"Antimalware Doctor" Virus?!?!?! HELP!

[jd132]

Ok, so i have Windows Security Essentials installed, but its not recognizing "Antimalware Doctor"...the program wont let me close it, wont let me un-install, and wont let me install AVG free...What do i do?

 

[johnb35]

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[jd132]

ok..idk if this is what you wanted but here it is...Mbytes found 18 errors. here's the log from hijak...



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:18 AM, on 5/5/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\Folding@home\Folding@home-x86\[email protected]
C:\Users\josh\AppData\Roaming\Folding@home-x86\FahCore_a4.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\josh\AppData\Local\Temp\1\Nhx.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6720 bytes





If i cant get it running smoothly(yes, my gameplay decreased also...marginally ), I will do a fresh install, but id like to avoid this as server 08 R2 is kinda tuff to get drivers working.

Thanx.

 

[johnb35]

Please post the malwarebytes log so I can see what it deleted. To get the log, open malwarebytes, click on the logs tab, open the log and then copy and paste it back here in your reply.

Also please perform the following procedure.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  http://www.bleepingcomputer.com/download/anti-virus/combofix
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[jd132]

Combo fix is incompatible with my OS...
heres the updated Hijak log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:19 PM, on 5/5/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\PrtScr\PrtScr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [Google Update] "C:\Users\josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\josh\AppData\Local\Temp\1\Nhx.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6281 bytes



Malware bites log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6502

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/5/2011 12:11:01 AM
mbam-log-2011-05-05 (00-11-01).txt

Scan type: Quick scan
Objects scanned: 170933
Time elapsed: 1 minute(s), 0 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
c:\Windows\Njyvoa.exe (Trojan.FraudPack.Gen) -> 3412 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ICS5R7Y0OS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sorttp700.exe (Trojan.FakeAlert) -> Value: sorttp700.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\josh\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\Njyvoa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\b3c6263ff310d05d8f9d4c7f06edc4c6\sorttp700.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Local\Temp\Nhw.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Local\Temp\Nhx.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\microsoft\Windows\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\josh\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.





The "antimalwalware Doctor" virus or whatever is gone, but for some reason, since it was on my system, my games have rlly slowed down..

Thanx for your help btw.

 

[johnb35]

Combo fix is incompatible with my OS.

You are running windows 7 64 bit so it is compatible with your operating system. If combofix is giving you that message then there is something else going on. You are still infected. Please download and run superantispyware.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

After installing the software, please update it and then run a quick scan and then post its log. To get the log open superantispyware, click on the preferences button on the main page and then click on the statistics/logs tab, open the log and then copy and paste it back here.

 

[jd132]

SASWARE Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/05/2011 at 10:14 PM

Application Version : 4.51.1000

Core Rules Database Version : 6992
Trace Rules Database Version: 4804

Scan type : Quick Scan
Total Scan Time : 00:05:13

Memory items scanned : 516
Memory threats detected : 0
Registry items scanned : 2246
Registry threats detected : 0
File items scanned : 10622
File threats detected : 335

Adware.Tracking Cookie
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[7].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@serving-sys[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@mediasrv[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@advertising[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@adtech[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@atdmt[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@questionmarket[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@apmebf[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@specificclick[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@clicksor[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@myroitracking[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[5].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@pro-market[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@mediaplex[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[10].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@realmedia[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@mediabrandsww[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[3].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@tribalfusion[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@media6degrees[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@adbrite[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@harrenmedianetwork[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[9].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[6].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@yieldmanager[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@interclick[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@insightexpressai[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@invitemedia[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@burstnet[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@ru4[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@imrworldwide[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@collective-media[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@specificmedia[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@zedo[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@adxpose[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@pointroll[1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[4].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@lucidmedia[8].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@eyewonder[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@revsci[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@trafficmp[2].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\josh\AppData\Roaming\Microsoft\Windows\Cookies\josh@fastclick[1].txt
.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.moyeamedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adscendmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
user.lucidmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a.websponsors.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.gametracker.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stats.visionlemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.trackimizer.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.elitepvpers.de [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adscendmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yadro.ru [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.paypal.112.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revenue.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
a.intentmedia.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
a.intentmedia.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
handpickedmedia.co.uk [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.complex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.myroitracking.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediabrandsww.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.mediafire.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.homestore.122.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mm.chitika.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.linksynergy.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.linksynergy.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.linksynergy.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.edge.ru4.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stats.paypal.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.buycom.122.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.avgtechnologies.112.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.microsoftsto.112.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eset.122.2o7.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media2.legacy.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.clickfuse.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads.bridgetrack.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
click.tigeronline.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
click.tigeronline.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ar.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.at.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.network.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
objects.tremormedia.com [ C:\Users\josh\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BT8KWMRT ]
s0.2mdn.net [ C:\Users\josh\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BT8KWMRT ]
secure-us.imrworldwide.com [ C:\Users\josh\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BT8KWMRT ]

Rogue.AntiMalwareDoctor
C:\Users\josh\AppData\Roaming\B3C6263FF310D05D8F9D4C7F06EDC4C6

Trojan.Agent/Gen-Falcomp[RE]
C:\WINDOWS\SYSWOW64\BCRYPTF.DLL

 

[johnb35]

Ok, it still didn't delete what I was hoping it would. Can you please post a fresh hijackthis log for me. I'll be going to bed shortly so I will reply tomorrow afternoon when I get home from work.

 

[jd132]

Hijack log...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:44 PM, on 5/5/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\josh\AppData\Local\Temp\1\Nhx.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6658 bytes

 

[johnb35]

Ok, I need you to try running combofix again. it has been compatible with windows 7 64bit for a few months now. Please run rkill before running combofix. You must also disable any active virus/malware/firewall program running. This may be the issue.

Here is a renamed version of rkill.

http://download.bleepingcomputer.com/grinler/iExplore.exe

Run rkill and when its done it will pop up a log that will show if it killed any active malware process. Do not reboot the pc after running rkill until you have ran combofix.

 

[jd132]

RKILL LOG:


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 05/06/2011 at 22:10:46.
Operating System: Windows Server 2008 R2 Standard


Processes terminated by Rkill or while it was running:

C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\NexonUS\NGM\NGM.exe
C:\Windows\SysWOW64\InfDefaultInstall.exe


Rkill completed on 05/06/2011 at 22:10:48.






COMBOFIX still says error - Win 32 only...

 

[johnb35]

Sorry for not getting back to you sooner.

I see that you are actually running windows server 2008, which is why combofix won't work.


Rerun hijackthis and place a check next to the following entry.

O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\josh\AppData\Local\Temp\1\Nhx.exe

Then click on fix checked.

Please navigate to

C:\Users\josh\AppData\Local\Temp\1\Nhx.exe

and delete the file nhx.exe by right clicking on it and click on delete. You may need to enable show hidden files and folders in order to see these directories.

Reboot the system.

Then I would like for you to run an online scan.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.

 

[jd132]

NHX.exe is alredy gone.


C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ce2 multiple threats deleted - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000cfe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e08 multiple threats deleted - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000f3e a variant of Win32/Adware.Gamevance.AT application cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0010db a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0010f7 a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Temp\ICReinstall\ringtonejunkiez.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined
C:\Users\josh\AppData\Local\Temp\is233770471\vn-audiojunkiez-silent-us.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\josh\Downloads\AcidX_145977_0201.exe multiple threats deleted - quarantined
C:\Users\josh\Downloads\BlackOpsHack.rar Win32/AutoRun.Spy.VB.F worm deleted - quarantined
C:\Users\josh\Downloads\cod6_v1.0_trn+6.rar a variant of Win32/Injector.CRP trojan deleted - quarantined
C:\Users\josh\Downloads\eMuleSetup.exe a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined
C:\Users\josh\Downloads\FC4.9.rar a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
C:\Users\josh\Downloads\ringtonejunkiez.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined
C:\Users\josh\Downloads\VaftvSetup.exe a variant of Win32/Adware.HotBar.H application cleaned by deleting - quarantined
C:\Users\josh\Downloads\youtubedownloader_linkout_157740_041411030044.exe multiple threats deleted - quarantined
E:\Seagate Backup\HELGA_THE_BEAST\History\Level2\C\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000789 Win32/AutoRun.Spy.VB.F worm deleted - quarantined
E:\Seagate Backup\HELGA_THE_BEAST\History\Level2\C\Users\josh\AppData\Roaming\B3C6263FF310D05D8F9D4C7F06EDC4C6\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
E:\Seagate Backup\HELGA_THE_BEAST\History\Level2\C\Users\josh\AppData\Roaming\B3C6263FF310D05D8F9D4C7F06EDC4C6\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
E:\Seagate Backup\HELGA_THE_BEAST\History\Level2\C\Users\josh\Downloads\BlackOpsHack.rar Win32/AutoRun.Spy.VB.F worm deleted - quarantined
E:\Seagate Backup\HELGA_THE_BEAST\History\Level2\C\Users\josh\Downloads\FC4.9.rar a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
E:\Seagate Backup\JOSH-00FE216ED5\C\Documents and Settings\J\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gppcgehbcfhhdpbhccplcdphbdofhhjg\1.76_0\external.js JS/Kryptik.AK trojan cleaned by deleting - quarantined
E:\Seagate Backup\JOSH-00FE216ED5\C\Documents and Settings\J\My Documents\Downloads\SuperOneClickv1.7-ShortFuse.zip Android/Exploit.RageCage.A trojan deleted - quarantined
E:\Seagate Backup\JOSH-00FE216ED5\C\Documents and Settings\J\My Documents\Downloads\z4root.zip Android/Exploit.RageCage.A trojan deleted - quarantined
E:\Seagate Backup\JOSH-00FE216ED5\C\Documents and Settings\J\My Documents\Downloads\z4root\z4root.1.1.0.apk Android/Exploit.RageCage.A trojan deleted - quarantined

 

[johnb35]

Downloading hacks for software will usually get you infected. I see in that log that you have downloaded some hacks for black ops and others.

 

[jd132]

yep...cleaned since then

 

[jd132]

Thanx for getting the "antimalware" malware off...yer a genius!
P.S. Is there a thank button anywhere?..lol.

 

[johnb35]

Thanx for getting the "antimalware" malware off...yer a genius!
P.S. Is there a thank button anywhere?..lol.

Not a genius, just helping users out. In the future there may be a thanks button but not at this time.

 

[jd132]

Anyway, what was there is gone now. thanx