Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent/Gen-Qhost and Questioning these on startup (atieclxx.exe, CCC.exe,


  • This topic is locked This topic is locked
14 replies to this topic

#1 SueRon57

SueRon57

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:07:19 AM

Posted 09 January 2014 - 02:04 AM

Hi,
   I am having issues with my computer. When I am on the internet I am getting many pop up ads. I have not had this problem before. Also I am hearing ads but can not find them. I went in to my start up and found many things I have not seen before. They are:  
 
atieclxx.exe,
CCC.exe,
ccSvcHst.exe,
DCSHelper.exe*32, 
dwm.exe,  
FirefoxHelper.exe*32, ( I do not use or have Firefox) 
GPlayer.exe*32,
MOM.exe,
jusched.exe*32,
realsched.exe*32,  
csrss.exe,
AESTSr64.exe      
 
 
I am not sure what to do to fix these issues. I ran my SUPERAntiSpyware program and it found the Trojan.Agent/Gen-Qhost I removed it per the Superantispyware directions and restarted my laptop and I am still having the problem. I  had bought a game for my computer at walmart called 500,000 GAMES V3\BEST GAME HITS 7 and I have removed it today from my laptop. Can help me please? I will be waiting. Below is the log from my scan today
 
Thank you,
 
Susan
 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
 
Generated 01/08/2014 at 05:45 PM
 
Application Version : 5.6.1030
 
Core Rules Database Version : 10965
Trace Rules Database Version: 8777
 
Scan type       : Complete Scan
Total Scan Time : 02:57:07
 
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Limited User
 
Memory items scanned      : 678
Memory threats detected   : 0
Registry items scanned    : 76159
Registry threats detected : 0
File items scanned        : 167339
File threats detected     : 394
 
Adware.Tracking Cookie
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\T7DBN51V.txt [ /ads.al.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\5L7TBCBV.txt [ /casalemedia.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\E6ZWFISD.txt [ /adtechus.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\I5PV0E6J.txt [ /ads.masslive.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\3VUOR7TO.txt [ /ads.mlive.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\QL39JIUY.txt [ /at.atwola.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\70M4G6SX.txt [ /zedo.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\V2U5J1YZ.txt [ /ads.syracuse.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\E2I4TXN0.txt [ /imrworldwide.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\KQDM3G5B.txt [ /realmedia.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\Q4RNY8MK.txt [ /atdmt.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\KJ5V462K.txt [ /ads.yahoo.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\HPT6EXUH.txt [ /ad.mlnadvertising.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\JY8Y5HPY.txt [ /legolas-media.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\84KD3Z9T.txt [ /smartadserver.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\NJ43VAGN.txt [ /questionmarket.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\JL1M00I7.txt [ /track.adform.net ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\29GR5VE8.txt [ /247realmedia.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\TTGG88V3.txt [ /tacoda.at.atwola.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\RUA2OF42.txt [ /bs.serving-sys.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\S5JT8J4W.txt [ /burstnet.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\7Z0MHNWR.txt [ /doubleclick.net ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\C76KVZW5.txt [ /ads.p161.net ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\TE1FYN62.txt [ /traveladvertising.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\XCZHUHWP.txt [ /fastclick.net ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\1A96MI3S.txt [ /ad.e-kolay.net ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\MEOPDF2S.txt [ /ru4.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\RA4013L9.txt [ /ads.pointroll.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\P3MWHZSH.txt [ /ads.cleveland.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\RV3A2PSQ.txt [ /clickbooth.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\QQU1QDRR.txt [ /pro-market.net ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\KA2Q2O3G.txt [ /ads.pennlive.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\ZPKZM40O.txt [ /invitemedia.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\E43EEY9Z.txt [ /ads.nj.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\BIGU8XMJ.txt [ /adserver.adtechus.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\KN3SIGNY.txt [ /advertising.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\2SMO2EYO.txt [ /pointroll.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\8ZHVEDVP.txt [ /network.realmedia.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\EYTYUPJ4.txt [ /ads.nola.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\HHIYR7XU.txt [ /ads.oregonlive.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\PVUCL9D6.txt [ /lucidmedia.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\OT3JCSLE.txt [ /mediaplex.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\WV6CHDLF.txt [ /tribalfusion.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\ZKXGK234.txt [ /revsci.net ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\BC7FXTOC.txt [ /media6degrees.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\HYGDNLU9.txt [ /ww251.smartadserver.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\UPBKF1CG.txt [ /steelhousemedia.com ]
C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Cookies\MXB8TNE3.txt [ /serving-sys.com ]
.atdmt.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbooth.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mshakers.rotator.hadj7.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
yorick.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
yorick.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oddcast.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstbeacon.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstbeacon.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
traffic.prod.cobaltgroup.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.mlnadvertising.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.darchermedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.darchermedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findyourarchitecturejob.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findyourarchitecturejob.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.darchermedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.darchermedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www2.findyourarchitecturejob.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www2.findyourarchitecturejob.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clove.rotator.hadj8.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
topclicktrack.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.readserver.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kultmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.zephyrtracking.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.zephyrtracking.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lacounty.info [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lacounty.info [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.lacounty.info [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mva.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mva.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mva.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.da.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.da.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.blog.kultmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.blog.kultmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
countrymusicnation.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
countrymusicnation.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
countrymusicnation.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countrymusicnation.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countrymusicnation.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
host.oddcast.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.px.steelhousemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oddcast.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interland.122.2o7.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xanderadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
socialitemedia.biz [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
traffiqexchange.rotator.hadj7.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
traffiqexchange.rotator.hadj7.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rcci.122.2o7.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sparknetworks.112.2o7.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.syncedvision.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chitika.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
trk.dugomedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.omn.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.crackle.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.media970.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chicagosuntimes.122.2o7.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.picadmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.picadmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediav.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
testdata.coremetrics.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.dpssbenefits.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.dpssbenefits.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.dpssbenefits.lacounty.gov [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clove.rotator.hadj8.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
engine.localyokelmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
engine.localyokelmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
engine.localyokelmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
engine.localyokelmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adprudence.rotator.hadj7.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adprudence.rotator.hadj7.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracktrack.info [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.jmm.sitescoutadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.femalevogue.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.1sadx.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sigma.xanderadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sigma.xanderadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sigma.xanderadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sigma.xanderadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sigma.xanderadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xanderadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xanderadserver.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mshakers.rotator.hadj7.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mshakers.rotator.hadj7.adjuggler.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\SUSIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ds.serving-sys.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\36UKUPAJ ]
 
Trojan.Agent/Gen-Qhost
C:\PROGRAM FILES (X86)\500,000 GAMES V3\BEST GAME HITS 7\ARCAPINBALLNEOWORLDS\REG.DLL
 

,    
 
,

Edited by boopme, 09 January 2014 - 08:44 PM.


BC AdBot (Login to Remove)

 


#2 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:07:19 AM

Posted 09 January 2014 - 10:23 PM

Hi, Boopme asked me to run DDS and post the logs here. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.25.2
Run by Amy at 18:43:16 on 2014-01-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.2324 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Updater\updater.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=434b60e4-58eb-b04e-62c3-ccef9dbf61fb&searchtype=hp&installDate={installDate}
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=434b60e4-58eb-b04e-62c3-ccef9dbf61fb&searchtype=ds&q={searchTerms}&installDate={installDate}
uSearch Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=434b60e4-58eb-b04e-62c3-ccef9dbf61fb&searchtype=ds&q={searchTerms}&installDate={installDate}
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=434b60e4-58eb-b04e-62c3-ccef9dbf61fb&searchtype=ds&q={searchTerms}&installDate={installDate}
mWinlogon: Userinit = userinit.exe,
BHO: PETN: {0C8BB25C-B008-2D17-DBC8-D744EBB95960} - C:\Users\Amy\AppData\Local\FidewideDeals\petn.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Tube Dimmer: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\TubeDimmer\IE\common.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Susie\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
BHO: Re-markit: {d40c0f9a-fc3b-4874-84c6-32559d93ce1a} - C:\Program Files (x86)\Re-markit\135.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: FindWide Toolbar: {BDEF443A-32A8-4CAB-8586-A6928305233A} - C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\passport.dll
uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
uRun: [Updater] C:\ProgramData\Updater\updater.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{CEB42F4A-4E58-4DFC-9A70-0B8176D01C8F} : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{CEB42F4A-4E58-4DFC-9A70-0B8176D01C8F}\0557C6379607865627D284F6D656 : DHCPNameServer = 74.211.15.210 74.211.15.211 24.56.178.102
TCP: Interfaces\{CEB42F4A-4E58-4DFC-9A70-0B8176D01C8F}\2375942554731353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CEB42F4A-4E58-4DFC-9A70-0B8176D01C8F}\3516D63757E676027416C6168797023502949494024343 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{CEB42F4A-4E58-4DFC-9A70-0B8176D01C8F}\E45445745414255393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D4648FC4-6958-48C3-8ADB-2464A6C53746} : DHCPNameServer = 69.54.99.2 205.185.95.2 8.8.8.8
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: FindWide Toolbar: {BDEF443A-32A8-4CAB-8586-A6928305233A} - C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\passport64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-1 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-29 203264]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2013-5-8 23552]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-3-27 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2012-9-21 126392]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-9-1 38528]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ghsdiagMDM;Handset Diagnostic Port;C:\Windows\System32\drivers\ghsdiagMDM.sys [2011-11-28 122496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-25 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-25 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-1 1255736]
.
=============== Created Last 30 ================
.
2014-01-09 01:59:29 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43D7C1CB-F09D-49F3-B6AF-051C56B22DF5}\mpengine.dll
2014-01-08 20:24:58 -------- d-----w- C:\ProgramData\T-Mobile Connection Manager
2014-01-07 22:58:59 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-11 10:00:14 9293192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-11 06:51:00 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 06:51:00 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 06:50:59 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 06:50:58 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 06:12:13 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 06:11:59 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-11 06:11:59 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
==================== Find3M  ====================
.
2014-01-10 02:31:26 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2013-12-11 10:00:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 10:00:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-04-23 19:34:13 4126720 ----a-w- C:\Program Files (x86)\GUTD57B.tmp
.
============= FINISH: 18:47:50.70 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/1/2012 9:47:05 AM
System Uptime: 1/9/2014 7:30:52 AM (11 hours ago)
.
Motherboard: Hewlett-Packard |  | 144E
Processor: AMD Turion™ II P540 Dual-Core Processor | Socket S1G4 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 169.168 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP150: 11/23/2013 12:30:34 AM - Removed WinZip 17.5
RP151: 11/24/2013 10:07:37 AM - Windows Update
RP152: 11/28/2013 1:20:00 PM - Windows Update
RP153: 12/1/2013 6:29:30 PM - Windows Update
RP154: 12/6/2013 6:25:19 PM - Windows Update
RP155: 12/10/2013 2:07:00 AM - Windows Update
RP156: 12/10/2013 10:48:24 PM - Windows Update
RP157: 12/15/2013 1:09:30 AM - Windows Update
RP158: 12/18/2013 8:38:52 AM - Windows Update
RP159: 12/22/2013 9:24:48 PM - Windows Update
RP160: 12/26/2013 9:57:28 PM - Windows Update
RP161: 12/30/2013 7:25:31 PM - Windows Update
RP162: 1/3/2014 7:15:08 PM - Windows Update
RP163: 1/7/2014 2:58:21 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
Bejeweled 3
Canon MP Navigator EX 5.1
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
FidewideDeals
FindWide.com
GIMP 2.4.7
Glary Utilities 2.48.0.1568
Google Chrome
Google Earth
Google Update Helper
HP PhotoSmart 210/215 Camera Software (by ArcSoft)
HP Power Manager
HP Product Detection
IDT Audio
Java 7 Update 21 (64-bit)
Java 7 Update 25
Java Auto Updater
Mahjongg - The Ultimate Collection
MGI PhotoSuite III SE (Remove Only)
Microsoft .NET Framework 4 Client Profile
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Norton PC Checkup
OpenOffice 4.0.0
Paint Shop Pro 7 Try And Buy
Photo Explosion SE
Re-markit
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Software Assist
SUPERAntiSpyware
Synaptics Pointing Device Driver
The Print Shop Business Card Creator
Tube Dimmer
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Updater
Zuma's Revenge!
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
1/9/2014 7:32:38 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/9/2014 1:02:59 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
1/8/2014 9:08:40 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
1/8/2014 9:08:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/8/2014 9:08:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/8/2014 9:08:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/8/2014 9:08:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/8/2014 9:07:23 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
1/8/2014 9:05:23 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
1/8/2014 9:05:23 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/8/2014 9:04:18 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The data is invalid.
1/8/2014 9:04:18 PM, Error: Service Control Manager [7023]  - The Internet Connection Sharing (ICS) service terminated with the following error:  %%-2147467243
1/8/2014 9:04:18 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x80004004   Error description: Operation aborted   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
1/8/2014 9:04:18 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
1/8/2014 12:20:02 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the T-Mobile Connection Manager. OUC service to connect.
1/8/2014 12:20:02 PM, Error: Service Control Manager [7000]  - The T-Mobile Connection Manager. OUC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/8/2014 11:37:15 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
1/5/2014 2:44:25 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
1/5/2014 2:44:24 PM, Error: Microsoft-Windows-BitLocker-Driver [24620]  - Encrypted volume check: Volume information on E: cannot be read.
1/4/2014 8:51:43 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 14 January 2014 - 02:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520190 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:07:19 AM

Posted 14 January 2014 - 07:37 PM

Attached File  attach.txt   8.91KB   0 downloadsAttached File  attach.txt   8.91KB   0 downloadsHi and thank you for helping me,
 
1) I am still having the random ads that pop up no matter which web site I am on, Some of the ads are video's that run in the backround and I am unable to find them. Some of the ads that pop up on the screen/web page have no way to close them.others do. most of the ads are asking me to speed up my computer or ask me to click here to chat with a tech support. also when I click on a link within a web site I go to a new tab that has another ad or a survey I can close the new tab and the link I was trying to go to is there. I have run my SuperAntiSpyware and it found one Trojan.Agent/Gen-Qhost and that was all but it did not fix the problems I have. Also when starting my computer it takes a lot longer to open to my sign in windows page and when looking at my Startup programs and running programs I am not sure what some of them are such as:atieclxx.exe,
CCC.exe,
ccSvcHst.exe,
DCSHelper.exe*32, 
dwm.exe,  
FirefoxHelper.exe*32, ( I do not use or have Firefox) 
GPlayer.exe*32,
MOM.exe,
jusched.exe*32,
realsched.exe*32,  
csrss.exe,
AESTSr64.exe  
I did try looking them up on your site but some were not found. Any help you can give me would be wonderful. I am not to tecnical with computers so be patient with my ignorance. I do greatly welcome the help. Lastly I do not have the original Windows CD/DVD I purchased my laptop at a second hand store.
 
2) DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.25.2
Run by Amy at 15:23:55 on 2014-01-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.2289 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Updater\updater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=434b60e4-58eb-b04e-62c3-ccef9dbf61fb&searchtype=hp&installDate={installDate}
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=434b60e4-58eb-b04e-62c3-ccef9dbf61fb&searchtype=ds&q={searchTerms}&installDate={installDate}
uSearch Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=434b60e4-58eb-b04e-62c3-ccef9dbf61fb&searchtype=ds&q={searchTerms}&installDate={installDate}
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=434b60e4-58eb-b04e-62c3-ccef9dbf61fb&searchtype=ds&q={searchTerms}&installDate={installDate}
mWinlogon: Userinit = userinit.exe,
BHO: PETN: {0C8BB25C-B008-2D17-DBC8-D744EBB95960} - C:\Users\Amy\AppData\Local\FidewideDeals\petn.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Tube Dimmer: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\TubeDimmer\IE\common.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Susie\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
BHO: Re-markit: {d40c0f9a-fc3b-4874-84c6-32559d93ce1a} - C:\Program Files (x86)\Re-markit\135.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: FindWide Toolbar: {BDEF443A-32A8-4CAB-8586-A6928305233A} - C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\passport.dll
uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
uRun: [Updater] C:\ProgramData\Updater\updater.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{CEB42F4A-4E58-4DFC-9A70-0B8176D01C8F} : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{CEB42F4A-4E58-4DFC-9A70-0B8176D01C8F}\0557C6379607865627D284F6D656 : DHCPNameServer = 74.211.15.210 74.211.15.211 24.56.178.102
TCP: Interfaces\{CEB42F4A-4E58-4DFC-9A70-0B8176D01C8F}\2375942554731353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CEB42F4A-4E58-4DFC-9A70-0B8176D01C8F}\3516D63757E676027416C6168797023502949494024343 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{CEB42F4A-4E58-4DFC-9A70-0B8176D01C8F}\E45445745414255393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D4648FC4-6958-48C3-8ADB-2464A6C53746} : DHCPNameServer = 69.54.99.2 205.185.95.2 8.8.8.8
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: FindWide Toolbar: {BDEF443A-32A8-4CAB-8586-A6928305233A} - C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\passport64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-1 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-29 203264]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2013-5-8 23552]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-3-27 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2012-9-21 126392]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-9-1 38528]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ghsdiagMDM;Handset Diagnostic Port;C:\Windows\System32\drivers\ghsdiagMDM.sys [2011-11-28 122496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-25 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-25 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-1 1255736]
.
=============== Created Last 30 ================
.
2014-01-13 20:54:41 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A817AAFF-4043-4660-8BDE-C6A1108C67B6}\mpengine.dll
2014-01-12 00:36:52 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-08 20:24:58 -------- d-----w- C:\ProgramData\T-Mobile Connection Manager
.
==================== Find3M  ====================
.
2014-01-14 23:02:11 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2013-12-11 10:00:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 10:00:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 10:00:15 9293192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-04-23 19:34:13 4126720 ----a-w- C:\Program Files (x86)\GUTD57B.tmp
.
============= FINISH: 15:28:46.79 ===============

 

 

 


Edited by SueRon57, 14 January 2014 - 07:46 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 AM

Posted 15 January 2014 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#6 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:07:19 AM

Posted 15 January 2014 - 11:21 PM

error 


Edited by SueRon57, 15 January 2014 - 11:45 PM.


#7 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:07:19 AM

Posted 16 January 2014 - 03:34 AM

Hi Nasdaq, 

   Thank you for helping me, I have preformed all of the steps that you asked me to do and will post them here. After finishing everything I am not seeing any pop ups or hearing any ads playing in back round while on web sites. 

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Amy [Admin rights]
Mode : Remove -- Date : 01/15/2014 21:06:13
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 4 ¤¤¤
[SUSP PATH] updater.exe -- C:\ProgramData\Updater\updater.exe [7] -> KILLED [Tree]
[SUSP PATH] ChromeHelper.exe -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe [7] -> ERROR [87]
[SUSP PATH] FirefoxHelper.exe -- C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe [7] -> ERROR [87]
[SUSP PATH] IeHelper.exe -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe [7] -> ERROR [87]
 
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Updater (C:\ProgramData\Updater\updater.exe [7]) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Updater (C:\ProgramData\Updater\Updater.exe [7]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][SUSP PATH] GreatArcadeHits.job : C:\Users\Susie\AppData\Local\GreatArcadeHits\GAHUpdate.exe [7] -> DELETED
[V2][SUSP PATH] FidewideDeals Update : C:\Users\Amy\AppData\Local\FidewideDeals\petnupdate.exe - CID=CharmSavingsTEST NAME=FidewideDeals [-][x][x] -> DELETED
[V2][SUSP PATH] GreatArcadeHits : C:\Users\Susie\AppData\Local\GreatArcadeHits\GAHUpdate.exe [7] -> ERROR DELETING TASK
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250315AS ATA Device +++++
--- User ---
[MBR] 1f22135f4438212deb0546955ac2d7aa
[BSP] d118ddc4619fbc99daed145fa3b6fbd2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_01152014_210613.txt >>
RKreport[0]_S_01152014_210247.txt
 
 


# AdwCleaner v2.202 - Logfile created 04/24/2013 at 23:47:07
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Amy - AMY-PC
# Boot Mode : Normal
# Running from : C:\Users\Amy\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : Browser Manager
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\user.js
File Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Amy\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Amy\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Amy\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Susie\AppData\LocalLow\BabylonToolbar
 
***** [Registry] *****
 
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261125~1.80\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011301126}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\d0d6ddbd3bea45
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003026.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044304426}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011301126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011301126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022302226}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055305526}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066306626}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\d0d6ddbd3bea45
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011301126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011301126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011301126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055305526}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066306626}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111442&tt=120912_cpc_3812_5&babsrc=NT_ss&mntrId=f68497640000000000004c0f6e14aeb2 --> hxxp://www.google.com
 
-\\ Google Chrome v [Unable to get version]
 
File : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [5097 octets] - [24/04/2013 23:47:07]
 
########## EOF - C:\AdwCleaner[S1].txt - [5157 octets] ##########
 
 

ComboFix 14-01-14.02 - Amy 01/15/2014  23:12:27.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.2688 [GMT -8:00]
Running from: c:\users\Susie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Amy\AppData\Local\dealcabby
c:\users\Amy\AppData\Local\dealcabby\license.txt
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\DC120fc7_32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-16 07:21 . 2014-01-16 07:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-16 07:21 . 2014-01-16 07:21 -------- d-----w- c:\users\Amy\AppData\Local\temp
2014-01-16 05:30 . 2014-01-16 05:30 -------- d-----w- c:\programdata\TubeDimmer
2014-01-16 05:14 . 2014-01-16 05:26 -------- d-----w- C:\AdwCleaner
2014-01-16 05:01 . 2014-01-16 05:01 82944 ----a-w- c:\windows\system32\drivers\ipfltdrv.sys.bak
2014-01-16 00:37 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C31923A0-0FD5-40CC-ADC9-511822B33E9A}\mpengine.dll
2014-01-13 20:54 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-08 20:24 . 2014-01-08 20:24 -------- d-----w- c:\programdata\T-Mobile Connection Manager
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 07:11 . 2013-08-23 21:32 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2014-01-16 00:29 . 2012-09-01 18:35 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 10:00 . 2012-09-01 22:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 10:00 . 2012-09-01 22:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 10:00 . 2013-12-11 10:00 9293192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-12-10 10:09 . 2013-12-10 10:09 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 10:09 . 2013-12-10 10:09 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 10:09 . 2013-12-10 10:09 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 10:09 . 2013-12-10 10:09 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 10:09 . 2013-12-10 10:09 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 10:09 . 2013-12-10 10:09 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 10:09 . 2013-12-10 10:09 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 10:09 . 2013-12-10 10:09 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-10 10:09 . 2013-12-10 10:09 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-10 10:09 . 2013-12-10 10:09 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 10:09 . 2013-12-10 10:09 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 10:09 . 2013-12-10 10:09 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 10:09 . 2013-12-10 10:09 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 10:09 . 2013-12-10 10:09 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 10:09 . 2013-12-10 10:09 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 10:09 . 2013-12-10 10:09 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 10:09 . 2013-12-10 10:09 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 10:09 . 2013-12-10 10:09 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 10:09 . 2013-12-10 10:09 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-10 10:09 . 2013-12-10 10:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 10:09 . 2013-12-10 10:09 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 10:09 . 2013-12-10 10:09 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 10:09 . 2013-12-10 10:09 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-10 10:09 . 2013-12-10 10:09 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 10:09 . 2013-12-10 10:09 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 10:09 . 2013-12-10 10:09 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 10:09 . 2013-12-10 10:09 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 10:09 . 2013-12-10 10:09 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 10:09 . 2013-12-10 10:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 10:09 . 2013-12-10 10:09 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 10:09 . 2013-12-10 10:09 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-10 10:09 . 2013-12-10 10:09 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 10:09 . 2013-12-10 10:09 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 10:09 . 2013-12-10 10:09 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 10:09 . 2013-12-10 10:09 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 10:09 . 2013-12-10 10:09 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 10:09 . 2013-12-10 10:09 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 10:09 . 2013-12-10 10:09 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 10:09 . 2013-12-10 10:09 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 10:09 . 2013-12-10 10:09 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 10:09 . 2013-12-10 10:09 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 10:09 . 2013-12-10 10:09 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 10:09 . 2013-12-10 10:09 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 10:09 . 2013-12-10 10:09 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 10:09 . 2013-12-10 10:09 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 10:09 . 2013-12-10 10:09 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 10:09 . 2013-12-10 10:09 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 10:09 . 2013-12-10 10:09 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-10 10:09 . 2013-12-10 10:09 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 10:09 . 2013-12-10 10:09 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-10 10:09 . 2013-12-10 10:09 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 10:09 . 2013-12-10 10:09 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 10:09 . 2013-12-10 10:09 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 10:09 . 2013-12-10 10:09 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 10:09 . 2013-12-10 10:09 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 10:09 . 2013-12-10 10:09 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 10:09 . 2013-12-10 10:09 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 10:09 . 2013-12-10 10:09 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-10 10:09 . 2013-12-10 10:09 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-11 06:49 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 06:49 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 06:49 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 06:49 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 06:49 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 06:49 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 06:49 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 06:49 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 06:49 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 06:49 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 06:49 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 06:49 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 06:49 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 06:49 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 06:49 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 06:49 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 06:49 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 06:49 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 06:49 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 06:49 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 06:49 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 06:49 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 06:49 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 06:49 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 06:12 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 06:12 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 10:21 . 2012-09-01 18:04 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 06:12 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 06:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 06:12 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 06:12 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-11 06:12 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-11 06:12 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 06:12 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-10-18 16:17 . 2013-12-07 02:26 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE4D208C-41EA-42A7-BE1C-976518706C37}\gapaengine.dll
2013-10-18 16:17 . 2013-03-27 23:48 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0C8BB25C-B008-2D17-DBC8-D744EBB95960}]
2013-11-23 22:09 106496 ----a-w- c:\users\Amy\AppData\Local\FidewideDeals\petn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7}]
2013-08-14 07:17 321488 ----a-w- c:\users\Susie\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{BDEF443A-32A8-4CAB-8586-A6928305233A}"= "c:\users\Amy\AppData\Local\TNT2\Profiles\10705\passport.dll" [2013-11-23 11520]
.
[HKEY_CLASSES_ROOT\clsid\{bdef443a-32a8-4cab-8586-a6928305233a}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-09-01 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 ghsdiagMDM;Handset Diagnostic Port;c:\windows\system32\DRIVERS\ghsdiagMDM.sys;c:\windows\SYSNATIVE\DRIVERS\ghsdiagMDM.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-15 01:09 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 10:00]
.
2014-01-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-09-01 15:46]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07 03:43]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BDEF443A-32A8-4CAB-8586-A6928305233A}"= "c:\users\Amy\AppData\Local\TNT2\Profiles\10705\passport64.dll" [2013-11-23 12032]
.
[HKEY_CLASSES_ROOT\CLSID\{BDEF443A-32A8-4CAB-8586-A6928305233A}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{D4648FC4-6958-48C3-8ADB-2464A6C53746}: DhcpNameServer = 69.54.99.2 205.185.95.2 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{d40c0f9a-fc3b-4874-84c6-32559d93ce1a} - c:\program files (x86)\Re-markit\135.dll
Wow6432Node-HKCU-Run-Driver Manager - c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
SafeBoot-93265624.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-TubeDimmer - c:\programdata\TubeDimmer\uninstall.exe
AddRemove-{adbf903b-1197-4195-8815-69b059fc9830} - c:\program files (x86)\Re-markit\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-15  23:30:31
ComboFix-quarantined-files.txt  2014-01-16 07:30
.
Pre-Run: 181,978,796,032 bytes free
Post-Run: 182,526,070,784 bytes free
.
- - End Of File - - EFF7CC7A330ED9F48B4E7B42B5E4CC41
A36C5E4F47E84449FF07ED3517B43A31
 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Google Chrome 32.0.1700.72  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 
 
 
 
 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 AM

Posted 16 January 2014 - 10:53 AM

# AdwCleaner v2.202 - Logfile created 04/24/2013 at 23:47:07
# Updated 23/04/2013 by Xplode

Just to make sure Update the AdwCleaner tool. The latest version is 3.017

Get it from this site. The skin has changed.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u45 was released on Oct. 15. 2013.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 25

===

#9 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:07:19 AM

Posted 16 January 2014 - 07:39 PM

Hi, I downloaded the AdwCleaner and scanned and cleaned what it found. The 4 things it found were the same ones as the first time I used it. Here is the report. 

 

# AdwCleaner v3.017 - Report created 16/01/2014 at 16:13:53
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Amy - SUSIE-LAPTOP
# Running from : C:\Users\Susie\Desktop\adwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\TubeDimmer
Folder Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
Folder Deleted : C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
Folder Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Folder Deleted : C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
File Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [1426 octets] - [16/01/2014 16:11:18]
AdwCleaner[S1].txt - [1363 octets] - [16/01/2014 16:13:53]
 
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [1423 octets] ##########
 
 
As to the startup did you get to look at those things and are they suppose to be there? 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 AM

Posted 17 January 2014 - 09:24 AM

Clean your Internet Explorer Cookie.
Do it in Internet Explorer or use SUPERAntiSpyware
===

If the files listed in the Startup are not giving you any problems let it go.
Otherwise let me know what the probem or the error message you get.

===

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.list]
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.

Please let me know what problem persists with this computer.

#11 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:07:19 AM

Posted 17 January 2014 - 10:32 PM

Hi,

   Here is the mbam log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.17.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Amy :: SUSIE-LAPTOP [administrator]
 
1/17/2014 6:30:40 PM
mbam-log-2014-01-17 (18-30-40).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231222
Time elapsed: 4 minute(s), 7 second(s)
 
Memory Processes Detected: 1
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdater.A) -> 1236 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 12
HKCR\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} (PUP.Optional.WebSteroids.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40c0f9a-fc3b-4874-84c6-32559d93ce1a} (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{d40c0f9a-fc3b-4874-84c6-32559d93ce1a} (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C0F9A-FC3B-4874-84C6-32559D93CE1A} (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C0F9A-FC3B-4874-84C6-32559D93CE1A} (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater|ImagePath (PUP.Optional.InternetUpdater.A) -> Data: "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe" -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 11
C:\ProgramData\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Delete on reboot.
C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\extensions\support@tubedimmerapp.com (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\extensions\support@tubedimmerapp.com\chrome (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\extensions\support@tubedimmerapp.com\chrome\content (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Common (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
 
Files Detected: 59
C:\Users\Amy\Downloads\frostwire-5.3.9.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Susie\Downloads\Mahjong1.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Windows\Installer\1998f4c.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\InternetUpdater.ico (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\app.dat (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\data.dat (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdater.A) -> Delete on reboot.
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\Uninstall.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\extensions\support@tubedimmerapp.com\chrome.manifest (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\extensions\support@tubedimmerapp.com\install.rdf (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\extensions\support@tubedimmerapp.com\chrome\content\main.js (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\extensions\support@tubedimmerapp.com\chrome\content\overlay.xul (PUP.Optional.TubeDimmer) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\log.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\MinecraftShims64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\npTNT2Ghost.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\progress.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\tnt2chrome.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\TNT2User.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\UnInjLib.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\UnInjLib64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\untar.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\xpi.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\2.0.0.1663\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Common\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Common\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\icon.ico (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\inst.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\os10705.xml (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\PARTNER.9.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\partner.dat (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\runt.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\tnt_32x32.png (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\toolbar10705@findwide.com.xpi (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\TNT2\Profiles\10705\yah10705.xml (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
 
(end)
 
I am not at this time having any more problems with pop up ads. I do have a question about my Windows Firewall, Can you suggest where I might find information on how it works. I have read some things but the area that I want information on is what is being allowed inbound and outbound. Thank you for all your help. Susan


#12 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:07:19 AM

Posted 18 January 2014 - 02:09 AM

Hi Forum Addict,

    Not wanting to have this problem again and having spent hours on this site reading up on how to best protect my computer I have decided to use a host file and I have chosen MVPS.org and I am just wanting to make sure I install it correctly. I also think I should use a Host file manager and I chose HostsMan. I would appreciate any help or advise. Thank you again, Susan



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 AM

Posted 18 January 2014 - 10:59 AM

The Host file will help eliminating the tracking cookies.

This page will help you installing it.

http://winhelp2002.mvps.org/hostswin7.htm

If you have any difficulties/questions let me know.

===

Firewall articles that will help you understand the process.
http://technet.microsoft.com/en-us/library/dd421709(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/dd448527(v=ws.10).aspx

===



If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#14 SueRon57

SueRon57
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lancaster Ca
  • Local time:07:19 AM

Posted 21 January 2014 - 02:27 AM

Thank you very much for all your help. Doing all that you suggested. So far everything is working great. You all are the best! 

 

Susan :-)



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 AM

Posted 21 January 2014 - 09:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users