Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 PUP doesn't remove after restart


  • Please log in to reply
21 replies to this topic

#1 MalloryO

MalloryO

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 06 June 2014 - 12:45 PM

Having a really slow system. Running disk cleanup and Malware-Byte and use McAfee. McAfee never finds anything. Here is the latest log from MB. Can someone help me clean my system up for better performance? Thank you.

 

Internet Explorer 11.0.9600.17107
cindy :: GREYGOOSE [limited]

Protection: Enabled

6/3/2014 8:11:02 AM
mbam-log-2014-06-03 (08-11-02).txt

Scan type: Full scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 451342
Time elapsed: 2 hour(s), 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} (PUP.Optional.MindSpark.A) -> Delete on reboot.
HKLM\SOFTWARE\VideoDownloadConverter_4z (PUP.Optional.MindSpark.A) -> Delete on reboot.
HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin (PUP.Optional.MindSpark.A) -> Delete on reboot.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{48586425-6BB7-4F51-8DC6-38C88E3EBB58} (PUP.Optional.MindSpark.A) -> Data:  -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} (PUP.Optional.MindSpark.A) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|4zffxtbr@VideoDownloadConverter_4z.com (PUP.Optional.MindSpark.A) -> Data: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\Program Files (x86)\VideoDownloadConverter_4z (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\chrome (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\ThirdPartyInstallers (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\gen1 (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\IE9Mesg (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\Message (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\Settings (PUP.Optional.MindSpark.A) -> Delete on reboot.

Files Detected: 18
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\BOOTSTRAP.JS (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CHROME.MANIFEST (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CrExtP4z.exe (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\INSTALL.RDF (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\installKeys.js (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\LOGO.BMP (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EXTEX.DLL (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\chrome\4zffxtbr.jar (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\ThirdPartyInstallers\VDC_Silent.exe (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\gen1\COMMON.T8S (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\IE9Mesg\COMMON.T8S (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\Message\COMMON.T8S (PUP.Optional.MindSpark.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\Settings\s_pid.dat (PUP.Optional.MindSpark.A) -> Delete on reboot.

(end)
 



BC AdBot (Login to Remove)

 


#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:04:19 AM

Posted 06 June 2014 - 12:49 PM

 Did you have all the PUPs checked and click the button to remove them?  That always works for me.  Sometimes you have to run in Safe Mode to get rid of all the pests.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 07 June 2014 - 12:33 AM

PUP doesn't remove after restart Which particular PUP does not remove ?  all of them?...or just a few?

Is there other behavior, that you have not described here, that bothers you and is not normal for your computer ?

 

Is MBAM (malwarebytes) updating easily/as it should/with no apparent dramas ?

 

If you go to the MBAM 'dashboard' ....what version are you running?   Version 2.xxx or 1.75xxx  ?

 

We may alter/update MBAM before using later in the procedure..

 

In the meantime, Please run these for me...

 

 

Please download RKill by Grinler from the link below and save it to your desktop.

    RKill
    Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
    If nothing happens or if the tool does not run, please let me know in your next reply.
    A log pops up at the end of the run. This log file is located at C:\rkill.log.
    Please post the log in your next reply.

 

DO NOT REBOOT HERE....

 

Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : Please close or save all work, as the computer will be Rebooted
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button. (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
If you see any which you do not want removed, remove the check mark next to it.
Next: Click on the Clean button (only once) to remove the selected items.
You will receive a message telling you that all programs will be close so that the infections can be removed.
Click on OK, and then OK again to confirm the reboot.
When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop.
Please copy and the paste this log in your next post.

 

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Please download  Junkware Removal Tool to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

 

Now....run MBAM....be sure it is updated.

 

 

Please run a free online scan with the ESET Online Scanner

    Disable your antivirus program
    Click on "Run ESET Online Scanner" button.
    Tick the box next to YES, I accept the Terms of Use
    Click Start
    Accept any security warnings from your browser.
    Check Scan archives
    Click Start
    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    When the scan completes, click on List of found threats
    Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


Edited by Condobloke, 07 June 2014 - 12:59 AM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#4 badr0b0t

badr0b0t

  • Members
  • 328 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:19 AM

Posted 07 June 2014 - 12:59 AM

Try Hitman Pro and take advantage of 30-day full-feature trial.


sig07.gif?psid=1

                                                           (Click sig to enlarge.)                                                    

 


#5 MalloryO

MalloryO
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 07 June 2014 - 11:52 AM

Last chance I had to check replies, there was just the one of trying safe mode to delete the remaining PUP files left after quarantine and restarting. So I "msconfig" to reboot in safe mode. While in safe mode it told me that MBAM needed to update to a newer version. It appeared to do so normally.

 

I was going to run a scan again while not in safemode, to see if the PUP files still are found but it told me it needed updated to the newer version, again. So I'm letting it do that, then will run another scan to see if the pup files are gone.

 

Thank you Condobloke for the detailed help. I will also be following these steps and posting again afterwards.



#6 MalloryO

MalloryO
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 07 June 2014 - 03:28 PM

Rkill 2.6.6 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 06/07/2014 04:22:26 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]

   "DisableAntiSpyware" = dword:00000001

 

Checking Windows Service Integrity:

 

* Windows Defender (WinDefend) is not Running.

   Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 06/07/2014 04:24:39 PM

Execution time: 0 hours(s), 2 minute(s), and 13 seconds(s)



#7 MalloryO

MalloryO
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 07 June 2014 - 03:54 PM

I used AdwCleaner program, and it found stuff, but no log file is on my desktop after it rebooted. EDIT: Looked in folder, only came up with old ones from 2012.


Edited by MalloryO, 07 June 2014 - 03:58 PM.


#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 07 June 2014 - 04:49 PM

If you saved the adwcleaner to your desktop.....the log should be there....however, you will find a copy of all logfiles saved in the C:\AdwCleaner folder which was created when running the tool.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#9 MalloryO

MalloryO
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 07 June 2014 - 10:04 PM

# AdwCleaner v3.212 - Report created 07/06/2014 at 16:35:58
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Administrator Cindy - GREYGOOSE
# Running from : C:\Users\cindy\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\windows\System32\Tasks\Browser Manager

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\de8a8be735bf42
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Administrator Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gunro.default\prefs.js ]


[ File : C:\Users\cindy\AppData\Roaming\Mozilla\Firefox\Profiles\9x32ofvc.default\prefs.js ]

Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.BUTTON_STRUCTURE", "[{\"b\":220745840,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":220745841,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.firstKnownVersion", "5.75.2.64256");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=780b5f4a&p2=^XP^xpi000^S07867^");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2014011210");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xpi000^S07867^");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastKnownVersion", "5.75.2.64256");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.partnerPixelFired", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "French Roses Quilt Pattern by Heather French||<hxxp://www.amazon.com/Neiko-Tools-USA-Precision-Oiler/dp/B000L2LRVI/ref=sr_1_1?ie=UT[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.toolbarCollapsed", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "21093");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Administrator Cindy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110790&tt=270912_7a_3912_8&babsrc=SP_ss&mntrId=f8dbc9c300000000000074de2b34b2d2

*************************

AdwCleaner[R0].txt - [7314 octets] - [07/06/2014 16:29:48]
AdwCleaner[S0].txt - [7319 octets] - [07/06/2014 16:35:58]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [7379 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Administrator Cindy on Sat 06/07/2014 at 22:14:58.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\video download converter"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/07/2014 at 22:30:35.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 07 June 2014 - 10:35 PM

very good.

How is the PC running now ?

 

Dont forget to run Eset...post no.3

 

have you rerun MBAM yet....? can you post the log from that for me please.

 

Then.....after Eset....run TFC

 

Download to your desktop. Double click the Icon...single click on run....then click Start.....your desktop will disappear...dont panic...it is working....it can sometimes take a little time.......when it is finished it will tell how much it has removed......no need to paste any log here.......If it asks for a reboot....do so immediately.

 

TFC. or Temp File Cleaner, is a small utility that will clean out all the folders on your computer that house temporary files.  The temp folders that TFC will clean are the Java, Windows Temp Folder, and the Internet Explorer, Opera, Chrome, and Safari caches. This tool will clean the folders for all accounts on the computer including the Administrator, NetworkService, and LocalService accounts.
 
 
Then....i need the results of two short scans......just to gather info about security on your pc...
 
 
Download HERE Screen317 Security Check[/url]   and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.
 
Please download MiniToolBox   to desktop and run it.
Checkmark the following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 


Edited by Condobloke, 08 June 2014 - 06:53 PM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#11 MalloryO

MalloryO
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 07 June 2014 - 11:19 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/7/2014
Scan Time: 11:07:20 PM
Logfile:
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.06.08.01
Rootkit Database: v2014.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: cindy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 270539
Time Elapsed: 58 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Things are running smoother, I can tell a difference.

Doing ESET now.



#12 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 07 June 2014 - 11:36 PM

Cool.   Eset will take quite some time....easily two hours...probably more

 

I usually get it running and go to bed.

 

if it finds nothing it will not produce a log

 

If it does find something the log will be there......When the scan completes, click on List of found threats
    Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#13 MalloryO

MalloryO
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 08 June 2014 - 03:23 PM

C:\Windows\Installer\f3af3d.msi    a variant of Win32/Toolbar.Babylon.Q potentially unwanted application    deleted - quarantined
 



#14 MalloryO

MalloryO
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 08 June 2014 - 03:25 PM

Clicking your TFC link reloads this thread. Could you give me the correct download page/link pretty please?



#15 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 08 June 2014 - 06:54 PM

super oops !!

 

http://www.bleepingcomputer.com/download/tfc/


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users