Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes:PUP.Optional.SweetIM.A! What is it? HELP PLEASE


  • Please log in to reply
19 replies to this topic

#1 daculadawg1

daculadawg1

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 27 August 2013 - 07:53 AM

malwarebytes showed 13 of these, is my pc really infected? what do i do? thanks in advance for your help, im freaking out!

 

 

 

 



BC AdBot (Login to Remove)

 


#2 filipo603

filipo603

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 27 August 2013 - 08:20 AM

Press remove selected at end of scan,and check with HitmanPro for other viruses.Good luck!


May Computer Be With You! :luke: 

 

 

 


#3 daculadawg1

daculadawg1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 29 August 2013 - 04:13 PM

ok, im confused. are you the one who is helping me? i thought you had to be a senoir member to help.

 

Thanks!



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 AM

Posted 05 September 2013 - 09:53 PM

They are correct to remove the items in your MBAM log.
 
I do not prefer Hitman tho, for me I see to many crashes and false positives.
Not saying it was wrong to offer,I just don't care for it.
 
Run these.
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
 
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • >>>
  • Last run ESET.
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 daculadawg1

daculadawg1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 06 September 2013 - 05:24 PM

7:17 PM 9/6/2013MiniToolBox by Farbar  Version: 13-07-2013
Ran by Linda (administrator) on 06-09-2013 at 08:15:22
Running from "C:\Users\Linda\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Hardware not present)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Linda-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 1C-65-9D-F3-05-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 1C-65-9D-F3-05-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5d75:c593:cb49:e822%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.254.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, September 03, 2013 4:13:17 PM
   Lease Expires . . . . . . . . . . : Friday, February 26, 2021 9:59:01 PM
   Default Gateway . . . . . . . . . : 192.168.254.254
   DHCP Server . . . . . . . . . . . : 192.168.254.254
   DHCPv6 IAID . . . . . . . . . . . : 303850909
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-BC-D9-0B-00-26-6C-A5-D5-B3
   DNS Servers . . . . . . . . . . . : 192.168.254.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2080:656:3f57:1f9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2080:656:3f57:1f9%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{EEAD024A-E3DF-4D7C-B197-BAAF913D0067}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  MyRouter.Home
Address:  192.168.254.254

Name:    google.com
Addresses:  2607:f8b0:4002:c04::66
      74.125.140.138
      74.125.140.139
      74.125.140.100
      74.125.140.101
      74.125.140.102
      74.125.140.113


Pinging google.com [74.125.140.138] with 32 bytes of data:
Reply from 74.125.140.138: bytes=32 time=48ms TTL=49
Reply from 74.125.140.138: bytes=32 time=18ms TTL=49

Ping statistics for 74.125.140.138:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 48ms, Average = 33ms
Server:  MyRouter.Home
Address:  192.168.254.254

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=131ms TTL=49
Reply from 206.190.36.45: bytes=32 time=106ms TTL=49

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 106ms, Maximum = 131ms, Average = 118ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=29ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 29ms, Average = 15ms
===========================================================================
Interface List
 14...1c 65 9d f3 05 79 ......Microsoft Virtual WiFi Miniport Adapter
 11...1c 65 9d f3 05 79 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.254.254    192.168.254.6     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.254.0    255.255.255.0         On-link     192.168.254.6    281
    192.168.254.6  255.255.255.255         On-link     192.168.254.6    281
  192.168.254.255  255.255.255.255         On-link     192.168.254.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.254.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.254.6    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:953c:2080:656:3f57:1f9/128
                                    On-link
 11    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::2080:656:3f57:1f9/128
                                    On-link
 11    281 fe80::5d75:c593:cb49:e822/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/06/2013 07:23:51 AM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (09/06/2013 07:00:46 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/06/2013 07:00:46 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/03/2013 05:21:11 PM) (Source: TestWorker) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (09/03/2013 05:05:30 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/03/2013 05:05:30 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/03/2013 04:42:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/03/2013 04:42:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/03/2013 04:40:14 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/03/2013 04:17:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (09/03/2013 04:58:18 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/03/2013 04:38:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.

Error: (09/03/2013 09:52:01 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/03/2013 09:52:01 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/03/2013 09:52:01 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/03/2013 09:51:59 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/03/2013 09:51:59 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/03/2013 09:51:59 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/03/2013 09:52:00 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/03/2013 09:52:00 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (09/06/2013 07:23:51 AM) (Source: TestWorker)(User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (09/06/2013 07:00:46 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/06/2013 07:00:46 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (09/03/2013 05:21:11 PM) (Source: TestWorker)(User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (09/03/2013 05:05:30 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/03/2013 05:05:30 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (09/03/2013 04:42:31 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/03/2013 04:42:31 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (09/03/2013 04:40:14 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/03/2013 04:17:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000


CodeIntegrity Errors:
===================================
  Date: 2013-09-03 09:04:54.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-01 22:48:50.325
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-01 22:03:03.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-31 17:54:07.162
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-31 15:24:33.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-31 15:12:23.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-29 21:51:24.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-29 21:41:03.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-29 20:52:34.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-29 17:01:34.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

913D Camera (Version: 1.00.000)
Adobe AIR (Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Amazon Links (Version: 2.02)
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.800.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Cake Mania - Lights, Camera, Action!™ (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.1110.1539.28046)
Catalyst Control Center InstallProxy (Version: 2010.1110.1539.28046)
Catalyst Control Center Localization All (Version: 2010.1110.1539.28046)
CCC Help Chinese Standard (Version: 2010.1110.1538.28046)
CCC Help Chinese Traditional (Version: 2010.1110.1538.28046)
CCC Help Czech (Version: 2010.1110.1538.28046)
CCC Help Danish (Version: 2010.1110.1538.28046)
CCC Help Dutch (Version: 2010.1110.1538.28046)
CCC Help English (Version: 2010.1110.1538.28046)
CCC Help Finnish (Version: 2010.1110.1538.28046)
CCC Help French (Version: 2010.1110.1538.28046)
CCC Help German (Version: 2010.1110.1538.28046)
CCC Help Greek (Version: 2010.1110.1538.28046)
CCC Help Hungarian (Version: 2010.1110.1538.28046)
CCC Help Italian (Version: 2010.1110.1538.28046)
CCC Help Japanese (Version: 2010.1110.1538.28046)
CCC Help Korean (Version: 2010.1110.1538.28046)
CCC Help Norwegian (Version: 2010.1110.1538.28046)
CCC Help Polish (Version: 2010.1110.1538.28046)
CCC Help Portuguese (Version: 2010.1110.1538.28046)
CCC Help Russian (Version: 2010.1110.1538.28046)
CCC Help Spanish (Version: 2010.1110.1538.28046)
CCC Help Swedish (Version: 2010.1110.1538.28046)
CCC Help Thai (Version: 2010.1110.1538.28046)
ccc-core-static (Version: 2010.1110.1539.28046)
ccc-utility64 (Version: 2010.1110.1539.28046)
CCleaner (Version: 4.04)
Chuzzle Deluxe (Version: 2.2.0.95)
Conexant HD Audio (Version: 8.36.0.0)
Coupon Printer for Windows (Version: 5.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
Defraggler (Version: 2.13)
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)
FATE - The Traitor Soul (Version: 2.2.0.95)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FileHippo.com Update Checker
Google Chrome (Version: 29.0.1547.62)
Google Update Helper (Version: 1.3.21.153)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Jewel Quest - Heritage (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Kidzui
Label@Once 1.0 (Version: 1.0)
Lexmark 3600-4600 Series
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 9.0.21022)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
PhoTags Express  (Version: )
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.95)
Puppy Grows & Knows Your Name 1.0 (Version: 1.0)
QuickTime (Version: 7.74.80.86)
Radialpoint Servicepoint Dashboard Extensions version 13.7.12.30922 (Version: 13.7.12.30922)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)
Realtek WLAN Driver (Version: 2.00.0013)
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Skype Launcher (Version: 2.01)
Slingo Supreme (Version: 2.2.0.95)
swMSM (Version: 12.0.0.1)
Toshiba App Place (Version: 1.0.6.3)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 4.01.00)
Toshiba Book Place (Version: 2.2.7530)
TOSHIBA Bulletin Board (Version: 2.0.09.64)
TOSHIBA Disc Creator (Version: 2.1.0.4 for x64)
TOSHIBA Hardware Setup (Version: 2.00.14)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Laptop Checkup (Version: 2.0.6.22)
TOSHIBA Media Controller (Version: 1.0.80.8.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.8.0)
Toshiba Online Backup (Version: 2.0.0.25)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.7.16.64)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Supervisor Password (Version: 2.00.07)
TOSHIBA Value Added Package (Version: 1.3.22.64)
ToshibaRegistration (Version: 1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
Vivitar Experience Image Manager
WildTangent Games (Version: 1.0.1.5)
WildTangent ORB Game Console
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
ZoneAlarm Firewall (Version: 11.0.768.000)
ZoneAlarm Free Firewall (Version: 11.0.768.000)
ZoneAlarm LTD Toolbar
ZoneAlarm Security (Version: 11.0.768.000)
ZoneAlarm Security Toolbar  (Version: 1.8.22.0)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 1638.87 MB
Available physical RAM: 879.22 MB
Total Pagefile: 3277.73 MB
Available Pagefile: 2013.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.25 MB

========================= Partitions: =====================================

1 Drive c: (TI106046W0D) (Fixed) (Total:286.11 GB) (Free:231.86 GB) NTFS

========================= Users: ========================================

User accounts for \\LINDA-PC

Administrator            Guest                    Linda                    


**** End of log ****
 

 

 

# AdwCleaner v3.002 - Report created 06/09/2013 at 08:24:47
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Linda - LINDA-PC
# Running from : C:\Users\Linda\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Users\Linda\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\vhsrjq6k.default\searchplugins\zonealarm.xml
File Found : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\vhsrjq6k.default\user.js
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found C:\ProgramData\Babylon
Folder Found C:\Users\Linda\AppData\Local\Conduit
Folder Found C:\Users\Linda\AppData\LocalLow\Conduit
Folder Found C:\Users\Linda\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\vhsrjq6k.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\BabylonToolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\vhsrjq6k.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4530 octets] - [06/09/2013 08:24:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4590 octets] ##########
 

 

 

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll    a variant of Win32/Toolbar.Montiera.F application    cleaned by deleting - quarantined
C:\Program Files (x86)\CheckPoint\Install\zatb.exe    multiple threats    deleted - quarantined
C:\Users\Linda\Downloads\avira_free_antivirus_en.exe    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Users\Linda\Downloads\cbsi-10912909.exe    a variant of Win32/CNETInstaller.A application    cleaned by deleting - quarantined
C:\Users\Linda\Downloads\zafwSetup_110_000_504.exe    multiple threats    deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
 

 

 

TDSSKiller didnt show a log at all. i tried to search for it but i couldnt find it.

 

Thanks for all your help


Edited by daculadawg1, 06 September 2013 - 06:25 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 AM

Posted 06 September 2013 - 08:22 PM

Remove what ADWCleaner found.
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • >>>>
  • Do you remember if TDSS found anything??

    >>>>
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

Edited by boopme, 06 September 2013 - 08:22 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 daculadawg1

daculadawg1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 07 September 2013 - 08:24 AM

# AdwCleaner v3.002 - Report created 07/09/2013 at 00:21:03
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Linda - LINDA-PC
# Running from : C:\Users\Linda\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Users\Linda\AppData\Local\Conduit
Folder Deleted : C:\Users\Linda\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Linda\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\vhsrjq6k.default\jetpack
File Deleted : C:\Users\Linda\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\vhsrjq6k.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\vhsrjq6k.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\vhsrjq6k.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4694 octets] - [06/09/2013 08:24:47]
AdwCleaner[R1].txt - [4754 octets] - [07/09/2013 00:17:18]
AdwCleaner[S0].txt - [4454 octets] - [07/09/2013 00:21:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4514 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Linda on Sat 09/07/2013 at  0:30:00.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8FDD670-4A9A-4E96-849D-87AF14B3B7A8}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\windows\syswow64\sho15D4.tmp
Successfully deleted: [File] C:\windows\syswow64\sho1EA.tmp
Successfully deleted: [File] C:\windows\syswow64\sho30B7.tmp
Successfully deleted: [File] C:\windows\syswow64\sho61E6.tmp
Successfully deleted: [File] C:\windows\syswow64\sho67E5.tmp
Successfully deleted: [File] C:\windows\syswow64\sho7606.tmp
Successfully deleted: [File] C:\windows\syswow64\sho7787.tmp
Successfully deleted: [File] C:\windows\syswow64\sho9DF3.tmp
Successfully deleted: [File] C:\windows\syswow64\shoA5C6.tmp
Successfully deleted: [File] C:\windows\syswow64\shoA8A1.tmp
Successfully deleted: [File] C:\windows\syswow64\shoBF2C.tmp
Successfully deleted: [File] C:\windows\syswow64\shoCDA5.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Linda\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\Linda\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{0C6F671C-638B-4521-B9E6-BEC86B72612B}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{11615137-7FE6-4FD1-A23B-DD91D5B117A5}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{11965902-BAB4-402A-ABFF-581093E0B2E5}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{27FD5F10-26E6-48CB-A9A6-6F47FE8D4680}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{289C83DA-9C7E-49D1-BB90-F2AAD5864FD1}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{550E4C26-A48A-4036-BFC9-62C279CDA48D}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{6C1AB227-EE52-43EE-9BE2-68FA0E5F931B}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{6E4A44CA-0FB1-4694-9E7A-D2EC60FC9EF7}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{7B010AF0-171C-4112-A9C4-4AD25CEF12EA}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{B05041E6-5340-414D-AC6B-90C15CF81F6F}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{BCA629C6-34C9-4AC3-A31A-D77A2D8D1972}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{D76BFDAC-37FD-4378-B045-FF6C58EFEF68}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{EDD8F4DC-3915-4D3C-B209-B61D27172634}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{F4B54415-48F1-4499-9184-03F3CFAD2B06}
Successfully deleted: [Empty Folder] C:\Users\Linda\appdata\local\{FC39BAF6-A630-48F5-A35C-F9B2AC884EA2}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Linda\AppData\Roaming\mozilla\firefox\profiles\vhsrjq6k.default\minidumps [81 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/07/2013 at  0:48:39.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

No i dont remember if TDSS found anything im sorry



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 AM

Posted 07 September 2013 - 08:45 PM

Rerun MBAM and see if it still sees SweetIM


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#9 daculadawg1

daculadawg1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 09 September 2013 - 10:15 AM

ok i will run it and post soon. thank you



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 30,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:16 AM

Posted 09 September 2013 - 11:06 AM

daculadawg1 continue to follow boopme's instructions but let me address the concerns in your first post as to what this detection means.

Sweetpacks is a bundle of applications which uses emoticons and animations for online chat, messaging and communication. Sweetpacks is used by ad networks, media publishers and websites as a way to recoupe business costs. The bundle includes a toolbar/add-on (SweetIM) for messenger programs which adds animations, emoticons, offers Videos, games and pictures. Sweetpacks is not a virus but it does change your browser's homepage and search engine so some security scanners will detect is as a Potentially Unwanted Program (PUP).

A PUP is a very broad threat category which can encompass any number of different programs to include those which are benign as well as malicious. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs.

In the past, Malwarebytes Anti-Malware detected only PUPs that were considered mostly harmful and deceiving but they revised their policy, taking a more aggressive approach to include PUPs that most users found annoying or misleading. PUPs may be defined somewhat differently by various security vendors. This is what Malwarebytes has to say: What are the 'PUP' detections, are they threats and should they be deleted?.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#11 daculadawg1

daculadawg1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 09 September 2013 - 02:12 PM

it didnt find anything but in the quartine is showing a lot of stuff! What should i do? Did i have virus? and should I change all passwords?  Thanks!

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Linda :: LINDA-PC [administrator]

9/9/2013 11:21:05 AM
mbam-log-2013-09-09 (11-21-05).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 367709
Time elapsed: 1 hour(s), 50 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


Edited by daculadawg1, 09 September 2013 - 02:18 PM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 30,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:16 AM

Posted 09 September 2013 - 02:27 PM

If you are referring to Malwarebyte's quarantine, you can remove whatever has been placed there from previous scans.

If not, then you need to advise boopme which tool's quarantine folder.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#13 daculadawg1

daculadawg1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 10 September 2013 - 05:57 AM

i deleted all of them Except the ones from 9-3-13



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:16 AM

Posted 10 September 2013 - 07:52 PM

How is it now?

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#15 daculadawg1

daculadawg1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 11 September 2013 - 07:04 AM

I had tried to download mcafee from my internet company but it wouldnt install right. this has been a couple of weeks ago.  i didnt know if you needed to know or not.

 

it seems to be running ok now, can i go back to banking and other stuff like that? here is the results for rkill

 

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/11/2013 07:55:04 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Linda\Desktop\rkill\rkill-09-11-2013-07-55-24.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 09/11/2013 07:59:10 AM
Execution time: 0 hours(s), 4 minute(s), and 5 seconds(s)
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users