Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slooooow eventhough...


  • Please log in to reply
21 replies to this topic

#1 tapcc13

tapcc13

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 30 January 2014 - 07:57 PM

this computer has become super slow. cpu usage is upwards of 90%. and the fan is blowing hard. despite the processes not registering very high at all. most not at all. some at like 4 or 5 and firefox being around 20-25. is something taking over in the background? i ran malwarebytes and got rid of about 50 things but its still acting the same.



BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:45 PM

Posted 06 February 2014 - 06:36 AM

Hi tapcc13 and welcome!

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

 

====

 

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.

Click on the Scan button.

  • AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

After reviewing the log, click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.

  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.
If you do not know how to do this you can find out >here< or >here<
 
3. Double-click on
 JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.

  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.

  • Copy and paste the contents of JRT.txt in your next reply.

4. As a final step, update and rescan again with Malwarebytes Anti-Malware and post the log.

 

Stelios



#3 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 07 February 2014 - 07:44 PM

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 37  
 Java 7 Update 17  
 Java version out of Date!
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#4 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 07 February 2014 - 07:46 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/07/2014 07:44:43 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 02/07/2014 07:45:37 PM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)
 



#5 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 07 February 2014 - 07:55 PM

# AdwCleaner v3.018 - Report created 07/02/2014 at 19:50:18
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cabam - R2D2
# Running from : C:\Users\Cabam\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater
Service Deleted : DvmMDES
Service Deleted : Updater By SweetPacks

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\YTD Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Users\Cabam\AppData\Local\PackageAware
Folder Deleted : C:\Users\Cabam\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Cabam\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Cabam\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Cabam\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Cabam\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Cabam\AppData\Roaming\Mozilla\Firefox\Profiles\z8djormb.default\Extensions\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Folder Deleted : C:\Users\Cabam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Users\Cabam\AppData\Roaming\Mozilla\Firefox\Profiles\z8djormb.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\Cabam\AppData\Roaming\Mozilla\Firefox\Profiles\z8djormb.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\Cabam\AppData\Roaming\Mozilla\Firefox\Profiles\z8djormb.default\defaulttab.config
File Deleted : C:\Users\Cabam\AppData\Roaming\Mozilla\Firefox\Profiles\z8djormb.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Cabam\AppData\Roaming\Mozilla\Firefox\Profiles\z8djormb.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Cabam\AppData\Roaming\Mozilla\Firefox\Profiles\z8djormb.default\searchplugins\search-here.xml
File Deleted : C:\Users\Cabam\AppData\Roaming\Mozilla\Firefox\Profiles\z8djormb.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Cabam\AppData\Roaming\Mozilla\Firefox\Profiles\z8djormb.default\prefs.js ]

Line Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1-Stop-Florists\":{\"name\":\"1 Stop Florists\",\[...]
Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Cabam\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : suggest_url

*************************

AdwCleaner[R0].txt - [20284 octets] - [07/02/2014 19:47:16]
AdwCleaner[S0].txt - [19964 octets] - [07/02/2014 19:50:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20025 octets] ##########
 



#6 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 08 February 2014 - 01:52 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Cabam on Fri 02/07/2014 at 19:57:36.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1885153890-486427182-416663595-1004\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{40A0EFC3-416F-4E14-A7F7-F2AB7CD6D1B0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DFF95CFC-E064-4520-BB0E-D1AA91BE3938}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E8248934-5697-4865-88CD-6B0E6172B460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\Windows\syswow64\sho157B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8683.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Cabam\AppData\Roaming\slick savings"
Successfully deleted: [Folder] "C:\Users\Cabam\appdata\local\slick savings"
Successfully deleted: [Folder] "C:\Users\Cabam\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Cabam\appdata\locallow\ytd"
Successfully deleted: [Folder] "C:\Program Files (x86)\bearshare applications"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons.com couponbar"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Successfully deleted: [File] C:\Users\Cabam\AppData\Roaming\mozilla\firefox\profiles\z8djormb.default\extensions\addon@defaulttab.com.xpi
Successfully deleted: [File] C:\Users\Cabam\AppData\Roaming\mozilla\firefox\profiles\z8djormb.default\searchplugins\my-homepage.xml
Successfully deleted: [File] C:\Users\Cabam\AppData\Roaming\mozilla\firefox\profiles\z8djormb.default\searchplugins\search-here.xml
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1c43baf1-00c2-40a8-a09e-f84cfd79546d}
Successfully deleted the following from C:\Users\Cabam\AppData\Roaming\mozilla\firefox\profiles\z8djormb.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://www.mysearchresults.com/?c=9001&t=03");
user_pref("extensions.defaulttab.PIR7", 1389468697);
user_pref("extensions.defaulttab.active.affiliate", 2644);
user_pref("extensions.defaulttab.active.newtabsearch", true);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20121044,18175,0,0,0");
user_pref("extensions.defaulttab.browserID", "6714ADDEECE10AD74332483608740C90");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.homepage.original", "hxxp://www.mysearchresults.com/?c=9001&t=03");
user_pref("extensions.defaulttab.installdate", 1345059979);
user_pref("extensions.defaulttab.installedVersion", "2.3.1");
user_pref("extensions.defaulttab.lastNetSeerDownload", 1391234659);
user_pref("extensions.defaulttab.lastUsed", 1382349592);
user_pref("extensions.defaulttab.newtabsearch", true);
user_pref("extensions.defaulttab.search.original", "Amazon.com");
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
Emptied folder: C:\Users\Cabam\AppData\Roaming\mozilla\firefox\profiles\z8djormb.default\minidumps [59 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Cabam\appdata\local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp
Successfully deleted: [Folder] C:\Users\Cabam\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/07/2014 at 20:05:04.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#7 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:45 PM

Posted 08 February 2014 - 02:40 AM

Hi tapcc13

 

Good job!

4. As a final step, update and rescan again with Malwarebytes Anti-Malware and post the log.

 

 

Please download: 

 

Hosts-perm.bat 

From here: http://www.bleepingcomputer.com/download/hosts-permbat/ 

Reed the instructions

====

 

I'd like us to scan your machine with ESET OnlineScan

Note:You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

 

 

How is your comp running now? 

 

Stelios



#8 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 08 February 2014 - 04:47 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.08.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Cabam :: R2D2 [administrator]

2/8/2014 3:29:21 AM
mbam-log-2014-02-08 (03-29-21).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 591046
Time elapsed: 1 hour(s), 12 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} (PUP.Optional.BearshareTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\BearShareIEHelper.DNSGuard (PUP.Optional.BearshareTB.A) -> Quarantined and deleted successfully.
HKCR\BearShareIEHelper.DNSGuard.1 (PUP.Optional.BearshareTB.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 38
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension32.dll.vir (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension64.dll.vir (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe.vir (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Cabam\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Cabam\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Cabam\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Cabam\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Cabam\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Cabam\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Cabam\AppData\Roaming\DefaultTab\DefaultTab\update.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\1372234337_36102780_474_4.tmp (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\1372234354_36120081_357_6.tmp (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\AskPIP_FF_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\DefaultTabSetup.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\FreemakeVideoConverter_4.0.2.3.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\hsbing_717_active.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\XDarggI8.exe.part (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\dlm5C2E.tmp\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\is-9LT4G.tmp\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Local\Temp\nsx2E5D.tmp\bi_client.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Cabam\Downloads\openfreely_1296.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\226848c.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Cabam\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.

(end)
 



#9 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 08 February 2014 - 04:54 AM

thanks for ur reply btw

just to let u know how its acting now...the cpu usage is intermittently spiking. the highest was only 54 now though. but nothing in the cpu column registers over 00 except for firefox (understandable) which went to 01 very briefly. the fan seems to not being as over worked like before.

 



#10 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:45 PM

Posted 08 February 2014 - 05:03 AM

Hi that's good! 

 

We need to download Temp File Cleaner (TFC) by OldTimer:

  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process
    note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now


More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ 

====

 

and after please run ESET.

 

Stelios

 



#11 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:45 PM

Posted 08 February 2014 - 05:13 AM

if you run eset now don't stop, we can use TFC later.



#12 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 09 February 2014 - 02:33 AM

tfc done. do u have a link for eset?



#13 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:45 PM

Posted 09 February 2014 - 02:54 AM

do u have a link for eset?

 

post 7 

====

 

I'd like us to scan your machine with ESET OnlineScan

Note:You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



#14 tapcc13

tapcc13
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 10 February 2014 - 02:47 AM

i dont know how i didnt see that post. sorry. the link for Hosts-perm.bat doesnt work btw.

but i did the eset and went to work. on my return i saw that my gf closed it out. if i remember correctly i saw that it had a lot of threats found before i left and before it had finished. but i could be thinking of something else we ran. obv she didnt save a log of said threats. so i ran it again jic. it came up with only one.

C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined
 



#15 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:45 PM

Posted 10 February 2014 - 06:40 AM

Hi 

 

your comp looks clean!

 

Microsoft has created a Fix-It tool to reset the hosts file. Just download the fix-it and run it to reset the hosts file.

====

 

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit). 64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u51-windows-i586.exe (or jre-7u51-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.


-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:


  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

 

====

 

Important Note: Your version of Adobe Flash is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Adobe flash:


  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.

 

====

 

How is your comp running? 

 

Stelios

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users