Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random ads playing in the background, wont go away.


  • This topic is locked This topic is locked
9 replies to this topic

#1 Brenda17

Brenda17

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 December 2013 - 07:40 AM

I have been hearing ads playing in the background on my computer. Now, before posting this i have tried numerous ways to get rid of this "adware" , i have been on this website for days already reading similiar problems and following some instructions, the things i have tried so far has been

- Downloaded SUPERAntispyware

    - I ran the scan and it detected adware cookies, and i guess i cleaned those up

After i still heard the ads so i

- Downloaded AdWCleaner

   - i ran that scan, it found alot of things that needed to be cleaned, so i did the clean and rebooted my computer

I STILL heard the ads, so next i

-Started my computer in safemode

-ran SUPERantispyware, it detected more adware cookies, and a trojan, after the scan i pressed to clean those up

-i rebooted the computer

 

waited for a few minutes and heard the ads again..

 

so next i

-opened my  Nortan security suit

-ran a scan, which detected things that were high and low risk, got those removed

 

and still hearing the ads.

 

if this is a repeated topic, i am sorry. I am going crazy and can not figure out how to get rid of these ads playing.

can someone please help me!



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 20 December 2013 - 04:37 PM



Hello Brenda17

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Brenda17

Brenda17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 21 December 2013 - 12:09 AM

Gringo, thank you for your help. I just backed up my computer.

here are the logs.

ATTACH: 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/4/2011 10:32:31 PM
System Uptime: 12/20/2013 5:37:52 PM (4 hours ago)
.
Motherboard: ECS  |  | Iris8
Processor: AMD Athlon™ Dual Core Processor 4450e | Socket AM2  | 2300/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 57.816 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 0.266 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0010
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0010
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 12.0
Antares Auto-Tune 7 VST
AntiLogger SDK version 1.6.6.296
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARO 2011
ASIO4ALL
Audacity 2.0.4
Blue Turtle Games
Bonjour
CameraHelperMsi
Cisco Connect
COMODO BackUp
Constant Guard Protection Suite
CyberLink DVD Suite Deluxe
erLT
Facebook Video Calling 1.2.0.287
FileParade Bundle
GigaClicks Crawler
GIMP 2.8.6
Google Chrome
Google Drive
Google Earth
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HPAsset component for HP Active Support Library
HTC Driver Installer
HTC Sync Manager
Internet Spooling Service
IPTInstaller
iTunes
Java 7 Update 21
Java Auto Updater
Java™ 6 Update 29
Java™ 6 Update 7
Junk Mail filter update
Juno Preloader
Level Quality Watcher
LightScribe System Software  1.14.25.1
LightScribe Template Labeler
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Norton Internet Security
Norton Security Suite
NVIDIA Drivers
Pando Media Booster
PC Speed Up - Complete uninstall
PhotoFiltre
PhotoFiltre Studio X
PhotoScape
PictureMover
Power2Go
PowerDirector
PowerISO
Python 2.5.2
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
SAMSUNG USB Driver for Mobile Phones
ScorpionSaver
ScorpionSaver Services
Search Protection
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Skype Click to Call
Skype™ 6.11
SmartMusic 2012c
SPCA1528 PC Driver
SUPERAntiSpyware
swMSM
TidyNetwork.com
TweetDeck
Unit Layers
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR)
VisualBee for Microsoft PowerPoint
VisualBee V31 Toolbar for IE
VLC media player 2.0.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinX DVD Ripper Platinum 7.0.0
WModem Driver Installer
Yahoo! Toolbar
.
==== End Of File ===========================
 
 
 
 
 
 
DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.21.2
Run by shelly at 21:05:05 on 2013-12-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2942.1042 [GMT -8:00]
.
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMMON\COSService.exe
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\COMODO\COMMON\SynchronizationService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\McAfee Security Scan\3.0.287\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Users\shelly\AppData\Local\GCC\Controller.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\COMODO\COMODO BackUp\CBU.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.4.0.40\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\programdata\white sky, inc\id vault\iebho1.13.1211.1\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - 
BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - c:\users\breezy\appdata\local\greatarcadehits\GreatArcadeHitsIE.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.4.0.40\coieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [AROReminder] <no file>
uRunOnce: [Report] c:\adwcleaner\AdwCleaner[S1].txt
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.287\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B1C57204-5091-4C47-8EED-2FA742EAA100} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{B1C57204-5091-4C47-8EED-2FA742EAA100} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B278FD24-4F89-46E8-AE49-FD215F740229} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{B278FD24-4F89-46E8-AE49-FD215F740229} : DHCPNameServer = 198.224.174.135 198.224.173.135
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs=   
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shelly\appdata\roaming\mozilla\firefox\profiles\tg6vkr84.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com?cid={61F20157-91B9-4D84-876E-5FECDA0D3370}&mid=0387bb80053847d3ba21d168d182aecd-dfccf2b9fa1f31c40569366342bdda91f43ba5da&lang=en&ds=tu011&coid=avgtbdistu&cmpid=&pr=sa&d=&v=17.2.0.38&pid=safeguard&sg=0&sap=hp
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\livingplay games\nplplaypop.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-09 14:26; {ed541409-a451-4021-921f-0b66f3196e57}; c:\users\shelly\appdata\roaming\mozilla\firefox\profiles\tg6vkr84.default\extensions\{ed541409-a451-4021-921f-0b66f3196e57}
FF - ExtSQL: !HIDDEN! 2011-10-05 16:42; textlinks@lplay.com; c:\users\shelly\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com
FF - ExtSQL: !HIDDEN! 2013-06-19 00:41; fgsegj@ohwcaijlmohgftbpsu.org; c:\program files\mozilla firefox\extensions\fgsegj@ohwcaijlmohgftbpsu.org
.
============= SERVICES / DRIVERS ===============
.
R0 bdisk;Comodo Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2013-12-19 80328]
R0 CBUFS;CBUFS;c:\windows\system32\drivers\CBUFS.sys [2013-12-19 275376]
R0 cbvd;Comodo Backup Virtual Disk;c:\windows\system32\drivers\cbvd.sys [2013-12-19 564928]
R0 Reparse;Reparse;c:\windows\system32\drivers\CBreparse.sys [2013-12-19 566360]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-7-15 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-7-15 934488]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2013-1-24 80104]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-12-16 37664]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20131203.001\BHDrvx86.sys [2013-12-3 1098968]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-7-15 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20131220.001\IDSvix86.sys [2013-12-20 394456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-7-15 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-7-15 352344]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 COSService.exe;COMODO Online Storage Service;c:\program files\comodo\common\COSService.exe [2013-12-19 3043520]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HTCMonitorService;HTCMonitorService;c:\program files\htc\htc sync manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2013-12-11 41024]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\20.4.0.40\ccsvchst.exe [2013-7-15 144368]
R2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2010-12-24 2678784]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-12-7 167424]
R2 SynchronizationService.exe;COMODO BackUp Service;c:\program files\comodo\common\SynchronizationService.exe [2013-12-19 2783936]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-5 108120]
R3 keycrypt;keycrypt;c:\windows\system32\drivers\KeyCrypt32.sys [2013-1-24 24520]
R3 vdbus;Virtual Disk Bus Enumerator;c:\windows\system32\drivers\vdbus.sys [2013-12-19 711712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 AdpeakProxy;AdpeakProxy;c:\program files\scorpionsaver services\adpeakproxy.exe --> c:\program files\scorpionsaver services\AdpeakProxy.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\17.2.0\ToolbarUpdater.exe [?]
S3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [2012-1-3 23040]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-9 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2013-5-2 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 23040]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2011-9-28 21632]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.287\McCHSvc.exe [2012-9-11 234776]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-7-24 30560]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-4-24 37064]
.
=============== Created Last 30 ================
.
2013-12-21 01:27:35 -------- d-----w- c:\program files\COMODO
2013-12-20 11:37:14 -------- d-----w- c:\users\shelly\appdata\roaming\SUPERAntiSpyware.com
2013-12-20 08:13:11 -------- d-----w- C:\AdwCleaner
2013-12-20 07:47:51 338944 ----a-w- c:\windows\system32\AdpeakProxy.dll
2013-12-19 12:29:14 711712 ----a-w- c:\windows\system32\drivers\vdbus.sys
2013-12-19 12:29:12 564928 ----a-w- c:\windows\system32\drivers\cbvd.sys
2013-12-19 12:29:10 275376 ----a-w- c:\windows\system32\drivers\CBUFS.sys
2013-12-19 12:29:08 80328 ----a-w- c:\windows\system32\drivers\bdisk.sys
2013-12-19 12:29:08 566360 ----a-w- c:\windows\system32\drivers\CBreparse.sys
2013-12-19 11:55:56 1460608 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-12-19 09:22:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-12-19 09:22:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-12-19 07:59:15 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-17 03:09:45 -------- d-----w- c:\program files\Uninstaller
2013-12-17 02:15:01 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-12-17 02:13:34 -------- d-----w- c:\users\shelly\appdata\local\GCC
2013-12-17 02:12:52 -------- d-----w- c:\users\shelly\appdata\roaming\Uniblue
2013-12-17 02:12:52 -------- d-----w- c:\program files\Uniblue
2013-12-11 10:27:20 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 10:27:18 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-11 10:27:17 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 10:27:17 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 10:27:14 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 10:27:14 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 10:27:14 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 10:27:13 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-11 10:27:13 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 10:27:11 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-22 08:41:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M  ====================
.
2013-12-17 03:43:17 80104 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2013-12-10 23:14:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 23:14:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-16 21:03:00 10674488 ----a-w- c:\windows\system32\ZALSDKCore.dll
2013-10-11 02:08:02 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45:50 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 21:07:05.68 ===============
 


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 21 December 2013 - 01:42 AM



Hello Brenda17

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Brenda17

Brenda17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 21 December 2013 - 02:57 AM

Adware cleaner: 

# AdwCleaner v3.015 - Report created 20/12/2013 at 23:45:11
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : shelly - SHELLY-PC
# Running from : C:\Users\Brenda!\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\tg6vkr84.default\FCTB
Folder Deleted : C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\tg6vkr84.default\Smartbar
Folder Deleted : C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\tg6vkr84.default\ValueApps
Folder Deleted : C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\tg6vkr84.default\CT3298578
Folder Deleted : C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\tg6vkr84.default\CT3318920
Folder Deleted : C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\tg6vkr84.default\Extensions\{8f4181f4-137b-4cef-b050-6c8a58fabfbf}
Folder Deleted : C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\tg6vkr84.default\Extensions\{ed541409-a451-4021-921f-0b66f3196e57}
File Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
 
-\\ Mozilla Firefox v9.0.1 (en-US)
 
[ File : C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\tg6vkr84.default\prefs.js ]
 
Line Deleted : user_pref("CT3298578.FirstTime", "true");
Line Deleted : user_pref("CT3298578.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3298578.UserID", "UN66574129790938422");
Line Deleted : user_pref("CT3298578.fullUserID", "UN66574129790938422.XP.2045035203");
Line Deleted : user_pref("CT3298578.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3298578.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3298578.settingsINI", true);
Line Deleted : user_pref("CT3298578.smartbar.CTID", "CT3298578");
Line Deleted : user_pref("CT3298578.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3298578.smartbar.toolbarName", "MixiDJ V42 ");
Line Deleted : user_pref("CT3298578.userIdGenerationCounter", "1");
Line Deleted : user_pref("CT3298578_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387540322551,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3318920.FirstTime", "true");
Line Deleted : user_pref("CT3318920.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3318920.UserID", "UN75301229546518220");
Line Deleted : user_pref("CT3318920.fullUserID", "UN75301229546518220.XP.2045035205");
Line Deleted : user_pref("CT3318920.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3318920.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3318920.settingsINI", true);
Line Deleted : user_pref("CT3318920.smartbar.CTID", "CT3318920");
Line Deleted : user_pref("CT3318920.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3318920.smartbar.toolbarName", "VisualBee V31 ");
Line Deleted : user_pref("CT3318920.userIdGenerationCounter", "1");
Line Deleted : user_pref("CT3318920_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387540324456,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("freecausee68d0d965f18496c87f2c0d521d78fbe.DNSCatch", false);
Line Deleted : user_pref("freecausee68d0d965f18496c87f2c0d521d78fbe.FirstLaunchShown", true);
Line Deleted : user_pref("freecausee68d0d965f18496c87f2c0d521d78fbe.LastDate", 20);
Line Deleted : user_pref("freecausee68d0d965f18496c87f2c0d521d78fbe.customNewTab", false);
Line Deleted : user_pref("freecausee68d0d965f18496c87f2c0d521d78fbe.processAddrBar", false);
Line Deleted : user_pref("freecausee68d0d965f18496c87f2c0d521d78fbe.tb_lang", "en");
Line Deleted : user_pref("freecausee68d0d965f18496c87f2c0d521d78fbe.user_id", "77985774");
Line Deleted : user_pref("freecausee68d0d965f18496c87f2c0d521d78fbe.vars.disablecuidinject", "1");
Line Deleted : user_pref("freecausee68d0d965f18496c87f2c0d521d78fbe.yahooSearch", false);
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("valueApps.CT3318920./9B-0?3G>D", "6D676A6D726E42447A70747577207A79204F255152257D2A23252425552D295C292D292C");
Line Deleted : user_pref("valueApps.CT3318920./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3318920./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920./9B5BA==9CJAG", "696D68706C4372707A467376474B49487D7D224E7E");
Line Deleted : user_pref("valueApps.CT3318920./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3318920./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT3318920.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3318920.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.SF_USER_ID", "6369645F3136313232303133313832353433363832373132");
Line Deleted : user_pref("valueApps.CT3318920.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920._key_edilia__uID", "33623262313938612D376265372D346263322D383830622D336532353037666166656465");
Line Deleted : user_pref("valueApps.CT3318920._key_edilia__uID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appStateReportTime", "31333837353430333139323435");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_Discover", "6F6E");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_Discover.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_Discover_Apps", "6F6E");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_Discover_Apps.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_Easytobook", "6F6E");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_Find-a-Pro", "6F6E");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_PriceGong", "6F6E");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_YieldKit", "6F6E");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_YieldKit.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_app13", "6F6E");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appState_app13.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_installer_preapproved", "66616C7365");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_installer_preapproved.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_lastLoginTime", "31333837353430333139353339");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_new_welcome_experience", "31");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_new_welcome_experience.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_settings1.11.5.299.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_stamp", "38365F30");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_userId", "35653331326330302D366133662D343866632D383630612D346262323236666563343266");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3318920.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3318920.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354333331383932307E38365[...]
Line Deleted : user_pref("valueApps.CT3318920.rematchGround.upstairs.storedInFile", false);
 
[ File : C:\Users\Brenda!\AppData\Roaming\Mozilla\Firefox\Profiles\uhkqom1s.default\prefs.js ]
 
 
[ File : C:\Users\anthony &\AppData\Roaming\Mozilla\Firefox\Profiles\rco0zh8m.default\prefs.js ]
 
 
[ File : C:\Users\bobby hill\AppData\Roaming\Mozilla\Firefox\Profiles\bs4ypzpd.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\shelly\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Brenda!\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\breezy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\anthony &\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\bobby hill\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [116453 octets] - [20/12/2013 00:13:25]
AdwCleaner[R1].txt - [10211 octets] - [20/12/2013 03:40:09]
AdwCleaner[R2].txt - [11826 octets] - [20/12/2013 23:42:17]
AdwCleaner[S0].txt - [117983 octets] - [20/12/2013 00:41:09]
AdwCleaner[S1].txt - [10491 octets] - [20/12/2013 03:43:47]
AdwCleaner[S2].txt - [11984 octets] - [20/12/2013 23:45:11]
 
########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [12045 octets] ##########


#6 Brenda17

Brenda17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 21 December 2013 - 03:23 AM

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by shelly on Sat 12/21/2013 at  0:07:24.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2393116210-400546963-2615597962-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{05E3B5BB-05CB-4A90-AF2E-9458278C6A27}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1440FF6F-0DA5-4BBD-9AD7-90DC2A3DDD6E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4E7CEC2A-C5D2-C947-D95C-8B952AF7CCD5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D3D0EAB6-820D-4A67-AC7D-5594C487C670}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\shelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\shelly\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\shelly\appdata\local\visualbeeclient"
Successfully deleted: [Folder] "C:\Users\shelly\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old"
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted: [File] C:\Users\shelly\AppData\Roaming\mozilla\firefox\profiles\tg6vkr84.default\searchplugins\bing-zugo.xml
Successfully deleted: [File] C:\Users\shelly\AppData\Roaming\mozilla\firefox\profiles\tg6vkr84.default\searchplugins\privitize.xml
Successfully deleted the following from C:\Users\shelly\AppData\Roaming\mozilla\firefox\profiles\tg6vkr84.default\prefs.js
 
user_pref("avg.install.userHPSettings", "hxxp://mysearch.avg.com?cid={61F20157-91B9-4D84-876E-5FECDA0D3370}&mid=0387bb80053847d3ba21d168d182aecd-dfccf2b9fa1f31c40569366342bdda
user_pref("browser.startup.homepage", "hxxp://mysearch.avg.com?cid={61F20157-91B9-4D84-876E-5FECDA0D3370}&mid=0387bb80053847d3ba21d168d182aecd-dfccf2b9fa1f31c40569366342bdda91
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "5");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.cntry", "US");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,32249
user_pref("extensions.privitize.dspFFXOld", "Yahoo");
user_pref("extensions.privitize.excTlbr", false);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hdrMd5", "0C2FBE20428A74F6C18E3DD32222B6E8");
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=fe46a04600000000000000ffbd825cec&affilt=5");
user_pref("extensions.privitize.id", "fe46a04600000000000000ffbd825cec");
user_pref("extensions.privitize.instlDay", "15875");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=fe46a04600000000000000ffbd825cec&affilt=5");
user_pref("extensions.privitize.lastVrsnTs", "1.8.21.61:16:03");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=fe46a04600000000000000ffbd825cec&affilt=5");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.sg", "none");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=fe46a04600000000000000ffbd825cec&affilt=5&q=");
user_pref("extensions.privitize.vrsn", "1.8.21.6");
user_pref("extensions.privitize.vrsnTs", "1.8.21.61:16:03");
user_pref("extensions.privitize.vrsni", "1.8.21.6");
Emptied folder: C:\Users\shelly\AppData\Roaming\mozilla\firefox\profiles\tg6vkr84.default\minidumps [9 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/21/2013 at  0:21:32.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 Brenda17

Brenda17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 21 December 2013 - 03:37 AM

THE ADS ARE STILL THERE. 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 21 December 2013 - 02:59 PM


Hello Brenda17

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 26 December 2013 - 10:18 PM


Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 04 January 2014 - 10:07 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users