Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my log. should I panic?


  • This topic is locked This topic is locked
13 replies to this topic

#1 horseplay

horseplay

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 14 June 2015 - 06:10 PM

Hello.

today my friend gave me your combofix tool and I ran it.

then I came to your site and read about it.  whoops.

So to make a long story short, I was having issues with my pc hanging on pages.  Since I ran combofix it is not hanging anymore but I'm concerned about all the crap it found.

Is there anything more I should do?  I'm running ok now, just concerned.

 

thank you

Attached Files



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:48 AM

Posted 16 June 2015 - 01:33 PM

Hello horseplay, and  :welcome: to BleepingComputer!

 

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.   :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started   :thumbup2:

===================================================

 

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

 

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

 

 

It looks like Combofix did fix some items, however let's make sure there's nothing else on the computer. Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.


Edited by jntkwx, 16 June 2015 - 01:52 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 horseplay

horseplay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 18 June 2015 - 05:05 PM

hello

thank you !

 

attached are the 2 logs you requested.

 

thanks, you guys rock !

 

 

 

 

Attached Files



#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:48 AM

Posted 19 June 2015 - 12:32 PM

Hello,
 
In the future, please just copy and paste the logs directly into your post instead of attaching them (unless asked to attach them).
 
:step1: FRST Fix

  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy the entire contents of the code box below, and paste it into the Notepad window.
  • Save it to your desktop (<<<Important) as fixlist.txt
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2459226073-1707906538-1736126609-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm070^YY^us&si=250652&ptb=82CE7A39-9E15-4B99-8E71-4B556D7EDD34&ind=2014122315&n=780d114b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
SearchScopes: HKU\S-1-5-21-2459226073-1707906538-1736126609-1000 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm070^YY^us&si=250652&ptb=82CE7A39-9E15-4B99-8E71-4B556D7EDD34&ind=2014122315&n=780d114b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2459226073-1707906538-1736126609-1000 -> {8FF0E250-83AB-4727-B999-C13E6C5CED3E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2459226073-1707906538-1736126609-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
BHO-x32: Toolbar BHO -> {0297a026-3011-46d3-ad62-bb9a7612aea7} -> C:\PROGRA~2\COUPON~2\bar\1.bin\5zbar.dll No File
BHO-x32: Search Assistant BHO -> {7d69ed06-0171-4379-9528-08df51092727} -> C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll No File
Toolbar: HKLM-x32 - CouponXplorer - {65c72339-fb1d-4155-84e1-9afacee02d6f} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll No File
Toolbar: HKU\S-1-5-21-2459226073-1707906538-1736126609-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKLM-x32\...\Firefox\Extensions: [5zffxtbr@CouponXplorer_5z.com] - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin
S2 CouponXplorer_5zService; C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe [X]

End

Run FRST and click Fix only once and wait.

Restart the computer.

The tool will create a log (Fixlog.txt) please post it to your reply.


:step2:  AdwCleaner

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.

IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

===

:step3: RogueKiller

  • Download and save RogueKiller to your desktop
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

 

In your next reply, please include:

  • FRST's Fixlog.txt file
  • AdwCleaner log file
  • RoqueKiller's log file
  • Let me know if any problems persist

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 horseplay

horseplay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 21 June 2015 - 09:46 AM

thank you so much !

my pc is running so much faster now !

 

Here are the logfiles:

 

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2459226073-1707906538-1736126609-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm070^YY^us&si=250652&ptb=82CE7A39-9E15-4B99-8E71-4B556D7EDD34&ind=2014122315&n=780d114b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
SearchScopes: HKU\S-1-5-21-2459226073-1707906538-1736126609-1000 -> {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm070^YY^us&si=250652&ptb=82CE7A39-9E15-4B99-8E71-4B556D7EDD34&ind=2014122315&n=780d114b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2459226073-1707906538-1736126609-1000 -> {8FF0E250-83AB-4727-B999-C13E6C5CED3E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2459226073-1707906538-1736126609-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
BHO-x32: Toolbar BHO -> {0297a026-3011-46d3-ad62-bb9a7612aea7} -> C:\PROGRA~2\COUPON~2\bar\1.bin\5zbar.dll No File
BHO-x32: Search Assistant BHO -> {7d69ed06-0171-4379-9528-08df51092727} -> C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll No File
Toolbar: HKLM-x32 - CouponXplorer - {65c72339-fb1d-4155-84e1-9afacee02d6f} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll No File
Toolbar: HKU\S-1-5-21-2459226073-1707906538-1736126609-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKLM-x32\...\Firefox\Extensions: [5zffxtbr@CouponXplorer_5z.com] - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin
S2 CouponXplorer_5zService; C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe [X]

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2459226073-1707906538-1736126609-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
"HKU\S-1-5-21-2459226073-1707906538-1736126609-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}" => key removed successfully
HKCR\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a} => key not found.
"HKU\S-1-5-21-2459226073-1707906538-1736126609-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FF0E250-83AB-4727-B999-C13E6C5CED3E}" => key removed successfully
HKCR\CLSID\{8FF0E250-83AB-4727-B999-C13E6C5CED3E} => key not found.
"HKU\S-1-5-21-2459226073-1707906538-1736126609-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0297a026-3011-46d3-ad62-bb9a7612aea7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0297a026-3011-46d3-ad62-bb9a7612aea7}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d69ed06-0171-4379-9528-08df51092727}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{7d69ed06-0171-4379-9528-08df51092727}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{65c72339-fb1d-4155-84e1-9afacee02d6f} => value removed successfully
"HKCR\Wow6432Node\CLSID\{65c72339-fb1d-4155-84e1-9afacee02d6f}" => key removed successfully
HKU\S-1-5-21-2459226073-1707906538-1736126609-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\5zffxtbr@CouponXplorer_5z.com => value removed successfully
CouponXplorer_5zService => Service removed successfully
EmptyTemp: => 1017.8 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 08:10:25 ====

 

 

 

 

 

# AdwCleaner v4.206 - Logfile created 21/06/2015 at 08:35:47
# Updated 01/06/2015 by Xplode
# Database : 2015-06-17.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Kris - KRIS-PC
# Running from : C:\Users\Kris\Desktop\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Kris\AppData\Local\iac
Folder Deleted : C:\Users\Kris\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kris\AppData\LocalLow\iac
Folder Deleted : C:\Users\Kris\AppData\LocalLow\PriceGong
File Deleted : C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\kjne460c.default\searchplugins\web-search.xml
File Deleted : C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\kjne460c.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.Radio
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\CouponXplorer_5z.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3852AB8E-1CA9-4B29-846F-092CA8D97969}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4132189A-73C7-4D3E-A8C2-82EF57842DAC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{697FA9F6-DA51-4F3C-8F01-FD5DAAFC18E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{787ED5A2-18E3-49F2-BCFA-8E2344087D50}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8221AC18-699F-46C9-8A89-0916CBDB5005}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9D51D472-88C3-4E12-93EA-8AEAFC57B227}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E159D-74BA-45B7-AE12-F6D1A71F9E50}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4685AA8-DBDD-4D8E-9A16-51B64646026A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BE1EDE40-9C0B-4913-BF21-09F7AB5E270E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA95AC1F-EBBD-4B84-AA2D-5383D029E534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCCC0AFD-B6BD-40A4-8A01-2A4B934C0546}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponXplorer_5zbar Uninstall
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.124

[C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7331 bytes] - [21/06/2015 08:28:33]
AdwCleaner[S0].txt - [7271 bytes] - [21/06/2015 08:35:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7330  bytes] ##########

 

 

 

 

 

RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kris [Administrator]
Started from : C:\Users\Kris\Desktop\RogueKiller.exe
Mode : Delete -- Date : 06/21/2015  10:39:41

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{07FABBE1-0124-4A0C-BA0B-20130AEA4059} | DhcpNameServer : 99.196.99.99 99.197.99.99 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{07FABBE1-0124-4A0C-BA0B-20130AEA4059} | DhcpNameServer : 99.196.99.99 99.197.99.99 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{07FABBE1-0124-4A0C-BA0B-20130AEA4059} | DhcpNameServer : 99.196.99.99 99.197.99.99 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Startup|VT.Unknown][File] Verizon Wireless Software Utility Application for Android – Samsung.lnk -- C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk -> Deleted

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6465GSXN +++++
--- User ---
[MBR] 582af7e517f849d7dbadb46b449c8c26
[BSP] ef9434eeed417642f85faefa164177b4 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 596659 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1225031680 | Size: 12320 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06212015_091938.log

 

 



#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:48 AM

Posted 21 June 2015 - 07:45 PM

Before I let you go I'd like to scan your machine with ESET OnlineScan.

Since Eset could take up to an hour or even more depending on the size of your hard drive and the speed of your computer I suggest that you run this scan at night when you are not there and the computer is idle.

 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

Also let's check for outdated and vulnerable software on your PC

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

And then if there aren't any issues left I'll give you my final recommendations.

 

Let me know if there are remaining issues.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 horseplay

horseplay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 24 June 2015 - 06:40 AM

thank you!

 

attached are the 2 logs from ESET and SecurityCheck.

 

 

 

C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll.vir    a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zauxstb.dll.vir    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll.vir    a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe.vir    Win32/Toolbar.MyWebSearch.X potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe.vir    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrstub.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdatact.dll.vir    a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdlghk.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdyn.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zfeedmg.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhighin.exe.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhkstub.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhtmlmu.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhttpct.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zidle.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zieovr.dll.vir    a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zimpipe.exe.vir    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmedint.exe.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmlbtn.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmsg.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zPlugin.dll.vir    a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zradio.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zregfft.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zreghk.dll.vir    a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zregiet.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zscript.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskin.dll.vir    a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zsknlcr.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskplay.exe.vir    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe.vir    a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5ztpinst.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zuabtn.dll.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CREXT.DLL.vir    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe.vir    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll.vir    Win32/Toolbar.MyWebSearch.T potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EXTEX.DLL.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EXTPEX.DLL.vir    Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8HTML.DLL.vir    a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8TICKER.DLL.vir    Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Users\Kris\Downloads\cnet2_FreeAudioEditor_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application
C:\Windows\Installer\e9d4308.msi    a variant of Win32/HiddenStart.A potentially unsafe application

 

 

 

 

 

 

______________________

 

 

 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java™ 6 Update 20  
 Java version 32-bit out of Date!
  Adobe Flash Player 17.0.0.188 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5)
 Google Chrome (43.0.2357.124)
 Google Chrome (43.0.2357.130)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

 

 

 



#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:48 AM

Posted 24 June 2015 - 03:09 PM

:step1: Your Java is out of date. Using Java is an unnecessary security risk...especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.Although Java is commonly used in business environments and many VPN providers still use it, thaverage user does not need to install Java software.Please follow these steps to remove older version of Java components and upgrade the application.
  • Download the latest version of Java SE 8.
  • Click the Java SE 8u45 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 8 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-8u45-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
      Java 7 Update 65  
      Java 8 Update 25  
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-8u40-windows-i586.exe and select "Run as an Administrator.")
Next please run JavaRa.
  • Please download JavaRa 2.6 and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading processClick Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click RunThe browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.
You can choose between 2 variants:
 
1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 8).
 
2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.
 
 
 
:step2: Your version of Flash is out of date!  Like Java, vulnerabilities exist in older versions of Adobe Flash Player that malware sites can use to exploit and infect your computer.Please follow these steps to update Adobe flash:
  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.
 
 
:step3: Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and possibly infected system restore points:
  • You can uninstall programs that you had to install (e.g. ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Tips

I recommend to read and follow advice in the "16 simple and easy ways to keep your computer safe and secure on the Internet" [ Link ] by Lawrence Abrams.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 horseplay

horseplay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 24 June 2015 - 03:52 PM

Hi Jason, thank you so much.

 

OK I will do this all tonight.

 

I just have 1 question:

I used to have kaspersky antivirus but I deleted it (I think) and adopted microsoft Security Essentials.  I am good about letting it auto update and run scans regularly.

PS I turned it off every time I ran the scans you recommended.

anyhow, do you feel like the microsoft utility is a good choice? 

 

thank you, Kris



#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:48 AM

Posted 24 June 2015 - 03:58 PM

Microsoft Security Essentials used to be a pretty good program. However, in the past couple years, it hasn't done too well on being able to detect the latest viruses and malware. There are several other free antivirus programs that have tended to do a better job: Avast, Avira, AVG and Bitdefender.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 horseplay

horseplay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 26 June 2015 - 01:02 PM

thank you Jason -

 

Here is the log from the JavaRA.

I think I messed up though, I did everything you said then I got to the end and decided to delete Java 8 to see how it goes.  as soon as I clicked run I realized it probably overwrote the original log.

 

Exception encountered in module [JavaRa]
Message: Object reference not set to an instance of an object.
   at JavaRa.routines_registry.get_jre_uninstallers()

User initialised redundant data purge.
......................

Removed registry subkey: java.exe
Removed registry subkey: javaw.exe
Removed registry subkey: F60730A4A66673047777F5728467D401
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey tree: {5852F5EC-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: application/java-deployment-toolkit
Removed registry subkey: application/x-java-applet
Removed registry subkey: application/x-java-jnlp-file
Removed registry subkey tree: {5852F5E0-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: .jar
Removed registry subkey: .jnlp
Removed registry subkey tree: jarfile
Removed registry subkey tree: JavaWebStart.isInstalled
Removed registry subkey tree: JNLPFile
Removed registry subkey: javaws.exe
Removed registry subkey tree: Browser Helper Objects
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey: 225FA5D4CDB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4ADB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4BDB0C57489E7F511C11D0182
Removed registry subkey: 52AAFD69654C07446983ADA1256FC7A9
Removed registry subkey: AD9BB15F1AC776D49B768EDF5A02B896
Removed registry subkey: E1215CC4312C58A4A8F9D630115FB457
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removed registry subkey: Oracle_JavaAccessBridge
Removal routine completed successfully. 26 items have been deleted.
Exception encountered in module [JavaRa]
Message: Object reference not set to an instance of an object.
   at JavaRa.routines_registry.get_jre_uninstallers()

== Cleaning JRE temporary files ==
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2ce54448-46bd0c20
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2ce54448-46bd0c20.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\4f44e5c7-4274e0a4
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\4f44e5c7-4274e0a4.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4832c43f-10e606cd
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4832c43f-10e606cd.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3e66ff7a-6e682b8f
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3e66ff7a-6e682b8f.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\4bbde4fa-775d95ac
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\4bbde4fa-775d95ac.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\6bda4eb8-1087307b
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\6bda4eb8-1087307b.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\504b0236-6d166e68
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\504b0236-6d166e68.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6954ca36-11343d33
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6954ca36-11343d33.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\66f53474-28a8c03a
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\66f53474-28a8c03a.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\e9b08c5-375eb2af
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\e9b08c5-375eb2af.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\2adba6b1-25187df2
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\2adba6b1-25187df2.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1a2435af-2e425a7b
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1a2435af-2e425a7b.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4d85c4ed-21fafb44
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4d85c4ed-21fafb44.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\c3e652b-5ab758e6
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\c3e652b-5ab758e6.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\249b1caa-1cd6fef7
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\249b1caa-1cd6fef7.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\7efbf228-468b53d5
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\7efbf228-468b53d5.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ea39466-40a361fe
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ea39466-40a361fe.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\743713a4-69b166ed
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\743713a4-69b166ed.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\54a41c20-52c66b85
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\54a41c20-52c66b85.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2d21e7df-1c168f88
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2d21e7df-1c168f88.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\56876d9e-1d5ca1e5
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\56876d9e-1d5ca1e5.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2d2339dd-149e96a3
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2d2339dd-149e96a3.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\74a9f11d-554b105d
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\74a9f11d-554b105d.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\b96da13-47747e5f
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\b96da13-47747e5f.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\13809cd2-3154af33
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\13809cd2-3154af33.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4394dfce-7ab393a3
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4394dfce-7ab393a3.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\7503df8e-454e059c
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\7503df8e-454e059c.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\1ab36f0d-7746af5a
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\1ab36f0d-7746af5a.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\671d704a-577f068a
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\671d704a-577f068a.idx
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6d36b54a-14eae316
Deleted file: C:\Users\Kris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6d36b54a-14eae316.idx
 
Exception encountered in module [JavaRa]
Message: Object reference not set to an instance of an object.
   at JavaRa.routines_registry.get_jre_uninstallers()

User initialised redundant data purge.
......................

Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removal routine completed successfully. 0 items have been deleted.
Exception encountered in module [JavaRa]
Message: Object reference not set to an instance of an object.
   at JavaRa.routines_registry.get_jre_uninstallers()

== Cleaning JRE temporary files ==

 

 

So far so good, I can't believe how fast my pc is running now..

Still have to run the DelFix, I'll be back......



#12 horseplay

horseplay
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 26 June 2015 - 03:17 PM

Thank you again Jason, all is well !

I tried to donate some money to you but I'm having issues with paypal because my husband is passed away.

But I promise as soon as I get it resolved I will be back.

I can only imagine what a pc guy would have charged me for all this. 

You guys are awesome and very much appreciated !

 

thank you thank you !

 

Kris



#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:48 AM

Posted 26 June 2015 - 03:37 PM

You're welcome, and thank you in advance! :)


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:48 AM

Posted 26 June 2015 - 03:38 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users