Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe using too much CPU. Please help


  • Please log in to reply
27 replies to this topic

#1 tora22

tora22

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 05 January 2014 - 05:05 PM

Hello

I noticed yesterday that explorer.exe is taking up too much CPU, which has never happened before.
After searching on the internet it said that it must have been a corrupt video on the desktop so I tried opening a video with vlc and it took too long and my computer froze for a long time(which had never happened before). I deleted all the videos by using cmd since I was unable to delete them normally.

After that the cpu usage by explorer.exe went down for a while and now it's up again.
I ran a Sfc scan and the log showed it found corrupt files on my system32 and their repairing was "initialized, finalized, no reboot needed" and at the very end of the file it said "no scavenging file" or something and then skipping. The corrupt file was lpremove.exe as far as I could tell because I had never ran into a file such as that before (sorry for sounding so ignorant)

I don't know what to do because my computer is really slow because of this problem. Could it be a virus? Or some Microsoft update because other posts on the internet said that after an update they started having this problem.
I really don't want to format my computer.
Any help would be appreciated!

 
Thanks a lot!


Edited by hamluis, 14 June 2015 - 06:12 AM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,075 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:28 AM

Posted 05 January 2014 - 05:25 PM

Formatting and reinstalling the operating system is the last ditch effort, let try something else first.

 

Can you Boot into Safe Mode?

 

To do this start tapping the F8 key immediately after pressing the power button.  You should see an image similar to the one below, this is the Advanced Boot Options.  Safe mode is one of the options.  Use the up or down key to navigate to Safe Mode, press the Enter key to choose this option.

 

windows-vista_safe-mode2.png    Vista

 

Does the problem continue in Safe Mode?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 tora22

tora22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 05 January 2014 - 05:34 PM

@Arachibutyrophobia

 

Hi!

I tried that earlier to delete the videos I mentioned (it didn't work) and the same thing was happening there. I could not access the videos and explorer.exe went crazy.


Edited by tora22, 05 January 2014 - 05:36 PM.


#4 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,075 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:28 AM

Posted 05 January 2014 - 05:38 PM

Let's try this again.  Boot into Safe Mode and see if you still have the high CPU usage in explorer.exe.  Don't worry about the video right now.


Edited by dc3, 05 January 2014 - 05:39 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 tora22

tora22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 05 January 2014 - 05:47 PM

Let's try this again.  Boot into Safe Mode and see if you still have the high CPU usage in explorer.exe.  Don't worry about the video right now.

Before I do that:

When I tried it earlier, aftewards, when I was booting my computer normally, it gave out a lot of problems, a lot of programs failed to initialize, internet was not accessible even though I had changed nothing while on safe mode. I had to do a backup to a previous date in order for things to go back to normal.
What could have caused that? Will it happen again if I go in safe mode now?



#6 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,075 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:28 AM

Posted 05 January 2014 - 06:00 PM

What kind of videos are you referring to, downloaded?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 tora22

tora22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 05 January 2014 - 06:10 PM

What kind of videos are you referring to, downloaded?

It started right after I downloaded 2 youtube videos. It was an online downloader. I'm running Malwarebytes right now and SuperAntiSpyware to see if something comes up.
Btw, thanks  a lot for replying :)



#8 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,075 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:28 AM

Posted 05 January 2014 - 06:19 PM

Let me know what you find in Malwarebytes.

 

Did you update it before running the scan?

 

As for the thanks, this is what we do. :thumbup2:


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 tora22

tora22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 05 January 2014 - 06:25 PM

Let me know what you find in Malwarebytes.

 

Did you update it before running the scan?

 

As for the thanks, this is what we do. :thumbup2:

I will, thanks.
But I'll let you know tomorrow if that's okay, because it's really late here.

Thanks!



#10 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,075 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:28 AM

Posted 05 January 2014 - 06:38 PM

Not a problem, I'll be here tomorrow.

 

Have a good evening.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 tora22

tora22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 06 January 2014 - 08:58 AM

Not a problem, I'll be here tomorrow.

 

Have a good evening.

Hello again,

I ran Malwarebytes today, after updating it and it found 23 threats, only one was an adware, the others were .Pup from Babylon toolbar.
Now explorer is still high after removing the threats and rebooting, but the other problem is that while yesterday the whole CPU usage was up to 60(from explorer) today it will stay 100 even if no other program or process is running. It has gone completely nuts!
 

Edit:
I went on Safe Mode again, still explorer is over 50% and also system idle process(I finally managed to show all processes -.-') is constantly 30-40%. Could these 2 be related?


Edited by tora22, 06 January 2014 - 09:57 AM.


#12 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,075 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:28 AM

Posted 06 January 2014 - 11:18 AM

Let's concentrate on the infections for now.

 

PUP, potentially unwanted programs, usually aren't real problems.  The Babylon toolbar probably came packaged as third party software in a download for a specific program.

 

I would like for you to run two more scans.

 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 

 
Please download Junkware Removal Tool.
 
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
 
Click on Run to initiate the installation.
 
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
 
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
 
The tool will open and start scanning your system.
 
Please be patient as this can take a while to complete depending on your system's specifications.
 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 tora22

tora22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 06 January 2014 - 12:19 PM

 

Let's concentrate on the infections for now.

 

PUP, potentially unwanted programs, usually aren't real problems.  The Babylon toolbar probably came packaged as third party software in a download for a specific program.

 

I would like for you to run two more scans.

 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 

 
Please download Junkware Removal Tool.
 
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
 
Click on Run to initiate the installation.
 
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
 
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
 
The tool will open and start scanning your system.
 
Please be patient as this can take a while to complete depending on your system's specifications.
 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.

 

The log from AdwCleaner:

# AdwCleaner v3.016 - Report created 06/01/2014 at 18:06:36
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Daniela - ORDA
# Running from : C:\Users\Daniela\Music\Downloads\Programs\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\ProgramData\surf aoned kEeep
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\BittorrentBar_IT
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Daniela\AppData\Local\Conduit
Folder Deleted : C:\Users\Daniela\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Daniela\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Daniela\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Daniela\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Daniela\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Daniela\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Daniela\AppData\LocalLow\BittorrentBar_IT
Folder Deleted : C:\Users\Daniela\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\Daniela\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qbaiw2jx.default\ConduitCommon
Folder Deleted : C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qbaiw2jx.default\Extensions\ffxtlbr@optitoolbar.com
Folder Deleted : C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qbaiw2jx.default\Extensions\xqr4f@abauqmy.com
Folder Deleted : C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qbaiw2jx.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
Folder Deleted : C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Folder Deleted : C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qbaiw2jx.default\searchplugins\optitoolbar.xml
File Deleted : C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qbaiw2jx.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qbaiw2jx.default\user.js
File Deleted : C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Daniela\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\Daniela\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A428DBC-54FC-45A5-918D-C39A91310DD5}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E155BF2-43EC-4D00-BB7E-A37CA3E178FF}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A428DBC-54FC-45A5-918D-C39A91310DD5}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E155BF2-43EC-4D00-BB7E-A37CA3E178FF}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF60D458-6BEB-4F23-AA36-F064FFEA4962}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF60D458-6BEB-4F23-AA36-F064FFEA4962}
Key Deleted : HKLM\SOFTWARE\Classes\and
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\surf
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_c7d59fc6
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2102507
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849853
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B40B400D-8081-429D-8C6F-8170D5122628}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B40B400D-8081-429D-8C6F-8170D5122628}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D85F94A-23CC-4DE9-BC8A-C5454FBAF04B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{925F0566-E901-4D57-B2B1-1A6F73F5C532}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}]
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\BittorrentBar_IT
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\BittorrentBar_IT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_IT Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BittorrentBar_IT Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (it)

[ File : C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\qbaiw2jx.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchguru.info/?pid=952&r=2013/12/13&hid=11655605349533943252&lg=EN&cc=AL&unqvl=43&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.5Bwd.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top && ![...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.KlsCNgGafJKK.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);[...]
Line Deleted : user_pref("extensions.zisT.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){win[...]
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "388501d6-8217-4b24-b511-4b1cf8f16b4f");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchguru.info/?pid=952&r=2013/12/13&hid=11655605349533943252&lg=EN&cc=AL&unqvl=43&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [18346 octets] - [06/01/2014 17:59:45]
AdwCleaner[S0].txt - [18150 octets] - [06/01/2014 18:06:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18211 octets] ##########
 



#14 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,075 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:28 AM

Posted 06 January 2014 - 12:25 PM

Well that should make an appreciable difference, that's a lot of unneeded junk.

 

Please post the results of the JRT.

 

You don't need to quote my posts.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 tora22

tora22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 06 January 2014 - 12:30 PM

Oh okay :/

Here is the other log:




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\Users\Daniela\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Daniela\appdata\local\big fish"
Successfully deleted: [Folder] "C:\bigfishcache"



~~~ FireFox

Successfully deleted the following from C:\Users\Daniela\AppData\Roaming\mozilla\firefox\profiles\qbaiw2jx.default\prefs.js

user_pref("extensions.KlsCNgGafJKK.url", "hxxp://jpigetjson.info/sync2/?q=hfZ9ofV9CShEAen0pjkGtMqLDe49CNU0nkEMCMlNhd9FrHwGrjrGrjn6rHYMBzqUojw9rdwEqjw8rHrEqch7hfs0pihPBMn0pjn5r
Emptied folder: C:\Users\Daniela\AppData\Roaming\mozilla\firefox\profiles\qbaiw2jx.default\minidumps [264 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Daniela\appdata\local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 18:28:46.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users