Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 malware-did system restore-now hung up on restart


  • Please log in to reply
26 replies to this topic

#1 jasminebird

jasminebird

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 02 June 2014 - 11:04 PM

Did not know there apparently was malware on my Win 7 computer, that was keeping it from getting on internet. Called internet service provider- tech said to try system restore.  Now it's been hung up on system restart for 3 days.  Tech said not to kill computer or it may permanently damage the computer. Any1 know how to resolve this problem?  Thanks!


Edited by hamluis, 03 June 2014 - 07:52 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 02 June 2014 - 11:18 PM

G'day jasminebird, and :welcome: to BC.

 

Can you open task manager ?  (ctl alt delete keys all at once )

 

and...is the PC hung on system RESTART or system RESTORE  ??


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#3 jasminebird

jasminebird
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 03 June 2014 - 05:37 PM

:bounce: Thanks for the welcome.  I finally took a deep breath and turned the computer off.  When screen was on last, it said it was "shutting down" after running system restore. It came on right away, & I sent it to Safe Mode w/o internet. System Restore said it did not complete & nothing was changed.

 

It will go to Task Manager ok.  Will check for replies again later. Thx!

 

Currently-ran rkill, & scanned w/Spybots (0 found), & IO bit Malware Fighter (O found). Wondering if this is 1 of those sneaky "toolbar add-ons"...

 



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 03 June 2014 - 06:14 PM

Please run the following for me...In the Order listed..

 

 

 

Download HERE Screen317 Security Check[/url]   and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

 

Please download MiniToolBox   to desktop and run it.
Checkmark the following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

 

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#5 jasminebird

jasminebird
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 03 June 2014 - 10:45 PM

Ok, thanks for the program links.

Here are the results:

 

 Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````

 Ad-Aware
 MVPS Hosts File 
 Spybot - Search & Destroy
 SUPERAntiSpyware Free Edition  
 JavaFX 2.1.1   
 Java 7 Update 45 
 Java version out of Date!
  Adobe Flash Player 11.9.900.170 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (6.0.2)
````````Process Check: objlist.exe by Laurent````````
 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Spybot Teatimer.exe is disabled!
 IObit IObit Malware Fighter IMFsrv.exe 
 IObit IObit Malware Fighter IMF.exe 
 SecurityCheck.exe   
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Internet Surfing (ATTENTION: The logged in user is not administrator) on 03-06-2014 at 21:25:12
Running from "D:\AntiMalware"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15255 more lines starting with "127.0.0.1"

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/03/2014 04:41:12 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Failed to start service

Error: (06/03/2014 03:39:00 PM) (Source: System Restore) (User: )
Description: System Restore did not run because the system was restarted, lost power, or stopped responding. Additional information: (Scheduled Checkpoint).

Error: (06/01/2014 07:00:04 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/30/2014 10:07:23 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (05/29/2014 03:22:33 PM) (Source: IMFservice) (User: )
Description: The handle is invalid

Error: (05/29/2014 03:22:33 PM) (Source: IMFservice) (User: )
Description: The handle is invalid

Error: (05/29/2014 02:11:17 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/20/2014 10:56:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/20/2014 10:56:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/20/2014 10:56:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (06/03/2014 09:11:06 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/03/2014 09:10:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (06/03/2014 09:09:55 PM) (Source: Service Control Manager) (User: )
Description: The SCWFPFilter service failed to start due to the following error:
%%2

Error: (06/03/2014 09:09:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\athExt.dll
Error Code: 126

Error: (06/03/2014 09:09:36 PM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/03/2014 09:09:35 PM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/03/2014 09:06:10 PM) (Source: DCOM) (User: )
Description: 1084defragsvc{D20A3293-3341-4AE8-9AAF-8E397CB63C34}

Error: (06/03/2014 08:39:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/03/2014 08:39:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/03/2014 08:39:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-03 21:09:36.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-03 21:09:36.068
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-03 21:09:35.990
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-03 21:09:35.912
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-03 17:46:01.146
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-03 17:46:01.068
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-03 17:46:00.990
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-03 17:46:00.912
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-01 16:37:29.068
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-01 16:37:28.990
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Acrobat.com (Version: 1.6.65)
Ad-Aware
Ad-Aware (Version: 8.0.0)
Adobe AIR (Version: 1.5.0.7220)
Adobe Digital Editions 2.0 (Version: 2.0.1)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Advanced SystemCare 7 (Version: 7.2.0)
Advertising Center (Version: 0.0.0.2)
ALPS Touch Pad Driver (Version: 7.106.2020.110)
Amazon MP3 Downloader 1.0.10
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
avast! Free Antivirus (Version: 9.0.2016)
Backup Manager Basic (Version: 2.0.0.60)
Bonjour (Version: 1.0.106)
Business Card Bonanza! (Version: 1.00.08.02.26)
Business Card Factory Deluxe 3.0 (Version: 3.0.0.12)
CardWorks Business Card Software
CCleaner (Version: 3.22)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.121.0.50)
Cyberfox Web Browser (Version: 26.0.0.0)
CyberLink PowerDVD 9 (Version: 9.0.3814.50)
Driver Booster (Version: 1.2)
EASEUS Partition Master 9.1.0 Home Edition
Express Burn Disc Burning Software
Express Dictate
File Recover 8.0 (Version: 8.0)
FileHippo.com Update Checker
Gateway InfoCentre (Version: 3.02.3000)
Gateway MyBackup (Version: 2.0.0.60)
Gateway Power Management (Version: 5.00.3003)
Gateway Recovery Management (Version: 4.05.3011)
Gateway Registration (Version: 1.03.3002)
Gateway ScreenSaver (Version: 1.1.0407.2010)
Gateway Social Networks (Version: 1.0.1517)
Gateway Updater (Version: 1.02.3001)
Glowing Touchpad (Version: 1.00.3000)
Google Talk Plugin (Version: 5.2.4.18058)
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
Hard Disk Low Level Format Tool 4.25
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (Version: 14.0)
Identity Card (Version: 1.00.3003)
ImagXpress (Version: 7.0.74.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Processor Graphics (Version: 8.15.10.2993)
Intel® Rapid Storage Technology (Version: 9.5.6.1001)
InternetHelper3.6 Toolbar for IE (Version: 6.17.2.8)
IObit Malware Fighter (Version: 2.2.1)
IObit Uninstaller (Version: 3.1.8.2434)
Java 7 Update 45 (Version: 7.0.450)
Java 7 Update 6 (64-bit) (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.8)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 14.0.8089.726)
Launch Manager (Version: 4.0.8)
magicJack (Version: 2.0.6073.4413)
magicJack Recovery Tool 1.0
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.4.10.100)
NeroExpress (Version: 9.4.33.100)
neroxml (Version: 1.0.0)
Network Stumbler 0.4.0 (remove only)
Network64 (Version: 140.0.212.000)
OpenOffice.org 3.1 (Version: 3.1.9420)
Optical Drive Power Management (Version: 1.01.3007)
PDFlite 0.11.0.0 (Version: 0.11.0.0)
PhotoPad Image Editor
Pixillion Image Converter
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000)
QuickShare (Version: 1.135.60.12323)
QuickTime (Version: 7.74.80.86)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30117)
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 140.0.77.000)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.9 (Version: 6.9.106)
Smart Defrag 3 (Version: 3.0)
Spybot - Search & Destroy (Version: 1.6.2)
Subliminal $SUBLIMINAL_VERSION (Version: $SUBLIMINAL_VERSION)
SUPERAntiSpyware Free Edition (Version: 4.26.0.1006)
Surfing Protection (Version: 1.0)
Toolbox (Version: 140.0.424.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Web Camera (Version: 0.5.31.1)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Welcome Center (Version: 1.01.3002)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
YTD Video Downloader 4.7.2 (Version: 4.7.2)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3766.66 MB
Available physical RAM: 2386.51 MB
Total Pagefile: 7531.5 MB
Available Pagefile: 5851.08 MB
Total Virtual: 4095.88 MB
Available Virtual: 3981.1 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:452.65 GB) (Free:363.69 GB) NTFS
2 Drive d: (HP v125w) (Removable) (Total:3.76 GB) (Free:3.73 GB) FAT32

========================= Users: ========================================

User accounts for \\KIVALIGHT-PC

Administrator            Guest                    Internet Surfing        
Kiva Light              

**** End of log ****



#6 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 03 June 2014 - 11:16 PM

Please run these.....in the order listed...

 

 

Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : Please close or save all work, as the computer will be Rebooted
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button. (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
If you see any which you do not want removed, remove the check mark next to it.
Next: Click on the Clean button (only once) to remove the selected items.
You will receive a message telling you that all programs will be close so that the infections can be removed.
Click on OK, and then OK again to confirm the reboot.
When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop.
Please copy and the paste this log in your next post.

 

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Please download  Junkware Removal Tool to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

 

Download Download Malwarebytes Anti-Malware Free and save it to your desktop
* Double click the desktop icon, click Run, then OK
* Click Next
* Select I accept the agreement then continue to click Next then finally click Install
** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>
** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com
** When completed click the down arrow on Export Log and select Text file (*.txt)
* Save the file to your desktop as MBAM
* Click Apply Actions then restart your computer if requested
* Copy and past the contents of MBAM.txt in your reply and save it to your desktop
* Double click the desktop icon, click Run, then OK
* Click Next
* Select I accept the agreement then continue to click Next then finally click Install
** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>
** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com
** When completed click the down arrow on Export Log and select Text file (*.txt)
* Save the file to your desktop as MBAM
* Click Apply Actions then restart your computer if requested
* Copy and past the contents of MBAM.txt in your reply


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#7 jasminebird

jasminebird
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 04 June 2014 - 11:35 PM

Greetings! WoW, that computer was really infected. Things r working now, that had not been working for quite awhile! I am grateful for your help. Hope your day is blessed!
Here are the logs of the scans run as specified.

# AdwCleaner v3.211 - Report created 04/06/2014 at 19:54:18
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kiva Light - KIVALIGHT-PC
# Running from : D:\AntiMalware\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\InternetHelper3.6
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\KIVALI~1\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\KIVALI~1\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\KIVALI~1\AppData\Local\Temp\CT3315827
Folder Deleted : C:\Users\Internet Surfing\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Internet Surfing\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Internet Surfing\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Internet Surfing\AppData\LocalLow\InternetHelper3.6
Folder Deleted : C:\Users\Kiva Light\AppData\Local\AppsHat Mobile Apps
Folder Deleted : C:\Users\Kiva Light\AppData\Local\PackageAware
Folder Deleted : C:\Users\Kiva Light\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Kiva Light\AppData\Local\Slick Savings
Folder Deleted : C:\Users\Kiva Light\AppData\Local\webplayer
Folder Deleted : C:\Users\Kiva Light\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kiva Light\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Kiva Light\AppData\LocalLow\iac
Folder Deleted : C:\Users\Kiva Light\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Kiva Light\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Kiva Light\AppData\LocalLow\InternetHelper3.6
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\ConduitCommon
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\Smartbar
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\ValueApps
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\CT2801948
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\CT3315827
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
Folder Deleted : C:\Users\Internet Surfing\AppData\Roaming\Mozilla\Firefox\Profiles\0hk7jxub.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\Extensions\adsremoval@adsremoval.net
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\Extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\Extensions\savingsslider@mybrowserbar.com
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
Folder Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\Extensions\{94625830-343a-4df0-88c1-444d195064d0}
Folder Deleted : C:\Users\Kiva Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\Kiva Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Kiva Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Kiva Light\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\searchplugins\search.xml
File Deleted : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\user.js
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\windows\Tasks\Driver Booster Update.job
File Deleted : C:\windows\System32\Tasks\Driver Booster Update

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3315827
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315827
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94625830-343A-4DF0-88C1-444D195064D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C66B4F5-6D6C-4A1A-9466-EFE6E4077A3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94625830-343A-4DF0-88C1-444D195064D0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94625830-343A-4DF0-88C1-444D195064D0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94625830-343A-4DF0-88C1-444D195064D0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625F420E-A4A9-4B40-BC23-716C1C43893A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C66B4F5-6D6C-4A1A-9466-EFE6E4077A3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41F2EAF6-54E8-4022-B625-E4714789D38C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B781AB80-C521-4A7F-83FF-3EB3772F5318}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94625830-343A-4DF0-88C1-444D195064D0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{94625830-343A-4DF0-88C1-444D195064D0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{94625830-343A-4DF0-88C1-444D195064D0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{94625830-343A-4DF0-88C1-444D195064D0}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\InternetHelper3.6
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16750
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]
-\\ Mozilla Firefox v6.0.2 (en-US)
[ File : C:\Users\Internet Surfing\AppData\Roaming\Mozilla\Firefox\Profiles\0hk7jxub.default\prefs.js ]

[ File : C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\prefs.js ]
Line Deleted : user_pref("CT2801948.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2801948.IsMulticommunity", false);
Line Deleted : user_pref("CT2801948.ServiceMapLastCheckTime", "Tue Jun 03 2014 17:03:12 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2801948.testingCtid", "");
Line Deleted : user_pref("CT3315827.FirstTime", "true");
Line Deleted : user_pref("CT3315827.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3315827.UserID", "UN40796329463195370");
Line Deleted : user_pref("CT3315827.defaultSearch", "true");
Line Deleted : user_pref("CT3315827.enableAlerts", "true");
Line Deleted : user_pref("CT3315827.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3315827.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3315827.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3315827.fullUserID", "UN40796329463195370.IN.20131205040056");
Line Deleted : user_pref("CT3315827.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3315827.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3315827.lastVersion", "10.23.0.726");
Line Deleted : user_pref("CT3315827.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fus.data.toolbar.yahoo.com%2Fbh%2Fv3%2Fepa%2F%3F.sc%3Dyff40%26.tc%3D%26.intl%3Dus%26.cv%3D2.4.8.20120412011105%26url%[...]
Line Deleted : user_pref("CT3315827.openThankYouPage", "false");
Line Deleted : user_pref("CT3315827.openUninstallPage", "true");
Line Deleted : user_pref("CT3315827.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3315827.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3315827.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3315827.serviceLayer_services_serviceMap_lastUpdate", "1401836593019");
Line Deleted : user_pref("CT3315827.settingsINI", true);
Line Deleted : user_pref("CT3315827.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3315827.smartbar.CTID", "CT3315827");
Line Deleted : user_pref("CT3315827.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3315827.smartbar.toolbarName", "InternetHelper3.6 ");
Line Deleted : user_pref("CT3315827.startPage", "true");
Line Deleted : user_pref("CT3315827.toolbarInstallDate", "08-02-2014 10:58:00");
Line Deleted : user_pref("CT3315827_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1401836591751,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kiva Light\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\9tw0w3qu.default\\conduitCommon\\modules\\3.15.1.0");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Apr 25 2014 07:58:23 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Apr 25 2014 07:58:23 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "0df98879-ed15-4945-8197-3c55e2c036d2");
Line Deleted : user_pref("extensions.enabledAddons", "{37483b40-c254-4a72-bda4-22ee90182c1e}:3.15.1.0,ffxtlbr@funmoods.com:1.5.1,plugin@vfd.com:1.5,{0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6,{97A78363-B868-4B48-A[...]
Line Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hmpg", true);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDtD0B0A0AyC0BtAzz0AtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=554887713[...]
Line Deleted : user_pref("extensions.funmoods.id", "70F1A150BAA6B38A");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15575");
Line Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDtD0B0A0AyC0BtAzz0AtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=5548877[...]
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCyDtD0B0A0AyC0BtAzz0AtN0D0Tzu0CtBtAyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=55488[...]
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.229:37:39");
Line Deleted : user_pref("extensions.kango.storage.minibar.config", "\"{\\\"name\\\":\\\"AppsHat\\\",\\\"description\\\":\\\"AppsHat\\\",\\\"button\\\":{\\\"tooltip\\\":\\\"Visit AppsHat.com\\\",\\\"icon\\\":\\\"htt[...]
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);

-\\ Google Chrome v
[ File : C:\Users\Kiva Light\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deleted [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deleted [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod

*************************
AdwCleaner[R0].txt - [16639 octets] - [04/06/2014 19:49:26]
AdwCleaner[S0].txt - [16167 octets] - [04/06/2014 19:54:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16228 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kiva Light on Wed 06/04/2014 at 20:02:14.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{232f1b14-7126-491f-ac8c-6123ba58fde2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CC207171-6646-4275-A744-C31A4CCC659E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Kiva Light\appdata\locallow\nch_en"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"

 

~~~ FireFox

Emptied folder: C:\Users\Kiva Light\AppData\Roaming\mozilla\firefox\profiles\9tw0w3qu.default\minidumps [1 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/04/2014 at 20:36:09.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/4/2014
Scan Time: 8:40:39 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.05.02
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kiva Light

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308974
Time Elapsed: 17 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\InboxAce_1g, , [5086a9cb1d5ebd79019dce19ca397a86],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1771588017-1417312849-3413317633-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\InboxAce_1g, , [3b9b670d3a41f2448f10f5f245be5ba5],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1771588017-1417312849-3413317633-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\InboxAce_1g, , [4d8975fff48738febde239aecd362fd1],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1771588017-1417312849-3413317633-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CouponXplorer_5z, , [498d70048af1c571f454f2a80ff38878],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1771588017-1417312849-3413317633-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\InboxAce_1g, , [a1355123fb8066d063c8e4b6ab578d73],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.FunMoods.A, C:\Users\Kiva Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh, , [5383e391e3988babd0a4e79f4fb347b9],
PUP.Optional.FunMoods.A, C:\Users\Kiva Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj, , [ecea5e167209c6703c0097fb04fe6898],

Files: 7
PUP.Optional.SearchProtection.A, C:\Users\Kiva Light\AppData\Local\Temp\Resource_Search.exe, , [6373e58fa5d62f072d6d0f28cb390df3],
PUP.Optional.InstallIQ, C:\Users\Internet Surfing\Documents\pdflite_d5833255.exe, , [66706311394239fd184f2fedfe03f40c],
PUP.Optional.AirInstaller, C:\Users\Internet Surfing\Downloads\Adobe PDF Reader.exe, , [894db2c2077469cdb59087b10bf6a25e],
PUP.Optional.AirInstaller, C:\Users\Internet Surfing\Downloads\java.exe, , [b1255f15b8c31d193a0b7bbd50b115eb],
PUP.Optional.Spigot.A, C:\Users\Kiva Light\Documents\pal_install_noask_r109702_p166.exe, , [31a5561e106b65d1426758cee61be31d],
PUP.Optional.UnfriendApp.A, C:\Users\Kiva Light\Downloads\Setup unfriend ap.exe, , [6f671064a6d520163130651b43be0cf4],
PUP.Optional.FunMoods.A, C:\Users\Kiva Light\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage-journal, , [f5e177fd0774ca6c8a11d5143dc66d93],

Physical Sectors: 0
(No malicious items detected)

(end)

 



#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 05 June 2014 - 03:56 AM

Open MBAM (malwarebytes) and click on Settings. Then on Detection and Protection....place a tick in 'use advanced heuristics, and in scan for rootkits and in scan within archives.

Also on the same page, Non-Malware Protection....PUP.....select 'Treat detections as malware'......and the same for PUM

 

Then click on Advanced Settings  place a tick in Every box.....(except for delay protection at startup for....)

 

Then run the scan again. It will select all of the PUP's and the PUM's and delete them.

 

Then....(This next scan is VERY long winded....it can Easily run for three hours....get it running and go to bed maybe ! )

 

If you need more time to get this done, I have no problem with that. Relax.

 

I would like you to use the ESET OnlineScanner -
This is best done with Internet Explorer, as it uses ActineX  with the scan
How-ever alternate directions are left for those that will not use Internet Explorer
Please read and follow How To Temporarily Disable Your Anti-virus during the scan.
1 / Hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 / Click the  ESET Onliner Scanner button.
3 / For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

3.1 - / Click on This Link to download theExternal ESET Smart Installer.
3.2 - / Save it to your desktop.

4 / Double click on the  icon on your desktop.
5 / Check "YES, I accept the Terms of Use."
5 / Click the Start button.
6 / Accept any security warnings from your browser.
7 / Under scan settings, check "Scan Archives" and "Remove found threats"
8 / Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
9 / ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10 / When the scan completes, click List Threats
11 / Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12 / Click the Back button.
13 / Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#9 jasminebird

jasminebird
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 06 June 2014 - 11:41 PM

Here it is--59 of em!

 

C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\hk64tbInte.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\hktbInte.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\InternetHelper3.6ToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\ldrtbInte.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\prxtbInt0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\prxtbInte.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\tbInte.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Internet Surfing\AppData\LocalLow\InternetHelper3.6\hk64tbInte.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Internet Surfing\AppData\LocalLow\InternetHelper3.6\hktbInte.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Internet Surfing\AppData\LocalLow\InternetHelper3.6\ldrtbInte.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Internet Surfing\AppData\LocalLow\InternetHelper3.6\tbInte.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kiva Light\AppData\LocalLow\InternetHelper3.6\hk64tbInte.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kiva Light\AppData\LocalLow\InternetHelper3.6\hktbInte.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kiva Light\AppData\LocalLow\InternetHelper3.6\ldrtbInte.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kiva Light\AppData\LocalLow\InternetHelper3.6\tbInte.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\Extensions\{94625830-343a-4df0-88c1-444d195064d0}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\PhotoPad\photopad.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\PhotoPad\ppadsetup_v2.10.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\PhotoPad\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Pixillion\pixsetup_v2.31.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Pixillion\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\burnsetup_v4.40.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\CardWorks\cardworks.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\CardWorks\cardworkssetup_v1.04.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\CardWorks\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\Express\edsetup_v5.49.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\Express\express.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\Express\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\PhotoPad\photopad.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\PhotoPad\ppadsetup_v2.10.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\PhotoPad\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\Pixillion\pixillion.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\Pixillion\pixsetup_v2.31.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Software\Program Files\Pixillion\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Swift Sound\Program Files\ExpressBurn\burnsetup_v4.40.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Swift Sound\Program Files\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\AppData\Roaming\NCH Swift Sound\Program Files\ExpressBurn\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\Documents\Computer Utils\Cnet sw update-cbsi-3_2_1_37-10912909.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\Documents\Computer Utils\EASUS utils\Cnet sw updates-cbsi-3_2_1_37-10912909.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\Documents\Downloads\AdobeCaptivateDvDsetup.exe a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\Documents\Downloads\cnet_recover_files_setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\Documents\Downloads\CUTEpartition_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\Documents\Downloads\registrybooster.exe Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\Downloads\cardworkssetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined
C:\Users\Internet Surfing\Downloads\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
C:\Users\Kiva Light\AppData\Local\Temp\Resource_AcceptRate.exe Win32/Toolbar.Widgi.D potentially unwanted application deleted - quarantined
C:\Users\Kiva Light\AppData\Local\Temp\Resource_Toolbar.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\extensions\{9021e36e-f285-53b7-e0b2-5901a46a48a8}\components\SmartbarFireFoxRemotePlugin_20.dll Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\extensions\{9021e36e-f285-53b7-e0b2-5901a46a48a8}\components\SmartbarFireFoxRemotePlugin_21.dll Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\extensions\{9021e36e-f285-53b7-e0b2-5901a46a48a8}\components\SmartbarFireFoxRemotePlugin_22.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\extensions\{9021e36e-f285-53b7-e0b2-5901a46a48a8}\components\SmartbarFireFoxRemotePlugin_23.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\Kiva Light\AppData\Roaming\Mozilla\Firefox\Profiles\9tw0w3qu.default\extensions\{9021e36e-f285-53b7-e0b2-5901a46a48a8}\components\SmartbarFireFoxRemotePlugin_24.dll a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined
C:\Users\Kiva Light\Desktop\reimagerepair.exe Win32/Toolbar.Babylon.T potentially unwanted application deleted - quarantined
C:\Users\Kiva Light\Downloads\reimagerepair.exe Win32/Toolbar.Babylon.T potentially unwanted application deleted - quarantined
 



#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 07 June 2014 - 02:10 AM

Cool !

 

Be aware that this next scan will run for Hours !.....2 - 3 hours is not unusual...sometimes longer...

 

walk away and leave it if you need to...

 

I would like you to use the ESET OnlineScanner -
This is best done with Internet Explorer, as it uses ActiveX  with the scan
How-ever alternate directions are left for those that will not use Internet Explorer
Please read and follow How To Temporarily Disable Your Anti-virus during the scan.
1 / Hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 / Click the  ESET Onliner Scanner button.
3 / For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

3.1 - / Click on This Link to download theExternal ESET Smart Installer.
3.2 - / Save it to your desktop.

4 / Double click on the  icon on your desktop.
5 / Check "YES, I accept the Terms of Use."
5 / Click the Start button.
6 / Accept any security warnings from your browser.
7 / Under scan settings, check "Scan Archives" and "Remove found threats"
8 / Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
9 / ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10 / When the scan completes, click List Threats
11 / Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12 / Click the Back button.
13 / Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.


Edited by Condobloke, 07 June 2014 - 02:13 AM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#11 jasminebird

jasminebird
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 08 June 2014 - 12:04 AM

Ok, so run ESET again? will do, will post results 2moro.

Some1 said Conduit is a keylogger & can get passwords.....

Thanks again!

 

BTW, I tried getting online w/Admin acct, computer started acting weird again.

Re-ran Malware bytes (found 0). Next time got online w/limited acct & worked ok. 

Sometimes the computer reboots w/wireless light on.  Don't think it should be doing that (?) 


Edited by jasminebird, 08 June 2014 - 12:16 AM.


#12 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 08 June 2014 - 12:42 AM

oops...sorry

....dont run it again !


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#13 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 08 June 2014 - 12:56 AM

I failed to check which post i was reading !!!!.......DUH to me !!

 

i have a list of programs which i feel you should uninstall....

 

Uninstall them with REVO

(Use the FREE version.)

Use the default settings to do so

It will take a little longer, but will be more thorough.

 

Ad Aware

Spybot

IO bit malware Fighter

IO bIt surfing protection

all JAVA entries

all flash entries

Do you use the program Subliminal...?....if not, uninstall it

 

If Avast is to be your AV, update it.

If it FAILS to update...let me know.

 

 

Download and run TFC

 

Download TFC from the download link above and save the file on your desktop.

  1. Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  2. Double-click on the TFC icon.
  3. When the program starts, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  4. When done, press OK to reboot your computer and finish the cleanup.

Note 1: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

Note 2: This program will not delete your Cookies or Browser History.

 

 

I will post more....but that will keep you going

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#14 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 08 June 2014 - 01:26 AM

Update Java from HERE

 

Update Flash from HERE

 

with BOTH of the above downloads....LOOK for bundled junk....like the "optional offer" of mcafee scanner with the flash download........untick the box.....

 

To create a new Account...either standard or Admin....HERE

 

 

Conduit Search is a browser hijacker, which is promoted via other free downloads, and once installed it will add the Conduit Toolbar, and change your browser homepage and default search engine to search.conduit.com.

Conduit Search will display advertisements and sponsored links in your search results, and may collect search terms from your search queries. The Conduit infection is used to boost advertising revenue, as in the use of blackhat SEO, to inflate a site’s page ranking in search results.

 

 

When you say the computer started acting weird again,,,,,,,what exactly do you mean ?....describe the weirdness to me..


Edited by Condobloke, 08 June 2014 - 03:24 AM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#15 jasminebird

jasminebird
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 08 June 2014 - 11:31 AM

Sorry, it was b4 I ran the ESET, brain tired, wont bore u w/all the details of what's going on here...

It was not getting on internet, hung up when shutting down, forgot what all--those r the main things I remember. 

Running ESET 1st time cleaned up a bunch of what was causing it (the 59 items), i m sure.

Been careful since then 2 not get on internet w/Admin acct.

2day, it's not getting on the internet.  (Using my bkup computer 4 most internet stuf til i m sure the other 1 is clean)

Thanks again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users