Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Logs are too long to post

  1. #1
    Junior Member frankhero's Avatar
    Join Date
    Jul 2014
    Posts
    18

    Default Logs are too long to post

    REFER BACK TO:
    http://forums.spybot.info/showthread...570#post455570
    I've tried posting my logs to the forum but keep being told that they are too long... All I've done is copy and paste. Not sure if I'm missing something. The spacecount is currently 437561 characters after running the entire thing through Notepadd++ and removing all the whitespace... Any suggestions would be greatly appreciated.
    Thanks
    Frank

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Sorry your having problems Frank, I am assuming that the logs you want to post are FRST, Additions and aswMBR ...Correct ?

    Why dont you do this, press the Ctrl key with your left hand and with your mouse select each log and then right click on them and select Send To ...Compressed Zip Folder, name it Logs and save it to your desktop and then go down to Manage Attachments and attach the file, then Submit Reply, also give me a brief description of whats going on on your system
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member frankhero's Avatar
    Join Date
    Jul 2014
    Posts
    18

    Default morning, morning.

    Quote Originally Posted by ken545 View Post


    Sorry your having problems Frank, I am assuming that the logs you want to post are FRST, Additions and aswMBR ...Correct ?

    Why dont you do this, press the Ctrl key with your left hand and with your mouse select each log and then right click on them and select Send To ...Compressed Zip Folder, name it Logs and save it to your desktop and then go down to Manage Attachments and attach the file, then Submit Reply, also give me a brief description of whats going on on your system
    10-4. are zip files always welcome? i'll get those over right away.

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello Frank,

    We prefer that logs are directly copy and pasted in the thread but if its to large and the forum wont except them then attaching them is fine
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member frankhero's Avatar
    Join Date
    Jul 2014
    Posts
    18

    Default hope this works

    Quote Originally Posted by ken545 View Post
    Hello Frank,

    We prefer that logs are directly copy and pasted in the thread but if its to large and the forum wont except them then attaching them is fine
    Attached is a file containing all of the requested info. the breakdown of the events leading up to and following are also included . Thanks!
    Frankallin1.zip

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    FF NetworkProxy: "http_port", 8080 <-- Did you set this proxy ?


    Very long log, its going to take some time to go over it

    In the meantime run this scan please

    Download CKScanner by askey127 from Here & save it to your Desktop.
    • Doubleclick CKScanner.exe then click Search For Files
    • When the cursor hourglass disappears, click Save List To File
    • A message box will verify the file saved
    • Please Run this program only once
    • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member frankhero's Avatar
    Join Date
    Jul 2014
    Posts
    18

    Default

    Quote Originally Posted by ken545 View Post
    FF NetworkProxy: "http_port", 8080 <-- Did you set this proxy ?


    Very long log, its going to take some time to go over it

    In the meantime run this scan please

    Download CKScanner by askey127 from Here & save it to your Desktop.
    • Doubleclick CKScanner.exe then click Search For Files
    • When the cursor hourglass disappears, click Save List To File
    • A message box will verify the file saved
    • Please Run this program only once
    • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
    CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
    c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\java\security\spec\rsakeygenparameterspec.java
    c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\javax\crypto\keygenerator.java
    c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\javax\crypto\keygeneratorspi.java
    c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\org\apache\harmony\crypto\tests\javax\crypto\keygeneratorspitest.java
    c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\org\apache\harmony\crypto\tests\javax\crypto\keygeneratortest.java
    c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorfunctionaltest.java
    c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorthread.java
    c:\androidsdk\adt-bundle-windows-x86_64-20140702\sdk\sources\android-20\org\apache\harmony\crypto\tests\support\mykeygeneratorspi.java
    c:\cygwin64\bin\ssh-keygen.exe
    c:\cygwin64\lib\python2.7\lib-dynload\crypt.dll
    c:\cygwin64\usr\share\man\man1\ssh-keygen.1.gz
    c:\metasploit\apps\pro\msf3\data\john\doc\pdfcrack_readme
    c:\metasploit\apps\pro\msf3\data\john\doc\pdfcrack_todo
    c:\metasploit\apps\pro\msf3\modules\auxiliary\analyze\jtr_crack_fast.rb
    c:\metasploit\apps\pro\msf3\modules\auxiliary\analyze\postgres_md5_crack.rb
    c:\metasploit\apps\pro\msf3\tools\hmac_sha1_crack.rb
    c:\metasploit\apps\pro\msf3\tools\lm2ntcrack.rb
    c:\metasploit\apps\pro\reports\authentication_tokens\msfx_auth_tokens_cracked_graphs.jasper
    c:\metasploit\apps\pro\reports\authentication_tokens\msfx_auth_tokens_cracked_graphs.jrxml
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\about-password-cracking.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\bruteforce-attack-options.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\bruteforce-attacks.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\bruteforce-message-indicators.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\credential-management.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\deleting-imported-word-lists.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\importing-custom-word-lists.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\importing-password-lists.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\running-bruteforce-attacks.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\running-bruteforce-password-list.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\running-bruteforce-single-credential.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\running-bruteforce-vm.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\selecting-custom-word-lists.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\supported-credential-file-formats.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\supported-credential-formats.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\target-services.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\viewing-imported-credentials.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\viewing-metasploit-word-lists.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\14-password-cracking\word-lists.html
    c:\metasploit\apps\pro\ui\public\docs\online-help\content\zz-glossary\def-password-cracking.html
    c:\program files (x86)\corel\coreldraw graphics suite x6\custom data\bumpmap\cracks.cpt
    c:\users\jsutin\desktop\library\the code book how to make it, break it, hack it, crack it.pdf
    c:\users\jsutin\downloads\electronics\http://www.eio.com\p-32499-ratchet-c...-sony.html.tmp
    c:\users\jsutin\downloads\erow\http://www.erowid.org\archive\hyperr...crack.pipe.tmp
    c:\users\jsutin\downloads\erow\http://www.erowid.org\chemicals\coca...ck_info1.shtml
    c:\users\jsutin\downloads\erow\http://www.erowid.org\chemicals\coca...journal1.shtml
    c:\users\jsutin\downloads\erow\http://www.erowid.org\chemicals\coca...k_media1.shtml
    c:\users\jsutin\downloads\erow\http://www.erowid.org\culture\art\ar...eslie.html.tmp
    c:\users\jsutin\downloads\erow\http://www.erowid.org\culture\art\ar...iling.html.tmp
    c:\users\jsutin\downloads\erow\http://www.erowid.org\culture\art\ar...dream.html.tmp
    c:\users\jsutin\downloads\erow\http://www.erowid.org\culture\art\ar..._thumb.jpg.tmp
    c:\users\jsutin\downloads\erow\http://www.erowid.org\library\books\...ng_tower.shtml
    scanner sequence 3.ZZ.11.OMNAXZ
    ----- EOF -----

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You never said if you installed that Firefox Proxy and you never said what your experiencing to make you think your infected, and there is no reason to quote what I said.

    I also see your using the torrents, not good as any form of file sharing is dangerous, your downloading that file from an unknown source and not all but most contain malware of one form or another, its like playing russian roulette malwarewise


    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    ===============================================================================


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    =====================================================


    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member frankhero's Avatar
    Join Date
    Jul 2014
    Posts
    18

    Default k, here's what came back...

    Ken,
    I didn't disclose it because i didn't even remember about it. I got it to play around with burp.suite. I think i used it but once about 1.5 months ago. as far as torrents, i didn't remember using a torrent downloader on this comp... but now that you've mentioned it i do recall getting some books around the same time as i was playing with burp.
    anyway, this is what came back. I haven't actually applied any of the fixes. Pretty sure that's what you expected?
    Thanks,
    Frank

    # AdwCleaner v3.216 - Report created 27/07/2014 at 00:48:43
    # Updated 17/07/2014 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : a - c
    # Running from : C:\Users\a\Desktop\AdwCleaner.exe
    # Option : Scan
    ***** [ Services ] *****
    ***** [ Files / Folders ] *****
    File Found : C:\END
    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs
    \Search.lnk
    File Found : C:\WINDOWS\System32\Tasks\UpdaterEX
    File Found : C:\WINDOWS\Tasks\UpdaterEX.job
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User
    Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Folder Found : C:\Users\a\AppData\Local\Google\Chrome\User Data
    \Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Folder Found : C:\Users\a\AppData\Local\Google\Chrome\User Data
    \Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Folder Found : C:\Users\a\AppData\Local\Google\Chrome\User Data
    \Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Folder Found : C:\Users\a\AppData\LocalLow\Conduit
    Folder Found : C:\Users\a\AppData\Roaming\DriverCure
    Folder Found : C:\Users\a\AppData\Roaming\pdfforge
    Folder Found : C:\Users\a\AppData\Roaming\UpdaterEX
    Folder Found : C:\Users\bLtd\AppData\Local\Google
    \Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Folder Found : C:\Users\bLtd\AppData\Local\Google
    \Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Folder Found : C:\Users\bLtd\AppData\Local\Google
    \Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    ***** [ Shortcuts ] *****
    ***** [ Registry ] *****
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Google\Chrome\Extensions
    \eiebcgmnpbbifoagcaobgelgnijgpaog
    Key Found : HKCU\Software\Google\Chrome\Extensions
    \eiebcgmnpbbifoagcaobgelgnijgpaog
    Key Found : HKCU\Software\Google\Chrome\Extensions
    \eiebcgmnpbbifoagcaobgelgnijgpaog
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
    \{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\UpdaterEX
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\Softonic
    Key Found : [x64] HKCU\Software\UpdaterEX
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions
    \eiebcgmnpbbifoagcaobgelgnijgpaog
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions
    \eiebcgmnpbbifoagcaobgelgnijgpaog
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions
    \eiebcgmnpbbifoagcaobgelgnijgpaog
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    \{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    \{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Found : HKLM\Software\Uniblue
    Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout
    \ConduitToolbar
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer
    \SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer
    \SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17126
    -\\ Mozilla Firefox v30.0 (en-US)
    [ File : C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles
    \na5z5xw6.default\prefs.js ]
    -\\ Google Chrome v36.0.1985.125
    [ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data
    \Default\preferences ]
    Found [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
    [ File : C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default
    \preferences ]
    [ File : C:\Users\a\AppData\Local\Google\Chrome\User Data\Default
    \preferences ]
    Found [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
    [ File : C:\Users\a\AppData\Local\Google\Chrome\User Data\Default
    \preferences ]
    [ File : C:\Users\bLtd\AppData\Local\Google\Chrome\User
    Data\Default\preferences ]
    Found [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
    [ File : C:\Users\VIRTUAL\AppData\Local\Google\Chrome\User Data\Default
    \preferences ]
    *************************
    AdwCleaner[R0].txt - [4609 octets] - [27/07/2014 00:48:44]
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4669 octets]
    ##########
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 8.1 x64
    Ran by a on Sun 07/27/2014 at 0:52:38.41
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4DABDDBA-3607-487A-BF21-92E49C647822}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    ~~~ Files
    Successfully deleted: [File] "C:\end"
    ~~~ Folders
    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\Users\a\AppData\Roaming\drivercure"
    Successfully deleted: [Folder] "C:\Users\a\AppData\Roaming\pdfforge"
    Successfully deleted: [Folder] "C:\Users\a\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
    Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{09A183F0-3A66-4344-B4ED-85722C6111F1}
    Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{17C49671-D795-4883-AA65-AD4F28821BFE}
    Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{275EDE2D-F86B-43AD-9302-75B72B2A02CA}
    Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{3A012331-A6C8-43A4-B9E7-9D5C7A16D5F1}
    Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{49D80A72-B5D4-47CC-9F67-396A80DB13EC}
    Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{9E680478-E665-41C5-B8F0-8AF3BEB18E91}
    Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{9F327ACA-0073-483B-A98B-D32032EC3A2B}
    Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{CF99848C-F99F-4AEB-B59D-C9B7B1F9DF5A}
    Successfully deleted: [Empty Folder] C:\Users\a\appdata\local\{D434EB7D-DCD8-4073-AFCA-E6412C77FB05}
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 07/27/2014 at 0:57:43.92
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 7/27/2014
    Scan Time: 12:59:08 AM
    Logfile:
    Administrator: Yes
    Version: 2.00.2.1012
    Malware Database: v2014.07.27.04
    Rootkit Database: v2014.07.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: a
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 583762
    Time Elapsed: 24 min, 40 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 1
    PUP.Optional.Softonic.A, HKU\S-1-5-21-3935980490-2378437961-526367122-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [f38d8f15ea91fb3b0aeda142887a2bd5],
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 1
    PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc, , [07791a8ad4a794a23b7d8e3819e9e31d],
    Files: 11
    PUP.Optional.InstalleRex, C:\$Recycle.Bin\S-1-5-21-3935980490-2378437961-526367122-1059\$R3IRTAX.exe, , [7f01475d562537ff158f2267a061ca36],
    PUP.Optional.Softonic.A, C:\Users\a\Downloads\SoftonicDownloader_for_surgeon-simulator-2013.exe, , [6d13cada99e268ce9956d55337cadb25],
    PUP.Optional.Softonic.A, C:\Users\a\Downloads\SoftonicDownloader_for_visual-basic (1).exe, , [730debb9611a7bbb9956b27643beb947],
    PUP.Optional.Softonic.A, C:\Users\a\Downloads\SoftonicDownloader_for_visual-basic.exe, , [3947c4e02556e05643acc95ff50c41bf],
    PUP.Optional.OutBrowse, C:\Users\bLtd\Downloads\setup (1).exe, , [136dddc7136813236ee53f5c8c758977],
    PUP.Optional.Softonic.A, C:\Users\bLtd\Downloads\SoftonicDownloader_for_abcaus-excel-accounting-template.exe, , [85fbfea62f4cc274a24d40e8d62b06fa],
    PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc\config.dat, , [07791a8ad4a794a23b7d8e3819e9e31d],
    PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc\info.dat, , [07791a8ad4a794a23b7d8e3819e9e31d],
    PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat, , [07791a8ad4a794a23b7d8e3819e9e31d],
    PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc\STTL.DAT, , [07791a8ad4a794a23b7d8e3819e9e31d],
    PUP.Optional.Updater.A, C:\Users\a\AppData\Roaming\UpdaterEX\UpdateProc\TTL.DAT, , [07791a8ad4a794a23b7d8e3819e9e31d],
    Physical Sectors: 0
    (No malicious items detected)
    (end)

  10. #10
    Junior Member frankhero's Avatar
    Join Date
    Jul 2014
    Posts
    18

    Default

    Pretty sure that's what you expected?

    ooops.. okay... just ran adw again... here's that log... not sure if the order of things was really importanat... let me know if i have to run the other two again before moving forward.
    Thanks,
    frank

    # AdwCleaner v3.216 - Report created 27/07/2014 at 01:41:10
    # Updated 17/07/2014 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : e - e
    # Running from : C:\Users\e\Desktop\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****
    ***** [ Files / Folders ] *****
    Folder Deleted : C:\Users\e\AppData\Roaming\UpdaterEX
    Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Folder Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Folder Deleted : C:\Users\R & R MillwrightsLtd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    [!] Folder Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    [!] Folder Deleted : C:\Users\R & R MillwrightsLtd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    [!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    [!] Folder Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    [!] Folder Deleted : C:\Users\R & R MillwrightsLtd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
    File Deleted : C:\WINDOWS\Tasks\UpdaterEX.job
    File Deleted : C:\WINDOWS\System32\Tasks\UpdaterEX
    ***** [ Shortcuts ] *****
    ***** [ Registry ] *****
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiebcgmnpbbifoagcaobgelgnijgpaog
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKCU\Software\UpdaterEX
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17126
    -\\ Mozilla Firefox v30.0 (en-US)
    [ File : C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\na5z5xw6.default\prefs.js ]
    -\\ Google Chrome v36.0.1985.125
    [ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
    [ File : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    [ File : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
    [ File : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    [ File : C:\Users\R & R MillwrightsLtd\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Extension] : eiebcgmnpbbifoagcaobgelgnijgpaog
    [ File : C:\Users\VIRTUAL\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    *************************
    AdwCleaner[R0].txt - [4773 octets] - [27/07/2014 00:48:44]
    AdwCleaner[R1].txt - [4011 octets] - [27/07/2014 01:39:24]
    AdwCleaner[S0].txt - [3609 octets] - [27/07/2014 01:41:10]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3669 octets] ##########

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •