Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search hijack video popup arcadehits problems from cnet shareware


  • This topic is locked This topic is locked
9 replies to this topic

#1 wa5ngp

wa5ngp

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 31 May 2013 - 08:14 AM

hello,

recently I installed a shareware file manager from cnet.  During the install I got a arcadehits pop up that pops up videos randomly whenever I do a new search or go to a new site.  I've run adawre, malwarebytes, ccleaner and others. 

 

I have uninstalled the file manager and have since found another one (freecommander)  that does not go thru cnet.

 

  I'm using usoft security essentials.  Malware bytes cleared about a dozen concerns but the arcade popup video is still showing up.  This is not a SHOWSTOPPER kind of thing but I want to get rid of it.

 

 

thanks in advance for your help.

 

here's the info you need to start.

 

----------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.5.1
Run by don at 7:29:42 on 2013-05-31
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2520.989 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\mytools\EditPad.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={E0311725-C67D-11E2-979B-00234DF1C83B}
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={E0311725-C67D-11E2-979B-00234DF1C83B}
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\don\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 172.27.35.1
TCP: Interfaces\{3452402C-FEF5-4ACF-8837-900555E2B305} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{3452402C-FEF5-4ACF-8837-900555E2B305} : DHCPNameServer = 172.27.35.1
TCP: Interfaces\{3452402C-FEF5-4ACF-8837-900555E2B305}\2756662756378696E676 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{3452402C-FEF5-4ACF-8837-900555E2B305}\2756662756378696E676 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{80CA23AD-753E-461E-A2D3-9E66F66A9354} : DHCPNameServer = 172.50.0.4 172.1.1.110
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
LSA: Notification Packages =  scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\3pfql1xm.default-1367291055446\
FF - prefs.js: browser.startup.homepage - hxxp://www.reuters.com/
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={E0311725-C67D-11E2-979B-00234DF1C83B}&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-12-14 25968]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-9-27 13680]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-24 172032]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-9-27 93032]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-9 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-9 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-12-14 148840]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2011-5-30 11976]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-12-15 2058776]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2011-9-27 625152]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-12-14 292200]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-8-23 225408]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-9-22 5946368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-9 22856]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-12-14 83304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lowpp;Lowrance MMC Parallel Port Driver;c:\windows\system32\drivers\lowpp.sys [2012-8-3 7787]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-5-11 88832]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
S3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\drivers\ser2pl.sys [2012-12-26 43136]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-8 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-31 11:27:06    --------    d-----w-    c:\users\don\appdata\roaming\SUPERAntiSpyware.com
2013-05-31 11:26:58    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-05-31 11:26:58    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-05-31 10:49:57    7016152    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{616b1748-3097-487a-bab0-c775f3f74584}\mpengine.dll
2013-05-31 03:20:38    --------    d-----w-    c:\program files\CCleaner
2013-05-31 03:07:43    --------    d-----w-    c:\users\don\appdata\roaming\SparkTrust
2013-05-31 03:07:43    --------    d-----w-    c:\users\don\appdata\roaming\DriverCure
2013-05-31 03:07:27    --------    d-----w-    c:\program files\common files\SparkTrust
2013-05-31 03:07:23    --------    d-----w-    c:\programdata\SparkTrust
2013-05-31 03:07:23    --------    d-----w-    c:\program files\SparkTrust
2013-05-30 02:37:20    7016152    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-29 00:15:03    --------    d-----w-    c:\users\don\appdata\local\{144AE04D-BEED-446A-8726-95E25987AD6C}
2013-05-28 01:31:15    --------    d-----w-    c:\users\don\appdata\roaming\FreeCommander
2013-05-28 01:31:11    --------    d-----w-    c:\program files\FreeCommander
2013-05-27 11:04:53    --------    d-----w-    c:\users\don\appdata\local\GHISLER
2013-05-27 10:47:35    --------    d-----w-    c:\programdata\PC Optimizer Pro
2013-05-27 03:37:13    545    ----a-w-    c:\windows\UC.PIF
2013-05-27 03:37:13    545    ----a-w-    c:\windows\RAR.PIF
2013-05-27 03:37:13    545    ----a-w-    c:\windows\PKZIP.PIF
2013-05-27 03:37:13    545    ----a-w-    c:\windows\PKUNZIP.PIF
2013-05-27 03:37:13    545    ----a-w-    c:\windows\LHA.PIF
2013-05-27 03:37:13    545    ----a-w-    c:\windows\ARJ.PIF
2013-05-27 03:37:13    --------    d-----w-    c:\users\don\appdata\roaming\GHISLER
2013-05-27 03:31:21    --------    d-----w-    c:\windows\system32\WNLT
2013-05-21 11:36:13    724464    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{1fb511cf-8fbb-4c68-9542-27a25163161d}\gapaengine.dll
2013-05-17 19:55:32    40960    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-17 19:55:32    186368    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-17 19:55:31    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-17 19:55:31    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-17 19:55:28    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-05-17 19:55:24    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-17 19:55:24    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-05-17 19:55:24    101720    ----a-w-    c:\windows\system32\consent.exe
2013-05-04 14:55:02    --------    d-----w-    c:\users\don\.idlerc
2013-05-04 12:21:32    --------    d-----w-    c:\program files\Python27
.
==================== Find3M  ====================
.
2013-05-17 19:52:40    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-17 19:52:40    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-07 00:55:00    2448384    ----a-w-    c:\windows\system32\python27.dll
2013-04-05 05:28:24    1767424    ----a-w-    c:\windows\system32\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    c:\windows\system32\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-04-05 04:29:45    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-04-05 03:38:25    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-04-04 19:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-19 05:04:13    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16    69632    ----a-w-    c:\windows\system32\smss.exe
2010-08-21 05:33:26    530432    ----a-w-    c:\program files\common files\comctl32.dll
2009-07-14 01:15:08    486912    ----a-w-    c:\program files\common files\comdlg32.dll
.
============= FINISH:  7:30:14.81 ===============
 

-------------------------------------------------------------------------

contents of attach file.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/6/2012 8:05:16 PM
System Uptime: 5/30/2013 7:01:56 PM (12 hours ago)
.
Motherboard: LENOVO |  | 40612HU
Processor: Intel® Core™2 Duo CPU     T9400  @ 2.53GHz | None | 2534/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 84.299 GiB free.
D: is CDROM ()
T: is NetworkDisk (NTFS) - 112 GiB total, 27.284 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP173: 5/18/2013 6:22:59 AM - Windows Update
RP174: 5/21/2013 6:35:00 AM - Windows Update
RP175: 5/24/2013 12:48:21 PM - Windows Update
RP176: 5/27/2013 8:29:12 PM - Windows Update
RP177: 5/30/2013 9:12:50 AM - Removed IBM Lotus Symphony.
RP178: 5/31/2013 5:49:34 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
CCleaner
Chinese Traditional Fonts Support For Adobe Reader X
CHIRP
Conexant 20561 SmartAudio HD
D3DX10
DirectX 9 Runtime
EasyGPS 4.45
ESET Online Scanner v3
FreeCommander 2009.02b
Google Chrome
Google Earth
Google Update Helper
GPSBabel 1.4.3
GPXtoUSR
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Intel® Network Connections Drivers
Intel® Active Management Technology
Internet Explorer Toolbar 4.8 by SweetPacks
InterVideo Register Manager
InterVideo WinDVD
iTunes
Jasc Paint Shop Photo Album
Java 7 Update 10
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Lenovo Auto Scroll Utility
Lenovo Central Audio
Lenovo System Interface Driver
Lowrance GPS Data Manger V.6
Lowrance Sonar Viewer 2.1.2
Malwarebytes Anti-Malware version 1.75.0.1300
MapCreate 6
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft IntelliPoint 8.2
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 Express - ENU
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.1
PL-2303 Vista Driver Installer
Python 2.7.4
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Sonic CinePlayer Decoder Pack
SparkTrust PC Cleaner Plus
SUPERAntiSpyware
TextPad 6
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
UV_5R_VIP
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/31/2013 5:38:38 AM, Error: amdkmdag [43029]  - Display is not active
5/30/2013 3:53:15 PM, Error: Service Control Manager [7002]  - The Lowrance MMC Parallel Port Driver service depends on the Parallel arbitrator group and no member of this group started.
5/30/2013 3:53:10 PM, Error: amdkmdag [52236]  - CPLIB :: General - Invalid Parameter
5/25/2013 9:21:24 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
.
==== End Of File ===========================
 

best regards

don



BC AdBot (Login to Remove)

 


#2 wa5ngp

wa5ngp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 31 May 2013 - 08:17 AM

one other thing, sometimes when I do a search it pops up a google chrome browser which displays the arcadehits screen.



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 01 June 2013 - 05:24 PM


Hello wa5ngp

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 wa5ngp

wa5ngp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 01 June 2013 - 09:57 PM

Hey Gringo,

sorry for delay.  While waiting in line the last few days  I tried a few things.  Adwarecleaner was one of them.

The final thing I did was do a RESET on firefox and so far no more unexpected small videos.

 

I found the suggestion to do a reset on firefox in one of the other threads in the forum.

 

So I'm going to leave well enough alone for now.

 

My daughter is  bringing her pc to me next week so you  may hear from me again.

 

One piece of advice, do not  download thru cnet.

 

You seem to be one BUSY Gringo.  tks for the help.  Hopefully, I won't be back soon at least for this machine.

 

don



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 01 June 2013 - 10:48 PM

about downloading thru CNET - here is a very good read - http://www.emsisoft.com/en/kb/articles/tec120224/


And thanks for letting me know about not going further with the computer



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 wa5ngp

wa5ngp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 02 June 2013 - 06:01 AM

I do have one remaing question.

I installed

superantispyware

 

it is trying to run frequently, almost like spyware, I have not tried to remove it, I am hoping that it is really legit and not yet some other kind of malware.  I just need to decide to remove it or let it do its thing.

 

 

 

regards

don



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 02 June 2013 - 12:08 PM

Hello


It is a good program, I have used it before



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 wa5ngp

wa5ngp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 02 June 2013 - 06:43 PM

OK, thank you for that feedback.  I suspected that it was ok, but it seemed a bit agressive about wanting to be launched.  I'll put it on my good list. 

 

The pop up videos have not returned.  That article on installers was good reading.

 

tks

Don



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 02 June 2013 - 09:33 PM

You are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 07 June 2013 - 05:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users