Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have addware ... no idea what kind


  • Please log in to reply
25 replies to this topic

#1 smurfhandy

smurfhandy

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 24 May 2014 - 01:10 AM

Have addware ... no idea what kind

 

Windows Vista Home


Edited by smurfhandy, 24 May 2014 - 01:11 AM.


BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 24 May 2014 - 06:54 AM

Hello -

A couple of quick questions, and a couple of quick adware cleaners.

 

First -

Download Security Check by Screen317 from HERE or HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).

 

 

Next -

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

 

Important: Do not reboot your computer until you complete the next step.

 

NOW -

Please download AdwCleaner by Xplode and save to your Desktop.
*  NOTE : Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

Shut down your protection software now to avoid potential conflicts.
* How To Temporarily Disable Your Anti-virus
* Please download Junkware Removal Tool to your desktop.
* Run the tool by double-clicking it.
* If you are using Windows Vista, 7, or 8, right click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

 

Last -

Malwarebytes Anti-Malware Free version 1.75.0.1300 has now been upgraded to Version 2.0.1

Please follow Free version removal methods. (link is to Malwarebytes site) if required -

 

* Download Malwarebytes Anti-Malware Free and save it to your desktop
* Double click the desktop icon, click Run, then OK
* Click Next
* Select I accept the agreement then continue to click Next then finally click Install
** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>
----------
** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com
----------
** When completed click the down arrow on Export Log and select Text file (*.txt)
* Save the file to your desktop as MBAM
* Click Apply Actions then restart your computer if requested
* Copy and past the contents of MBAM.txt in your reply



#3 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 27 May 2014 - 12:10 AM

Results of screen317's Security Check version 0.99.83  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 29  
 Java 7 Update 25  
 Java™ 6 Update 5  
 Java version out of Date! 
 Adobe Reader 8  
 Adobe Reader XI  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#4 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 27 May 2014 - 12:32 AM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by SHIELA (administrator) on 27-05-2014 at 00:12:03
Running from "C:\Users\SHIELA\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/25/2014 06:37:09 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (05/25/2014 06:37:09 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (05/25/2014 06:37:09 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (05/22/2014 00:51:30 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 27.0.1453.116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 458c
Start Time: 01cf75e4e2424970
Termination Time: 30
 
Error: (05/18/2014 07:21:48 AM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 27.0.1453.116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 36d4
Start Time: 01cf7292035fd308
Termination Time: 37
 
Error: (05/16/2014 08:27:31 AM) (Source: MsiInstaller) (User: OfficePC)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (05/16/2014 07:36:30 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (05/16/2014 07:36:30 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (05/16/2014 07:36:30 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (05/14/2014 01:27:11 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module Flash32_13_0_0_214.ocx, version 13.0.0.214, time stamp 0x5359c422, exception code 0xc0000005, fault offset 0x0020ca1d,
process id 0x87c, application start time 0xiexplore.exe0.
 
 
System errors:
=============
Error: (05/22/2014 03:18:32 AM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (05/20/2014 09:56:56 PM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (05/19/2014 01:41:14 AM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (05/17/2014 07:35:40 PM) (Source: DCOM) (User: OfficePC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}OfficePCSHIELAS-1-5-21-4040324797-4053318912-2084216494-1000LocalHost (Using LRPC)
 
Error: (05/17/2014 08:04:23 AM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (05/16/2014 08:28:40 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053
 
Error: (05/16/2014 08:28:40 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search
 
Error: (05/16/2014 08:28:40 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (05/16/2014 02:40:45 AM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (05/14/2014 02:00:40 PM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-15 17:25:55.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-15 17:25:54.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-15 17:25:53.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-15 17:25:53.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-12 17:47:26.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-12 17:47:25.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-12 17:47:25.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-12 17:47:24.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-12 17:47:24.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-12 17:47:23.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Digital Editions
Adobe Flash Player 13 ActiveX (Version: 13.0.0.214)
Adobe Reader XI (11.0.07) (Version: 11.0.07)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Agere Systems PCI-SV92PP Soft Modem
AppCore (Version: 2.0.0.79)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations (Version: 3.0.255.479)
Backup (Version: 1.0.0.382)
Belarc Advisor 8.1
Bing Rewards Client Installer (Version: 16.0.345.0)
Carbonite (Version: 5.5.3 build 3952  (Apr-07-2014))
ccCommon (Version: 107.0.5.5)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Cooking Academy (Version: 2.2.0.95)
Cooking Academy 2 - World Cuisine (Version: 2.2.0.95)
Corel WordPerfect Suite 8
CyberLink LabelPrint (Version: 2.0.3111)
CyberLink Power2Go (Version: 6.0.2115)
Dell System Detect (Version: 5.2.0.11)
Digital Media Reader (Version: 2.01.03.01)
Elevated Installer (Version: 2.3.16.0)
Elizabeth Find MD Diagnosis Mystery: Season 2 (Version: 2.2.0.98)
eMachines Games (Version: 1.0.3.0)
eMachines Recovery Management (Version: 3.1.3003)
ESET Online Scanner v3
Garmin Express (Version: 2.3.16.0)
Garmin Express Tray (Version: 2.3.16.0)
GearDrvs (Version: 1.00.0000)
GearDrvs (Version: 5.0.0.2)
Google Chrome (Version: 27.0.1453.116)
Google Desktop (Version: 5.9.1005.12335)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.24.7)
House, MD (Version: 2.2.0.97)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
Image Plugin (Version: 3.04.0226)
Java 7 Update 25 (Version: 7.0.250)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 5 (Version: 1.6.0.50)
Junk Mail filter update (Version: 14.0.8050.1202)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.234)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.238)
Lotus NotesSQL 3.01 driver
Lotus SmartSuite - English (Version: 9.7.0)
Manuals Finder (Version: 1.0)
Matches and Matrimony (Version: 2.2.0.98)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton 360 (Symantec Corporation) (Version: 2.0.0.242)
Norton 360 (Version: 2.0.0.242)
Norton 360 HTMLHelp (Version: 2.0.0.175)
Norton Confidential Core (Version: 2.6.0.3)
NVIDIA Drivers (Version: 1.10)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Paint.NET v3.5.6 (Version: 3.56.0)
Penguins Arena (Version: 2.2.0.95)
PVSonyDll (Version: 1.00.0001)
QuickBooks (Version: 22.0.4015.2206)
QuickBooks Pro 2012 (Version: 22.0.4015.2206)
QuickTime (Version: 7.73.80.64)
Real Crimes - Jack the Ripper (Version: 2.2.0.95)
Real Detectives - Murder in Miami (Version: 2.2.0.95)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek High Definition Audio Driver (Version: 6.0.1.5643)
RealUpgrade 1.1 (Version: 1.1.0)
SPBBC 32bit (Version: 4.1.0.15)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
SupportSoft Assisted Service (Version: 15)
Symantec Real Time Storage Protection Component (Version: 10.2.3.9)
Symantec Technical Support Controls (Version: 3.5.3)
SymNet (Version: 8.0.3.4)
Tweaking.com - Windows Repair (All in One) (Version: 2.2.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Updater (Version: 2.6.53)
Vampire Brides - Love Over Death (Version: 2.2.0.95)
Vampire Saga - Pandora's Box (Version: 2.2.0.95)
Visual Studio 2005 Tools for Office Second Edition Runtime
Websteroids (Version: 2.6.53)
WildTangent Games App (Version: 4.0.11.7)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Yahoo! Messenger
Yahoo! Software Update
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 66%
Total physical RAM: 2941.76 MB
Available physical RAM: 989.23 MB
Total Pagefile: 6108.05 MB
Available Pagefile: 3497.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.23 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:288.09 GB) (Free:192.17 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\OFFICEPC
 
Administrator            Guest                    SHIELA                   
 
 
**** End of log ****


#5 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 27 May 2014 - 12:35 AM

On a side note.   I click the download button for RKill.  When I did that RKill downloaded AND "HD_Player__CD5MT......exe"  downloaded as well.   I deleted it from the folder it downloaded to.



#6 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 27 May 2014 - 01:02 AM

# AdwCleaner v3.211 - Report created 27/05/2014 at 00:51:07
# Updated 26/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : SHIELA - OFFICEPC
# Running from : C:\Users\SHIELA\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\Websteroids
Folder Deleted : C:\Users\SHIELA\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\SHIELA\AppData\Local\TBHostSupport
Folder Deleted : C:\Users\SHIELA\AppData\Local\WhiteListing
Folder Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
File Deleted : C:\Users\SHIELA\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E4BBEAD-845B-4AE8-89FE-CCDFD4E1D832}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [TBHostSupport]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Websteroids
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16545
 
 
-\\ Google Chrome v27.0.1453.116
 
[ File : C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN37132830131705016&ctid=CT3286042&UM=2
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&qo=homepageSearchBox
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
*************************
 
AdwCleaner[R0].txt - [4959 octets] - [07/02/2014 13:47:56]
AdwCleaner[R1].txt - [3902 octets] - [27/05/2014 00:40:08]
AdwCleaner[S0].txt - [5250 octets] - [07/02/2014 13:54:12]
AdwCleaner[S1].txt - [4145 octets] - [27/05/2014 00:51:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4205 octets] ##########


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 27 May 2014 - 01:16 AM

Hi -

Try the Second link and then follow the directions below -

Only download it to Desktop to run it.

 

If Rkill has problems in Normal Mode, do you know how to use Safe Mode with Networking ??

 

The program will run both of these links in Safe Mode but we only want 1 to run -

 

Rkill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed Rkill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

Please Temporarily Disable Your Anti-virus while the program runs.

 

Norton always reacts to some of our tools -


Edited by noknojon, 27 May 2014 - 01:18 AM.


#8 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 27 May 2014 - 01:17 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by SHIELA on Tue 05/27/2014 at  1:11:14.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{05C95C43-C6E8-4B3B-9FF2-1191293F32EC}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\SHIELA\Local Settings\Application Data\cre"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/27/2014 at  1:14:50.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 27 May 2014 - 01:20 AM

I downloaded and ran it ... I just wanted to note that issue.  Thanks



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 27 May 2014 - 01:58 AM

Please copy / paste the log that was peoduced from Rkill -



#11 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 27 May 2014 - 02:00 AM

Rkill 2.6.6 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/27/2014 12:34:04 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 05/27/2014 12:35:24 AM
Execution time: 0 hours(s), 1 minute(s), and 20 seconds(s)


#12 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 27 May 2014 - 02:02 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/27/2014
Scan Time: 1:23:59 AM
Logfile: 20140527 0145.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.27.04
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: SHIELA
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336375
Time Elapsed: 20 min, 25 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
PUP.Optional.SelectionLinks.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}, , [b2ae1640f18aa5918b9563cc07fb4fb1], 
PUP.Optional.SelectionLinks.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}, , [b2ae1640f18aa5918b9563cc07fb4fb1], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\Updater By SweetPacks, , [6bf53026f08b44f25255fec4c2418c74], 
PUP.Optional.FCTPlugin, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kincjchfokkeneeofpeefomkikfkiedl, , [c898fa5c4c2fb185103e7ee4f1127a86], 
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-4040324797-4053318912-2084216494-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, , [4020a3b35625b87e1e1d0b80956da35d], 
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-4040324797-4053318912-2084216494-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, , [085883d3eb9065d1ae8e246724de6898], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4040324797-4053318912-2084216494-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\RadioRage_4j, , [f26e381e0477f93dc4044941fb07cc34], 
 
Registry Values: 2
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}, , [dc8492c4ee8d38fef240e0834ab8b14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}, C:\Program Files\Updater By SweetPacks\Firefox, , [dc8492c4ee8d38fef240e0834ab8b14f]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 13
PUP.Optional.ToolBarInstaller.A, C:\$RECYCLE.BIN\S-1-5-21-4040324797-4053318912-2084216494-1000\$R8LDDZ1.exe, , [233d5ef891eadf5700fc94531fe4c63a], 
PUP.Optional.BundleInstaller.A, C:\Users\SHIELA\Downloads\adobe reader setup.exe, , [cb95f0662f4c1c1a091fa4951ae722de], 
PUP.Optional.ArcadeFrontier.A, C:\Users\SHIELA\Downloads\ArcadeFrontierGames (1).exe, , [b6aa95c1bebd1f1708efdb7ebf42aa56], 
PUP.Optional.ArcadeFrontier.A, C:\Users\SHIELA\Downloads\ArcadeFrontierGames (2).exe, , [b4ac8ec87cff1b1be90e540555ac37c9], 
PUP.Optional.ArcadeFrontier.A, C:\Users\SHIELA\Downloads\ArcadeFrontierGames.exe, , [87d9fd595f1c4aec51a6d8814bb63cc4], 
PUP.Optional.Solimba, C:\Users\SHIELA\Downloads\Setup (1).exe, , [411fe4729ddee6507ac1b74fcf32b14f], 
PUP.Adware.Domalq, C:\Users\SHIELA\Downloads\Setup.exe, , [e87869edb2c9e65028d225f6fe06a35d], 
PUP.Optional.Superfish.A, C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [cc94a1b584f70432ce5a4a44966cfe02], 
PUP.Optional.Superfish.A, C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [3e227fd7e19a70c621076b2328daaa56], 
PUP.Optional.MultiExtension.A, C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage, , [1c4477df4734d3636094246a34ce946c], 
PUP.Optional.MultiExtension.A, C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage-journal, , [e27e75e18bf05fd77f75404eca3843bd], 
PUP.Optional.Websteroids.A, C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage, , [c0a0d0862b50300685c48613d032ea16], 
PUP.Optional.Websteroids.A, C:\Users\SHIELA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage-journal, , [29375afc611a082ed2771b7e23df629e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 27 May 2014 - 02:09 AM

Malwarebytes Anti-Malware has now cleaned out many problems. please report on the computer general running now .....


#14 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 27 May 2014 - 02:10 AM

appears to be running well 



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:49 PM

Posted 27 May 2014 - 02:16 AM

>> appears to be running well <<

Can we sit on this as it is for now, and you can post bck in a few days if this changes ??






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users