Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

scared


  • Please log in to reply
12 replies to this topic

#1 jcwrightjr

jcwrightjr

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 15 August 2015 - 03:47 PM

seems my father has given me another computer loaded with viruses. i am running ccleaner, superantivirus, malwarebytes. it is an accer with windows 7 home premium. have not checked for more information. seems that i get a clean bill of health from ccleaners, then run superantivirus, it finds about 50 things wrong. i fix the problems only to find them back after a reboot, when i rerun superrantivirus. i have no disks with the computer. what should i do? i am conversing from a diferent computer.

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 16 August 2015 - 07:40 AM

Assuming you mean Super Antispyware and not Superantivirus......it could be just 3rd party cookies it is finding and removing. Those will load right back onto

the computer as soon as you visit websites unless you have changed your browser(s) settings to block them from installing.

 

Find the most recent SAS log and post it or run a new scan and post the results.

 

To find and remove other adware and malware use the programs below.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 jcwrightjr

jcwrightjr
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 16 August 2015 - 11:05 AM

sorry, i did mean to say superantispyware. after working until 1am and deleting close to  2000 pups and viruses i found the problem back this morning. my system is an acer aspire 7736z-4088.

my logs are as follows.

jrt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 7 Home Premium x64
Ran by JAYC on Sat 08/15/2015 at  8:29:39.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\BYGWIAACQMVCYEYV
Successfully deleted: [Task] C:\Windows\system32\tasks\Check Updates
Successfully deleted: [Task] C:\Windows\system32\tasks\SaferUpdateTaskMachineCore
Successfully deleted: [Task] C:\Windows\system32\tasks\SaferUpdateTaskMachineUA
Successfully deleted: [Task] C:\Windows\system32\tasks\SaferUpdateTaskSCUD
Successfully deleted: [Task] C:\Windows\system32\tasks\updateTask
Successfully deleted: [Task] C:\Windows\system32\tasks\Validate Installation
Successfully deleted: [Task] C:\Windows\system32\tasks\WeighExact
Successfully deleted: [Task] C:\Windows\Tasks\BYGWIAACQMVCYEYV.job
Successfully deleted: [Task] C:\Windows\Tasks\WeighExact.job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9FB2E61B1DFD1ADFA909A748E6FB117A
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3170892225-3866138896-3153241-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] (Default)    REG_SZ    Crossbrowse
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\wbsvc



~~~ Files

Successfully deleted: [File] C:\ProgramData\1439644713.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1439644848.1672.bin
Successfully deleted: [File] C:\ProgramData\1439644848.2456.bin
Successfully deleted: [File] C:\ProgramData\1439644848.2524.bin
Successfully deleted: [File] C:\ProgramData\1439644848.3740.bin
Successfully deleted: [File] C:\ProgramData\1439644848.4060.bin
Successfully deleted: [File] C:\ProgramData\1439644988.bdinstall.bin
Successfully deleted: [File] C:\Users\JAYC\Appdata\Local\2e17807b6009e83d7c1903318cf1501c
Successfully deleted: [File] C:\Users\JAYC\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_nafaimnnclfjfedmmabolbppcngeolgf_0.localstorage



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\app_setup
Successfully deleted: [Folder] C:\Program Files (x86)\consumer input
Successfully deleted: [Folder] C:\Program Files (x86)\globalupdate
Successfully deleted: [Folder] C:\Program Files (x86)\safer technologies
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\JAYC\Appdata\Local\deskbar
Successfully deleted: [Folder] C:\Users\JAYC\Appdata\Local\globalupdate
Successfully deleted: [Folder] C:\Users\JAYC\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\JAYC\Appdata\Local\plutotv
Successfully deleted: [Folder] C:\Users\JAYC\Appdata\Local\safer technologies
Successfully deleted: [Folder] C:\Users\JAYC\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Users\JAYC\AppData\Roaming\compete
Successfully deleted: [Folder] C:\ProgramData\28341ff220e0446c9fff27c4493d622e
Successfully deleted: [Folder] C:\ProgramData\2ffe752400000715
Successfully deleted: [Folder] C:\Users\JAYC\Appdata\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}



~~~ FireFox

Successfully deleted: [File] C:\Users\JAYC\AppData\Roaming\mozilla\firefox\profiles\h0bzodcn.default\user.js
Successfully deleted: [File] C:\Users\JAYC\AppData\Roaming\mozilla\firefox\profiles\h0bzodcn.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\JAYC\AppData\Roaming\mozilla\firefox\profiles\h0bzodcn.default\extensions\veggy@veggyaddon.com
Successfully deleted the following from C:\Users\JAYC\AppData\Roaming\mozilla\firefox\profiles\h0bzodcn.default\prefs.js

user_pref(browser.startup.homepage, hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_33&param1=1&param2=f%3D1%26b%3DFirefox%



~~~ Chrome


[C:\Users\JAYC\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\JAYC\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\JAYC\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\JAYC\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/15/2015 at  8:34:59.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

adwarecleaner:

# AdwCleaner v5.000 - Logfile created 15/08/2015 at 08:42:42
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : JAYC - JAYSACER
# Running from : C:\Users\JAYC\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\JAYC\AppData\Local\CleanerPro
[-] Folder Deleted : C:\Users\JAYC\AppData\Roaming\Mozilla\Firefox\Profiles\h0bzodcn.default\Extensions\staged\veggy@veggyAddon.com
[-] Folder Deleted : C:\Users\JAYC\AppData\Roaming\Mozilla\Firefox\Profiles\h0bzodcn.default\Extensions\magit@magit.com
[-] Folder Deleted : C:\Users\JAYC\Documents\CleanerPro

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\JAYC\AppData\Roaming\Mozilla\Firefox\Profiles\h0bzodcn.default\searchplugins\search-provided-by-yahoo.xml

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Check Updates
[-] Task Deleted : Validate Installation
[-] Task Deleted : WebBarUpdateTask

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Value Deleted : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
[-] Key Deleted : HKLM\SOFTWARE\9DE6EC17-1FE3-BB48-8740-D351B288F985
[-] Key Deleted : HKLM\SOFTWARE\e7c14f5d-3ad6-aa81-d7e2-fc18bfae7ef2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07B5F0F7-BAD2-49EA-A3B9-58421C106EEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2DE39074-FB8E-488C-BFDA-86018A9688EC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{51FE0762-774F-497D-ACA4-D20BDF6CB8F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58C502E5-3FFA-4225-8B62-F033B28DD205}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{684A0F47-547A-4865-AADB-B6CE4A4B1C85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7750AFAF-40F3-408C-BF6F-0FCE24B82342}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D4BD6801-D4E0-49A8-8EE8-43F478DB49DE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E725EA2F-DDBB-4C4B-8FE8-C6C23233685E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F468F270-9A1B-44C5-BA76-81CC0C29680B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F9C17917-8FEA-4E6C-A669-7D798763B63B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\CleanerProConfig
[-] Key Deleted : HKCU\Software\CleanerProLanguage
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\Musicloud
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\ZoomWebLists
[-] Key Deleted : HKLM\SOFTWARE\Br MediaPlayer
[-] Key Deleted : HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomWebLists
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InboxAce_1gbar Uninstall Internet Explorer
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\Store
[!] Key Not Deleted : [x64] HKCU\Software\Tutorials
[!] Key Not Deleted : [x64] HKCU\Software\CleanerProConfig
[!] Key Not Deleted : [x64] HKCU\Software\CleanerProLanguage
[!] Key Not Deleted : [x64] HKCU\Software\PRODUCTSETUP
[!] Key Not Deleted : [x64] HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[!] Key Not Deleted : [x64] HKCU\Software\Musicloud
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\downchecker
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\JAYC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\JAYC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\JAYC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : taplika.com
[-] [C:\Users\JAYC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
[-] [C:\Users\JAYC\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_popjar_15_33&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDyCtCyB0CyE0D0CtA0AyD0AyDzytB0FtN0D0Tzu0StCtAtBtBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0BtAyCyC0BtDtGyBzztByCtG0E0ByC0DtGtC0E0DyDtGtAyC0CyDyC0CzytA0EyB0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0DtC0B0AyB0F0CtGyCzz0BtBtGyEtC0EyBtG0AtByC0FtG0A0CtC0EyDtB0E0A0FzztDtC2QtN0A0LzuyE%26cr%3D8033629%26a%3Dwncy_popjar_15_33%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C2].txt - [9682 octets] - [15/08/2015 08:42:42]
C:\AdwCleaner[S2].txt - [9151 octets] - [15/08/2015 08:40:40]

########## EOF - C:\AdwCleaner[C2].txt - [9808 octets] ##########
 

eset:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Inbox.dll.vir    a variant of Win32/Toolbar.Inbox.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Inbox.exe.vir    a variant of Win32/Toolbar.Inbox.L potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Driver\tbrdrv.sys.vir    a variant of Win32/Toolbar.Inbox.L potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe.vir    a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbprtct.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gdatact.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gdlghk.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gdlghk64.dll.vir    a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gfeedmg.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1ghighin.exe.vir    a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1ghkstub.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1ghtmlmu.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AT potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1ghttpct.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gidle.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gmedint.exe.vir    a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gmlbtn.dll.vir    Win32/Toolbar.MyWebSearch.AS potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gPlugin.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1greghk.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gregiet.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gscript.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gskin.dll.vir    a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gskplay.exe.vir    a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\1gtpinst.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\APPINTEGRATOR.EXE.vir    a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe.vir    Win64/Toolbar.MyWebSearch.D potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\APPINTEGRATORSTUB.DLL.vir    a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\ASSISTMONITOR.DLL.vir    a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\ASSISTMONITOR64.DLL.vir    a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\CREXT.DLL.vir    a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\CrExtP1g.exe.vir    Win32/Toolbar.MyWebSearch.AR potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\DPNMNGR.DLL.vir    Win32/Toolbar.MyWebSearch.AR potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\FF-NativeMessagingDispatcher.dll.vir    a variant of Win32/Toolbar.MyWebSearch.AO potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\HKFXMGR.DLL.vir    Win32/Toolbar.MyWebSearch.AR potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\HKFXMGR64.DLL.vir    Win64/Toolbar.MyWebSearch.E potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG.DLL.vir    a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\Hpg64.dll.vir    a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\T8EPMSUP.DLL.vir    Win32/Toolbar.MyWebSearch.AU potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\T8EXTEX.DLL.vir    Win32/Toolbar.MyWebSearch.AU potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\T8EXTPEX.DLL.vir    Win32/Toolbar.MyWebSearch.AU potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\T8TICKER.DLL.vir    a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\TOOLBARGUARD.DLL.vir    a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\TOOLBARGUARD64.DLL.vir    a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL.vir    a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL.vir    a variant of Win64/Toolbar.MyWebSearch.C potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE.vir    a variant of Win32/Toolbar.MyWebSearch.AF potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\assists\ie_enable\ARBITER.DLL.vir    a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InboxAce_1g\bar\1.bin\assists\ie_enable\ARBITER64.DLL.vir    a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WSE_Taplika\uninstall.exe.vir    a variant of Win32/InstallCore.YX potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\JAYC\AppData\Roaming\Mozilla\Firefox\Profiles\h0bzodcn.default\Extensions\staged\veggy@veggyAddon.com\chrome\content\main.js.vir    JS/Kryptik.I trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\JAYC\AppData\Roaming\Mozilla\Firefox\Profiles\h0bzodcn.default\Extensions\staged\veggy@veggyAddon.com\chrome\content\vgValidator.js.vir    JS/Kryptik.I trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\JAYC\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat.vir    VBS/Kryptik.DY trojan    cleaned by deleting - quarantined
C:\Users\JAYC\AppData\Local\Mozilla\Firefox\Profiles\h0bzodcn.default\cache2\entries\28D1EA93A74843F43F40EB8A185CF493B0993064    JS/Kryptik.I trojan    cleaned by deleting - quarantined
C:\Users\JAYC\AppData\Local\Mozilla\Firefox\Profiles\h0bzodcn.default\cache2\entries\447430E09AA801C5EAE4CCEDC29AFFECDEA265CD    JS/Kryptik.I trojan    cleaned by deleting - quarantined
C:\Users\JAYC\AppData\Local\Temp\compete.exe    a variant of Win32/Compete.C potentially unwanted application    deleted - quarantined
C:\Users\JAYC\AppData\Local\{008236DE-242A-5A66-49B2-7F8E6DDA8316}\uninstall.exe    a variant of Win32/DealPly.BB potentially unwanted application    cleaned by deleting - quarantined
C:\Users\JAYC\AppData\Roaming\Aaf5ORX\Kommun.dll    a variant of MSIL/Adware.WinuSecu.B application    cleaned by deleting - quarantined
C:\Users\JAYC\AppData\Roaming\f66z2cQ\Kommun.dll    a variant of MSIL/Adware.WinuSecu.B application    cleaned by deleting - quarantined
C:\Users\JAYC\AppData\Roaming\JFqQU5L\Kommun.dll    a variant of MSIL/Adware.WinuSecu.B application    cleaned by deleting - quarantined
C:\Users\JAYC\Downloads\setup.exe    a variant of Win32/InstallCore.AAJ potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\System32\dorf\omok\fyw.dat    Win32/Qhost trojan    cleaned by deleting - quarantined
C:\Windows\System32\drivers\tbrdrv.sys    a variant of Win32/Toolbar.Inbox.L potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Temp\7C61.tmp.exe    a variant of Win32/Adware.ConvertAd.VR application    cleaned by deleting - quarantined
C:\Windows\Temp\AFEF.tmp.exe    a variant of Win32/Adware.ConvertAd.WB application    cleaned by deleting - quarantined
 



#4 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 16 August 2015 - 11:44 AM

As you can see a lot of adware and some malware was found and removed. Rerun AdwCleaner...if it finds and removes anything post the results.

 

According to your opening post you have CCleaner installed.

After running CCleaner...post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 jcwrightjr

jcwrightjr
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 16 August 2015 - 01:04 PM

this has really improved my system. thank you.

 

here are my logs.

 

adwcleaner:

# AdwCleaner v5.000 - Logfile created 15/08/2015 at 12:37:44
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : JAYC - JAYSACER
# Running from : C:\Users\JAYC\Downloads\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C2].txt - [9937 octets] - [15/08/2015 08:42:42]
C:\AdwCleaner[C3].txt - [706 octets] - [15/08/2015 12:37:44]
C:\AdwCleaner[S2].txt - [9151 octets] - [15/08/2015 08:40:40]
C:\AdwCleaner[S3].txt - [808 octets] - [15/08/2015 12:35:51]

########## EOF - C:\AdwCleaner[C3].txt - [893 octets] ##########
 

 

startup ccleaners:

Yes    HKCU:Run    Spotify    Spotify Ltd    "C:\Users\JAYC\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
Yes    HKCU:Run    Spotify Web Helper    Spotify Ltd    "C:\Users\JAYC\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes    HKCU:Run    SUPERAntiSpyware    SUPERAntiSpyware    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Yes    HKCU:Run    swg    Google Inc.    "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes    HKLM:Run    Acer Assist Launcher        C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
Yes    HKLM:Run    Acer ePower Management    Acer Incorporated    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Yes    HKLM:Run    Adobe Reader Speed Launcher    Adobe Systems Incorporated    "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes    HKLM:Run    Apoint    Alps Electric Co., Ltd.    C:\Program Files\Apoint2K\Apoint.exe
Yes    HKLM:Run    ArcadeDeluxeAgent    CyberLink Corp.    "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
Yes    HKLM:Run    BackupManagerTray    NewTech Infosystems, Inc.    "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
Yes    HKLM:Run    EgisTecLiveUpdate    Egis Technology Inc.    "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    C:\Windows\system32\hkcmd.exe
Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    IAAnotif    Intel Corporation    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    LManager    Dritek System Inc.    C:\Program Files (x86)\Launch Manager\LManager.exe
Yes    HKLM:Run    Logitech Download Assistant    Microsoft Corporation    C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
No    HKLM:Run    mwlDaemon    Egis Technology Inc.    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
Yes    HKLM:Run    Persistence    Intel Corporation    C:\Windows\system32\igfxpers.exe
Yes    HKLM:Run    PlayMovie    Acer Corp.    "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
Yes    HKLM:Run    PLFSetI        C:\Windows\PLFSetI.exe
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 

 

install ccleaners:

 

 

Acer Arcade Deluxe    CyberLink Corp.    3/15/2015    99.8 MB    3.0.7006
Acer Assist    Acer Incorporated    3/16/2015        
Acer Backup Manager    NewTech Infosystems    11/4/2009    26.5 MB    2.0.0.29
Acer Crystal Eye webcam Ver:1.1.124.1120    Chicony Electronics Co.,Ltd.    3/15/2015        1.1.124.1120
Acer ePower Management    Acer Incorporated    3/15/2015        4.05.3004
Acer eRecovery Management    Acer Incorporated    11/4/2009        4.05.3005
Acer Games    WildTangent    3/14/2015        1.0.0.71
Acer GridVista    Acer Inc.    3/14/2015        3.01.0730
Acer Registration    Acer Incorporated    3/14/2015        1.02.3006
Acer ScreenSaver    Acer Incorporated    3/15/2015        1.7.0715
Acrobat.com    Adobe Systems Incorporated    10/28/2009    1.60 MB    1.6.65
Adobe AIR    Adobe Systems Incorporated    4/19/2015        17.0.0.144
Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    3/14/2015        10.0.32.18
Adobe Flash Player 18 PPAPI    Adobe Systems Incorporated    8/13/2015    18.3 MB    18.0.0.209
Adobe Reader 9.1 MUI    Adobe Systems Incorporated    10/28/2009    650 MB    9.1.0
ALPS Touch Pad Driver    Alps Electric    3/15/2015        7.105.2015.1103
Bitdefender Antivirus Free Edition    Bitdefender    8/15/2015        1.0.21.1099
Broadcom Gigabit NetLink Controller    Broadcom Corporation    10/28/2009    460 KB    12.26.02
CCleaner    Piriform    4/19/2015        4.09
Chromium    Chromium    8/14/2015        46.0.2480.0
ESET Online Scanner v3        8/15/2015        
eSobi v2    esobi Inc.    10/28/2009    20.4 MB    2.0.4.000274
Google Toolbar for Internet Explorer    Google Inc.    3/14/2015        
HP Deskjet 2540 series Basic Device Software    Hewlett-Packard Co.    4/30/2015    154 MB    32.2.188.47710
HP Deskjet 2540 series Help    Hewlett Packard    4/30/2015    6.69 MB    30.0.0
HP Photo Creations    HP    4/30/2015    14.6 MB    1.0.0.7702
HP Update    Hewlett-Packard    4/30/2015    4.04 MB    5.005.002.002
Identity Card    Acer Incorporated    3/14/2015        1.00.3002
Intel® Graphics Media Accelerator Driver    Intel Corporation    3/16/2015    54.2 MB    8.15.10.2202
Intel® Matrix Storage Manager    Intel Corporation    3/14/2015        
Launch Manager    Acer Inc.    3/15/2015        3.0.06
LSI HDA Modem    LSI Corporation    3/14/2015    16.0 KB    2.1.94
Malwarebytes Anti-Malware version 2.1.8.1057    Malwarebytes Corporation    8/14/2015    64.5 MB    2.1.8.1057
Microsoft .NET Framework 4 Client Profile    Microsoft Corporation    3/17/2015    38.8 MB    4.0.30319
Microsoft Mouse and Keyboard Center    Microsoft Corporation    5/6/2015        2.3.188.0
Microsoft Office File Validation Add-In    Microsoft Corporation    3/18/2015    10.9 MB    14.0.5130.5003
Microsoft Office Home and Student 2007    Microsoft Corporation    3/16/2015        12.0.6612.1000
Microsoft Office Suite Activation Assistant    Microsoft Corporation    11/4/2009    8.36 MB    2.9
Microsoft Silverlight    Microsoft Corporation    8/14/2015    150 MB    5.1.40728.0
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    3/15/2015    1.72 MB    3.1.0000
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    3/16/2015    300 KB    8.0.61001
Mozilla Firefox 40.0.2 (x86 en-US)    Mozilla    8/15/2015    84.4 MB    40.0.2
Mozilla Maintenance Service    Mozilla    8/15/2015    246 KB    40.0.2.5702
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    3/16/2015    1.27 MB    4.20.9870.0
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    3/16/2015    1.33 MB    4.20.9876.0
MyWinLocker    Egis Technology Inc.    11/4/2009    47.9 MB    3.1.76.0
NTI Backup Now 5    NewTech Infosystems    10/28/2009    465 MB    5.1.2.627
NTI Media Maker 8    NewTech Infosystems    10/28/2009    766 MB    8.0.12.6623
Product Improvement Study for HP Deskjet 2540 series    Hewlett-Packard Co.    4/30/2015    9.67 MB    32.2.188.47710
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    3/14/2015        6.0.1.5911
Realtek USB 2.0 Card Reader    Realtek Semiconductor Corp.    10/28/2009        6.1.7100.30093
Spotify    Spotify AB    8/15/2015        1.0.11.134.ga37df67b
SUPERAntiSpyware    SUPERAntiSpyware.com    4/19/2015    50.8 MB    6.0.1186
Swivellers Cribbage    W A Bridge Ltd    8/15/2015    1.04 MB    1.0.0
Tweaking.com - Windows Repair (All in One)    Tweaking.com    4/19/2015        3.0.0
Welcome Center    Acer Incorporated    3/14/2015        1.00.3008
Windows Live Essentials    Microsoft Corporation    3/15/2015        14.0.8089.0726
Windows Live Sign-in Assistant    Microsoft Corporation    3/15/2015    1.93 MB    5.000.818.5
Windows Live Sync    Microsoft Corporation    3/15/2015    2.78 MB    14.0.8089.726
Windows Live Upload Tool    Microsoft Corporation    3/15/2015    224 KB    14.0.8014.1029
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

;



#6 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 16 August 2015 - 02:04 PM

I don't see the list Scheduled Tasks as requested. Let me know if there were no Tasks or post them if they were just missed.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 16 August 2015 - 02:29 PM

Disable these Windows Startups: (Use CCleaner by clicking on each item to highlight and then choosing on the right to Disable, Remove or Uninstall.

Yes    HKCU:Run    Spotify    Spotify Ltd    "C:\Users\JAYC\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
Yes    HKCU:Run    Spotify Web Helper    Spotify Ltd    "C:\Users\JAYC\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
Yes    HKCU:Run    SUPERAntiSpyware    SUPERAntiSpyware    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Unless it was purchased....not FREE)
Yes    HKCU:Run    swg    Google Inc.    "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Yes    HKLM:Run    Adobe Reader Speed Launcher    Adobe Systems Incorporated    "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Yes    HKLM:Run    ArcadeDeluxeAgent    CyberLink Corp.    "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
Yes    HKLM:Run    BackupManagerTray    NewTech Infosystems, Inc.    "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
Yes    HKLM:Run    EgisTecLiveUpdate    Egis Technology Inc.    "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe

Yes    HKLM:Run    PlayMovie    Acer Corp.    "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

Yes    HKLM:Run    PLFSetI        C:\Windows\PLFSetI.exe

 

Uninstall these programs:

Acrobat.com    Adobe Systems Incorporated    10/28/2009    1.60 MB    1.6.65
Adobe AIR    Adobe Systems Incorporated    4/19/2015        17.0.0.144

Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    3/14/2015        10.0.32.18 (Use Uninstall Flash Player | Windows)

Adobe Reader 9.1 MUI    Adobe Systems Incorporated    10/28/2009    650 MB    9.1.0

Google Toolbar for Internet Explorer    Google Inc.    3/14/2015      

Product Improvement Study for HP Deskjet 2540 series    Hewlett-Packard Co.    4/30/2015    9.67 MB    32.2.188.47710


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 jcwrightjr

jcwrightjr
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 16 August 2015 - 02:30 PM

sorry, excited by the outcome.

here are, i think, the requested logs.

startup for internet explorer:

Yes    Extension    Blog This    Microsoft Corporation    C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Yes    Extension    HP Smart Print    Hewlett-Packard    C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
Yes    Extension    Research    Microsoft Corporation    C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Yes    Extension    Send to OneNote    Microsoft Corporation    C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
No    Toolbar    Google Toolbar    Google Inc.    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
No    Toolbar    Google Toolbar    Google Inc.    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
 

startup for firefox:

Yes    Plugin    Adobe Acrobat    9.1.0.163    Adobe Systems Inc.    default    Firefox 40.0.2    c:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
Yes    Plugin    Bitdefender QuickScan    0.9.9.140    Bitdefender SRL    default    Firefox 40.0.2    C:\Users\JAYC\AppData\Roaming\Mozilla\Firefox\Profiles\h0bzodcn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Yes    Plugin    Silverlight Plug-In    5.1.40728.0     Microsoft Corporation    default    Firefox 40.0.2    c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
Yes    Plugin    Windows Live® Photo Gallery    14.0.8081.709    Microsoft Corporation    default    Firefox 40.0.2    C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 

 

startup scheduled tasks:

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    HPCustParticipation HP Deskjet 2540 series    Hewlett-Packard Co.    "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe" /UA 12.5 /DDV 0x0b00
Yes    Task    imez1fW        C:\Users\JAYC\AppData\Roaming\imez1fW.exe --c=D5gEtt7XHlctSSZa++W8uojpsepikUpxA+olXmodEYkNTiE9bGp6Jnjt7UaMHWk4Tphlnaug3xGOX5vXT6Toe77St1GiRbyeT5DpYx+Hf2NjPUSB7vOtDeyJuU2Ggq0aJyIOfy3kj80QMFe5Kp1V89ZycEsVSuCVyoC+6Q1ZV2BzV8fBxhwO+BEig0h83fd7ybC562MmsbYjaEJdFSA1HmREP7xSXs80XP2jBp0s5ejEA9DLbO612bglmTUNLVrUq8U2dBQ2t2qzu9JwCgb9hrNxdczwyLyLSZ386xzT+5Lsyu98LgAM+M4Bwm9ALMUV0ChJ4SQm3fPrat5dkDmTJg==
Yes    Task    L3clK9PGOT6IOrfgaf        C:\Users\JAYC\AppData\Roaming\L3clK9PGOT6IOrfgaf.exe --c=Ruj+UmOME5xYAb529cSVOqnbxuhe9e9Q6gbG/7GS1QsovC35TS2zq2jI/1kDbXDgkEyLIKBrmW5665F2aGfBAP8Rm17+6uum+P3hQ7N0+riGBZt2lXK6PGoFi/oF+NgMDrudncOVNl3cfWQARe+3XVhV2WLLkwaelOYMNM3jy8RUJXachptfoxI3vS9V9anxqxQO0OBIhDwQYJiG7EbRPMO8Ds/yAgDdzWoaDH8cTyRM9Wcx/zOhk5+Qwn8x75irAZGlrnuorwg2Dtm6o8DC2boO0jmKnmt42+hQZsWQMu19WDGveTLVIwwP/8e9rWuix70ideqY6qRk7FLntGtRcg==
Yes    Task    McQcModifier-5c47-a7b0        C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd
Yes    Task    Multimedia Class Scheduler32        C:\Windows\system32\config\systemprofile\AppData\Local\MultimediaClass\nlsdata0c1a.exe /t
Yes    Task    nVMhprJ4X        C:\Users\JAYC\AppData\Roaming\nVMhprJ4X.exe --c=EjQClp7d7JA3CW7Dl5iv2ay71LetyGUGjtKJXLlkh+2yCs0ZYiE3CSuicfPEugrDBQVcKD2mxlG+PMqpaJ2lNk+9iaSvPDRUZxa8Hb5yicaeVv4zgC02bxw9k9Z2QliP4pbxJmrwvSHwOPG0iau0PGQTXAPAb62t8OcLITuzE06TwCG5uSVD28WHFT2AJtUe3BQ2TpWGiBh152Ht9+Q4uh2j7dA8AZ3ehhTrxZbRaooSa2HCkrGpyAb1osq/skZ4zaJgHw4D6qgdO5VJwAGJIjcmrK+9pufjVCUqjIlp5iyQYowYENZlDIixqg9/0fuc1sVu9G4nJu8dzCf0K92QqA==
Yes    Task    runTask        %TEMP%/Updater.exe /install
Yes    Task    UFGIMDA1        C:\ProgramData\FlashBeat\FlashBeat.exe
 

i did not rerun ccleaners this time. i am just showing the logs when i open ccleaners and hit tools?



#9 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 16 August 2015 - 02:51 PM

You could Disable all of the Firefox Plugins in Startup.

 

Disable these Scheduled Tasks:

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    HPCustParticipation HP Deskjet 2540 series    Hewlett-Packard Co.    "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe" /UA 12.5 /DDV 0x0b00

 

Remove these Scheduled Tasks....not just disable:

Yes    Task    imez1fW        C:\Users\JAYC\AppData\Roaming\imez1fW.exe --c=D5gEtt7XHlctSSZa++W8uojpsepikUpxA+olXmodEYkNTiE9bGp6Jnjt7UaMHWk4Tphlnaug3xGOX5vXT6Toe77St1GiRbyeT5DpYx+Hf2NjPUSB7vOtDeyJuU2Ggq0aJyIOfy3kj80QMFe5Kp1V89ZycEsVSuCVyoC+6Q1ZV2BzV8fBxhwO+BEig0h83fd7ybC562MmsbYjaEJdFSA1HmREP7xSXs80XP2jBp0s5ejEA9DLbO612bglmTUNLVrUq8U2dBQ2t2qzu9JwCgb9hrNxdczwyLyLSZ386xzT+5Lsyu98LgAM+M4Bwm9ALMUV0ChJ4SQm3fPrat5dkDmTJg==

Yes    Task    L3clK9PGOT6IOrfgaf        C:\Users\JAYC\AppData\Roaming\L3clK9PGOT6IOrfgaf.exe --c=Ruj+UmOME5xYAb529cSVOqnbxuhe9e9Q6gbG/7GS1QsovC35TS2zq2jI/1kDbXDgkEyLIKBrmW5665F2aGfBAP8Rm17+6uum+P3hQ7N0+riGBZt2lXK6PGoFi/oF+NgMDrudncOVNl3cfWQARe+3XVhV2WLLkwaelOYMNM3jy8RUJXachptfoxI3vS9V9anxqxQO0OBIhDwQYJiG7EbRPMO8Ds/yAgDdzWoaDH8cTyRM9Wcx/zOhk5+Qwn8x75irAZGlrnuorwg2Dtm6o8DC2boO0jmKnmt42+hQZsWQMu19WDGveTLVIwwP/8e9rWuix70ideqY6qRk7FLntGtRcg==

Yes    Task    McQcModifier-5c47-a7b0        C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd

Yes    Task    nVMhprJ4X        C:\Users\JAYC\AppData\Roaming\nVMhprJ4X.exe --c=EjQClp7d7JA3CW7Dl5iv2ay71LetyGUGjtKJXLlkh+2yCs0ZYiE3CSuicfPEugrDBQVcKD2mxlG+PMqpaJ2lNk+9iaSvPDRUZxa8Hb5yicaeVv4zgC02bxw9k9Z2QliP4pbxJmrwvSHwOPG0iau0PGQTXAPAb62t8OcLITuzE06TwCG5uSVD28WHFT2AJtUe3BQ2TpWGiBh152Ht9+Q4uh2j7dA8AZ3ehhTrxZbRaooSa2HCkrGpyAb1osq/skZ4zaJgHw4D6qgdO5VJwAGJIjcmrK+9pufjVCUqjIlp5iyQYowYENZlDIixqg9/0fuc1sVu9G4nJu8dzCf0K92QqA==
Yes    Task    runTask        %TEMP%/Updater.exe /install
Yes    Task    UFGIMDA1        C:\ProgramData\FlashBeat\FlashBeat.exe


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 jcwrightjr

jcwrightjr
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 16 August 2015 - 04:05 PM

deleted, uninstalled, and removed all programs suggested, i think. what next?



#11 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 16 August 2015 - 04:34 PM

During the next few days check the Tasks to see if any those you removed...not disabled...come back. If they do, let me know.

Other than that I think you are good to go.

 

It would be a good idea to run MBAM and AdwCleaner again after a couple of days, too. Some of these things have a way of resurrecting....:)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 jcwrightjr

jcwrightjr
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 16 August 2015 - 04:38 PM

i appreciate your assistance. where can i make a donation to your organization?



#13 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:15 PM

Posted 16 August 2015 - 05:58 PM

You're welcome....no donation required.  If that was a free version of Super Antispyware, ditch it and purchase MBAM...just a suggestion.

Happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users