Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have 2 pups that malwarebytes always finds


  • Please log in to reply
9 replies to this topic

#1 NikolaTesla

NikolaTesla

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 01 November 2015 - 10:42 AM

Hello,

 

I also have a sound card that does not work...installed but not recognized and I cannot do a system restore as it always tells me it won't complete. I am sure this is not a coincidence.

 

Thanks!!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:36 AM

Posted 01 November 2015 - 11:18 AM

I read your other topic. While in safe mode....run a scan using Eset Online Scanner and AdwCleaner.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 NikolaTesla

NikolaTesla
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 01 November 2015 - 12:34 PM

I let this run and when I came back the computer was off and when I started it again it had the black screen asking to start windows normally. I do not have anything to export like the instructions say and I am not sure if the scan completed itself but I copied the scan log. I don't know if it is the same thing or not.
 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=11ada2ebecbe8c41a815c23cc711193d
# engine=22314
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-05 02:21:35
# local_time=2015-02-04 09:21:35 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 174646345 0 0
# scanned=236780
# found=5
# cleaned=5
# scan_time=9730
sh=DEBB8608EAAFAB336D4950A681E1EFF15D4F6A36 ft=1 fh=f647b8d972ffcd7a vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter\VDCScriptHelper.dll.vir"
sh=07091461E5AA0441ADD24755E4814B91D0D3AC03 ft=1 fh=d99f3a2cac9d4322 vn="a variant of Win32/AdInstaller potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XWX5AUY\VideoDownloadConvert.exe"
sh=E23A699A94F805F3B6DF5B85144451B782EAE3B5 ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jennifer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\3023a1c0-7dbe5336"
sh=C3796BBC34B04FCE2637736271966D96E6C54B79 ft=1 fh=e4b2e95ce64221bd vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Jennifer\Desktop\Visicom Media\AceHTML 6 Pro\vmntoolbar\vmndtxTb_3.2.0.2.exe"
sh=C70C5ED81ABC01D05CBF9485C44B07F22E9AC580 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\174a7391.msi"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=11ada2ebecbe8c41a815c23cc711193d
# end=init
# utc_time=2015-06-17 01:19:52
# local_time=2015-06-16 09:19:52 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24362
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=11ada2ebecbe8c41a815c23cc711193d
# end=updated
# utc_time=2015-06-17 01:23:44
# local_time=2015-06-16 09:23:44 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=11ada2ebecbe8c41a815c23cc711193d
# engine=24362
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-17 03:22:38
# local_time=2015-06-16 11:22:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 186054808 0 0
# scanned=247270
# found=0
# cleaned=0
# scan_time=7134
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=11ada2ebecbe8c41a815c23cc711193d
# end=init
# utc_time=2015-11-01 04:37:31
# local_time=2015-11-01 11:37:31 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26513
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=11ada2ebecbe8c41a815c23cc711193d
# end=updated
# utc_time=2015-11-01 04:45:13
# local_time=2015-11-01 11:45:13 (-0500, Eastern Standard Time)
# country="United States"


#4 NikolaTesla

NikolaTesla
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 01 November 2015 - 12:50 PM

Here is the other scan

 

# AdwCleaner v5.015 - Logfile created 01/11/2015 at 12:44:13
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jennifer - JENNIFER-PC
# Running from : C:\Users\Jennifer\Downloads\adwcleaner_5.015.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Jennifer\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Jennifer\AppData\Roaming\Yahoo!\Companion
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
[-] Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\YFriendsBar
[!] Key Not Deleted : HKU\S-1-5-21-2790885812-1499487206-891857003-1000\Software\AppDataLow\Software\Yahoo\Companion
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1891 bytes] ##########


#5 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:36 AM

Posted 01 November 2015 - 05:26 PM

If you can, do this: ( it may work in safe mode if necessary)

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner after completing the other scans.

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 NikolaTesla

NikolaTesla
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 01 November 2015 - 06:48 PM

Emsisoft Emergency Kit - Version 10.0
Last update: 11/1/2015 5:47:17 PM
User account: Jennifer-PC\Jennifer
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/1/2015 6:26:00 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{34AD1EA7-8B9E-4D8B-B3ED-365D12C8EE73} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{35BBB95B-2CE4-4A9E-BDED-50EFD632AC00} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3BA6794F-1E38-4460-949A-0DE97D8EF5C2} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3CBA93EA-AEC3-4EC3-9EFD-D96A661B639D} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{46CE5380-6055-4C3A-A7E5-3A02A2335C61} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4F6ECF71-C575-4BD2-8EF7-548D0EF1AB1D} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54D99BE4-2FD7-449E-9DB4-76532CEE0B16} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5684EAE9-72EB-4CA6-83B8-82434B7E955C} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5A96E574-F8A6-4F6A-B58D-79C14B698017} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6605E3BD-7BC3-479C-BF0A-E5D5E954EA52} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7FCD22A8-B70A-4AC7-AAF1-EBCCD2F6612D} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{93F0AC70-20D8-4AE8-A02F-6812EFFB6B58} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{94E98D20-156E-4C53-BD7F-972C96E680B2} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A266567F-8E5D-480C-BCE2-C360FA669FD5} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CE4F67F6-4FD4-49DB-9D71-713CCD3D00CD} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{ECC69F9E-5456-4EDF-AF66-1A9DED11F9EE} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEARCH TOOLBAR detected: Adware.Win32.SearchBar (A)
Value: HKEY_USERS\S-1-5-21-2790885812-1499487206-891857003-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2790885812-1499487206-891857003-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\YT.YTNAVASSISTPLUGIN detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\YT.YTNAVASSISTPLUGIN.1 detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEARCH TOOLBAR detected: Application.InstallAd (A)
 
Scanned 85036
Found 22
 
Scan end: 11/1/2015 6:41:37 PM
Scan time: 0:15:37


#7 NikolaTesla

NikolaTesla
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 01 November 2015 - 07:11 PM

Yes HKCU:Run AdobeBridge "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
Yes HKCU:Run AnyDVD SlySoft, Inc. C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Jennifer\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run Messenger (Yahoo!) Yahoo! Inc. "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Yes HKLM:Run 00TCrdMain TOSHIBA Corporation %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run AdobeCS6ServiceManager Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes HKLM:Run HSON TOSHIBA Corporation %ProgramFiles%\TOSHIBA\TBS\HSON.exe
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run NortonOnlineBackupReminder Toshiba "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run RtHDVCpl Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Yes HKLM:Run SmartFaceVWatcher TOSHIBA Corporation %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
Yes HKLM:Run SmoothView TOSHIBA Corporation %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
Yes HKLM:Run SwitchBoard Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run Teco "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
Yes HKLM:Run ToshibaServiceStation TOSHIBA Corporation "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
Yes HKLM:Run TosNC TOSHIBA Corporation %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
Yes HKLM:Run TosReelTimeMonitor TOSHIBA Corporation %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
Yes HKLM:Run TosSENotify TOSHIBA Corporation C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
Yes HKLM:Run TosWaitSrv TOSHIBA Corporation %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
Yes HKLM:Run TPwrMain TOSHIBA Corporation %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
Yes HKLM:Run TWebCamera "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
Yes Startup Common ColorVisionStartup.lnk ColorVision Inc. C:\Program Files (x86)\PANTONE COLORVISION\Utility\ColorVisionStartup.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User OpenOffice.org 3.3.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
 
 
 
 
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-Jennifer-PC-Jennifer Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task ConfigFree Startup Programs TOSHIBA CORPORATION C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
Yes Task DropboxUpdateTaskUserS-1-5-21-2790885812-1499487206-891857003-1000Core Dropbox, Inc. C:\Users\Jennifer\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskUserS-1-5-21-2790885812-1499487206-891857003-1000UA Dropbox, Inc. C:\Users\Jennifer\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {07C77219-B427-48B8-87CE-A8B1E872CC6B} Google Inc. C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Yes Task {29DE8120-9E3D-4DC9-B24F-D5EC43B69DEB} Google Inc. C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Yes Task {8971C5F8-8E85-4EC8-A46A-6924E4C7FBBF} Google Inc. C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Yes Task {8BB1F361-08CA-493E-892C-E770FB83AF1F} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\Users\Jennifer\Downloads\irfanview_plugins_433_setup.exe -d C:\Users\Jennifer\Downloads
 
 
 
Adobe Flash Player 19 ActiveX Adobe Systems Incorporated 10/16/2015 3.43 MB 19.0.0.226
Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 10/16/2015 3.81 MB 19.0.0.226
Adobe Media Player Adobe Systems Incorporated 5/7/2011 1.1
Adobe Photoshop CS6 Adobe Systems Incorporated 11/16/2012 1.74 GB 13.0
Amazon Links TOSHIBA Corporation 7/29/2010 2.02
AnyDVD SlySoft 5/18/2012 7.0.4.0
Apple Application Support (32-bit) Apple Inc. 11/1/2015 114 MB 4.1
Apple Application Support (64-bit) Apple Inc. 11/1/2015 128 MB 4.1
Apple Mobile Device Support Apple Inc. 11/1/2015 28.0 MB 9.1.0.6
Apple Software Update Apple Inc. 11/1/2015 2.39 MB 2.1.4.131
ATI Catalyst Install Manager ATI Technologies, Inc. 7/29/2010 18.2 MB 3.0.732.0
Audacity 2.1.0 Audacity Team 6/17/2015 49.8 MB 2.1.0
Avast Free Antivirus AVAST Software 10/31/2015 10.4.2233
Black River Imaging Black River Imaging 9/15/2012
Bonjour Apple Inc. 11/1/2015 2.01 MB 3.1.0.1
CCleaner Piriform 11/1/2015 5.11
CloneDVD2 Elaborate Bytes 5/18/2012 2.9.3.0
Compatibility Pack for the 2007 Office system Microsoft Corporation 10/21/2015 364 MB 12.0.6612.1000
Dropbox Dropbox, Inc. 10/21/2015 3.10.8
ESET Online Scanner v3 2/4/2015
FlipShare Flip Video 6/30/2012 226 MB 5.6.35.0
Google Chrome Google Inc. 9/19/2010 46.0.2490.80
Google Earth Google 6/4/2015 179 MB 7.1.5.1557
Halsoft Virtual Places Chat Halsoft.com, Inc 8/22/2011
IrfanView (remove only) Irfan Skiljan 2/16/2012 1.50 MB 4.32
iTunes Apple Inc. 11/1/2015 218 MB 12.3.1.23
Label@Once 1.0 Corel 7/29/2010 33.0 MB 1.0
LAME v3.99.3 (for Windows) 7/3/2015 1.52 MB
Malwarebytes Anti-Malware version 2.1.8.1057 Malwarebytes Corporation 7/3/2015 64.5 MB 2.1.8.1057
Microsoft .NET Framework 4.5.1 Microsoft Corporation 8/27/2014 38.8 MB 4.5.50938
Microsoft Office File Validation Add-In Microsoft Corporation 8/28/2014 10.9 MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 2/20/2012 12.0.6612.1000
Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 10/21/2015 138 MB 12.0.6612.1000
Microsoft Office Suite Activation Assistant Microsoft Corporation 7/29/2010 8.36 MB 2.9
Microsoft Silverlight Microsoft Corporation 9/21/2015 150 MB 5.1.40728.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11/12/2009 1.72 MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 5/13/2011 260 KB 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 5/13/2011 252 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 6/17/2011 300 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 7/29/2010 700 KB 8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 5/22/2011 580 KB 8.0.51011
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 5/22/2011 790 KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 5/22/2011 598 KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Corporation 8/18/2012 242 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 11/12/2009 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 7/29/2010 788 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 6/17/2011 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 7/29/2010 596 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 6/17/2011 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 11/17/2012 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 11/17/2012 15.0 MB 10.0.40219
Microsoft Works Microsoft Corporation 10/11/2012 896 MB 9.7.0621
Mozilla Firefox 41.0.2 (x86 en-US) Mozilla 10/20/2015 86.8 MB 41.0.2
Mozilla Maintenance Service Mozilla 10/20/2015 341 KB 41.0.2.5765
NetZero Launcher TOSHIBA Corporation 7/29/2010 2.01
OpenOffice.org 3.3 OpenOffice.org 4/21/2011 358 MB 3.3.9567
OverDrive Media Console OverDrive, Inc. 4/30/2011 8.52 MB 3.2.5
PhotoTools 2.6.5 Professional Edition onOne Software 8/18/2012 2.6.5
PlayReady PC Runtime amd64 Microsoft Corporation 11/12/2009 2.05 MB 1.3.0
Quickbooks Financial Center TOSHIBA Corporation 7/29/2010 2.02
QuickTime 7 Apple Inc. 11/1/2015 70.3 MB 7.78.80.95
Realtek Ethernet Controller  Driver Realtek 7/29/2010 1.00.0008
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 10/31/2015 6.0.1.7541
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 7/29/2010 6.1.7600.30101
Realtek WLAN Driver Realtek 7/29/2010 1.53 MB 2.00.0006
Skype Launcher TOSHIBA Corporation 7/29/2010 2.01
Spyder2PRO 12/26/2012
Synaptics Pointing Device Driver Synaptics Incorporated 7/29/2010 13.2.6.1
TOSHIBA Application Installer TOSHIBA 11/12/2009 9.0.1.0
TOSHIBA Assist TOSHIBA 11/12/2009 3.00.10
TOSHIBA Bulletin Board TOSHIBA Corporation 7/29/2010 1.5.05.64
TOSHIBA ConfigFree TOSHIBA Corporation 7/29/2010 67.5 MB 8.0.21
TOSHIBA Disc Creator TOSHIBA Corporation 11/12/2009 8.38 MB 2.1.0.1 for x64
TOSHIBA DVD PLAYER TOSHIBA Corporation 7/29/2010 3.01.0.07-A
TOSHIBA eco Utility TOSHIBA Corporation 7/29/2010 7.09 MB 1.1.7.64
TOSHIBA Extended Tiles for Windows Mobility Center 7/29/2010
TOSHIBA Face Recognition TOSHIBA Corporation 7/29/2010 3.1.0.64
TOSHIBA Hardware Setup TOSHIBA Corporation 7/29/2010 2.00.11
TOSHIBA HDD/SSD Alert TOSHIBA Corporation 4/30/2011 75.5 MB 3.1.64.2
TOSHIBA Media Controller TOSHIBA CORPORATION 11/12/2009 1.0.65
Toshiba Online Backup Toshiba 7/29/2010 2.22 MB 1.2.0.38
TOSHIBA PC Health Monitor TOSHIBA Corporation 7/29/2010 27.4 MB 1.4.1.64
TOSHIBA Quality Application TOSHIBA 9/11/2010 1.0.1
TOSHIBA Recovery Media Creator TOSHIBA Corporation 11/12/2009 2.78 MB 2.1.0.4 for x64
TOSHIBA ReelTime TOSHIBA Corporation 7/29/2010 1.5.07.64
TOSHIBA Service Station TOSHIBA 7/29/2010 2.1.33
TOSHIBA Speech System Applications 7/29/2010 1.00.2518
TOSHIBA Speech System SR Engine(U.S.) Version1.0 7/29/2010
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 7/29/2010
TOSHIBA Supervisor Password TOSHIBA Corporation 7/29/2010 2.00.09
TOSHIBA Value Added Package TOSHIBA Corporation 7/29/2010 57.7 MB 1.2.26.64
TOSHIBA Web Camera Application TOSHIBA Corporation 7/29/2010 1.1.1.4
ToshibaRegistration Toshiba 11/12/2009 1.0.3
TreeSize Free V3.3.2 JAM Software 4/25/2015 6.18 MB 3.3.2
WildTangent Games WildTangent 7/29/2010 1.0.0.80
Windows Live Essentials Microsoft Corporation 11/12/2009 14.0.8089.0726
Windows Live Sign-in Assistant Microsoft Corporation 11/12/2009 1.93 MB 5.000.818.5
Windows Live Sync Microsoft Corporation 11/12/2009 2.78 MB 14.0.8089.726
Windows Live Upload Tool Microsoft Corporation 11/12/2009 224 KB 14.0.8014.1029
Yahoo! Messenger Yahoo! Inc. 2/12/2012
Yahoo! Software Update 2/12/2012
 
 


#8 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:36 AM

Posted 01 November 2015 - 08:16 PM

Emsisoft scan doesn't show that you allowed it to remove/ quarantine what it found.....QUOTE: When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan. 

 

Uninstall These Programs:  Use CCleaner by clicking on each item and then choosing Uninstall on the right.

Yahoo! Messenger Yahoo! Inc. 2/12/2012
Yahoo! Software Update 2/12/2012
Adobe Media Player Adobe Systems Incorporated 5/7/2011 1.1
 
Disable ALL Scheduled Tasks using CCleaner by clicking on each item and choosing Disable on the right.
 
Disable these Windows Startups: Use CCleaner by clicking on each item and then choosing Disable on the right.
Yes HKCU:Run AdobeBridge "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
Yes HKCU:Run AnyDVD SlySoft, Inc. C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Jennifer\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes HKCU:Run Messenger (Yahoo!) Yahoo! Inc. "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run AdobeCS6ServiceManager Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run NortonOnlineBackupReminder Toshiba "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
Yes HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run SwitchBoard Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User OpenOffice.org 3.3.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
 
 
Doing the above will give you some relief but there was or still is malware on your computer that the scans I asked you to run did not find.
Suggest you start a new Topic in the Malware Removal Forum.
 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.

 
 
 
 
 
 
 
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 NikolaTesla

NikolaTesla
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 01 November 2015 - 09:37 PM

Did all that...thanks so much ...things are running better now. I am off to Malware Removal Forum.



#10 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:36 AM

Posted 01 November 2015 - 10:16 PM

Good....you are welcome..:)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users