Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help..I need to find and remove an annoying problem


  • Please log in to reply
18 replies to this topic

#1 Madforit

Madforit

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:11:01 AM

Posted 05 October 2014 - 05:48 AM

I have recently and for no reason started getting a sound played which is at seemingly random times but always the same sound.

 

It is a sound that is as if something has been completed or finished,,I am not sure which program it could be but i think it is some kind of malware causing it.

 

I have scanned with both mbam and SAS and am totally clean.

 

I have also checked to see if anything is run from msconfig but nothing is unusual there and also nothing shows up in task manager although when i have the processes tab opened up exploirer.,exe shows up and moves up the lists and then disappears only to do it again.

 

 

I hope someone can help me get to the bottom of this rather annoying problem.


Edited by hamluis, 05 October 2014 - 10:47 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:01 AM

Posted 05 October 2014 - 06:03 AM

exploirer.,exe

Is this the correct spelling of what you saw or is it explorer.exe...no i and no comma?

 

Scan with the programs below:

 

download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Run the ESET Online Scanner.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Use CCleaner to cleanup the caches, temporary files, cookies, etc. Pay attention while installing and UNcheck offers of toolbars...especially Yahoo.

No need to use the Registry Cleaning Tool and it has the potential to cause a problem if used.

CCleaner - PC Optimization and Cleaning - Free Download


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:11:01 AM

Posted 06 October 2014 - 09:01 AM

exploirer.,exe

Is this the correct spelling of what you saw or is it explorer.exe...no i and no comma?

 

Scan with the programs below:

 

download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Run the ESET Online Scanner.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Use CCleaner to cleanup the caches, temporary files, cookies, etc. Pay attention while installing and UNcheck offers of toolbars...especially Yahoo.

No need to use the Registry Cleaning Tool and it has the potential to cause a problem if used.

CCleaner - PC Optimization and Cleaning - Free Download

 # AdwCleaner v3.311 - Report created 06/10/2014 at 14:48:51

# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Steve - STEVE-PC
# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : 1a34a8e0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Steve\AppData\Local\MediaGet2
Folder Deleted : C:\Users\Steve\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Steve\AppData\Local\Tbccint
Folder Deleted : C:\Users\Steve\AppData\Local\torch
Folder Deleted : C:\Users\Steve\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\631.zewa@uiyv-zg.org
Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\cogmfi@uy-vfp.net
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
Folder Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc
File Deleted : C:\Windows\SysWOW64\RegistryHelperLM.ocx
File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Express FilesUpdate
Task Deleted : WS.Booster-S-667284051
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6D3C9858-2674-46E1-9112-107340758481}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{909112FE-C4A2-4990-A499-E58867D55B15}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B618C19D-A418-4586-80C6-09DBDA9C748E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B68B00A0-95B9-4162-BA45-7A1113317DA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E413D78F-283C-45F1-9992-8EF7D55A4933}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\WS.Booster
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.exitingsearch.info/?pid=233&r=2014/03/11&hid=54902864661953784&lg=EN&cc=GB&unqvl=50&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Line Deleted : user_pref("extensions.8BOtN1Ed8I_.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.EFEa.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.j9Ifm_L.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.exitingsearch.info/?pid=233&r=2014/03/11&hid=54902864661953784&lg=EN&cc=GB&unqvl=50&l=1&q=");
 
-\\ Google Chrome v
 
[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R2].txt - [13712 octets] - [06/10/2014 14:46:15]
AdwCleaner[S1].txt - [13733 octets] - [06/10/2014 14:48:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13794 octets] ##########

i am now running JWR and also ESET and will post results when done,,,still got it so far unfortunately.



#4 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:11:01 AM

Posted 06 October 2014 - 09:04 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Steve on 06/10/2014 at 14:55:00.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Steve\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Steve\appdata\local\premiumplay codec-c"
Successfully deleted: [Folder] "C:\Program Files (x86)\premiumplay codec-c"
Successfully deleted: [Folder] "C:\Program Files (x86)\your product"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0BF9080D-33AA-462C-86AE-0A5BBDE871C0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{0F8F1875-3D6F-4CE3-BEF7-B8C333ADFF40}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1A8512CE-7F1A-4ECF-9556-491D022DF19C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1BAF0D6F-5C76-4601-948B-6BCC904D1022}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{1CD5209A-374C-400D-8BD5-086929DBD76A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{20530EAB-AE78-46DA-9D8F-613889FB0FAD}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{20700079-823C-4BBC-92D9-5E143D8732A0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2380B4A9-9505-4153-9BFE-AC4D9319202E}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2382F51C-AA7A-480C-B34B-53A05F0107F5}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2BF1CF61-426A-49EF-986A-0405ACA4AC19}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{2E1E52ED-679E-4E71-9869-C688E3E060B1}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{34E44574-8867-4413-8194-B4BB533A9708}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{37F7AB3A-5841-4BB4-9E13-B152C2B61EDD}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{38A859C8-CB50-4386-9435-174119B0FB53}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3B4BA06A-A194-42D8-A961-A1764406598A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3CA2F9DB-97D6-4C11-83E7-4C531E0D91A2}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3F4E0919-AC92-4FB1-8FC5-FE0B62F4765C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{3F75B33A-B975-405C-A57F-0F753378B4C9}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4B9F3EE3-AE19-43D3-A4AE-0EA3215290DF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4C5418FD-5C99-401B-A187-F697931E6F24}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{4F6D6C69-A629-4211-923D-DE87EFC1467B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{5F33A534-A5F2-4F75-8D10-CEAAD5CE14DC}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6036B264-F053-471B-AE55-C69FC500814C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{609F16AE-FC68-4840-91E4-F40CE2896647}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{6180A849-305A-4A90-B06A-7080A97CF43B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{64AEE6B7-6AE0-49F3-870D-8CA4E13E7592}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{66078679-72CF-465E-9BCA-39D76F60927B}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{69BA72BD-B164-4507-A59C-A7C7FCA2D183}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{738F0F65-6F50-468A-B1FD-A961A0D9358C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7C298F54-9678-489A-858A-F356CBA19AF4}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{7D731B89-92A4-4EF2-AB79-2FCBC77BEE62}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{80C8D281-60CE-4202-A6C1-35DFC55624F0}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{817DB059-FD24-4461-B59C-19A7DEDCC281}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{8535590D-1513-47D3-AC18-7D59C5BB470A}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{88887663-5D92-4468-A9F2-739AB101E43C}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{8AC5EA6B-B8D7-42CE-9B77-B4723815A9E6}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{97EEE934-15B2-4C6B-86C7-7BF525D4FAAD}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9C3EFD1A-0AAE-46B6-8168-76CA7FF8CFE2}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{9E633120-48C5-46B8-BB84-06003562009F}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A4401F7A-97F1-4C02-A731-4B3A0F3DAE78}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{A80E6B92-DDE8-4176-9AE6-8B19FF15E2B8}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B18BC08D-56A9-41BB-AE7B-ACFDDB038E53}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B800F231-A782-4632-A409-A612393E79BF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{CF47C8B4-E9B2-4760-916D-D8551DD427F5}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D0449BB4-7BE0-41DA-8AB6-A7C159E15461}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D0E5EF97-949D-4E56-B969-B963820AC810}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D120C856-DE3C-4D7F-B3FD-F29ADF908C4D}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{D60E40B1-803D-4B22-98ED-D28BF34714D9}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{EF6CFC94-E98B-4DF4-8177-C03E179FE6BF}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{F8127DA2-0B9A-43F8-B35D-35A44BD1C5E6}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{FB622C62-85E1-461F-9323-A897831335BF}
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\lr3pxfeo.default\prefs.js
 
user_pref("browser.search.useDBForOrder", "false");
user_pref("extensions.j9Ifm_L.url", "hxxp://techwebbjobnew.info/sync2/?q=hfZ9ofV9CShEAen0rTrHtMqLDe49CNU0m9sMCMlNhd9FqdaHrjwEpdaGrTwMBzqUojw9rdUHrdwGrjnErSh7hfs0pihPBMn0rHCFpj
Emptied folder: C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\lr3pxfeo.default\minidumps [63 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
# AdwCleaner v3.311 - Report created 06/10/2014 at 14:48:51
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Steve - STEVE-PC
# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : 1a34a8e0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Steve\AppData\Local\MediaGet2
Folder Deleted : C:\Users\Steve\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Steve\AppData\Local\Tbccint
Folder Deleted : C:\Users\Steve\AppData\Local\torch
Folder Deleted : C:\Users\Steve\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\631.zewa@uiyv-zg.org
Folder Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\Extensions\cogmfi@uy-vfp.net
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgibcgdienkaaiipoppphjikgpibpi
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekjacmgkkdimjnkfainniidmebogjlf
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmddpopfdnfcendlajliijdjlmdmdc
Folder Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc
File Deleted : C:\Windows\SysWOW64\RegistryHelperLM.ocx
File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Express FilesUpdate
Task Deleted : WS.Booster-S-667284051
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6D3C9858-2674-46E1-9112-107340758481}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{909112FE-C4A2-4990-A499-E58867D55B15}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B618C19D-A418-4586-80C6-09DBDA9C748E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B68B00A0-95B9-4162-BA45-7A1113317DA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E413D78F-283C-45F1-9992-8EF7D55A4933}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\WS.Booster
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\lr3pxfeo.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.exitingsearch.info/?pid=233&r=2014/03/11&hid=54902864661953784&lg=EN&cc=GB&unqvl=50&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Line Deleted : user_pref("extensions.8BOtN1Ed8I_.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.EFEa.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.j9Ifm_L.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.exitingsearch.info/?pid=233&r=2014/03/11&hid=54902864661953784&lg=EN&cc=GB&unqvl=50&l=1&q=");
 
-\\ Google Chrome v
 
[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R2].txt - [13712 octets] - [06/10/2014 14:46:15]
AdwCleaner[S1].txt - [13733 octets] - [06/10/2014 14:48:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13794 octets] ##########
 


#5 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:11:01 AM

Posted 06 October 2014 - 09:22 AM

it was a typo in the file name it was just explorer.exe,,i have noticed that it does this with that last program that was openeed usually,,It rises to top of thne list and then goes back to about  half way down and then does it again


Edited by hamluis, 06 October 2014 - 10:43 AM.
Removed unnecessary quotebox - Hamluis.


#6 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:01 AM

Posted 06 October 2014 - 09:34 AM

That's quiet a collection of crapware. I did notice mention of IMs so the sound may be related to those.

I'll wait to see what Eset found before commenting further.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:11:01 AM

Posted 06 October 2014 - 12:26 PM

That's quiet a collection of crapware. I did notice mention of IMs so the sound may be related to those.

I'll wait to see what Eset found before commenting further.

do you mean instant messages by im's ?, if so it's definately not that, but ive figured out that the sound is associated with the close program sound although i haven't got any sounds set to inform me of anything like this.

 

It does happen when i close a window or a program or folder but it also happens at seemingly random times too.

 

The eset scan is going to be like 4 or 5 hours so will post it as soon as it is done.



#8 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:01 AM

Posted 07 October 2014 - 08:48 AM

Along with posting the Eset scan log, post a list of installed programs. Open CCleaner. Click on Tools. Click on Uninstall.

At the bottom of that page you will see a button to click that will allow you to copy and paste the list of installed programs

back here.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:11:01 AM

Posted 08 October 2014 - 12:41 AM

ESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4767e511295cbc41a9586d73c04a1399
# engine=20490
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-08 03:24:49
# local_time=2014-10-08 04:24:49 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 11869324 165203739 0 0
# scanned=318392
# found=21
# cleaned=19
# scan_time=9625
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\n3244\s3244.exe"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\n5151\s5151.exe"
sh=58CAC1ADC63835D6D035BEAA49C7BA957C9A7F9E ft=1 fh=f76b63c0c0358233 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\NativeMessaging\CT3270076\1_0_2_0\TBMessagingHost.exe.vir"
sh=4515533AF4E133845BBFE2573FE2CB1982D34D0D ft=1 fh=39f3190ccaaabb88 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\Tbccint\Chrome\CT3270076\CHUninstaller.exe.vir"
sh=19F0E6DE388FBA7AA857509537403CEBD5E8F09E ft=1 fh=281eb2f4bfcca60e vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\Tbccint\Chrome\CT3270076\UninstallerUI.exe.vir"
sh=54BC4AD8E5307E7FF9DBBEF94B60F847D27B8FDA ft=1 fh=90fcfd4440d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\slice.exe"
sh=281FFE7BB0A13C7B477C696AD65D9E61BC2FB6A3 ft=1 fh=4f4d4516d6495a0e vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\slicesetup_v2.00.exe"
sh=9A640159BC2F3E3039B2BE615C8789B09B3B5886 ft=1 fh=6ac2b98e40d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\uninst.exe"
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
sh=4BD0D7C58415632955A584C285756B4BC7B396AF ft=1 fh=1e5217d92724bc77 vn="Win32/AdWare.1ClickDownload.AT application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\File System\034\t\00\00000000"
sh=D6F4E8FEC3CFB8AA1F74057D3CEE9754FDB92CEC ft=1 fh=a013553bf879722a vn="a variant of Win32/AdWare.MultiPlug.BE application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\File System\036\t\00\00000000"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\n3244\s3244.exe"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\n5151\s5151.exe"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Users\Steve\AppData\Local\Temp\tbuTor.dll"
sh=A52FC9DAE403CF155A27AC036A38F5F7A2108842 ft=1 fh=64eaa17e3510b003 vn="a variant of Win32/YourFileDownloader.A potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Users\Steve\Downloads\sam_broadcaster_4.9_downloader_133.exe"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\cbsidlm-cbsi145-Fishing_Hero-ORG-75959884.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\cbsidlm-cbsi176-Golden_Fairway_Golf-ORG-10581271.exe"
sh=8210E5D215065570CD567288C95EA7EDAA06631B ft=1 fh=a322610c4eb94c75 vn="MSIL/AdvancedSystemProtector.D potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\Copy of stuff from c drive\cpu-z_1.61-setup-en.exe"
sh=80C944059577E5A71A0408A0E0232E4A00D9F7CA ft=1 fh=2c6feca9ada4505e vn="Win32/Adware.1ClickDownload.G application (cleaned by deleting - quarantined)" ac=C fn="E:\Latest WE68 Tunes\Copy of stuff from c drive\The_Heroin_Diaries_(Nikki_Sixx)_Ebook.exe"
sh=35E55C83DB0ED946F3A17A1E817668870F2FCDE7 ft=1 fh=90093bf2183b520b vn="Win32/Somoto.E potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Today's Show\m4a-to-mp3-converter.exe"
sh=4BD0D7C58415632955A584C285756B4BC7B396AF ft=1 fh=1e5217d92724bc77 vn="Win32/AdWare.1ClickDownload.AT application (cleanead by deleting - quarantined)" ac=C fn="E:\Today's Show\Red_Hot_Chili_Peppers_Discography_(1984-2013)_JOEYRAMON.exe"


#10 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:11:01 AM

Posted 08 October 2014 - 07:09 AM

 

ESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4767e511295cbc41a9586d73c04a1399
# engine=20490
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-08 03:24:49
# local_time=2014-10-08 04:24:49 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 11869324 165203739 0 0
# scanned=318392
# found=21
# cleaned=19
# scan_time=9625
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\n3244\s3244.exe"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\n5151\s5151.exe"
sh=58CAC1ADC63835D6D035BEAA49C7BA957C9A7F9E ft=1 fh=f76b63c0c0358233 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\NativeMessaging\CT3270076\1_0_2_0\TBMessagingHost.exe.vir"
sh=4515533AF4E133845BBFE2573FE2CB1982D34D0D ft=1 fh=39f3190ccaaabb88 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\Tbccint\Chrome\CT3270076\CHUninstaller.exe.vir"
sh=19F0E6DE388FBA7AA857509537403CEBD5E8F09E ft=1 fh=281eb2f4bfcca60e vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\Tbccint\Chrome\CT3270076\UninstallerUI.exe.vir"
sh=54BC4AD8E5307E7FF9DBBEF94B60F847D27B8FDA ft=1 fh=90fcfd4440d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\slice.exe"
sh=281FFE7BB0A13C7B477C696AD65D9E61BC2FB6A3 ft=1 fh=4f4d4516d6495a0e vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\slicesetup_v2.00.exe"
sh=9A640159BC2F3E3039B2BE615C8789B09B3B5886 ft=1 fh=6ac2b98e40d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\uninst.exe"
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
sh=4BD0D7C58415632955A584C285756B4BC7B396AF ft=1 fh=1e5217d92724bc77 vn="Win32/AdWare.1ClickDownload.AT application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\File System\034\t\00\00000000"
sh=D6F4E8FEC3CFB8AA1F74057D3CEE9754FDB92CEC ft=1 fh=a013553bf879722a vn="a variant of Win32/AdWare.MultiPlug.BE application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\File System\036\t\00\00000000"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\n3244\s3244.exe"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\n5151\s5151.exe"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Users\Steve\AppData\Local\Temp\tbuTor.dll"
sh=A52FC9DAE403CF155A27AC036A38F5F7A2108842 ft=1 fh=64eaa17e3510b003 vn="a variant of Win32/YourFileDownloader.A potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Users\Steve\Downloads\sam_broadcaster_4.9_downloader_133.exe"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\cbsidlm-cbsi145-Fishing_Hero-ORG-75959884.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\cbsidlm-cbsi176-Golden_Fairway_Golf-ORG-10581271.exe"
sh=8210E5D215065570CD567288C95EA7EDAA06631B ft=1 fh=a322610c4eb94c75 vn="MSIL/AdvancedSystemProtector.D potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\Copy of stuff from c drive\cpu-z_1.61-setup-en.exe"
sh=80C944059577E5A71A0408A0E0232E4A00D9F7CA ft=1 fh=2c6feca9ada4505e vn="Win32/Adware.1ClickDownload.G application (cleaned by deleting - quarantined)" ac=C fn="E:\Latest WE68 Tunes\Copy of stuff from c drive\The_Heroin_Diaries_(Nikki_Sixx)_Ebook.exe"
sh=35E55C83DB0ED946F3A17A1E817668870F2FCDE7 ft=1 fh=90093bf2183b520b vn="Win32/Somoto.E potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Today's Show\m4a-to-mp3-converter.exe"
sh=4BD0D7C58415632955A584C285756B4BC7B396AF ft=1 fh=1e5217d92724bc77 vn="Win32/AdWare.1ClickDownload.AT application (cleanead by deleting - quarantined)" ac=C fn="E:\Today's Show\Red_Hot_Chili_Peppers_Discography_(1984-2013)_JOEYRAMON.exe"
 
I forgot to save the ccleaner log but it is all clean now,,so far i havent heard the sound but i will let you know if it happens soon,
 

 


 

 

ESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4767e511295cbc41a9586d73c04a1399
# engine=20490
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-08 03:24:49
# local_time=2014-10-08 04:24:49 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 11869324 165203739 0 0
# scanned=318392
# found=21
# cleaned=19
# scan_time=9625
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\n3244\s3244.exe"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\n5151\s5151.exe"
sh=58CAC1ADC63835D6D035BEAA49C7BA957C9A7F9E ft=1 fh=f76b63c0c0358233 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\NativeMessaging\CT3270076\1_0_2_0\TBMessagingHost.exe.vir"
sh=4515533AF4E133845BBFE2573FE2CB1982D34D0D ft=1 fh=39f3190ccaaabb88 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\Tbccint\Chrome\CT3270076\CHUninstaller.exe.vir"
sh=19F0E6DE388FBA7AA857509537403CEBD5E8F09E ft=1 fh=281eb2f4bfcca60e vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\Tbccint\Chrome\CT3270076\UninstallerUI.exe.vir"
sh=54BC4AD8E5307E7FF9DBBEF94B60F847D27B8FDA ft=1 fh=90fcfd4440d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\slice.exe"
sh=281FFE7BB0A13C7B477C696AD65D9E61BC2FB6A3 ft=1 fh=4f4d4516d6495a0e vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\slicesetup_v2.00.exe"
sh=9A640159BC2F3E3039B2BE615C8789B09B3B5886 ft=1 fh=6ac2b98e40d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\uninst.exe"
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
sh=4BD0D7C58415632955A584C285756B4BC7B396AF ft=1 fh=1e5217d92724bc77 vn="Win32/AdWare.1ClickDownload.AT application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\File System\034\t\00\00000000"
sh=D6F4E8FEC3CFB8AA1F74057D3CEE9754FDB92CEC ft=1 fh=a013553bf879722a vn="a variant of Win32/AdWare.MultiPlug.BE application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\File System\036\t\00\00000000"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\n3244\s3244.exe"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\n5151\s5151.exe"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Users\Steve\AppData\Local\Temp\tbuTor.dll"
sh=A52FC9DAE403CF155A27AC036A38F5F7A2108842 ft=1 fh=64eaa17e3510b003 vn="a variant of Win32/YourFileDownloader.A potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Users\Steve\Downloads\sam_broadcaster_4.9_downloader_133.exe"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\cbsidlm-cbsi145-Fishing_Hero-ORG-75959884.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\cbsidlm-cbsi176-Golden_Fairway_Golf-ORG-10581271.exe"
sh=8210E5D215065570CD567288C95EA7EDAA06631B ft=1 fh=a322610c4eb94c75 vn="MSIL/AdvancedSystemProtector.D potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\Copy of stuff from c drive\cpu-z_1.61-setup-en.exe"
sh=80C944059577E5A71A0408A0E0232E4A00D9F7CA ft=1 fh=2c6feca9ada4505e vn="Win32/Adware.1ClickDownload.G application (cleaned by deleting - quarantined)" ac=C fn="E:\Latest WE68 Tunes\Copy of stuff from c drive\The_Heroin_Diaries_(Nikki_Sixx)_Ebook.exe"
sh=35E55C83DB0ED946F3A17A1E817668870F2FCDE7 ft=1 fh=90093bf2183b520b vn="Win32/Somoto.E potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Today's Show\m4a-to-mp3-converter.exe"
sh=4BD0D7C58415632955A584C285756B4BC7B396AF ft=1 fh=1e5217d92724bc77 vn="Win32/AdWare.1ClickDownload.AT application (cleanead by deleting - quarantined)" ac=C fn="E:\Today's Show\Red_Hot_Chili_Peppers_Discography_(1984-2013)_JOEYRAMON.exe"
 
I forgot to save the ccleaner log but it is all clean now,, 
 

 

 


 

 

ESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4767e511295cbc41a9586d73c04a1399
# engine=20490
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-08 03:24:49
# local_time=2014-10-08 04:24:49 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 11869324 165203739 0 0
# scanned=318392
# found=21
# cleaned=19
# scan_time=9625
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\n3244\s3244.exe"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\n5151\s5151.exe"
sh=58CAC1ADC63835D6D035BEAA49C7BA957C9A7F9E ft=1 fh=f76b63c0c0358233 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\NativeMessaging\CT3270076\1_0_2_0\TBMessagingHost.exe.vir"
sh=4515533AF4E133845BBFE2573FE2CB1982D34D0D ft=1 fh=39f3190ccaaabb88 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\Tbccint\Chrome\CT3270076\CHUninstaller.exe.vir"
sh=19F0E6DE388FBA7AA857509537403CEBD5E8F09E ft=1 fh=281eb2f4bfcca60e vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\Tbccint\Chrome\CT3270076\UninstallerUI.exe.vir"
sh=54BC4AD8E5307E7FF9DBBEF94B60F847D27B8FDA ft=1 fh=90fcfd4440d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\slice.exe"
sh=281FFE7BB0A13C7B477C696AD65D9E61BC2FB6A3 ft=1 fh=4f4d4516d6495a0e vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\slicesetup_v2.00.exe"
sh=9A640159BC2F3E3039B2BE615C8789B09B3B5886 ft=1 fh=6ac2b98e40d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\uninst.exe"
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
sh=4BD0D7C58415632955A584C285756B4BC7B396AF ft=1 fh=1e5217d92724bc77 vn="Win32/AdWare.1ClickDownload.AT application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\File System\034\t\00\00000000"
sh=D6F4E8FEC3CFB8AA1F74057D3CEE9754FDB92CEC ft=1 fh=a013553bf879722a vn="a variant of Win32/AdWare.MultiPlug.BE application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\File System\036\t\00\00000000"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\n3244\s3244.exe"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\n5151\s5151.exe"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Users\Steve\AppData\Local\Temp\tbuTor.dll"
sh=A52FC9DAE403CF155A27AC036A38F5F7A2108842 ft=1 fh=64eaa17e3510b003 vn="a variant of Win32/YourFileDownloader.A potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Users\Steve\Downloads\sam_broadcaster_4.9_downloader_133.exe"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\cbsidlm-cbsi145-Fishing_Hero-ORG-75959884.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\cbsidlm-cbsi176-Golden_Fairway_Golf-ORG-10581271.exe"
sh=8210E5D215065570CD567288C95EA7EDAA06631B ft=1 fh=a322610c4eb94c75 vn="MSIL/AdvancedSystemProtector.D potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\Copy of stuff from c drive\cpu-z_1.61-setup-en.exe"
sh=80C944059577E5A71A0408A0E0232E4A00D9F7CA ft=1 fh=2c6feca9ada4505e vn="Win32/Adware.1ClickDownload.G application (cleaned by deleting - quarantined)" ac=C fn="E:\Latest WE68 Tunes\Copy of stuff from c drive\The_Heroin_Diaries_(Nikki_Sixx)_Ebook.exe"
sh=35E55C83DB0ED946F3A17A1E817668870F2FCDE7 ft=1 fh=90093bf2183b520b vn="Win32/Somoto.E potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Today's Show\m4a-to-mp3-converter.exe"
sh=4BD0D7C58415632955A584C285756B4BC7B396AF ft=1 fh=1e5217d92724bc77 vn="Win32/AdWare.1ClickDownload.AT application (cleanead by deleting - quarantined)" ac=C fn="E:\Today's Show\Red_Hot_Chili_Peppers_Discography_(1984-2013)_JOEYRAMON.exe"
 
I forgot to save the ccleaner log but it is all clean now,,so far i havent heard the sound but i will let you know if it happens soon,
 

 


 

 

ESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4767e511295cbc41a9586d73c04a1399
# engine=20490
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-08 03:24:49
# local_time=2014-10-08 04:24:49 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 11869324 165203739 0 0
# scanned=318392
# found=21
# cleaned=19
# scan_time=9625
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\n3244\s3244.exe"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\n5151\s5151.exe"
sh=58CAC1ADC63835D6D035BEAA49C7BA957C9A7F9E ft=1 fh=f76b63c0c0358233 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\NativeMessaging\CT3270076\1_0_2_0\TBMessagingHost.exe.vir"
sh=4515533AF4E133845BBFE2573FE2CB1982D34D0D ft=1 fh=39f3190ccaaabb88 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\Tbccint\Chrome\CT3270076\CHUninstaller.exe.vir"
sh=19F0E6DE388FBA7AA857509537403CEBD5E8F09E ft=1 fh=281eb2f4bfcca60e vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steve\AppData\Local\Tbccint\Chrome\CT3270076\UninstallerUI.exe.vir"
sh=54BC4AD8E5307E7FF9DBBEF94B60F847D27B8FDA ft=1 fh=90fcfd4440d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\slice.exe"
sh=281FFE7BB0A13C7B477C696AD65D9E61BC2FB6A3 ft=1 fh=4f4d4516d6495a0e vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\slicesetup_v2.00.exe"
sh=9A640159BC2F3E3039B2BE615C8789B09B3B5886 ft=1 fh=6ac2b98e40d863c5 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\Slice\uninst.exe"
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
sh=4BD0D7C58415632955A584C285756B4BC7B396AF ft=1 fh=1e5217d92724bc77 vn="Win32/AdWare.1ClickDownload.AT application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\File System\034\t\00\00000000"
sh=D6F4E8FEC3CFB8AA1F74057D3CEE9754FDB92CEC ft=1 fh=a013553bf879722a vn="a variant of Win32/AdWare.MultiPlug.BE application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\File System\036\t\00\00000000"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\n3244\s3244.exe"
sh=086E09FA8FA284275BE5BA9B41BC3B9293346C1E ft=1 fh=4dd7fb1653793403 vn="a variant of MSIL/Solimba.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\n5151\s5151.exe"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Users\Steve\AppData\Local\Temp\tbuTor.dll"
sh=A52FC9DAE403CF155A27AC036A38F5F7A2108842 ft=1 fh=64eaa17e3510b003 vn="a variant of Win32/YourFileDownloader.A potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Users\Steve\Downloads\sam_broadcaster_4.9_downloader_133.exe"
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\cbsidlm-cbsi145-Fishing_Hero-ORG-75959884.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\cbsidlm-cbsi176-Golden_Fairway_Golf-ORG-10581271.exe"
sh=8210E5D215065570CD567288C95EA7EDAA06631B ft=1 fh=a322610c4eb94c75 vn="MSIL/AdvancedSystemProtector.D potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Latest WE68 Tunes\Copy of stuff from c drive\cpu-z_1.61-setup-en.exe"
sh=80C944059577E5A71A0408A0E0232E4A00D9F7CA ft=1 fh=2c6feca9ada4505e vn="Win32/Adware.1ClickDownload.G application (cleaned by deleting - quarantined)" ac=C fn="E:\Latest WE68 Tunes\Copy of stuff from c drive\The_Heroin_Diaries_(Nikki_Sixx)_Ebook.exe"
sh=35E55C83DB0ED946F3A17A1E817668870F2FCDE7 ft=1 fh=90093bf2183b520b vn="Win32/Somoto.E potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Today's Show\m4a-to-mp3-converter.exe"
sh=4BD0D7C58415632955A584C285756B4BC7B396AF ft=1 fh=1e5217d92724bc77 vn="Win32/AdWare.1ClickDownload.AT application (cleanead by deleting - quarantined)" ac=C fn="E:\Today's Show\Red_Hot_Chili_Peppers_Discography_(1984-2013)_JOEYRAMON.exe"
 
I forgot to save the ccleaner log but it is all clean now,, 
 

I take that back.,..it is still happening, Also the thing with task manager is still happening too.

 

 



#11 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:01 AM

Posted 08 October 2014 - 07:20 AM

You may have missed this post:

Along with posting the Eset scan log, post a list of installed programs. Open CCleaner. Click on Tools. Click on Uninstall.

At the bottom of that page you will see a button to click that will allow you to copy and paste the list of installed programs

back here.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:11:01 AM

Posted 08 October 2014 - 09:17 AM

s7-Zip 9.20 09/12/2011
Ace Stream Media 2.2.4.1-next Ace Stream Media 01/06/2014 2.2.4.1-next
Adobe AIR Adobe Systems Incorporated 27/07/2013 3.8.0.870
Adobe Flash Player 13 ActiveX Adobe Systems Incorporated 13/05/2014 6.00 MB 13.0.0.214
Adobe Flash Player 13 Plugin Adobe Systems Incorporated 14/05/2014 6.00 MB 13.0.0.214
Adobe Shockwave Player 12.0 Adobe Systems, Inc. 06/03/2013 12.0.0.112
Aeria Ignite Aeria Games & Entertainment 16/01/2014 1.13.3296
Akamai NetSession Interface Aakamai Technologies, Inc 30/07/2014
Alliance of Valiant Arms 16/01/2014
Amazon Kindle Amazon 31/08/2012
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 12/10/2013 26.0 MB 8.0.915.0
Any Audio Converter 4.0.2 Any-Audio-Converter.com 23/09/2013 53.0 MB
AnyTrans 3.7.3 iMobie Inc. 21/08/2014 38.6 MB 3.7.3
AVG PC Tuneup 2011 AVG 15/03/2012 33.4 MB
CCleaner Piriform 22/07/2013 4.04
Cheat Engine 6.3 Cheat Engine 13/09/2013 27.6 MB
Combined Community Codec Pack 2011-11-11 CCCP Project 12/08/2012 34.7 MB 2011.11.11.0
ConvertXtoDVD 4.1.19.365 10/01/2012 68.1 MB 4.1.19.365
DAEMON Tools Lite DT Soft Ltd 11/12/2011 4.45.1.0236
DeepBurner v1.9.0.228 17/12/2013
DivX Setup DivX, LLC 01/03/2013 2.6.1.24
Dropbox Dropbox, Inc. 24/07/2013 2.0.26
ESET Online Scanner v3 08/10/2014
Facebook Video Calling 3.1.0.521 Skype Limited 09/08/2014 12.4 MB 3.1.521
ffdshow [rev 2202] [2008-10-10] 15/11/2012 1.0
Firebird 2.5.0.26074 (Win32) Firebird Project 25/06/2014 2.5.0.26074
FLAC to MP3 Converter 6.1.9 Accmeware Corporation 05/10/2012 4.53 MB
Flvto Youtube Downloader Hotger 05/06/2014 0.3.6
FMRTE BraCa Soft 15/11/2013 28.0 MB 5.0.2
FMRTE 5.2.4 Raul Bravo 27/10/2013 26.9 MB 5.2.4
Free Burn MP3-CD v1.2 www.nbxsoft.com 06/10/2012 1.2
GamersFirst LIVE! GamersFirst 30/11/2013
Google Chrome Google Inc. 19/05/2014 37.0.2062.124
Google Earth Google 27/05/2014 180 MB 7.1.2.2041
Google Talk (remove only) 16/06/2013
Google Talk Plugin Google 07/06/2014 13.2 MB 5.4.2.18903
Java 7 Update 45 (64-bit) Oracle 24/10/2013 118 MB 7.0.450
Java 7 Update 51 Oracle 02/01/2014 118 MB 7.0.510
Java™ 6 Update 31 Oracle 27/02/2012 95.1 MB 6.0.310
Java™ 7 Update 4 Oracle 24/10/2013 99.3 MB 7.0.40
JavaFX 2.1.1 Oracle Corporation 21/07/2012 20.8 MB 2.1.1
Logitech Vid HD Logitech Inc.. 01/05/2012 7.2 (7259)
M4A to MP3 Converter 12/06/2012 13.2 MB
Malwarebytes Anti-Malware version 2.0.2.1012 Malwarebytes Corporation 08/07/2014 53.1 MB 2.0.2.1012
Microsoft .NET Framework 4.5 Microsoft Corporation 14/10/2013 38.8 MB 4.5.50709
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 14/04/2012 31.3 MB 3.5.92.0
Microsoft Games for Windows Marketplace Microsoft Corporation 14/04/2012 6.03 MB 3.5.50.0
Microsoft Mouse and Keyboard Center Microsoft Corporation 01/03/2013 2.1.177.0
Microsoft Silverlight Microsoft Corporation 12/08/2013 149 MB 5.1.20513.0
Microsoft Visual Basic PowerPacks 10.0 Microsoft 27/07/2013 1.47 MB 10.0.20911
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06/11/2012 298 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 07/12/2011 708 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 02/09/2012 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 04/09/2012 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07/12/2011 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 25/03/2012 228 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24/01/2012 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 11/10/2013 13.0 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 21/05/2013 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 Microsoft Corporation 12/10/2013 20.4 MB 11.0.50727.1
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 11/10/2013 20.5 MB 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Corporation 30/11/2013 17.4 MB 11.0.51106.1
Microsoft Works Microsoft Corporation 25/08/2012 275 MB 08.04.0623
mIRC mIRC Co. Ltd. 27/01/2012 7.22
Mobile Master Copy Station 8.9.3 Jumping Bytes 17/02/2014 8.9.3
Mouse Driver Driver Builder 12/09/2012 6.23 MB 5.1
Mozilla Firefox 32.0.3 (x86 en-US) Mozilla 30/09/2014 75.6 MB 32.0.3
MSI to redistribute MS VS2005 CRT libraries The Firebird Project 06/11/2012 1.58 MB 8.0.50727.42
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 30/05/2012 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 30/05/2012 1.39 MB 4.20.9876.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 26/05/2012 1.22 MB 4.20.9818.0
Need for Speed™ Hot Pursuit Electronic Arts 18/03/2013 7.73 GB 1.0.0.0
NETGEAR WG111v2 wireless USB 2.0 adapter NETGEAR 07/12/2011 1.0.0.133
NETGEAR WNDA3200 wireless adapter Setup NETGEAR 04/01/2012 1.0.0.11
NVIDIA Drivers NVIDIA Corporation 13/12/2011 1.6
NVIDIA PhysX NVIDIA Corporation 21/05/2013 69.6 MB 9.12.1031
OpenAL 30/03/2013
OpenVPN Client OpenVPN Technologies 25/03/2014 35.4 MB 1.5.6
Opti Drive Control 1.70 Erik Deppe 05/10/2012 2.98 MB
PC Connectivity Solution Nokia 26/05/2012 17.5 MB 8.47.7.0
PDF Reader 06/06/2013
PDFCreator Frank Heindörfer, Philip Chinery 21/08/2013 1.2.3
PeerBlock 1.1+ (r691) PeerBlock, LLC 13/03/2014 3.57 MB 1.1.0.691
Popcorn4TV version 1.0 Popcorn4TV 07/09/2014 137 MB 1.0
Product Support Product Support 25/01/2014 {VERSION}
Python 2.7.3 Python Software Foundation 26/05/2013 51.6 MB 2.7.3150
qBittorrent 3.0.9 Christophe Dumez 26/05/2013 65.3 MB 3.0.9
QuickTime 12/02/2013
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 24/09/2012 6.0.1.6196
SAM Broadcaster (remove only) 13/08/2014
Samsung Kies Samsung Electronics Co., Ltd. 17/04/2013 154 MB 2.5.2.13021_10
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 03/08/2014 36.7 MB 1.5.45.0
Sharepod 4.0.1.1 Macroplant LLC 21/08/2014 9.84 MB
ShotOnline GamesCampus 15/01/2014 1.0
Slice Audio File Splitter NCH Software 06/10/2013
Sniper Elite 3 05/08/2014 18.6 GB 1
Sony Mobile Update Engine Sony Mobile Communications AB 16/08/2014 2.14.11.201408051401
Sony PC Companion 2.10.211 Sony 16/08/2014 19.4 MB 2.10.211
Steam 08/08/2014
Steam Valve Corporation 08/08/2014
SUPERAntiSpyware SUPERAntiSpyware.com 27/01/2012 75.8 MB 5.0.1142
TeamSpeak 3 Client TeamSpeak Systems GmbH 02/09/2013 3.0.11.1
TeamViewer 8 TeamViewer 28/07/2014 8.0.26038
TmNationsForever Nadeo 03/04/2013
TmUnitedForever Nadeo 21/04/2013
TubeMaster++ 2.7 GgSofts 24/10/2013 2.7
Ubisoft Game Launcher UBISOFT 05/11/2012 1.0.0.0
Unity Web Player Unity Technologies ApS 29/11/2013 12.0 MB
Visual Studio 2008 x64 Redistributables AVG Technologies 25/03/2012 11.7 MB 10.0.0.2
Visual Studio 2012 x64 Redistributables AVG Technologies 03/10/2013 12.9 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 03/10/2013 10.5 MB 14.0.0.1
VLC media player 2.0.5 VideoLAN 01/04/2014 2.0.5
Wargame Red Dragon 05/07/2014 15.1 GB
Windows Live Essentials Microsoft Corporation 24/10/2012 16.4.3505.0912
Windows Phone app for desktop Microsoft Corporation 29/07/2014 8.04 MB 1.1.2726.0
WinPcap 4.1.3 Riverbed Technology, Inc. 21/10/2013 4.1.0.2980
WinRAR 5.01 (32-bit) win.rar GmbH 22/01/2014 5.01.0
World of Tanks Wargaming.net 02/10/2013 16.5 MB
World of Tanks Wargaming.net 02/10/2013
WTF onnet 03/01/2014 3.29 GB WTF
µTorrent 10/07/2012 2.2.1


#13 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:01 AM

Posted 08 October 2014 - 10:53 AM

Suggest you uninstall this: Akamai NetSession Interface Aakamai Technologies, Inc 30/07/2014

Akamai NetSession is a p2p technology. This means that you get media content not only from Akamai servers, but also from other users like you. Not only you get this content, but also share it with other users.

I see you have other P2P/ torrent programs and torrent streaming programs such as Popcorn. Allowing those access to store and

use your computer as a server or downloading free movies, music, cracked programs is very dangerous as many contain dangerous 

malware.

 

Uninstall Ace Stream Media 2.2.4.1-next Ace Stream Media 01/06/2014 2.2.4.1-next

Uninstall Adobe AIR Adobe Systems Incorporated 27/07/2013 3.8.0.870 (unless you actually use it...most don't)

Uninstall AVG PC Tuneup 2011 AVG 15/03/2012 33.4 MB

Uninstall all old Java programs which are malware magnets. Install latest if you are sure you even need it. Test by not installing and if

you venture onto a site or game which needs Java it will alert you. Java SE Runtime Environment 7 - Downloads | Oracle Technology Network | Oracle

Java 7 Update 45 (64-bit) Oracle 24/10/2013 118 MB 7.0.450
Java 7 Update 51 Oracle 02/01/2014 118 MB 7.0.510
Java™ 6 Update 31 Oracle 27/02/2012 95.1 MB 6.0.310
Java™ 7 Update 4 Oracle 24/10/2013 99.3 MB 7.0.40
JavaFX 2.1.1 Oracle Corporation 21/07/2012 20.8 MB 2.1.1

 

Possible sources of the mystery sound:

Facebook Video Calling 3.1.0.521

Google Talk (remove only) 16/06/2013
Google Talk Plugin Google 07/06/2014 13.2 MB 5.4.2.18903

mIRC mIRC Co. Ltd. 27/01/2012 7.22


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Madforit

Madforit
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oxoford, UK
  • Local time:11:01 AM

Posted 08 October 2014 - 03:08 PM

Suggest you uninstall this: Akamai NetSession Interface Aakamai Technologies, Inc 30/07/2014

Akamai NetSession is a p2p technology. This means that you get media content not only from Akamai servers, but also from other users like you. Not only you get this content, but also share it with other users.

I see you have other P2P/ torrent programs and torrent streaming programs such as Popcorn. Allowing those access to store and

use your computer as a server or downloading free movies, music, cracked programs is very dangerous as many contain dangerous 

malware.

 

Uninstall Ace Stream Media 2.2.4.1-next Ace Stream Media 01/06/2014 2.2.4.1-next

Uninstall Adobe AIR Adobe Systems Incorporated 27/07/2013 3.8.0.870 (unless you actually use it...most don't)

Uninstall AVG PC Tuneup 2011 AVG 15/03/2012 33.4 MB

Uninstall all old Java programs which are malware magnets. Install latest if you are sure you even need it. Test by not installing and if

you venture onto a site or game which needs Java it will alert you. Java SE Runtime Environment 7 - Downloads | Oracle Technology Network | Oracle

Java 7 Update 45 (64-bit) Oracle 24/10/2013 118 MB 7.0.450
Java 7 Update 51 Oracle 02/01/2014 118 MB 7.0.510
Java™ 6 Update 31 Oracle 27/02/2012 95.1 MB 6.0.310
Java™ 7 Update 4 Oracle 24/10/2013 99.3 MB 7.0.40
JavaFX 2.1.1 Oracle Corporation 21/07/2012 20.8 MB 2.1.1

 

Possible sources of the mystery sound:

Facebook Video Calling 3.1.0.521

Google Talk (remove only) 16/06/2013
Google Talk Plugin Google 07/06/2014 13.2 MB 5.4.2.18903

mIRC mIRC Co. Ltd. 27/01/2012 7.22

I know for a fact that the possible sources you listed are not the problem as ive had those for a long time and it has only just began.

I do use popcorn and acestream to watch sports but do not actually download anything.

 

I hope one way or another we can find the culprit.

 

I have deleted most of what you mentioned (Uninstalled), Although there isnt anything new in that list.

What can i do next ?



#15 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:01 AM

Posted 08 October 2014 - 06:00 PM

Let the experts have a look. They have tools they can use that are not allowed in this forum and know how

to use them.

 

Create a DDS log by following the instruction #6 at Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs

 

Post the DDS log in a new topic at Virus, Trojan, Spyware, and Malware Removal Logs

 

Once you have posted the new topic describing the problem along with the DDS log, do not bump

the new topic. Wait for a response. Not sure how long it will be...maybe even days...

If you will, post a link to the new topic back here.


Edited by buddy215, 08 October 2014 - 06:01 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users