Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

s.yimg.com Removal Help Needed


  • Please log in to reply
20 replies to this topic

#1 gssjca

gssjca

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 12 April 2015 - 11:16 AM

*Moderator Edit: split from http://www.bleepingcomputer.com/forums/t/546818/gotta-kill-syimgcom/

~ Queen-Evie*

 

 

I am also having problems with the 's.yimg.com'.  I see solutions posted on this string but don't want to post my results here.

 

Can you help me get rid of it.  My Firefox freezes often and it get the 's.yimg.com' in the lower left corner of my screen for about 15 seconds then Firefox unfreezes.

 

Thanks.

 

gssjca


Edited by Queen-Evie, 12 April 2015 - 11:37 AM.


BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:01:05 AM

Posted 12 April 2015 - 11:39 AM

Why do you not want to post log results? They contain nothing that would allow anyone else to find out anything about you. All tools used by Bleeping Computer are safe to use and in no way compromise your identity or personal information.



#3 gssjca

gssjca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 12 April 2015 - 09:32 PM

Sorry, my misunderstanding.  I thought we were not supposed to post logs in someone elses stream, or post logs without being told to.  Would you like me to run all the scans listed in "Gotta kill s.yimg.com!!" and post the logs?  And do I post them here or in the previous stream.  Sorry to make it so difficult.



#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:01:05 AM

Posted 12 April 2015 - 10:00 PM

I misunderstood what you meant.

Wait for someone else to help you before posting any logs. I cannot advise you because I am clueless about malware removal.

#5 gssjca

gssjca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 13 April 2015 - 09:51 AM

OK, thanks.  I can see my first post was poorly stated.   I'll wait for further notice. 



#6 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:05 AM

Posted 13 April 2015 - 11:26 AM

This is likely a Yahoo problem....but you can check for adware and malware using the programs below. You can also block the ad/ tracking cookies known as

Third Party cookies. That may help and won't cause any harm. Should also mention that I've noticed Yahoo making more changes in the last couple of weeks and

it is not unusual for me to see some minor problem of video not displaying properly or sign in not acting as before.

 

Check your Firefox plugins for updates....especially Adobe Flash. Tools > Add-Ons > Plug -ins > Check for updates

 

Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  •  
  •  
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 gssjca

gssjca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 16 April 2015 - 12:40 AM

Thanks for your help.

 

I updated the Firefox plugins and found some unidentified ones.

Unknown Plugins

Plugin

Action

iTunes Application Detector (v. 1.0.1.1)iTunes Detector Plug-in

Research

ActiveTouch General Plugin Container (v. 29.1.2014.921)ActiveTouch General Plugin Container Version 105

Research

Citrix Online Web Deployment Plugin 1.0.0.104 (v. 1.0.0.104)Citrix Online App Detector Plugin

Research

Microsoft Office 2010 (v. 14.0.4730.1010)Office Authorization plug-in for NPAPI browsers

Research

Google Update (v. 1.3.26.9)Google Update

Research

Yahoo Application State Plugin (v. 1.0.0.7)Yahoo Application State Plugin version 1.0.0.7

Research

Not sure what to do with these.

 

 

I got part way through your scans pretty good then ran into trouble at the "Junkware Removal Tool.

 

First couple of times I tried to download it I got taked to a download manager which then took me to "LuliFunny.org/p-download-manager/at/oc".

 

That didn't look right so I went back next night and right clicked the link to open a new tap and all went well, downloaded the JRT.exe after I turned off all anti virus and firewalls, but on installing it hung up on 'checking startup'.

 

Tried a few times but wouldn't go any further.

 

Here's the log files of what I did.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/13/2015
Scan Time: 10:32:07 PM
Logfile: Malwarebytes log2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.14.01
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: userone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350778
Time Elapsed: 44 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Spigot.A, C:\Users\userone\AppData\Roaming\Mozilla\Firefox\Profiles\dtbmbvz9.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=514467&p=");), ,[c94a77d56723a690dd0247f62fd714ec]

Physical Sectors: 0
(No malicious items detected)


(end

 

 

 

# AdwCleaner v4.201 - Logfile created 14/04/2015 at 22:45:20
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : userone - USERONE-PC
# Running from : C:\Users\userone\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\AdTrustMedia
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\userone\AppData\Local\Slick Savings
Folder Deleted : C:\Users\userone\AppData\Local\AdTrustMedia
Folder Deleted : C:\Users\userone\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\userone\AppData\LocalLow\Check Point Software Technologies LTD
Folder Deleted : C:\Users\userone\AppData\Roaming\SecureSearch
Folder Deleted : C:\Users\userone\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
File Deleted : C:\END
File Deleted : C:\ProgramData\uninstaller.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CE2D61F-23B1-4E58-8326-CD49822CD126}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:21320
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;ebay_46278;wikipedia_46497;yahoo_mail_46508;netflix_46519;radio_46530;share_this_page_46541;");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.protection", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.url", "");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.guid", "{99E6B6B8-92EC-34CB-A7BF-B6670617E92C}");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.distroid", "aol");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9430");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.mtmhp", "txtlnkusaolp00000051");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.install.ncid", "");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "6");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "9");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.metrics.log", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1381118948701");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.reset.flag", "3");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.reset.style", "A");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "1381033749858");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.rtw.active", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.button", true);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.cid", "10-10-1010");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.instd", "5F2BC70B1901493FA7CE0E55FD590D13");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.oid", "10-10-1010");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.placement", "right");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.skin.custom", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.date", "81");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.lastDate", "6");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "9");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.month", "118");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.total", "119");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.week", "81");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.year", "118");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.ticker.active", false);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degc", "21");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.degf", "70");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/27_n.png");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.metric", true);
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Cloudy");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.weather.update", "1381118948713");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.winamp.volume", "");
[dtbmbvz9.default\prefs.js] - Line Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=514467&p={searchTerms}");

-\\ Google Chrome v41.0.2272.118

[C:\Users\userone\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=d741900e699a481d80cf0727060fca2d&tu=10GXy009b2B0CO0&sku=&tstsId=&ver=&
[C:\Users\userone\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\userone\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\userone\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : oejkcgajlodefenbbjdnaiahmbnnoole
[C:\Users\userone\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Default_Search_Provider_Data] :

*************************

AdwCleaner[R0].txt - [10477 bytes] - [05/10/2013 20:58:14]
AdwCleaner[R1].txt - [10538 bytes] - [05/10/2013 21:19:16]
AdwCleaner[R2].txt - [20314 bytes] - [14/04/2015 22:39:55]
AdwCleaner[S0].txt - [10693 bytes] - [05/10/2013 21:22:03]
AdwCleaner[S1].txt - [9851 bytes] - [14/04/2015 22:45:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9910  bytes] ##########
 

Again, thanks for your help



#8 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:05 AM

Posted 16 April 2015 - 06:44 AM

Rerun MBAM after changing the settings to PUP: Enable from PUP: Warn.

 

You can Disable or Remove if offered those plug-ins in Firefox. If you are not sure you use one then Disable first and then later Remove if that option is offered.

I suggest you disable all of the ones you listed and definitely remove the Yahoo one if offered. Unless you do video conference calling using Cisco I suggest uninstalling

the Active Touch one.

 

When the Eset scan has completed and you have posted what it found, if anything,  do this:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 gssjca

gssjca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 18 April 2015 - 01:12 AM

Hello.

 

I was able to run the Junkware Removal Tool and am posting the results here.

 

I also reran the MBAM but failed to export the file before closing.  I opened it from history but was unable to copy the results.  Everything found was quarentined.

 

Then I ran the ESET scan and am posting the results here.  You did not say to delete or install anything so I just clicked finish.

 

I also set to never activate all the Firefox plugins.  I may have to reactivate SilverLight because I do use it.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.5 (04.15.2015:1)
OS: Windows 7 Home Premium x64
Ran by userone on Thu 04/16/2015 at 21:18:31.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\Tasks\Digital Sites.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2498263769-4134497579-2223434512-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed8e593d-1965-4e45-9d55-d56162dcde14}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ed8e593d-1965-4e45-9d55-d56162dcde14}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{ed8e593d-1965-4e45-9d55-d56162dcde14}



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Users\userone\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe



~~~ Folders

Successfully deleted: [Folder] C:\Users\userone\AppData\Roaming\DigitalSites
Successfully deleted: [Folder] C:\ProgramData\ad-aware browsing protection
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\userone\AppData\Roaming\pcdr
Successfully deleted: [Folder] C:\Users\userone\appdata\local\adawarebp
Successfully deleted: [Folder] C:\Users\userone\appdata\locallow\pcdr



~~~ FireFox

Successfully deleted: [File] C:\Users\userone\AppData\Roaming\mozilla\firefox\profiles\dtbmbvz9.default\user.js
Successfully deleted: [File] C:\Users\userone\AppData\Roaming\mozilla\firefox\profiles\dtbmbvz9.default\searchplugins\aol-search.xml
Successfully deleted the following from C:\Users\userone\AppData\Roaming\mozilla\firefox\profiles\dtbmbvz9.default\prefs.js

user_pref(browser.startup.homepage, hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggfc_15_16&param1=1&param2=f%3D1%26b%3DFirefox%26c
user_pref(extensions.wecarereminder.merchHash, {\AFFILIATES\:{\1-Sale-A-Day\:{\name\:\1 Sale A Day\,\autordr\:1,\n\:\3\,\td\:1.5},\1and1Internet\:{\name\
Emptied folder: C:\Users\userone\AppData\Roaming\mozilla\firefox\profiles\dtbmbvz9.default\minidumps [13 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/16/2015 at 21:40:44.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.5 (04.15.2015:1)
OS: Windows 7 Home Premium x64
Ran by userone on Thu 04/16/2015 at 21:18:31.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ESET ONLINE SCANNER

~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\Tasks\Digital Sites.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2498263769-4134497579-2223434512-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed8e593d-1965-4e45-9d55-d56162dcde14}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{ed8e593d-1965-4e45-9d55-d56162dcde14}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{ed8e593d-1965-4e45-9d55-d56162dcde14}



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Users\userone\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe



~~~ Folders

Successfully deleted: [Folder] C:\Users\userone\AppData\Roaming\DigitalSites
Successfully deleted: [Folder] C:\ProgramData\ad-aware browsing protection
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\userone\AppData\Roaming\pcdr
Successfully deleted: [Folder] C:\Users\userone\appdata\local\adawarebp
Successfully deleted: [Folder] C:\Users\userone\appdata\locallow\pcdr



~~~ FireFox

Successfully deleted: [File] C:\Users\userone\AppData\Roaming\mozilla\firefox\profiles\dtbmbvz9.default\user.js
Successfully deleted: [File] C:\Users\userone\AppData\Roaming\mozilla\firefox\profiles\dtbmbvz9.default\searchplugins\aol-search.xml
Successfully deleted the following from C:\Users\userone\AppData\Roaming\mozilla\firefox\profiles\dtbmbvz9.default\prefs.js

user_pref(browser.startup.homepage, hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggfc_15_16&param1=1&param2=f%3D1%26b%3DFirefox%26c
user_pref(extensions.wecarereminder.merchHash, {\AFFILIATES\:{\1-Sale-A-Day\:{\name\:\1 Sale A Day\,\autordr\:1,\n\:\3\,\td\:1.5},\1and1Internet\:{\name\
Emptied folder: C:\Users\userone\AppData\Roaming\mozilla\firefox\profiles\dtbmbvz9.default\minidumps [13 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/16/2015 at 21:40:44.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

CCleaner Windows Startups

 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKLM:Run    AdAwareTray    Lavasoft Limited    "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
Yes    HKLM:Run    CANON DR-C125 SVC    Microsoft Corporation    rundll32.exe DRDcSvc.dll,EntryPointUserMessage
Yes    HKLM:Run    COMODO Internet Security    COMODO    C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Yes    HKLM:Run    firefox    Mozilla Corporation    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Scheduled Tasks

 

Yes    Task    Ad-Aware Antivirus Scheduled Scan        C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe --scan=full
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    G2MUpdateTask-S-1-5-21-2498263769-4134497579-2223434512-1000    Citrix Online, a division of Citrix Systems, Inc.    C:\Users\userone\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Yes    Task    GarminUpdaterTask    Garmin International, Inc.    C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}    Support.com, Inc.    C:\Program Files (x86)\AOL Computer Checkup\sdccont.exe /cfg "C:\Program Files (x86)\AOL Computer Checkup\uiFramework\common\PCPowerCare.xml" /modules MainUIModule /autoscan /scheduler /hideWindow
Yes    Task    PCDEventLauncherTask    PC-Doctor, Inc.    "C:\Program Files\My Dell\sessionchecker.exe"
 

 

Programs Installed

 

123 Internet Video Downloader    Bling Software Ltd.    2/22/2015        2.0
123CopyDVD    Bling Software Ltd.    2/22/2015        2013
Ad-Aware Antivirus    Lavasoft    3/14/2015    71.1 MB    11.6.306.7947
Adobe Flash Player 17 ActiveX    Adobe Systems Incorporated    4/14/2015    6.00 MB    17.0.0.169
Adobe Flash Player 17 NPAPI    Adobe Systems Incorporated    4/14/2015    6.00 MB    17.0.0.169
Adobe Photoshop Elements 5.0    Adobe Systems Inc.    6/7/2013        5.0
Adobe Reader XI (11.0.10)    Adobe Systems Incorporated    12/11/2014    184 MB    11.0.10
AOL Computer Checkup    AOL    9/21/2014        3.4.41.6
Apple Application Support (32-bit)    Apple Inc.    4/4/2015    94.2 MB    3.1.2
Apple Application Support (64-bit)    Apple Inc.    4/4/2015    107 MB    3.1.2
Apple Mobile Device Support    Apple Inc.    4/4/2015    27.9 MB    8.1.1.3
Apple Software Update    Apple Inc.    11/15/2014    2.38 MB    2.1.3.127
Bonjour    Apple Inc.    11/15/2014    2.00 MB    3.0.0.10
Canon driver for DR-C125 (x64)    Canon Electronics inc.    7/20/2014    25.6 MB    1.0.4241
CCleaner    Piriform    4/11/2015        5.04
Cisco WebEx Meetings    Cisco WebEx LLC    2/3/2015        
Citrix Online Launcher    Citrix    3/10/2015    294 KB    1.0.258
COMODO Internet Security Premium    COMODO Security Solutions Inc.    9/1/2013    117 MB    6.2.23257.2860
COMODO Internet Security Premium    COMODO Security Solutions Inc.    9/1/2013        6.2.23257.2860
Defraggler    Piriform    3/8/2015        2.18
Dropbox    Dropbox, Inc.    4/1/2014        2.6.24
Duplicate File Finder    Ashisoft    2/16/2014    1.95 MB    5.3
ESET Online Scanner v3        4/17/2015        
Extended Update    Extended Update    4/15/2015        
Garmin Express    Garmin Ltd or its subsidiaries    2/19/2015    112 MB    3.2.27.0
Google Chrome    Google Inc.    5/27/2013        42.0.2311.90
Google Toolbar for Internet Explorer    Google Inc.    3/4/2015        7.5.6227.252
GoToMeeting 7.1.8.2553    CitrixOnline    4/15/2015        7.1.8.2553
Hollywood FX Volumes 1-3    Avid Technology, Inc.    6/17/2013    686 MB    2.0.0
HP Customer Participation Program 13.0    HP    2/14/2015        13.0
HP Imaging Device Functions 13.0    HP    2/14/2015        13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. A    HP    2/14/2015        13.0
HP Photosmart Essential 3.5    HP    2/14/2015        3.5
HP Smart Web Printing 4.51    HP    2/14/2015        4.51
HP Solution Center 13.0    HP    2/14/2015        13.0
HP Support Solutions Framework    Hewlett-Packard Company    2/14/2015    8.09 MB    11.51.0048
HP Update    Hewlett-Packard    4/2/2015    4.04 MB    5.005.002.002
iTunes    Apple Inc.    4/4/2015    234 MB    12.1.1.4
Java 8 Update 31    Oracle Corporation    2/16/2015    74.0 MB    8.0.310
Malwarebytes Anti-Malware version 2.1.4.1018    Malwarebytes Corporation    4/14/2015    57.5 MB    2.1.4.1018
Microsoft .NET Framework 4.5.1    Microsoft Corporation    1/28/2014    38.8 MB    4.5.50938
Microsoft Office Home and Student 2010    Microsoft Corporation    10/28/2013        14.0.7015.1000
Microsoft Primary Interoperability Assemblies 2005    Microsoft Corporation    6/17/2013    7.75 MB    9.0.21022
Microsoft Silverlight    Microsoft Corporation    1/16/2015    50.7 MB    5.1.30514.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    6/14/2013    300 KB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    11/9/2013    780 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    11/10/2013    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    11/9/2013    224 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    6/8/2013    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    2/12/2015    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    2/12/2015    11.1 MB    10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005    Microsoft Corporation    11/15/2014    17.1 MB    12.0.21005.1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)    Microsoft Corporation    2/12/2015        10.0.50903
Mozilla Firefox 37.0.1 (x86 en-US)    Mozilla    4/8/2015    83.6 MB    37.0.1
Mozilla Maintenance Service    Mozilla    5/9/2014    341 KB    29.0.1
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    6/18/2013    1.27 MB    4.20.9870.0
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    6/18/2013    1.33 MB    4.20.9876.0
My Dell    PC-Doctor, Inc.    1/11/2015    128 MB    3.5.6426.22
Network Recording Player    Cisco WebEx LLC    10/11/2013    24.7 MB    2.3.1700
OCR Software by I.R.I.S. 13.0    HP    2/14/2015        13.0
Pinnacle Studio 16    Corel Corporation    6/17/2013    1.88 GB    16.1.0.115
Pinnacle Studio 16 - Install Manager    Avid Technology, Inc.    6/17/2013    9.96 MB    16.0.75
Pinnacle Studio 16 - Standard Content Pack    Avid Technology, Inc.    6/17/2013    735 MB    16.0.0
Pinnacle Video Driver    Pinnacle Systems    6/17/2013    2.73 MB    12.1.0.030
Premium Pack Volumes 1-2    Avid Technology, Inc.    6/17/2013    1.19 GB    2.0.0
Recuva    Piriform    1/12/2014        1.49
Revo Uninstaller 1.95    VS Revo Group    8/9/2013        1.95
ScottradeELITE 2013    Scottrader    1/12/2014    56.5 MB    5.2.6.0
Shop for HP Supplies    HP    2/14/2015        13.0
Skype™ 7.0    Skype Technologies S.A.    4/14/2015    47.9 MB    7.0.102
Spybot - Search & Destroy    Safer-Networking Ltd.    6/23/2013    120 MB    2.1.19
SpywareBlaster 5.0    BrightFort LLC    6/23/2013    8.83 MB    5.0.0
SUPERAntiSpyware    SUPERAntiSpyware.com    2/23/2015    49.8 MB    6.0.1170
TC2000 Version 7    Worden Brothers Inc    10/26/2013        7.00.0000
Title Extreme    Avid Technology, Inc.    6/17/2013    12.4 MB    2.0.0
Trader Workstation 4.0        2/21/2014        
VLC media player    VideoLAN    4/13/2015        2.2.0
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)    Dynastream Innovations, Inc.    11/15/2014        04/11/2012 1.2.40.201
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1)    Silicon Labs Software    11/15/2014        02/06/2007 3.1
Yahoo! Messenger    Yahoo! Inc.    6/14/2013        
 



#10 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:05 AM

Posted 18 April 2015 - 05:46 AM

I don't see any Eset results....and you missed this instruction: Under scan settings, check "Scan Archives" and "Remove found threats"

Please rerun Eset and check remove found threats.

 

Disable these Windows Startups: (Use CCleaner. Click on each item to highlight and choose either Disable, Remove, Uninstall on the right)

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKLM:Run    AdAwareTray    Lavasoft Limited    "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
Yes    HKLM:Run    CANON DR-C125 SVC    Microsoft Corporation    rundll32.exe DRDcSvc.dll,EntryPointUserMessage

 

Disable these Tasks:

Yes    Task    Ad-Aware Antivirus Scheduled Scan        C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe --scan=full
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    G2MUpdateTask-S-1-5-21-2498263769-4134497579-2223434512-1000    Citrix Online, a division of Citrix Systems, Inc.    C:\Users\userone\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Yes    Task    GarminUpdaterTask    Garmin International, Inc.    C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}    Support.com, Inc.    C:\Program Files (x86)\AOL Computer Checkup\sdccont.exe /cfg "C:\Program Files (x86)\AOL Computer Checkup\uiFramework\common\PCPowerCare.xml" /modules MainUIModule /autoscan /scheduler /hideWindow

Yes    Task    PCDEventLauncherTask    PC-Doctor, Inc.    "C:\Program Files\My Dell\sessionchecker.exe"

 

Uninstall these programs:

Ad-Aware Antivirus    Lavasoft    3/14/2015    71.1 MB    11.6.306.7947 (Has been out of favor with security experts for many years...you have Comodo)

AOL Computer Checkup    AOL    9/21/2014        3.4.41.6

Duplicate File Finder    Ashisoft    2/16/2014    1.95 MB    5.3

Extended Update    Extended Update    4/15/2015      (if you have a problem uninstalling this, use Revo in Advanced mode)

Google Toolbar for Internet Explorer    Google Inc.    3/4/2015        7.5.6227.252

HP Customer Participation Program 13.0    HP    2/14/2015        13.0

Spybot - Search & Destroy    Safer-Networking Ltd.    6/23/2013    120 MB    2.1.19 (Has been out of favor with security experts for many years)

Yahoo! Messenger    Yahoo! Inc.    6/14/2013    


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 gssjca

gssjca
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 19 April 2015 - 08:51 AM

Thanks for your time spent.

 

I ran ESET again.

 

Disabled the startups listed in CCleaner.

 

Disabled the tasks listed.

 

Unistalled all the programs listed.

 

Here is the ESETS scan.

 

ESETS scan

C:\MGtools\Process.exe    Win32/PrcView potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\AOL Computer Checkup\downloads\PCPowerCare.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
 



#12 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:05 AM

Posted 19 April 2015 - 09:47 AM

Good....rerun AdwCleaner as it often finds more junk when rerun. After that, please let me know if the comp is running up to par or not.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 dimman23

dimman23

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 23 April 2015 - 03:14 PM

Hi

I am having the same issue having noticed the yimg.com downloading message in a FF window.. I can run all the apps above but need some help understanding the log files and what I need to do based on the results in the log.

 

Thanks 



#14 dimman23

dimman23

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 23 April 2015 - 03:39 PM

it is appearing when I open firefox, it shows in bottom left as read or downloading from s.yimg.com.  I don't understand enough about this but do I have a virus on my PC or something else?



#15 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:05 AM

Posted 23 April 2015 - 03:48 PM

I don't think that is a problem...s.img.com. dimman23 if you will start a new topic in this forum I will take a look at the logs you have.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users