Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET reported terminated link when Chrome was opened?


  • This topic is locked This topic is locked
10 replies to this topic

#1 HighTide1

HighTide1

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 08 June 2016 - 07:50 PM

Hello BleepingComputer! Despite my past events on here, I have actually tried my best to keep malware off my computers, and believe that I have, for the most part. But, with the popup ESET gave me earlier, I figured it wouldn't hurt to get a second opinion. When I booted my computer today, and subsequently opened up Chrome, ESET reported a terminated link to i!imgur!com/VxoK2ym!gif (periods replaced with ! to prevent unintentional hyperlinking), saying that it had blocked an instance of Win32/Filecoder.EA, which I believe stands for Cryptolocker or one of its variants. Yet, the website in question in reported, when checking my history, was one that I had never actually visited, nor was any of the tabs open linked to it. A search of the computer reveals no "how_decrypt" files or the like, but I would like to see if I could get a checkup of sorts, just in case. I always hate it when this happens. If anyone can help me, thank you!

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:28 PM

Posted 08 June 2016 - 09:18 PM

EDIT: I just took a look at your other Topics and Posts....Did you create a Bookmark for this topic that you posted in:

Original CryptoWall Ransomware Support and Help Topic - D...

 

Would be a good idea to run a scan using Eset if you haven't done that.

 

I don't know where that "link" was located or how it got on your computer. Could be from adware or malware.

Use the programs below to scan for both. If you used something like uTorrent recently it could of been bundled with a download.

Or could of been in an email or an email attachment.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Edited by buddy215, 08 June 2016 - 09:28 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 08 June 2016 - 10:09 PM

ESET, MalwareBytes Anti-Malware, and MalwareBytes Anti-Malware Chameleon all report nothing. Here are the logs:

 

-------------------------------------------------------------------------------------------------------MALWAREBYTES-------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/8/2016
Scan Time: 10:24 PM
Logfile: Log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.06.08.07
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jered
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336160
Time Elapsed: 21 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
-------------------------------------------------------------------------------------------------------ADWCLEANER-------------------------------------------------------------------------------------------------------

# AdwCleaner v5.119 - Logfile created 08/06/2016 at 22:49:24

# Updated 30/05/2016 by Xplode

# Database : 2016-06-07.1 [Server]

# Operating system : Windows 7 Professional Service Pack 1 (X64)

# Username : Jered - JERED-PC

# Running from : C:\Users\Jered\Downloads\AdwCleaner.exe

# Option : Scan

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

 

***** [ DLL ] *****

 

 

***** [ WMI ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

 

*************************

 

C:\AdwCleaner\AdwCleaner[S1].txt - [640 bytes] - [08/06/2016 22:49:24]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [712 bytes] ##########


Edited by HighTide1, 08 June 2016 - 10:10 PM.


#4 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 08 June 2016 - 10:12 PM

--------------------------------------------------------------------------------------------------------------------------------------------------------------------JRT--------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64 
Ran by Jered (Administrator) on Wed 06/08/2016 at 22:50:58.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 24 
 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8A0MKZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HQYJCSS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XXA0A19 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46J58L9U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BH1GE67D (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J98JG281 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBYC14T9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jered\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V68DI5GE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8A0MKZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HQYJCSS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XXA0A19 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46J58L9U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BH1GE67D (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J98JG281 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBYC14T9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V68DI5GE (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/08/2016 at 22:55:14.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Other than the popup by ESET earlier, I am not noticing anything unusual about the computer. Occasionally, a PCPushNotify app hangs on the taskbar, but other than that, no unusual services, applications, or etc seem to be happening. I just hate this feeling of not knowing if something is wrong. Maybe I should just switch to Linux.


#5 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,949 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 08 June 2016 - 11:01 PM


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Other than the popup by ESET earlier, I am not noticing anything unusual about the computer. Occasionally, a PCPushNotify app hangs on the taskbar, but other than that, no unusual services, applications, or etc seem to be happening. I just hate this feeling of not knowing if something is wrong. Maybe I should just switch to Linux.

 

 

Now there is a breathtakingly brilliant idea....need to take a look...have a chat........go HERE


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy


#6 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:28 PM

Posted 09 June 2016 - 07:55 AM

At the top of my first post I asked....I just took a look at your other Topics and Posts....Did you create a Bookmark for this topic that you posted in:

Original CryptoWall Ransomware Support and Help Topic - D...

 

Do you want to uninstall the app that provides the Push notifications?

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 09 June 2016 - 09:11 PM

In the CryptoWall topic, I made no bookmark, but all my post was about was a bit of talking of the consequences of breaking the encryption quickly. As for the logs, they are as follows. I've tried my best to prevent viruses, and I still don't believe that imgur would act as a spreader, but what can I do in the future? I use AdBlock Plus, Flashcontrol, and disable Javascript for all sites, yet still I get things like this, and it freaks me out. I mean, I have nothing important on this computer, and I'm still worrying. Anyways, here are the files:

 

--------startup windows---------

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run ASUS AiChargerPlus Execute ASUSTek Computer Inc. C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
Yes HKLM:Run EvtMgr6 Logitech, Inc. C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run RtHDVBg_DTS Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run ShadowPlay Microsoft Corporation "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
 
----------startup scheduled-------------
 
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {7F9BFDD3-5451-416C-9213-964D2C434A83} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Jered\Downloads\vs_community_ENU.exe -d C:\Users\Jered\Downloads
 
-----------startup context-------------
 
Yes Directory Git Bash Here The Git Development Community "C:\Program Files\Git\git-bash.exe" "--cd=%1"
Yes Directory Git GUI Here The Git Development Community "C:\Program Files\Git\cmd\git-gui.exe" "--working-dir" "%1"
Yes Drive ESET Smart Security - Context Menu Shell Extension ESET C:\Program Files\ESET\ESET Smart Security\shellExt.dll
Yes File ESET Smart Security - Context Menu Shell Extension ESET C:\Program Files\ESET\ESET Smart Security\shellExt.dll
Yes File MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes File WinRAR Alexander Roshal C:\Program Files\WinRAR\rarext.dll
Yes File WinRAR32 Alexander Roshal C:\Program Files\WinRAR\rarext32.dll
Yes Folder ESET Smart Security - Context Menu Shell Extension ESET C:\Program Files\ESET\ESET Smart Security\shellExt.dll
Yes Folder MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
Yes Folder WinRAR Alexander Roshal C:\Program Files\WinRAR\rarext.dll
Yes Folder WinRAR32 Alexander Roshal C:\Program Files\WinRAR\rarext32.dll
 
---------------uninstall-------------
3DMark Demo Futuremark 12/28/2015
Adobe Reader X (10.1.16) MUI Adobe Systems Incorporated 5/30/2016 481 MB 10.1.16
Age of Empires II: HD Edition Hidden Path Entertainment, Ensemble Studios 12/31/2015
AI Suite 3 ASUSTeK Computer Inc. 12/28/2015 1.00.83
Amnesia: A Machine for Pigs The Chinese Room 12/31/2015
Amnesia: The Dark Descent Frictional Games 1/1/2016
Application Insights Tools for Visual Studio 2015 Microsoft Corporation 5/30/2016 6.14 MB 5.2.60328.3
Asmedia USB Host Controller Driver Asmedia Technology 12/28/2015 2.46 MB 1.16.23.0
Banished Shining Rock Software LLC 12/31/2015
Broadcom 802.11 Network Adapter Broadcom Corporation 12/28/2015 6.34.223.5
CCleaner Piriform 6/9/2016 5.18
Chivalry: Medieval Warfare Torn Banner Studios 12/31/2015
Cities: Skylines Colossal Order Ltd. 12/31/2015
DLC Quest Going Loud Studios 12/31/2015
Don't Starve Klei Entertainment 1/1/2016
Door Kickers KillHouse Games 1/1/2016
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 Microsoft Corporation 5/30/2016 143 MB 14.0.41103.0
ESET Smart Security ESET, spol. s r.o. 5/30/2016 129 MB 9.0.381.0
Euro Truck Simulator 2 SCS Software 12/28/2015
Fallout 3 - Game of the Year Edition Bethesda Game Studios 12/30/2015
Fallout 4 Bethesda Game Studios 12/28/2015
Fallout: New Vegas Obsidian Entertainment 12/30/2015
FTL: Faster Than Light Subset Games 12/31/2015
Futuremark SystemInfo Futuremark 12/28/2015 5.52 MB 4.41.563.0
Garry's Mod Facepunch Studios 12/31/2015
Git version 2.8.3 The Git Development Community 5/30/2016 188 MB 2.8.3
Google Chrome Google Inc. 12/28/2015 51.0.2704.84
Grand Theft Auto V Rockstar North 5/20/2016
Gunpoint Suspicious Developments 12/30/2015
Half-Life Valve 12/31/2015
Half-Life 2 Valve 12/31/2015
IIS 10.0 Express Microsoft Corporation 5/30/2016 36.0 MB 10.0.1735
IIS Express Application Compatibility Database for x64 5/30/2016
IIS Express Application Compatibility Database for x86 5/30/2016
Intel® Management Engine Components Intel Corporation 12/28/2015 10.0.0.1204
Intel® Network Connections 19.1.51.0 Intel 12/28/2015 27.7 MB 19.1.51.0
Java 8 Update 91 (64-bit) Oracle Corporation 5/30/2016 102 MB 8.0.910.15
Java SE Development Kit 8 Update 91 (64-bit) Oracle Corporation 5/30/2016 311 MB 8.0.910.15
Logitech SetPoint 6.67 Logitech 12/29/2015 39.0 MB 6.67.83
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 5/31/2016 66.8 MB 2.2.1.1043
Microsoft .NET Framework 4.5 Multi-Targeting Pack Microsoft Corporation 5/30/2016 41.8 MB 4.5.50710
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack Microsoft Corporation 5/30/2016 49.3 MB 4.5.50932
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) Microsoft Corporation 5/30/2016 74.5 MB 4.5.50932
Microsoft .NET Framework 4.5.1 SDK Microsoft Corporation 5/30/2016 19.4 MB 4.5.51641
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack Microsoft Corporation 5/30/2016 49.4 MB 4.5.51651
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) Microsoft Corporation 5/30/2016 74.4 MB 4.5.51209
Microsoft .NET Framework 4.6 SDK Microsoft Corporation 5/30/2016 20.0 MB 4.6.00081
Microsoft .NET Framework 4.6 Targeting Pack Microsoft Corporation 5/30/2016 40.3 MB 4.6.00081
Microsoft .NET Framework 4.6 Targeting Pack (ENU) Microsoft Corporation 5/30/2016 69.6 MB 4.6.00127
Microsoft .NET Framework 4.6.1 Microsoft Corporation 3/22/2016 38.8 MB 4.6.01055
Microsoft .NET Framework 4.6.1 SDK Microsoft Corporation 5/30/2016 20.0 MB 4.6.01055
Microsoft .NET Framework 4.6.1 Targeting Pack Microsoft Corporation 5/30/2016 40.4 MB 4.6.01055
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) Microsoft Corporation 5/30/2016 69.6 MB 4.6.01055
Microsoft .NET Version Manager (x64) 1.0.0-beta5 Microsoft Corporation 5/30/2016 68.0 KB 1.0.10609.0
Microsoft Help Viewer 2.2 Microsoft Corporation 5/30/2016 12.1 MB 2.2.25123
Microsoft Office Home and Student 2016 - en-us Microsoft Corporation 6/4/2016 16.0.6868.2067
Microsoft OneDrive Microsoft Corporation 6/4/2016 37.6 MB 17.3.6281.1202
Microsoft Silverlight Microsoft Corporation 5/30/2016 35.4 MB 5.1.20513.0
Microsoft SQL Server 2012 Command Line Utilities Microsoft Corporation 5/30/2016 876 KB 11.0.2100.60
Microsoft SQL Server 2012 Native Client Microsoft Corporation 5/30/2016 7.19 MB 11.0.2100.60
Microsoft SQL Server 2014 Management Objects Microsoft Corporation 5/30/2016 24.7 MB 12.0.2000.8
Microsoft SQL Server 2014 Management Objects  (x64) Microsoft Corporation 5/30/2016 17.4 MB 12.0.2000.8
Microsoft SQL Server 2014 T-SQL Language Service Microsoft Corporation 5/30/2016 6.65 MB 12.0.2000.8
Microsoft SQL Server 2014 Transact-SQL ScriptDom Microsoft Corporation 5/30/2016 6.17 MB 12.0.2000.8
Microsoft SQL Server 2016 LocalDB RC0 Microsoft Corporation 5/30/2016 231 MB 13.0.1100.286
Microsoft SQL Server 2016 Management Objects RC0 Microsoft Corporation 5/30/2016 25.2 MB 13.0.1100.286
Microsoft SQL Server 2016 Management Objects RC0 (x64) Microsoft Corporation 5/30/2016 16.5 MB 13.0.1100.286
Microsoft SQL Server 2016 T-SQL Language Service RC0 Microsoft Corporation 5/30/2016 4.00 KB 13.0.12000.52
Microsoft SQL Server 2016 T-SQL ScriptDom RC0 Microsoft Corporation 5/30/2016 3.66 MB 13.0.1100.286
Microsoft SQL Server Compact 4.0 SP1 x64 ENU Microsoft Corporation 5/30/2016 22.4 MB 4.0.8876.1
Microsoft SQL Server Data Tools - enu (14.0.60311.1) Microsoft Corporation 5/30/2016 44.1 MB 14.0.60311.1
Microsoft System CLR Types for SQL Server 2014 Microsoft Corporation 5/30/2016 5.69 MB 12.0.2402.29
Microsoft System CLR Types for SQL Server 2016 RC0 Microsoft Corporation 5/30/2016 8.50 MB 13.0.1100.286
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12/31/2015 428 KB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 12/28/2015 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 5/22/2016 240 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 12/28/2015 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/31/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/31/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 5/30/2016 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 12/28/2015 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 5/30/2016 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 12/28/2015 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 5/30/2016 20.5 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 1/3/2016 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 5/30/2016 17.1 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 1/3/2016 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 Microsoft Corporation 5/30/2016 24.4 MB 14.0.23918.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 Microsoft Corporation 5/30/2016 20.7 MB 14.0.23918.0
Microsoft Visual Studio Community 2015 with Update 2 Microsoft Corporation 5/30/2016 6.04 GB 14.0.25123.0
Microsoft Web Deploy 3.6 Microsoft Corporation 5/30/2016 6.26 MB 3.1238.1962
Mount & Blade: Warband TaleWorlds Entertainment 12/28/2015
MSI Afterburner 4.0.0 MSI Co., LTD 12/29/2015 4.0.0
MSI Gaming APP MSI 12/28/2015 14.8 MB 3.0.0.18
MSYS2 64bit The MSYS2 Developers 5/30/2016 192 MB 20160205
Napoleon: Total War The Creative Assembly 12/28/2015
NVIDIA 3D Vision Controller Driver 364.44 NVIDIA Corporation 5/30/2016 364.44
NVIDIA 3D Vision Driver 368.22 NVIDIA Corporation 5/30/2016 368.22
NVIDIA GeForce Experience 2.11.3.5 NVIDIA Corporation 5/7/2016 2.11.3.5
NVIDIA Graphics Driver 368.22 NVIDIA Corporation 5/30/2016 368.22
NVIDIA HD Audio Driver 1.3.34.14 NVIDIA Corporation 5/30/2016 1.3.34.14
NVIDIA PhysX System Software 9.16.0318 NVIDIA Corporation 5/30/2016 9.16.0318
OpenAL 12/31/2015
Oracle VM VirtualBox 5.0.20 Oracle Corporation 5/30/2016 153 MB 5.0.20
POSTAL 2 Running With Scissors 12/31/2015
Prerequisites for SSDT Microsoft Corporation 5/30/2016 6.94 MB 12.0.2000.8
Prerequisites for SSDT RC0 Microsoft Corporation 5/30/2016 7.39 MB 13.0.1100.286
Python 3.5.1 (32-bit) Python Software Foundation 5/30/2016 82.4 MB 3.5.1150.0
Python 3.5.1 Launcher (32-bit) Python Software Foundation 5/30/2016 740 KB 3.5.150.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12/28/2015 6.0.1.7344
RivaTuner Statistics Server 6.2.0 Unwinder 12/29/2015 6.2.0
Rockstar Games Social Club Rockstar Games 5/20/2016 1.1.7.8
Steam Valve Corporation 12/28/2015 2.10.91.91
Team Fortress 2 Valve 12/28/2015
The Binding of Isaac Edmund McMillen and Florian Himsl 12/31/2015
The Elder Scrolls III: Morrowind Bethesda Game Studios® 12/31/2015
The Elder Scrolls IV: Oblivion Bethesda Game Studios 12/31/2015
The Elder Scrolls V: Skyrim Bethesda Game Studios 12/30/2015
The Talos Principle Croteam 1/1/2016
The Witcher 2: Assassins of Kings Enhanced Edition CD PROJEKT RED 12/28/2015
The Witcher: Enhanced Edition CD PROJEKT RED 12/28/2015
Universe Sandbox Giant Army 12/31/2015
Vulkan Run Time Libraries 1.0.11.1 LunarG, Inc. 5/30/2016 1.66 MB 1.0.11.1
Vulkan Run Time Libraries 1.0.3.0 LunarG, Inc. 3/22/2016 1.66 MB 1.0.3.0
WIDCOMM Bluetooth Software Broadcom Corporation 12/28/2015 290 MB 6.5.1.5800
WinRAR 5.40 beta 2 (64-bit) win.rar GmbH 5/30/2016 5.40.2
XCOM: Enemy Unknown Firaxis Games 12/28/2015
 


#8 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:28 PM

Posted 10 June 2016 - 05:41 AM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run ASUS AiChargerPlus Execute ASUSTek Computer Inc. C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
Yes HKLM:Run ShadowPlay Microsoft Corporation "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
 
Disable these Scheduled Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {7F9BFDD3-5451-416C-9213-964D2C434A83} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Jered\Downloads\vs_community_ENU.exe -d C:\Users\Jered\Downloads
 
Adblock Plus allows some ads. If you want to block those and haven't done so, click on the ABP icon > choose Filter Preferences > UNcheck Allow some Non-intrusive advertisements
 
Imgur does allow the hosting of ads and you may of noticed that ABP blocks images/ videos hosted by Imgur.
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 10 June 2016 - 08:21 PM

Okay. I've disabled the listed startups, with the exception of Steam, and the vs_community task. Other than those entries, though, does it look like my computer may have any problems? Should I run DRST or whatever that application was called? Or, does everything look clean apart from the notification by ESET?



#10 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:28 PM

Posted 11 June 2016 - 06:20 AM

I see no reason to think you need to do more scans. But if you would like to you can start a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:28 PM

Posted 11 June 2016 - 11:42 AM

Topic has now been posted in Malware Removal Logs.

 

Link http://www.bleepingcomputer.com/forums/t/617078/connection-terminated-by-eset-regarding-win32filecoderea/

 

This one is closed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users