Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow PC, loads of pop-ups... Virus??


  • This topic is locked This topic is locked
33 replies to this topic

#1 Vicki m

Vicki m

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 15 June 2013 - 01:58 AM

Hi there,

Having a bit of trouble with my PC, is running really slowly, lots of pop ups, and Malwarebytes came up with 'C:\Users\Vicki\Downloads\Setup.exe (Adware.DomaIQ)' which I deleted but don't think has ended the problem.

Any assistance you could give me would be fantastic.

Thank you, Vicki

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:43 AM

Posted 15 June 2013 - 06:23 AM

Hello Vicki -

Lets have a couple of quick scans to see what is there -

 

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go at the bottom and copy / paste the result (Result.txt) once the scan is complete.

 

Next : Download Security Check by Screen317 from Here
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

I believe you have Malwarebytes' Anti-Malware Free (aka MBAM) already installed.
Please click Update and get the latest definitions installed.
Click Scan and select Quick scan only
A notepad text will open when it finishes, please post that back here

 

 

Also download and install SUPERAntiSpyware Free (aka SAS)
Again check for the latest Updates, and then select Quick Scan only
A notepad text will open when finished, please post that back here.

 

 

Finally : I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click HERE to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • .Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • .Double click on the ESET Online Scanner icon on your desktop.

 4. Check "YES, I accept the Terms of Use."
 5. Click the Start button.
 6. Accept any security warnings from your browser (you may need to disable your Antivirus).
 7. Under Scan Settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:

Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 and a half to 2 hours is not unusual)
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button

 

Thank You -

 

Please Copy and Paste these results in your next posts - You can make several posts if it is easier for you.

- MiniToolBox Report.txt

- Checkup.txt

- Malwarebytes Results

- SUPERAntiSpyware Results

- ESET results

- How the computer is running.



#3 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 15 June 2013 - 01:23 PM

Hiya, Thank you for getting back to me so quickly!

I'll download these now, and post logs shortly.

Vicki



#4 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 15 June 2013 - 01:27 PM

MiniToolBox by Farbar  Version:21-04-2013
Ran by Vicki (administrator) on 15-06-2013 at 19:26:15
Running from "C:\Users\Vicki\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Atheros AR5B125 Wireless Network Adapter = Wireless Network Connection 2 (Connected)
Broadcom NetLink ™ Ethernet = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Vicki-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5B125 Wireless Network Adapter
   Physical Address. . . . . . . . . : 74-DE-2B-7A-9A-39
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 15 June 2013 19:19:22
   Lease Expires . . . . . . . . . . : 15 June 2013 20:19:22
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 208.122.23.22
                                       208.122.23.23
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Ethernet
   Physical Address. . . . . . . . . : DC-0E-A1-06-E2-BA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7D64A76D-21FF-461F-A2DD-B0B6079661E2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8B41CF5D-9847-4CFE-A770-6D89861890D8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:804:2275:3f57:fffc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::804:2275:3f57:fffc%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  208.122.23.22

Name:    google.com
Addresses:  2607:f8b0:400b:80b::1002
   74.125.226.135
   74.125.226.136
   74.125.226.137
   74.125.226.142
   74.125.226.128
   74.125.226.129
   74.125.226.130
   74.125.226.131
   74.125.226.132
   74.125.226.133
   74.125.226.134

Pinging google.com [74.125.226.134] with 32 bytes of data:
Reply from 74.125.226.134: bytes=32 time=110ms TTL=52
Reply from 74.125.226.134: bytes=32 time=112ms TTL=51

Ping statistics for 74.125.226.134:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 110ms, Maximum = 112ms, Average = 111ms
Server:  UnKnown
Address:  208.122.23.22

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=194ms TTL=50
Reply from 206.190.36.45: bytes=32 time=195ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 194ms, Maximum = 195ms, Average = 194ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...74 de 2b 7a 9a 39 ......Atheros AR5B125 Wireless Network Adapter
 11...dc 0e a1 06 e2 ba ......Broadcom NetLink ™ Ethernet
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    281
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6ab8:804:2275:3f57:fffc/128
                                    On-link
 13    306 fe80::/64                On-link
 13    306 fe80::804:2275:3f57:fffc/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/15/2013 08:37:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2013 07:21:41 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Activities.DurableInstancing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error: (06/15/2013 07:21:40 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Activities.DurableInstancing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error: (06/15/2013 07:21:39 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (06/15/2013 07:21:37 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (06/15/2013 07:21:35 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (06/15/2013 07:21:34 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (06/15/2013 07:20:22 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Activities.Core.Presentation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error: (06/15/2013 07:20:20 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Activities.Core.Presentation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06

Error: (06/15/2013 07:20:19 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

System errors:
=============
Error: (06/15/2013 07:07:52 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 06:30:22 on ?15/?06/?2013 was unexpected.

Error: (06/15/2013 04:57:07 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:
%%1056

Error: (06/15/2013 04:57:07 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error:
%%1056

Error: (06/15/2013 04:57:07 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (06/15/2013 04:56:07 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
%%1056

Error: (06/15/2013 04:56:07 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error:
%%1056

Error: (06/15/2013 04:55:07 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/15/2013 04:55:07 AM) (Source: Service Control Manager) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/15/2013 04:55:07 AM) (Source: Service Control Manager) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/15/2013 04:55:07 AM) (Source: Service Control Manager) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (06/15/2013 08:37:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2013 07:21:41 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Activities.DurableInstancing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
System.Activities.DurableInstancing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (06/15/2013 07:21:40 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Activities.DurableInstancing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
System.Activities.DurableInstancing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (06/15/2013 07:21:39 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/15/2013 07:21:37 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/15/2013 07:21:35 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/15/2013 07:21:34 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/15/2013 07:20:22 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Activities.Core.Presentation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
System.Activities.Core.Presentation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (06/15/2013 07:20:20 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Activities.Core.Presentation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131f06
System.Activities.Core.Presentation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (06/15/2013 07:20:19 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

=========================== Installed Programs ============================

???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
Acer Backup Manager (Version: 3.0.0.99)
Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer ePower Management (Version: 6.00.3007)
Acer eRecovery Management (Version: 5.00.3502)
Acer Games (Version: 1.0.2.5)
Acer Registration (Version: 1.04.3502)
Acer ScreenSaver (Version: 1.1.0517.2011)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.6) MUI (Version: 10.1.6)
Agatha Christie - Death on the Nile (Version: 2.2.0.98)
Amazon Kindle
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
AudibleManager (Version: 2005613806.48.56.42667242)
Backup Manager V3 (Version: 3.0.0.99)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.37)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 14.6.1.2)
CCleaner (Version: 3.20)
Chuzzle Deluxe (Version: 2.2.0.95)
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.1720.00)
clear.fi (Version: 9.0.7709)
clear.fi Client (Version: 1.00.3500)
Comodo Dragon (Version: 27.1.0.0)
COMODO Internet Security (Version: 5.10.31649.2253)
Complitly
Crazy Chicken Kart 2 (Version: 2.2.0.97)
D3DX10 (Version: 15.4.2368.0902)
Download and Sa (Version: )
eBay Worldwide (Version: 2.2.0409)
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
FATE (Version: 2.2.0.97)
Final Drive: Nitro (Version: 2.2.0.95)
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Freecorder 5 (Version: 5.11)
Freecorder Toolbar (Version: 6.9.0.16)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 27.0.1453.110)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Graboid Video 3.58 (Version: 3.58)
Graboid Video 3.58 Setup (Version: 3.5.8)
Identity Card (Version: 1.00.3501)
iDumpPro (Version: 2.5.2)
Insaniquarium Deluxe (Version: 2.2.0.97)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2182)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iTunes (Version: 10.7.0.21)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Jewel Match 3 (Version: 2.2.0.97)
Jewel Quest Solitaire (Version: 2.2.0.95)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Keynote Connector
Kobo (Version: 1.9)
Launch Manager (Version: 5.1.7)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MegaCloud (Version: 1.0.2.3915)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.6122.5000)
Microsoft Office Starter 2010 - English (Version: 14.0.6134.5007)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Mystery of Mortlake Mansion (Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.25)
MyWinLocker 4 (Version: 4.0.14.25)
MyWinLocker Suite (Version: 4.0.14.15)
newsXpresso (Version: 1.0.0.40)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Polar Bowler (Version: 2.2.0.97)
Pošta Windows Live (Version: 15.4.3502.0922)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (Version: 6.0.1.6314)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)
Revo Uninstaller 1.94 (Version: 1.94)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Shredder (Version: 2.0.8.9)
Slingo Deluxe (Version: 2.2.0.95)
Spotify (Version: 0.9.0.133.gd18ed589)
SUPERAntiSpyware (Version: 5.0.1146)
Torch (Version: 25.0.0.3359)
Torchlight (Version: 2.2.0.97)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.97)
Wedding Dash (Version: 2.2.0.95)
Welcome Center (Version: 1.02.3503)
WildTangent Games App (Acer Games) (Version: 4.0.5.14)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Argazki Galeria (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPatrol (Version: 24.6.2012)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 2806.7 MB
Available physical RAM: 1475.54 MB
Total Pagefile: 5611.59 MB
Available Pagefile: 3036.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.99 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:199.05 GB) NTFS

========================= Users: ========================================

User accounts for \\VICKI-PC

Administrator            Guest                    Vicki                   

========================= Minidump Files ==================================

No minidump file found

**** End of log ****



#5 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 15 June 2013 - 01:33 PM

 Results of screen317's Security Check version 0.99.64 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (2.0.0.4003)  
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 21 
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Mozilla Firefox (21.0)
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.94 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 WinPatrol winpatrol.exe
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
 BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 



#6 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 15 June 2013 - 01:45 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Vicki :: VICKI-PC [administrator]

15/06/2013 19:34:07
mbam-log-2013-06-15 (19-34-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215124
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#7 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 15 June 2013 - 02:04 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/15/2013 at 08:03 PM

Application Version : 5.5.1012

Core Rules Database Version : 10537
Trace Rules Database Version: 8349

Scan type       : Quick Scan
Total Scan Time : 00:15:18

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 601
Memory threats detected   : 0
Registry items scanned    : 60949
Registry threats detected : 0
File items scanned        : 12087
File threats detected     : 33

Adware.Tracking Cookie
 .doubleclick.net [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .adinterax.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .adinterax.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .apmebf.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .mediaplex.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 track.adform.net [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 track.adform.net [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .adform.net [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .mediaplex.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .atdmt.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .atdmt.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .advertising.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .invitemedia.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .advertising.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .lucidmedia.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .serving-sys.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .serving-sys.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .media6degrees.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .media6degrees.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .media6degrees.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .tribalfusion.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .serving-sys.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .serving-sys.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 .serving-sys.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\USERS\VICKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R21SGF2V.DEFAULT\COOKIES.SQLITE ]



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:43 AM

Posted 15 June 2013 - 05:46 PM

Hello Vicki.

Going great - Just the ESET Online scan results (could be the most important one).

 

What I wonder is why you appear to have many double installed programs. Maybe you can remove some. Here's part of the list...
Also if you do not need the older versions of some apps I would remove them, like clear.fi and Bulkr

These are usually listed in Control Panel > Programs and Features. Or if you do not see them there, click the Top Left item to show Updates that have been installed (View Installed Updates). Remove the unrecognised "Extras" from there.

Leave 1 or 2 at the most, and we can recheck later for you.

???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3502.0922)
 Windows Live ???? (Version: 15.4.3502.0922)
Bulkr (Version: 1.4)
Bulkr (Version: v1.4)
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.2024.00)
clear.fi (Version: 9.0.8026)

 

You show 2 active Antivirus programs. These will cause a big slowdown, extra usage and lower the chances of catching infections.
Please select the one you wish to remove, and I will leave directions for you.
COMODO Internet Security (Version: 5.10.31649.2253) < < Firewall and Antivirus
Microsoft Security Essentials (Version: 4.2.223.1)

 

Your Hosts file has been knocked out, usually caused by an infection.
To reset the Hosts file back to the default automatically, click the link, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard. >> http://go.microsoft.com/?linkid=9668866
This will make your computer much safer -

 

Adware.Tracking Cookies in your SUPERAntiSpyware logs show a lack of security (or the 2 Antivirus programs)

Do you often use "Public or unsecured free Wifi" ? This will account for many items shown in your Errors list.

 

Thank You -



#9 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 16 June 2013 - 02:18 AM

ESET:

 

C:\Users\All Users\Download and Sa\50c267d02e5c1.html Win32/Adware.MultiPlug.H application 
C:\Users\All Users\Download and Sa\cnhlfnehleogfmbhbfehpfjjfilokgmm.crx Win32/Adware.MultiPlug.H application 
C:\ProgramData\Download and Sa\50c267d02e5c1.html Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\ProgramData\Download and Sa\cnhlfnehleogfmbhbfehpfjjfilokgmm.crx Win32/Adware.MultiPlug.H application deleted - quarantined
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhlfnehleogfmbhbfehpfjjfilokgmm\7.1_0\50c267d02e3571.69002545.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhlfnehleogfmbhbfehpfjjfilokgmm\7.1_0\50c267d02e3571.69002545.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Vicki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\422Q8YI9\updater[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Vicki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B4X2MYTJ\how-to-upgrade-blackberry-operating-system-os[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Vicki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ST8SFFHY\updater[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Vicki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TK343LW5\autopop[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Vicki\AppData\Local\Temp\4AD234D0-BAB0-7891-BB16-3A3395BD5B16\Setup.exe a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Users\Vicki\AppData\Local\Temp\4AD234D0-BAB0-7891-BB16-3A3395BD5B16\Latest\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Users\Vicki\AppData\Local\Temp\4AD234D0-BAB0-7891-BB16-3A3395BD5B16\Latest\IEHelper.dll a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Users\Vicki\AppData\Local\Temp\4AD234D0-BAB0-7891-BB16-3A3395BD5B16\Latest\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Vicki\AppData\Local\Temp\4AD234D0-BAB0-7891-BB16-3A3395BD5B16\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Users\Vicki\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbar4ie.exe a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Vicki\AppData\Local\Temp\is88410971\GiantSavings.exe multiple threats cleaned by deleting - quarantined
C:\Users\Vicki\AppData\Local\Temp\is88410971\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon.A application cleaned by deleting - quarantined
C:\Users\Vicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\54a6ee0d-51c59acd a variant of Java/Exploit.CVE-2012-1723.AL trojan cleaned by deleting - quarantined
C:\Users\Vicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\25d2602-4f715a0e Java/Exploit.Agent.NJG trojan cleaned by deleting - quarantined
C:\Users\Vicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\1447d51c-7ed96286 a variant of Java/Exploit.CVE-2012-4681.CC trojan cleaned by deleting - quarantined
C:\Users\Vicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\73f12c62-7e880426 multiple threats cleaned by deleting - quarantined
C:\Users\Vicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\543047ee-2671d293 multiple threats cleaned by deleting - quarantined
C:\Users\Vicki\Desktop\setup.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\Vicki\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
 



#10 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 16 June 2013 - 02:21 AM

Eset scan took about 9 hours but finally finished. Computer is still stalling/freezing and slow. It also seems to lose internet connection really often , just going to 'limited connectivity'.

Thanks, Vicki.



#11 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 16 June 2013 - 05:01 AM

Just seen your reply.

Not sure why there's so many, but I'm going to uninstall some of those now, and reset the hosts file.

What anti virus is the better of the two?

 

Thanks, Vicki.



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:43 AM

Posted 16 June 2013 - 05:14 AM

Hi -
Please read my post on your 2 installed Antivirus programs so we can fix that now.

Your computer has been very badly infected so we need to try a couple of more scans to remove them.

 

The following steps are usually much better with Internet Explorer, rather than your usual Firefox browser.

You may wish to print this section, as all steps need to be followed as written

 

Step 1 -
To show all files:
• Press Windows-key +R key on your keyboard to get RUN option.
• Type in

explorer.exe

and press Enter to start Windows Explorer.
• From the menu options, Select Tools, then Folder Options.
• Next click the View tab.
• Locate and uncheck - Hide file extensions for known file types.
• Locate and uncheck - Hide protected operating system files (Recommended).
• Locate and click - Show hidden files and folders and drives.
• Click > Apply > OK.
 

 

Step 2 -
Download, & save & then run the MS Safety scanner
http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result. If it flags any file, we will need the full path & filename.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded.

To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

 

Step 3 -
First: Download Dr.Web CureIt and Save to the desktop.
The download is nearly 104.6 MB in size
• Turn OFF your antivirus program.
How To Temporarily Disable Your Anti-virus And Anti-malware Programs -
Do NOT turn off the firewall
• Turn off any other add-on security app (if you have them) like File System Protection.

• If this system is Windows 8/7 or VISTA, then Right-click on  drweb-cureit.exe and select Run as Administrator.
• Otherwise, on Windows XP, just doubleclick on  drweb-cureit.exe file to start the tool.
• You will see a screen with License and Updates listed
• Click the checkbox to participate, and then click on Continue button.
• Next screen, Click on Select objects for scanning
• Next screen, Put a checkmark by clicking on the boxes for all EXCEPT the 2 items listed below.
- - - - Do not select Temporary files or System Restore points. - - - -
 

• Then click on Start scanning button -
• If something is detected, you will see a screen with Threats Detected
For each item "detected", click on the Action column down arrow, and select Cure.

 

THIS next part is Very Important ! !

 

• When the scan finishes .........
• Click on the green "Open Report" line. It will pop-up the report in NOTEPAD.
• Save the report to your desktop. The report will be called > > Cureit.log

• Now - Close Dr.Web Cureit.
Reboot your computer to allow files that were in use to be moved/deleted during reboot.
• After reboot, post the log Cureit.log you saved previously, in your next reply.

 

Re-Enable your antivirus program when all done.

 

Thank You -


Edited by noknojon, 16 June 2013 - 06:49 AM.


#13 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 16 June 2013 - 05:18 AM

As for the unsecured wifi, I only use it at home, there are a few devices I connect (phone, tablet, ps3, xbox and laptop) to my wifi, will there be issues with any of those?

Thanks, Vicki.



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:43 AM

Posted 16 June 2013 - 05:38 AM

Not sure why there's so many, but I'm going to uninstall some of those now, and reset the hosts file.

What anti virus is the better of the two?

Hi -

I was in the middle of composing the last reply as you posted -

 

With Antivirus / Firewall programs, I use MSE and the Windows Firewall on my Windows 7 laptop now.

Bitdefender is very good, but I found it interfered with other programs (in a minor way), so I removed it fully.

 

There are many Java/Exploit infections listed, and I thought there would be a few, so I asked about "Public Wifi" usage.

Have you been browsing to many new "odd sites" recently, or just the usual sites ??

 

We will try these scans and hope that they find the problems you are having -

ESET removed all of what it found, but Dr.Web online is another type of deep scanner that may find more missed ones.

 

Try the post and I will find the Full Remover for Bitdefender for you now -

 

We can only deal with the phone, tablet, ps3, xbox and laptop once this computer is cleaned.

 

Thanks -



#15 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 16 June 2013 - 05:43 AM

No, I can't think of any odd sites, but then I'm not only person who uses it, my partner does also.

 

I'll work through your post now, and post results soon.

 

Thanks, Vicki.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users