Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Pop Ups in Internet Explorer, Computer Slowed Down -- Windows VISTA / IE9


  • Please log in to reply
5 replies to this topic

#1 tbwestley

tbwestley

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 29 March 2015 - 05:44 PM

About a month ago I visited a web page (sorry, don't remember which one).

 

Immediately after this I started noticing a lot of popups when I used Internet Explorer.  There were also new programs on my PC I did not recognize.  Unfortunately I do not remember exactly what they were called.

 

In response to this I ran the following / with the following results:

  • Heimdel -- Not sure if it did anything
  • Malwarebytes -- Ran scan, not sure if it did anything
  • ADW -- this one deleted: desk toptemp; Fighter10119; Slow pc fighter.
  • Combofix -- not sure if it did anything
  • Simp Sys -- it deleted tweaks
  • RKILL -- not sure if it did anything.
After this, the popups and extra programs went away and my computer appears to be running normally.
 
I am posting here because I have been told that it is possible there still may be some residual malware on my PC.
 
My system details:
  • OS: Windows Vista service pack 2
  • Browser: Internet Explorer 9.0.8112.164211C

Is there more I should do to ensure my PC does not have any residual malware?

 

Thanks!

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:51 PM

Posted 29 March 2015 - 07:22 PM

Welcome to BC !

 

Rerun AdwCleaner and post its results...instructions below.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
  •  
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 tbwestley

tbwestley
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 30 March 2015 - 08:51 PM

Thanks for the help!

 

Here is my Adwcleaner log:

# AdwCleaner v4.200 - Logfile created 29/03/2015 at 19:09:32
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Tom Westley - TOMWESTLEY-PC
# Running from : C:\Users\Tom Westley\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Winferno

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Fighters10119
Key Deleted : HKCU\Software\Winferno
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\Fighters10119
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SLOW-PCfighter 10119

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Google Chrome v41.0.2272.101

[C:\Users\Tom Westley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Tom Westley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tom Westley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=F3C4454136779B9B6ED067507191664A&q={searchTerms}
[C:\Users\Tom Westley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://blekko.com/#?q={searchTerms}
[C:\Users\Tom Westley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=F3C4454136779B9B6ED067507191664A&q={searchTerms}

*************************

AdwCleaner[R0].txt - [11357 bytes] - [22/01/2015 13:02:21]
AdwCleaner[R1].txt - [3032 bytes] - [29/03/2015 19:04:38]
AdwCleaner[R2].txt - [3019 bytes] - [29/03/2015 19:07:35]
AdwCleaner[S0].txt - [11543 bytes] - [22/01/2015 13:06:40]
AdwCleaner[S1].txt - [2982 bytes] - [29/03/2015 19:09:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3041  bytes] ##########

Here is my JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Tom Westley on Sun 03/29/2015 at 19:18:25.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ad-aware browsing protection"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/29/2015 at 19:21:04.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I also Ran CCcleaner per your instructions.

 

Finally, here is my ESET log:

C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\adawareDx.dll.vir	a variant of Win32/Toolbar.Visicom.B potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\adawaretb.dll.vir	a variant of Win32/Toolbar.Visicom.A potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\dtUser.exe.vir	a variant of Win32/Toolbar.Visicom.C potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\GenericAskToolbar.dll.vir	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\precache.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\SaUpdate.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\UpdateTask.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\Updater\Updater.exe.vir	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Fighters10119\SLOW-PCfighter 10119\CommonToolkitSuiteLight.dll.vir	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Fighters10119\SLOW-PCfighter 10119\MsgSys.exe.vir	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Fighters10119\SLOW-PCfighter 10119\sfhtml.dll.vir	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Fighters10119\SLOW-PCfighter 10119\SLOW-PCfighter 10119.exe.vir	a variant of Win32/SlowPCfighter potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Tom Westley\AppData\Roaming\Fighters10119\Tray\AutoInstall\DM.exe.vir	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Tom Westley\AppData\Roaming\Fighters10119\Tray\Updates\TKTRAY-DM\DM.exe.vir	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Program Files\Ad-Aware Antivirus\AdAwareSafeBrowsing.exe	a variant of Win32/Toolbar.Visicom.A potentially unwanted application	deleted - quarantined
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe	a variant of Win32/HiddenStart.A potentially unsafe application	deleted - quarantined
C:\Users\Tom Westley\Downloads\ccsetup504.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	deleted - quarantined
C:\Windows\Installer\1508c2.msi	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Windows\Installer\4949b3.msi	a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application	deleted - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\ARPPRODUCTICON.exe	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\faq_8A71AEBB623B46A0B934103F1A762800.exe	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\FTsc_94F4507362A24B9B9BA6A29A1AFF037E.exe	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExe32Shortcut1_8A7FE1F5DFFF4F28A38F8DECA8F9F72A.exe	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExe32Shortcut_B53671B5D9A445549437680533116875.exe	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExeIcon.exe	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\UninstallIcon.exe	a variant of Win32/SlowPCfighter.A potentially unwanted application	deleted - quarantined

 



#4 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:51 PM

Posted 31 March 2015 - 05:22 AM

Rerun AdwCleaner and post its results. AdwCleaner very often finds and removes more during a second scan.

 

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

________________________________________________________________________________________________________________________________________

 

Click on the Start button (windows-7.jpg) and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow. Please note that there is a space between combofix and /uninstall.

windows-7-start-menu.jpg
Windows 7 Start Menu

 

Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled. You can now delete the ComboFix.exe program from your computer. ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

 

 

 

 

 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 tbwestley

tbwestley
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 01 April 2015 - 07:20 PM

Here is my AdwCleaner log #2:

# AdwCleaner v4.200 - Logfile created 01/04/2015 at 17:01:24
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Tom Westley - TOMWESTLEY-PC
# Running from : C:\Users\Tom Westley\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Google Chrome v41.0.2272.101


*************************

AdwCleaner[R0].txt - [11357 bytes] - [22/01/2015 13:02:21]
AdwCleaner[R1].txt - [3032 bytes] - [29/03/2015 19:04:38]
AdwCleaner[R2].txt - [3019 bytes] - [29/03/2015 19:07:35]
AdwCleaner[R3].txt - [815 bytes] - [01/04/2015 17:01:24]
AdwCleaner[S0].txt - [11543 bytes] - [22/01/2015 13:06:40]
AdwCleaner[S1].txt - [3121 bytes] - [29/03/2015 19:09:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [992 bytes] ##########

CCleaner Startups:

Yes	HKCU:Run	CCleaner Monitoring	Piriform Ltd	"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes	HKCU:Run	ehTray.exe	Microsoft Corporation	C:\Windows\ehome\ehTray.exe
No	HKCU:Run	ehTray.exe	Microsoft Corporation	C:\Windows\ehome\ehTray.exe
No	HKCU:Run	msnmsgr	Microsoft Corporation	"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Yes	HKCU:Run	Sidebar	Microsoft Corporation	C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes	HKCU:Run	swg	Google Inc.	"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes	HKCU:Run	WMPNSCFG	Microsoft Corporation	C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes	HKLM:Run	Adobe Reader Speed Launcher	Adobe Systems Incorporated	"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes	HKLM:Run	CanonMyPrinter	CANON INC.	C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Yes	HKLM:Run	CanonSolutionMenu	CANON INC.	C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
Yes	HKLM:Run	CanonSolutionMenuEx	CANON INC.	C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
No	HKLM:Run	Dell DataSafe Online	Dell Inc.	"C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
No	HKLM:Run	dellsupportcenter	SupportSoft, Inc.	"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
Yes	HKLM:Run	GIDDesktop	StrikeForce Technologies Inc.	C:\Program Files\SFT\GuardedID\gidd.exe  /s
Yes	HKLM:Run	HotKeysCmds	Intel Corporation	C:\Windows\system32\hkcmd.exe
Yes	HKLM:Run	IgfxTray	Intel Corporation	C:\Windows\system32\igfxtray.exe
Yes	HKLM:Run	OpwareSE4	Nuance Communications, Inc.	"C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
Yes	HKLM:Run	Persistence	Intel Corporation	C:\Windows\system32\igfxpers.exe
Yes	HKLM:Run	PMBVolumeWatcher	Sony Corporation	C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
Yes	HKLM:Run	RtHDVCpl	Realtek Semiconductor	RtHDVCpl.exe
Yes	HKLM:Run	SSBkgdUpdate	Nuance Communications, Inc.	"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
Yes	HKLM:Run	SunJavaUpdateSched	Sun Microsystems, Inc.	"C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes	HKLM:Run	VX1000	Microsoft Corporation	C:\Windows\vVX1000.exe
No	HKLM:Run	Windows Defender	Microsoft Corporation	%ProgramFiles%\Windows Defender\MSASCui.exe -hide
Yes	HKLM:Run	WrtMon.exe		C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
Yes	HKLM:RunOnce	DSUpdateLauncher		"C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"
Yes	Startup Common	Constant Guard.lnk		C:\Program Files\Constant Guard Protection Suite\IDVault.exe
No	Startup Common	Dell Remote Access.lnk	Macrovision Corporation	c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe /onboot
Yes	Startup Common	Heimdal.lnk	CSIS Security Group	C:\Program Files\Heimdal\Client\HeimdalAgent.exe
Yes	Startup Common	ImageBrowser EX Agent.lnk		C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
Yes	Startup Common	McAfee Security Scan Plus.lnk	McAfee, Inc.	C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
Yes	Startup User	Dell Dock.lnk	Stardock Corporation	C:\Program Files\Dell\DellDock\DellDock.exe

CCleaner Scheduled Tasks:

Yes	Task	Ad-Aware Antivirus Scheduled Scan	Lavasoft Limited	C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe --scan=full
Yes	Task	Ad-Aware Update (Weekly)		C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair
Yes	Task	Adobe Flash Player Updater	Adobe Systems Incorporated	C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes	Task	CCleanerSkipUAC	Piriform Ltd	"C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes	Task	GoogleUpdateTaskMachineCore	Google Inc.	C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes	Task	GoogleUpdateTaskMachineUA	Google Inc.	C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes	Task	{A364BA4E-E8A3-4673-A8EF-447E2756C73F}	Skype Technologies S.A.	C:\Program Files\Skype\\Phone\Skype.exe

CCleaner Uninstall:

Acrobat.com	Adobe Systems Incorporated	5/5/2009	1.67 MB	1.1.377
Ad-Aware Antivirus	Lavasoft	12/12/2012	36.1 MB	10.4.47.4163
Adobe AIR	Adobe Systems Inc.	5/5/2009		1.0.4990
Adobe Flash Player 17 ActiveX	Adobe Systems Incorporated	3/13/2015	16.8 MB	17.0.0.134
Adobe Reader 9.5.5	Adobe Systems Incorporated	5/19/2013	103 MB	9.5.5
Canon Easy-PhotoPrint EX		3/3/2013	208 MB	
Canon Easy-WebPrint EX		3/3/2013	6.77 MB	
Canon Inkjet Printer/Scanner/Fax Extended Survey Program		3/3/2013	772 KB	
Canon MG3100 series MP Drivers		3/3/2013	604 MB	
Canon MG3100 series On-screen Manual		3/3/2013	19.7 MB	
Canon MG3100 series User Registration		3/3/2013	2.30 MB	
Canon MP Navigator EX 1.0		11/1/2009	65.7 MB	
Canon MP Navigator EX 5.0		3/3/2013	76.0 MB	
Canon My Printer		3/3/2013	2.14 MB	
Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide	Canon Inc.	5/8/2013	3.17 MB	1.0.0.7
Canon Solution Menu EX		3/3/2013	12.2 MB	
Canon Utilities CameraWindow DC 8	Canon Inc.	5/8/2013	21.3 MB	8.7.0.11
Canon Utilities ImageBrowser EX	Canon Inc.	5/21/2014	58.5 MB	1.4.0.5
Canon Utilities PhotoStitch	Canon Inc.	5/8/2013	6.12 MB	3.1.23.47
Canon Utilities Solution Menu		11/1/2009	1.59 MB	
CCleaner	Piriform	3/29/2015	8.14 MB	5.04
Compatibility Pack for the 2007 Office system	Microsoft Corporation	3/11/2015		12.0.6612.1000
Constant Guard Protection Suite	Comcast	8/21/2012	26.0 MB	1.1.730.1
Dell DataSafe Local Backup - Support Software	Dell	5/5/2009	1.32 MB	2.16
Dell DataSafe Online	Dell, Inc.	5/5/2009		1.1.0023
Dell Dock	Dell	5/5/2009		1.0.0
Dell Getting Started Guide	Dell Inc.	5/5/2009		1.00.0000
Dell Remote Access	Dell Inc.	5/5/2009		1.0.0.0
Dell Support Center (Support Software)	Dell	5/5/2009		2.2.08335
Dell-eBay	Dell	5/5/2009		1.00.0000
ESET Online Scanner v3		3/29/2015	189 MB	
Google Chrome	Google Inc.	5/15/2012	631 MB	41.0.2272.101
Google Earth Plug-in	Google	12/11/2013	83.9 MB	7.1.2.2041
Google Toolbar for Internet Explorer	Google Inc.	3/11/2015	9.01 MB	7.5.6227.252
GoToAssist 8.0.0.480		11/30/2009	3.44 MB	
GuardedID	StrikeForce Technologies, Inc	8/1/2011	2.76 MB	0.03.1038
Hauppauge MCE XP/Vista Software Encoder (2.0.26057)	Hauppauge Computer Works, Inc.	5/14/2009	14.6 MB	2.0.26057
Hauppauge WinTV		5/14/2009	14.6 MB	
Hauppauge WinTV Soft PVR		5/14/2009	14.6 MB	
Heimdal	CSIS Security Group	3/12/2015	15.9 MB	1.10.3.692
Intel(R) Graphics Media Accelerator Driver		12/19/2009		
Intel(R) PRO Network Connections 12.1.11.0	Intel	5/5/2009	5.03 MB	
InterVideo FilterSDK for Hauppauge	InterVideo Inc.	5/14/2009	2.07 MB	
Java(TM) 6 Update 45	Oracle	1/21/2015	98.0 MB	6.0.450
Malwarebytes Anti-Malware version 2.0.4.1028	Malwarebytes Corporation	1/20/2015	47.3 MB	2.0.4.1028
McAfee Security Scan Plus	McAfee, Inc.	6/16/2014	12.0 MB	3.8.150.1
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	5/16/2009	27.8 MB	
Microsoft .NET Framework 4.5.1	Microsoft Corporation	2/24/2014	251 MB	4.5.50938
Microsoft Office PowerPoint Viewer 2007 (English)	Microsoft Corporation	3/11/2015		12.0.6612.1000
Microsoft Silverlight	Microsoft Corporation	12/12/2014		5.1.31211.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	5/5/2009	1.74 MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	8/2/2009	251 KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	6/16/2011	294 KB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	8/2/2009	199 KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	5/23/2009	590 KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	6/16/2011	594 KB	9.0.30729.6161
Microsoft Works	Microsoft Corporation	10/11/2012		9.7.0621
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	11/1/2009	34.0 KB	4.20.9841.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	11/1/2009	1.27 MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	11/24/2009	1.33 MB	4.20.9876.0
MSXML 4.0 SP3 Parser	Microsoft Corporation	11/11/2012	1.47 MB	4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	11/12/2012	1.53 MB	4.30.2114.0
MSXML 4.0 SP3 Parser (KB2758694)	Microsoft Corporation	1/8/2013	1.54 MB	4.30.2117.0
Norton Security Suite	Symantec Corporation	11/26/2013	792 MB	21.6.0.32
Octoshape add-in for Adobe Flash Player		7/17/2009	2.13 MB	
Picasa 3	Google, Inc.	8/12/2014	65.5 MB	3.9
PMB	Sony Corporation	11/11/2012	295 MB	5.8.02.10270
Presto! PageManager 7.15.16	NewSoft Technology Corporation	11/1/2009	191 MB	7.15.16
Realtek High Definition Audio Driver		5/4/2009		
Roxio Creator DE	Roxio	5/5/2009	18.0 MB	10.1
ScanSoft OmniPage SE 4	Nuance Communications, Inc.	11/1/2009	137 MB	15.2.0020
Skype Toolbars		5/4/2009		
Skype™ 6.11	Skype Technologies S.A.	3/3/2014	27.0 MB	6.11.102
SLOW-PCfighter 10119		5/4/2009		
Stamps.com	Stamps.com, Inc.	4/1/2012	22.8 MB	
Tweaking.com - Simple System Tweaker	Tweaking.com	1/21/2015	7.62 MB	2.1.0
WildTangent Games	WildTangent	5/5/2009	183 MB	1.0.0.71
Windows Live Essentials	Microsoft Corporation	8/29/2011		15.4.3538.0513
Windows Live Sync	Microsoft Corporation	11/9/2009	2.78 MB	14.0.8089.726
Yahoo! Software Update		5/14/2009	692 KB	

When I try combofix /uninstall from the search window, I get no results.  I cannot fix Combofix.exe anywhere on my C: drive.  There is a combofix.txt in my C:\ folder, but that's it.



#6 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:51 PM

Posted 01 April 2015 - 09:00 PM

If that is the Combofix scan results, delete it.

 

Disable these Windows Startups: ( You can use CCleaner by clicking on each item to highlight and then on the right choose Disable.

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes    HKCU:Run    ehTray.exe    Microsoft Corporation    C:\Windows\ehome\ehTray.exe

Yes    HKCU:Run    Sidebar    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes    HKCU:Run    swg    Google Inc.    "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes    HKCU:Run    WMPNSCFG    Microsoft Corporation    C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    Adobe Reader Speed Launcher    Adobe Systems Incorporated    "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe

Yes    HKLM:Run    SSBkgdUpdate    Nuance Communications, Inc.    "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
Yes    HKLM:Run    SunJavaUpdateSched    Sun Microsystems, Inc.    "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Yes    HKLM:RunOnce    DSUpdateLauncher        "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"
Yes    Startup Common    Constant Guard.lnk        C:\Program Files\Constant Guard Protection Suite\IDVault.exe (Unless you actually use it)

Yes    Startup Common    McAfee Security Scan Plus.lnk    McAfee, Inc.    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

Yes    Startup User    Dell Dock.lnk    Stardock Corporation    C:\Program Files\Dell\DellDock\DellDock.exe (Unless you actually use it)

 

Disable these Scheduled Tasks:

Yes    Task    Ad-Aware Antivirus Scheduled Scan    Lavasoft Limited    C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe --scan=full
Yes    Task    Ad-Aware Update (Weekly)        C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

 

Uninstall These programs: (Use Revo Free Uninstaller in Advanced mode for programs that give you trouble uninstalling......Download Revo Uninstaller Freeware )

Acrobat.com    Adobe Systems Incorporated    5/5/2009    1.67 MB    1.1.377
Ad-Aware Antivirus    Lavasoft    12/12/2012    36.1 MB    10.4.47.4163
Adobe AIR    Adobe Systems Inc.    5/5/2009        1.0.4990

Adobe Reader 9.5.5    Adobe Systems Incorporated    5/19/2013    103 MB    9.5.(OR UPDATE IT)

Constant Guard Protection Suite    Comcast    8/21/2012    26.0 MB    1.1.730.1

Dell Remote Access    Dell Inc.    5/5/2009        1.0.0.0
Dell Support Center (Support Software)    Dell    5/5/2009        2.2.08335
Dell-eBay    Dell    5/5/2009        1.00.0000
ESET Online Scanner v3        3/29/2015    189 MB    
Google Chrome    Google Inc.    5/15/2012    631 MB    41.0.2272.101 (OR UPDATE IT)

Google Toolbar for Internet Explorer    Google Inc.    3/11/2015    9.01 MB    7.5.6227.252
GoToAssist 8.0.0.480        11/30/2009    3.44 MB   

Java(TM) 6 Update 45    Oracle    1/21/2015    98.0 MB    6.0.450  (This is an old version of Java but recently installed...you may have had a special need for it??)

McAfee Security Scan Plus    McAfee, Inc.    6/16/2014    12.0 MB    3.8.150.1

Norton Security Suite    Symantec Corporation    11/26/2013    792 MB    21.6.0.32

Octoshape add-in for Adobe Flash Player        7/17/2009    2.13 MB   

Skype Toolbars        5/4/2009

SLOW-PCfighter 10119        5/4/2009

Tweaking.com - Simple System Tweaker    Tweaking.com    1/21/2015    7.62 MB    2.1.0
WildTangent Games    WildTangent    5/5/2009    183 MB    1.0.0.71
Windows Live Essentials    Microsoft Corporation    8/29/2011        15.4.3538.0513
Windows Live Sync    Microsoft Corporation    11/9/2009    2.78 MB    14.0.8089.726
Yahoo! Software Update        5/14/2009    692 KB   


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users