f55102f354}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>162fe3d5b3d70e287d35c0a19b68956b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0759D61F-3673-416F-85D2-58B847E78DDF}</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>162fe3d5b3d70e287d35c0a19b68956b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Infonaut_1.10.0.13</path><vendor>PUP.Optional.Infonaut.A</vendor><action>success</action><hash>fc49a6120486ef47ab1d5d18d82eee12</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Swift Record</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>b1948b2d7d0d0f27ed6794e2bd49bf41</hash></key>
<key><path>HKLM\SOFTWARE\Flashbeat</path><vendor>PUP.Optional.Flashbeat.A</vendor><action>success</action><hash>ec599325c3c769cd5a3ab73f0af9d12f</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}</path><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><hash>de673088e5a5f93da32d6484ab58ce32</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Flashbeat</path><vendor>PUP.Optional.Flashbeat.A</vendor><action>success</action><hash>eb5ac1f78406280e8c0821d547bc37c9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Infonaut_1.10.0.13</path><vendor>PUP.Optional.Infonaut.A</vendor><action>success</action><hash>48fda2166a20c571a73e6a819a69eb15</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Swift Record</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>75d000b899f154e2fe283fb0ed1645bb</hash></key>
<key><path>HKU\S-1-5-21-1748747307-3260626592-723431498-1002\SOFTWARE\Swift Record</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>af96f9bf59310f27c95ef6f932d1ec14</hash></key>
<key><path>HKU\S-1-5-21-1748747307-3260626592-723431498-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}</path><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><hash>083d704833570036bb147f694eb5669a</hash></key>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>URL</valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>http://www.cassiopesa.com/results.php?f=4&amp;q={searchTerms}&amp;a=csp_tight2_15_24&amp;cd=2XzuyEtN2Y1L1Qzu0Dzz0E0BzyyBtByE0Czz0FyB0DtCtAtCtN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBzy0Ezz0ByB0A0AtGtB0ByE0BtGyB0DyD0BtGtA0BtCtAtGyD0ByDtDtDtD0F0AyE0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0E0E0AyDzyyE0EtGtByCyDzytGyE0DzztDtG0AyEyB0CtG0ByEyC0CzytAyC0CtDyCtA0F2QtN0A0LzutB&amp;cr=940039352&amp;ir=</valuedata><hash>de673088e5a5f93da32d6484ab58ce32</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>TopResultURLFallback</valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>http://www.cassiopesa.com/results.php?f=4&amp;q={searchTerms}&amp;a=csp_tight2_15_24&amp;cd=2XzuyEtN2Y1L1Qzu0Dzz0E0BzyyBtByE0Czz0FyB0DtCtAtCtN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBzy0Ezz0ByB0A0AtGtB0ByE0BtGyB0DyD0BtGtA0BtCtAtGyD0ByDtDtDtD0F0AyE0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0E0E0AyDzyyE0EtGtByCyDzytGyE0DzztDtG0AyEyB0CtG0ByEyC0CzytAyC0CtDyCtA0F2QtN0A0LzutB&amp;cr=940039352&amp;ir=</valuedata><hash>d570a4140c7e6cca5b75a5431ae9d22e</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>FaviconPath</valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>C:\Users\Jeremy\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico</valuedata><hash>74d18f29fa90ad890bc533b528db01ff</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename></valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>Cassiopesa</valuedata><hash>9aab16a26228cf677f51ba2e679ceb15</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>DisplayName</valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>Cassiopesa</valuedata><hash>1f264870ef9baa8ce4ec47a1af5414ec</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY</path><valuename>AppPath</valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>C:\Program Files (x86)\Tny_Cassiopesa\\</valuedata><hash>8db876424f3b8babb27b444215f027d9</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\insvc_1.10.0.13</path><valuename>ImagePath</valuename><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><valuedata>&quot;C:\Program Files (x86)\Infonaut_1.10.0.13\Service\insvc.exe&quot;</valuedata><hash>f550b404c9c10e28896fc1c036cf8d73</hash></value>
<value><path>HKU\S-1-5-21-1748747307-3260626592-723431498-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>URL</valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>http://www.cassiopesa.com/results.php?f=4&amp;q={searchTerms}&amp;a=csp_tight2_15_24&amp;cd=2XzuyEtN2Y1L1Qzu0Dzz0E0BzyyBtByE0Czz0FyB0DtCtAtCtN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBzy0Ezz0ByB0A0AtGtB0ByE0BtGyB0DyD0BtGtA0BtCtAtGyD0ByDtDtDtD0F0AyE0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0E0E0AyDzyyE0EtGtByCyDzytGyE0DzztDtG0AyEyB0CtG0ByEyC0CzytAyC0CtDyCtA0F2QtN0A0LzutB&amp;cr=940039352&amp;ir=</valuedata><hash>083d704833570036bb147f694eb5669a</hash></value>
<value><path>HKU\S-1-5-21-1748747307-3260626592-723431498-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>TopResultURLFallback</valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>http://www.cassiopesa.com/results.php?f=4&amp;q={searchTerms}&amp;a=csp_tight2_15_24&amp;cd=2XzuyEtN2Y1L1Qzu0Dzz0E0BzyyBtByE0Czz0FyB0DtCtAtCtN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBzy0Ezz0ByB0A0AtGtB0ByE0BtGyB0DyD0BtGtA0BtCtAtGyD0ByDtDtDtD0F0AyE0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0E0E0AyDzyyE0EtGtByCyDzytGyE0DzztDtG0AyEyB0CtG0ByEyC0CzytAyC0CtDyCtA0F2QtN0A0LzutB&amp;cr=940039352&amp;ir=</valuedata><hash>64e18e2a2d5d033378578d5bcb3803fd</hash></value>
<value><path>HKU\S-1-5-21-1748747307-3260626592-723431498-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>FaviconPath</valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>C:\Users\Jeremy\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico</valuedata><hash>47fe36827c0edc5a319eb73116edda26</hash></value>
<value><path>HKU\S-1-5-21-1748747307-3260626592-723431498-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename></valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>Cassiopesa</valuedata><hash>78cdc5f3f4963006e4eb36b22cd7827e</hash></value>
<value><path>HKU\S-1-5-21-1748747307-3260626592-723431498-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>DisplayName</valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>success</action><valuedata>Cassiopesa</valuedata><hash>7ec7caeef59552e4ede224c4946f16ea</hash></value>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path><valuename>AppInit_DLLs</valuename><vendor>PUP.Optional.FlashBeat.A</vendor><action>replaced</action><valuedata> </valuedata><baddata>C:\ProgramData\FlashBeat\FlashBeat32.dll</baddata><gooddata></gooddata><hash>ff4607b1692138fe22ea12d0956e7888</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path><valuename>AppInit_DLLs</valuename><vendor>PUP.Optional.FlashBeat.A</vendor><action>replaced</action><valuedata> </valuedata><baddata>C:\ProgramData\FlashBeat\FlashBeat64.dll</baddata><gooddata></gooddata><hash>ff4607b1692138fe22ea12d0956e7888</hash></data>
<data><path>HKU\S-1-5-21-1748747307-3260626592-723431498-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.Cassiopesa.A</vendor><action>replaced</action><valuedata>http://www.cassiopesa.com/?f=1&amp;a=csp_tight2_15_24&amp;cd=2XzuyEtN2Y1L1Qzu0Dzz0E0BzyyBtByE0Czz0FyB0DtCtAtCtN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBzy0Ezz0ByB0A0AtGtB0ByE0BtGyB0DyD0BtGtA0BtCtAtGyD0ByDtDtDtD0F0AyE0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0E0E0AyDzyyE0EtGtByCyDzytGyE0DzztDtG0AyEyB0CtG0ByEyC0CzytAyC0CtDyCtA0F2QtN0A0LzutB&amp;cr=940039352&amp;ir=</valuedata><baddata>http://www.cassiopesa.com/?f=1&amp;a=csp_tight2_15_24&amp;cd=2XzuyEtN2Y1L1Qzu0Dzz0E0BzyyBtByE0Czz0FyB0DtCtAtCtN0D0Tzu0StCtByDyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBzy0Ezz0ByB0A0AtGtB0ByE0BtGyB0DyD0BtGtA0BtCtAtGyD0ByDtDtDtD0F0AyE0AzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0E0E0AyDzyyE0EtGtByCyDzytGyE0DzztDtG0AyEyB0CtG0ByEyC0CzytAyC0CtDyCtA0F2QtN0A0LzutB&amp;cr=940039352&amp;ir=</baddata><gooddata>www.google.com</gooddata><hash>c481bdfb3b4f0b2bfc7171c735d1dc24</hash></data>
<folder><path>C:\Program Files (x86)\Swift Record\bin</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></folder>
<folder><path>C:\Program Files (x86)\Swift Record\bin\plugins</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></folder>
<folder><path>C:\Program Files (x86)\Swift Record\bin\TEMP</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></folder>
<folder><path>C:\Program Files (x86)\Swift Record</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></folder>
<folder><path>C:\ProgramData\FlashBeat</path><vendor>PUP.Optional.FlashBeat.A</vendor><action>delete-on-reboot</action><hash>ff4607b1692138fe22ea12d0956e7888</hash></folder>
<file><path>C:\Program Files (x86)\Infonaut_1.10.0.13\Service\insvc.exe</path><vendor>PUP.Optional.Infonaut.A</vendor><action>success</action><hash>c2839028355538fe5672c3b22dd9f30d</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\updateSwiftRecord.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>fd486b4d5931ad89371d3f37f0167d83</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\utilSwiftRecord.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>85c0536525652d0992c2b7bf32d415eb</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.expext.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>f74edddb8604e94d4212b4c237cf48b8</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.expextdll.dll</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>4ef715a32565b77f183c383e3bcb10f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.PurBrowse64.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>aa9b6e4a4e3ce74fa0b4d5a18a7c0ff1</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.BrowserAdapter.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>d76e2f89d7b375c15ef678fe1ee837c9</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\211815387fbb4069b287194adafdb095.dll</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\211815387fbb4069b287194adafdb09564.dll</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>67dec0f8ef9b59dd79dbea8c9d698a76</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.BrowserAdapter64.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>ab9aa6122169e45267ed6a0c52b42bd5</hash></file>
<file><path>C:\Windows\System32\drivers\innfd_1_10_0_13.sys</path><vendor>PUP.Optional.Infonaut.A</vendor><action>success</action><hash>380d0fa9d6b453e3ffc999dce521ae52</hash></file>
<file><path>C:\Windows\System32\drivers\{21181538-7fbb-4069-b287-194adafdb095}Gw64.sys</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>044193257218ef47d77d6610dd2917e9</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\SwiftRecordbho.dll</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>162fe3d5b3d70e287d35c0a19b68956b</hash></file>
<file><path>C:\ProgramData\6b818a33a2964c51a9c56ff33ef8d8c7\6b818a33a2964c51a9c56ff33ef8d8c7.exe</path><vendor>PUP.Optional.JellySplit.Gen</vendor><action>success</action><hash>143104b4018984b2f578ca9df50de41c</hash></file>
<file><path>C:\Program Files (x86)\Infonaut_1.10.0.13\Uninstall.exe</path><vendor>PUP.Optional.Infonaut.A</vendor><action>success</action><hash>fc49a6120486ef47ab1d5d18d82eee12</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\SwiftRecordUninstall.exe</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>b1948b2d7d0d0f27ed6794e2bd49bf41</hash></file>
<file><path>C:\Users\Jeremy\AppData\Local\Temp\setup.exe</path><vendor>PUP.Optional.Infonaut.A</vendor><action>success</action><hash>80c5496fe2a83501e4e47ef7aa5c23dd</hash></file>
<file><path>C:\Users\Jeremy\AppData\Local\Temp\71F4.tmp</path><vendor>PUP.Optional.SwiftRecord.A</vendor><action>success</action><hash>172ec7f1f69468ce470dc8aedb2b01ff</hash></file>
<file><path>C:\Users\Jeremy\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>3114e5d37812b2842fd5abcbd72ea060</hash></file>
<file><path>C:\Users\Jeremy\AppData\Local\Temp\vitruvian-installer-install-v0003</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>e1640cac2169f83ec242b5c1c93cd927</hash></file>
<file><path>C:\Users\Jeremy\AppData\Local\Temp\vitruvian-installer-processes-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>85c0bff9b8d23ef81fe5d2a4a36234cc</hash></file>
<file><path>C:\Users\Jeremy\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>bc899e1addadde5853b17cfadf265ea2</hash></file>
<file><path>C:\Users\Jeremy\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>70d515a3addd38fe4aba2b4bae5721df</hash></file>
<file><path>C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\9vet6ait.default\searchplugins\cassiopesa.xml</path><vendor>PUP.Optional.Cassiopesa.C</vendor><action>success</action><hash>281d41776a200630574db7ccb25316ea</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\BrowserAdapter.7z</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\211815387fbb4069b287.dll</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\211815387fbb4069b28764.dll</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\7za.exe</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\eula.txt</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.expext.zip</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\SwiftRecord.PurBrowseG.zip</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\utilSwiftRecord.InstallState</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\plugins\SwiftRecord.BrowserAdapter.dll</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\plugins\SwiftRecord.CompatibilityChecker.dll</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\plugins\SwiftRecord.ExpExt.dll</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\plugins\SwiftRecord.FFUpdate.dll</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\plugins\SwiftRecord.GCUpdate.dll</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\bin\plugins\SwiftRecord.PurBrowseG.dll</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\SwiftRecord.ico</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\updateSwiftRecord.InstallState</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\Program Files (x86)\Swift Record\{85359a6f-592d-4c5e-9556-24a2249d7756}.xpi</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>5ee7f8c0aedcd264f9c7008464a110f0</hash></file>
<file><path>C:\ProgramData\FlashBeat\1</path><vendor>PUP.Optional.FlashBeat.A</vendor><action>success</action><hash>ff4607b1692138fe22ea12d0956e7888</hash></file>
<file><path>C:\ProgramData\FlashBeat\FlashBeat32.dll</path><vendor>PUP.Optional.FlashBeat.A</vendor><action>delete-on-reboot</action><hash>ff4607b1692138fe22ea12d0956e7888</hash></file>
<file><path>C:\ProgramData\FlashBeat\FlashBeat64.dll</path><vendor>PUP.Optional.FlashBeat.A</vendor><action>delete-on-reboot</action><hash>ff4607b1692138fe22ea12d0956e7888</hash></file>
</items>
</mbam-log>

C:\Users\All Users\FlashBeat\FlashBeat64.dll	a variant of Win64/Adware.CouponMarvel.B application	
C:\ProgramData\FlashBeat\FlashBeat64.dll	a variant of Win64/Adware.CouponMarvel.B application	cleaned by deleting (after the next restart) - quarantined
C:\Users\Jeremy\AppData\Local\Temp\1002	Win32/Adware.CouponMarvel.D application	cleaned by deleting - quarantined
C:\Users\Jeremy\AppData\Local\Temp\nsl79D7.tmp\2ef40efb3ce47d8141682e9cd50f9848be24fcd8.lua	Win32/DownloadAdmin.H potentially unwanted application	cleaned by deleting - quarantined
C:\Users\Jeremy\AppData\Local\Temp\~nsu.tmp\Au_.exe	a variant of Win32/BrowseFox.AY potentially unwanted application	deleted - quarantined
C:\Users\Jeremy\Downloads\Alcohol120_trial_2.0.3.7612.exe	Win32/SmartFileAdvisor.B potentially unwanted application	deleted - quarantined
C:\Users\Jeremy\Downloads\DeepBurner1.exe	Win32/Somoto.Q potentially unwanted application	deleted - quarantined

Eset ^

 

Sorry if I did it wrong. I could not find an atachment botton.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:17 AM

Posted 09 June 2015 - 07:05 AM

I doubt you have removed all of the adware. A good start, though. Follow up with these scans:

 

Use AdwCleaner to cleanup browser shortcuts, find and remove other adware.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 elvy

elvy
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 11 June 2015 - 12:44 PM

JTR:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 8.1 x64
Ran by Jeremy on Thu 06/11/2015 at 12:40:49.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Swift Record



~~~ Files

Successfully deleted: [File] C:\Users\Jeremy\appdata\local\90c44f312ec5676ae73fdad19d917baa



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\28341ff220e0446c9fff27c4493d622e
Successfully deleted: [Folder] C:\ProgramData\6b818a33a2964c51a9c56ff33ef8d8c7





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/11/2015 at 12:42:41.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Startup:
Yes    HKCU:Run    AppEx Accelerator UI    AppEx Networks Corporation    C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
No    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No    HKCU:Run    Spotify    Spotify Ltd    "C:\Users\Jeremy\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
No    HKCU:Run    Spotify Web Helper    Spotify Ltd    "C:\Users\Jeremy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes    HKCU:Run    Zoom        
No    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    Cm108Sound    Microsoft Corporation    C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
No    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    Raptr    Raptr, Inc    "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes    HKLM:Run    StartCCC        "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Yes    HKLM:Run    Super-Charger    MSI    C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
No    Startup Common    HP Digital Imaging Monitor.lnk    Hewlett-Packard Co.    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
No    Startup Common    Wireless Configuration Utility.lnk    TODO: <Company name>    C:\Program Files\TRENDnet\TEW-703PI_TEW-703PIL\WlanCU.exe
Yes    Startup User    Sidebar333.lnk        C:\Program Files\Windows Sidebar\sidebar.exe
 

Install:

Adobe AIR    Adobe Systems Incorporated    12/30/2014        15.0.0.356
Adobe Flash Player 17 NPAPI    Adobe Systems Incorporated    5/15/2015    6.00 MB    17.0.0.188
Adobe Reader XI (11.0.10)    Adobe Systems Incorporated    12/30/2014    186 MB    11.0.10
AMD Catalyst Install Manager    Advanced Micro Devices, Inc.    2/2/2015    26.7 MB    8.0.916.0
AMD Quick Stream    AppEx Networks    2/2/2015    10.8 MB    3.10.4.0
Avidemux 2.6 - 64bits        4/27/2015        2.6.8.9046
Battle.net    Blizzard Entertainment    2/2/2015        
CCleaner    Piriform    6/5/2015        5.06
Citrix Online Launcher    Citrix    4/25/2015    294 KB    1.0.258
Diablo II        6/8/2015        
Diablo III    Blizzard Entertainment    2/2/2015        
Diablo III Public Test    Blizzard Entertainment    3/2/2015        
DVD Flick 1.3.0.7    Dennis Meuwissen    6/8/2015        1.3.0.7
ESET Online Scanner v3        4/25/2015        
Google Chrome    Google Inc.    2/2/2015        42.0.2311.135
Heroes of the Storm    Blizzard Entertainment    2/2/2015        
HP Imaging Device Functions 14.0    HP    2/6/2015        14.0
HP OfficeJet J3600 14.0 Rel. 6    HP    2/6/2015        14.0
HP Solution Center 14.0    HP    2/6/2015        14.0
HP Update    Hewlett-Packard    2/6/2015    4.04 MB    5.005.002.002
Java 8 Update 31    Oracle Corporation    2/2/2015    74.0 MB    8.0.310
Java 8 Update 31 (64-bit)    Oracle Corporation    2/2/2015    86.0 MB    8.0.310
Malwarebytes Anti-Malware version 2.1.6.1022    Malwarebytes Corporation    5/20/2015    57.6 MB    2.1.6.1022
Microsoft Silverlight    Microsoft Corporation    12/30/2014    50.7 MB    5.1.30514.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    5/17/2015    4.89 MB    8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    5/20/2015    4.53 MB    9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    2/2/2015    10.2 MB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    4/27/2015    10.1 MB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    6/5/2015    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    6/5/2015    11.1 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727    Microsoft Corporation    2/2/2015    20.4 MB    11.0.50727.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation    6/8/2015    17.3 MB    11.0.61030.0
Minecraft 1.8.1 version 1.8.1        3/18/2015    157 MB    1.8.1
Mozilla Firefox 38.0.5 (x86 en-US)    Mozilla    6/4/2015    83.1 MB    38.0.5
Mozilla Maintenance Service    Mozilla    5/9/2015    246 KB    37.0.2
Mumble 1.2.8    Thorvald Natvig    2/3/2015    33.8 MB    1.2.8
Nero Burning ROM 2014    Nero AG    6/8/2015    266 MB    15.0.05300
Nero Info    Nero AG    6/8/2015    3.05 MB    15.1.0030
Nexon Launcher    Nexon    5/17/2015    7.06 MB    1.1.1
Open Broadcaster Software        4/10/2015        
RadeonPro 1.0 (Build 1.1.1.0)        2/3/2015    26.5 MB    
Raptr        2/2/2015        
Realtek Ethernet Controller Driver    Realtek    2/2/2015        8.20.815.2013
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    2/2/2015        6.0.1.7111
SADES 7.1 SOUND EFFECT GAMING HEADSET        2/2/2015        1.00.0008
SADES 7.1 SOUND EFFECT GAMING HEADSET        5/9/2015        
Skype™ 7.4    Skype Technologies S.A.    5/15/2015    48.8 MB    7.4.102
Spotify    Spotify AB    6/6/2015        1.0.6.80.g2a801a53
StealthBot 2.7    StealthBot    3/18/2015    3.68 MB    2.7.0.0
Super-Charger    MSI    2/2/2015    12.0 MB    1.2.022
TRENDnet TEW-703PI/TEW-703PIL Wireless N PCI Adapter    TRENDnet    2/2/2015        1.00.0000
Ventrilo Client for Windows x64    Flagship Industries, Inc.    2/2/2015    6.66 MB    3.0.8.0
VLC media player    VideoLAN    12/30/2014        2.1.5
WinRAR 5.21 (64-bit)    win.rar GmbH    4/16/2015        5.21.0
XSplit Broadcaster    SplitmediaLabs    4/13/2015    207 MB    2.2.1502.1633
 



#4 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:17 AM

Posted 11 June 2015 - 01:39 PM

I don't see the results of the AdwCleaner scan or the list of Scheduled Tasks. Please post those.

 

 

Suggest disabling these Windows Startups: (use CCleaner by clicking on each item to highlight and choosing either Disable, Uninstall or Remove)

Yes    HKLM:Run    Raptr    Raptr, Inc    "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup

Yes    HKCU:Run    Zoom     

Yes    HKLM:Run    StartCCC        "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

Yes    Startup User    Sidebar333.lnk        C:\Program Files\Windows Sidebar\sidebar.exe
 

Uninstall these programs:

Adobe AIR    Adobe Systems Incorporated    12/30/2014        15.0.0.356

Adobe Reader XI (11.0.10)    Adobe Systems Incorporated    12/30/2014    186 MB    11.0.10 (Or Update)

Java 8 Update 31    Oracle Corporation    2/2/2015    74.0 MB    8.0.310 (Or Update...most users don't need java)
Java 8 Update 31 (64-bit)    Oracle Corporation    2/2/2015    86.0 MB    8.0.310 (Or Update)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 elvy

elvy
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 11 June 2015 - 02:39 PM

Scheduled Tasks:
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    KZUWXNBQI1        C:\ProgramData\FlashBeat\FlashBeat.exe
No    Task    Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-1002        
Yes    Task    Optimize Start Menu Cache Files-S-1-5-21-1748747307-3260626592-723431498-500        
Yes    Task    YBSNKXI        "C:\ProgramData\6b818a33a2964c51a9c56ff33ef8d8c7\6b818a33a2964c51a9c56ff33ef8d8c7.exe"
Yes    Task    {32FA5BDE-5477-4B0C-8399-4FC546BB3D47}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a E:\INSTALL.EXE -d E:\
Yes    Task    {C7C7F4E2-95A9-4031-B6EA-8D67EEBD6436}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
 

Adwcleaner:
# AdwCleaner v4.206 - Logfile created 11/06/2015 at 12:30:25
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Jeremy - JERM
# Running from : C:\Users\Jeremy\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\9vet6ait.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKCU\Software\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v42.0.2311.135

[C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2594 bytes] - [11/06/2015 12:23:33]
AdwCleaner[S0].txt - [2500 bytes] - [11/06/2015 12:30:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2559  bytes] ##########
 



#6 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:17 AM

Posted 11 June 2015 - 03:09 PM

As you can see, AdwCleaner removed several Reimage files. Hopefully it is completely gone and you didn't actually purchase it.

 

Disable these Tasks:

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    KZUWXNBQI1        C:\ProgramData\FlashBeat\FlashBeat.exe (Remove...not just Disable...adware)

Yes    Task    YBSNKXI        "C:\ProgramData\6b818a33a2964c51a9c56ff33ef8d8c7\6b818a33a2964c51a9c56ff33ef8d8c7.exe" (Remove...not just Disable...adware)

Yes    Task    {32FA5BDE-5477-4B0C-8399-4FC546BB3D47}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a E:\INSTALL.EXE -d E:\
Yes    Task    {C7C7F4E2-95A9-4031-B6EA-8D67EEBD6436}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\

Those last two Task items are likely adware. Disable for now and if it causes no problem, remove them after a few days.

 

Is the computer performing up to par....any problems...especially ads/ popups/ redirects, etc.?


Edited by buddy215, 11 June 2015 - 03:12 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 elvy

elvy
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 11 June 2015 - 04:22 PM

Everything seems normal there are no pop ups or performace issues.



#8 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:17 AM

Posted 11 June 2015 - 05:50 PM

Good...happy surfin' !


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users