Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Using over 1GB an hour sending 5/6 emails!!!!!


  • This topic is locked This topic is locked
20 replies to this topic

#1 malinboy

malinboy

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 10 June 2013 - 05:39 AM

My ISP is showing me as using over 1GB an hour. It is saying it is 90% emails but i am only sending 5 or 6 emails in the said hour. this has been going on for over a week now. I have scanned with AVG, Avast and malwarebytes but have all come back clear. This is starting to cost me a fortune paying for extra GBs. Any help would be greatfuly received.



BC AdBot (Login to Remove)

 


#2 cmptrgy

cmptrgy

  • Members
  • 1,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:09:40 PM

Posted 10 June 2013 - 06:42 AM

Can you determine how much each email is using when you send and also when you receive?

Since your ISP provider give you that info?

--- My son has a way on his computer in which he can check his GB usage anytime he wants and maybe this is what you are doing already, but I would take the time to determine GB on each sent and received email for a couple of days to know the facts



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:40 AM

Posted 10 June 2013 - 06:59 AM

Hi -

As of right now, change your email password and contact your ISP as soon as you can.

How many email accounts do you have ? I would change passwords to all of them -

 

Next try to  change any other passwords like this forum, and any others that you have joined recently.

Do not use this computer for any banking or credit card purchases. It sounds like a keylogger has got to your system.

 

Can you check your Sent Emails to see if there are any listed, or if someone has just found your internet / wifi logon password.

Next Unplug your internet router / modem from the power untill you can contact your ISP, to stop any illegal usage.

 

This may be a pain in the bum, but it is the quick option to stop stealing your outgoing signal -

 

Thank You -



#4 malinboy

malinboy
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 10 June 2013 - 07:03 AM

the emails im sending and recieving are all between 30kb up to 95KB. It appears emails are being sent from somewhere via my router but there not showing up in any of my out boxes etc. This has only started happening in the last week i have gone from using 10GB a month to nearly 60GB. I have changed the password on all my email accounts and the router password but its still showing a unrealstic amount of GBs being used for sending emails. In 4 hours today i have sent 7 and recieved 10 emails. this has used 3.6GB????



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:40 AM

Posted 10 June 2013 - 07:15 AM

Today I have spent almost all day online, here plus emails plus a game or 2, and so far I have used 200 MB for the day.

 

If I download videos etc for a few hours, plus being here, plus wife on Facebook games, I may use 1,000MB (1G) in a Very heavy day.

It sounds like someone has tapped into your signal - Call your ISP for help to secure your signal ASAP -



#6 malinboy

malinboy
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 10 June 2013 - 07:22 AM

My ISP are telling me the signal is secure and are saying it must be on the laptop.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:40 AM

Posted 10 June 2013 - 07:15 PM

Hi -

EDIT first - Would you please list your ISP, or PM me the name if you do not wish to publish it.

We may as well do some scans while you still can.

If you do have any of these programs installed, please Update them prior to any scan.

 

Please download Malwarebytes AntiMalware to desktop. Check for updates if not done during download and run a Quick Scan only.
You can usually check "Remove" for any infections found, unless you think they are needed.

The program may ask you to Reboot if several infections are found. Please do so
Please Copy / Paste the Report log back here when completed.

 

 

Please download SUPERAntiSpyware to desktop. Check for latest updates if not done during the download.
You can check "Remove" for any infections found.

The program may ask you to Reboot if several infections are found. Please do so
Run a Quick Scan only and Copy / Paste the Report log back here when finished -

 

 

Please download AdwCleaner by Xplode to desktop.
Temporary disable your Antivirus while the program runs
Close all other running programs including your browser, as your computer will be rebooted after the scan.
Double click on the AdwCleaner icon to run the program
Vista or Win7 users Right click and select Run as Administrator
Select DELETE from the menu
Confirm with OK when asked.
A logfile will be produced after the reboot, please copy / paste it back here -

 

 

Next : Download Junkware Removal Tool by Thisisu
Again disable your Antivirus while the program runs, just to avoid conflicts
Double click on the new icon to start the program
Vista or Win7 users Right click and select Run as Administrator
Follow the directions in the Black box and the program will run
Your computer will not be rebooted, a logfile will be produced
Please copy / paste it back here -

 

Make sure you enable your Antivirus when completed

 

 

Download Temp File Cleaner (TFC) by Old Timer
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.

This may take seconds or several minutes depending on your system.
NOTE - TFC will close all running programs, and it may ask you to restart computer.

If it will not ask for a reboot, please still reboot to ensure full cleaning

No log is produced from this program.

 

Thank You -


Edited by noknojon, 10 June 2013 - 07:25 PM.


#8 malinboy

malinboy
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 June 2013 - 02:58 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.06.11.01
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
carlm_000 :: MALINBOY [administrator]
 
11/06/2013 08:29:36
MBAM-log-2013-06-11 (08-45-26).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246679
Time elapsed: 15 minute(s), 34 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 6
C:\Users\carlm_000\Downloads\FlashPlayer_V.35138360c.exe (Adware.DomaIQ) -> No action taken.
C:\Users\carlm_000\Downloads\FlashPlayer_V.35138674c.exe (Adware.DomaIQ) -> No action taken.
C:\Users\carlm_000\Downloads\FlashPlayer_V.58253886c.exe (Adware.DomaIQ) -> No action taken.
C:\Users\carlm_000\Downloads\FlashPlayer_V.58254044c.exe (Adware.DomaIQ) -> No action taken.
C:\Users\carlm_000\Downloads\FlashPlayer_V.58490409c.exe (Adware.DomaIQ) -> No action taken.
C:\Users\carlm_000\Downloads\FlashPlayer_V.58490989c.exe (Adware.DomaIQ) -> No action taken.
 
(end)


#9 malinboy

malinboy
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 June 2013 - 03:29 AM

SUPERAntiSpyware Scan Log
 
Generated 06/11/2013 at 09:20 AM
 
Application Version : 5.6.1020
 
Core Rules Database Version : 10512
Trace Rules Database Version: 8324
 
Scan type       : Quick Scan
Total Scan Time : 00:18:14
 
Operating System Information
 65 Edition 64-bit (Build 6.02.9200)
UAC On - Limited User
 
Memory items scanned      : 923
Memory threats detected   : 0
Registry items scanned    : 59148
Registry threats detected : 18
File items scanned        : 33696
File threats detected     : 87
 
Adware.Shopper
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
(x86) HKCR\CLSID\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
(x86) HKCR\CLSID\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
(x86) HKCR\CLSID\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}\InprocServer32
(x86) HKCR\CLSID\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}\Programmable
(x86) HKCR\CLSID\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}\TypeLib
(x86) HKCR\CLSID\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}\Version
(x86) HKCR\TypeLib\{BA5B874B-C72A-4529-B2CF-D7485602D541}
(x86) HKCR\TypeLib\{BA5B874B-C72A-4529-B2CF-D7485602D541}\1.0
(x86) HKCR\TypeLib\{BA5B874B-C72A-4529-B2CF-D7485602D541}\1.0\0
(x86) HKCR\TypeLib\{BA5B874B-C72A-4529-B2CF-D7485602D541}\1.0\0\win32
(x86) HKCR\TypeLib\{BA5B874B-C72A-4529-B2CF-D7485602D541}\1.0\FLAGS
(x86) HKCR\TypeLib\{BA5B874B-C72A-4529-B2CF-D7485602D541}\1.0\HELPDIR
C:\PROGRAM FILES (X86)\FINDLYRICS\FINDLYRICS.DLL
(x86) HKCR\Interface\{5C927B89-5D80-4017-889F-93294895BC5F}
(x86) HKCR\Interface\{5C927B89-5D80-4017-889F-93294895BC5F}\ProxyStubClsid32
(x86) HKCR\Interface\{5C927B89-5D80-4017-889F-93294895BC5F}\TypeLib
(x86) HKCR\Interface\{5C927B89-5D80-4017-889F-93294895BC5F}\TypeLib#Version
 
Adware.Tracking Cookie
.accounts.google.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\M3GRUW02.txt [ /apmebf.com ]
.advertising.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\LAOHFR5F.txt [ /ad.yieldmanager.com ]
.media6degrees.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\U10L6392.txt [ /casalemedia.com ]
.serving-sys.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\3DYFRVK7.txt [ /at.atwola.com ]
.serving-sys.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\IQ454SDW.txt [ /doubleclick.net ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\429DGXJ7.txt [ /media6degrees.com ]
.ad.mlnadvertising.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\A1TOYXDD.txt [ /accounts.google.com ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\2MEFJID0.txt [ /ru4.com ]
track.prd.inpwrd.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\Q1WZR6J8.txt [ /statcounter.com ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\F16VWDLX.txt [ /invitemedia.com ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\JU6J5SJQ.txt [ /atdmt.com ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\IKME621J.txt [ /accounts.google.com ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\1PL55D4X.txt [ /histats.com ]
ad.yieldmanager.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\8RI3QQKH.txt [ /zedo.com ]
.adtech.de [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficjunky.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\carlm_000\AppData\Roaming\Microsoft\Windows\Cookies\LVNTUZ1D.txt [ /mediaplex.com ]
.trafficjunky.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficjunky.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficjunky.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficjunky.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.dc-storm.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.dc-storm.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
lo.marketer.lpsnmedia.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
webstats.plus.net [ C:\USERS\CARLM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


#10 malinboy

malinboy
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 June 2013 - 03:40 AM

# AdwCleaner v2.303 - Logfile created 06/11/2013 at 09:37:26
# Updated 08/06/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : carlm_000 - MALINBOY
# Boot Mode : Normal
# Running from : C:\Users\carlm_000\Downloads\AdwCleaner (1).exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\Windows\Tasks\FindLyrics Update.job
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\FindLyrics
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\carlm_000\AppData\Roaming\Babylon
 
***** [Registry] *****
 
Key Found : HKCU\Software\AppDataLow\Software\findlyrics
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Wow6432Node\5b28f8be234ba13
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmhhdaimhfblnamlcdijbaakkifakade
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\findlyrics@findlyrics.co
Key Found : HKU\S-1-5-21-3350464633-3326768733-1762566610-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=04ABA41731C7B482
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\carlm_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Found [l.2294] : homepage = "hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=04ABA41731C7B482",
 
*************************
 
AdwCleaner[R1].txt - [2266 octets] - [11/06/2013 09:37:26]
AdwCleaner[S1].txt - [6544 octets] - [16/05/2013 01:58:33]
 
########## EOF - C:\AdwCleaner[R1].txt - [2386 octets] ##########


#11 malinboy

malinboy
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 June 2013 - 03:49 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by carlm_000 on 11/06/2013 at  9:41:27.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3350464633-3326768733-1762566610-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\babylon
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\carlm_000\AppData\Roaming\babylon"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/06/2013 at  9:46:13.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 malinboy

malinboy
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 June 2013 - 04:37 AM

TFC done too



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:40 AM

Posted 11 June 2013 - 05:44 AM

Hi -

You still have items that are not removed yet So I would like to try an ESET Online Scan

 

1. Hold down Control (CTRL) and click on This Link to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • . Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • . Double click on the ESET icon on your desktop.

4. Check "YES, I accept the Terms of Use."

5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:

Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Thank You -



#14 malinboy

malinboy
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 11 June 2013 - 05:15 PM

C:\Program Files (x86)\FindLyrics\chrome.crx Win32/Adware.AddLyrics.F application deleted - quarantined
C:\Program Files (x86)\FindLyrics\FF\chrome\content\main.js Win32/Adware.AddLyrics.F application cleaned by deleting - quarantined
C:\Users\carlm_000\AppData\Roaming\Sports Interactive\Football Manager 2013\temporary\web\Temp\scoped_dir_30526\Chrome.crx Win32/Adware.AddLyrics.F application deleted - quarantined
C:\Users\carlm_000\Downloads\FirstRowSportApp_setup(47c42) (1).exe Win32/Adware.1ClickDownload.W application cleaned by deleting - quarantined
C:\Users\carlm_000\Downloads\FirstRowSportApp_setup(47c42).exe Win32/Adware.1ClickDownload.W application cleaned by deleting - quarantined
C:\Users\carlm_000\Downloads\silverlight setup.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\carlm_000\Downloads\VideoPerformerSetup.exe a variant of Win32/InstallBrain.AC application cleaned by deleting - quarantined
C:\Users\carlm_000\Downloads\VipBoxSportsApp_setup(47c42).exe Win32/Adware.1ClickDownload.W application cleaned by deleting - quarantined


#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:40 AM

Posted 11 June 2013 - 05:43 PM

Hi -

Is there still massive usage being registered, or only when you send emails ??

 

Thanks -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users