Jump to content


Photo

Tubesaver


  • This topic is locked This topic is locked
7 replies to this topic

#1 pedrosa71

pedrosa71

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 19 October 2013 - 10:24 AM

Hello i am new to this forum, i need help removing adware from my PC and have looked at using combofix, which asks me to create this post so i can put on the log when i run it, and let someone who know what they are doing to take a look at it and see if it has worked.
I am currently plagued by ads on my browser, the majority of which are tubesaver ones but i an sure there are more, Please can someone help.
 
Thanks in advance
 
 
Edit: Please do not run ComboFix until a trained helper has assessed your situation and advised it.  It is a very powerful tool that can do damage.

 

Please read the Instructions and post the requested logs (MBAM, DDS, Security Check). We need the information in order to help you.


Edited by cnm, 19 October 2013 - 10:35 AM.


#2 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,385 posts

Posted 19 October 2013 - 04:18 PM

Hi pedrosa71, and welcome to SWI.

 

Please read the Instructions and post the requested logs (MBAM, DDS, Security Check). We need the information in order to help you.

 

ComboFix is a powerful utility intended to only be run under the instruction of a trained Helper, as in untrained hands it has the potential to cause damage. If you have already run ComboFix, please also post that log (in a separate reply due to length), but if not run yet, please don't run it at this time.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#3 pedrosa71

pedrosa71

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 20 October 2013 - 01:55 PM

Hi

 

Ive run the MBAM log which is below, ive tried to delete the offending files but it wont let me, it just locks up any way i will try and do the next section DDS and will post if the PC let me.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.19.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Pedrosa :: PEDROSA-PC [administrator]

19/10/2013 17:14:07
MBAM-log-2013-10-20 (10-03-48).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 785797
Time elapsed: 11 hour(s), 45 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 22
HKCR\CLSID\{11111111-1111-1111-1111-110411151160} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440444154460} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550455155560} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\CrossriderApp0041560.BHO.1 (PUP.Optional.Lyrics.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151160} (PUP.Optional.Lyrics.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411151160} (PUP.Optional.Lyrics.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411151160} (PUP.Optional.Lyrics.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411151160} (PUP.Optional.Lyrics.A) -> No action taken.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCR\CrossriderApp0041560.BHO (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0041560.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0041560.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> No action taken.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> No action taken.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
HKLM\Software\TubeSaver-1 (PUP.Optional.TubeSaver.A) -> No action taken.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.

Registry Values Detected: 2
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {9EBA85AB-1E29-11E3-9A0F-001F1674ADD2} -> No action taken.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {9EBA85AB-1E29-11E3-9A0F-001F1674ADD2} -> No action taken.

Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/...&q={searchTerms}) Good: (http://www.google.com) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/...&q={searchTerms}) Good: (http://www.google.com) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/...&q={searchTerms}) Good: (http://www.google.com) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/...&q={searchTerms}) Good: (http://www.google.com) -> No action taken.

Folders Detected: 24
C:\Users\Pedrosa\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Pedrosa\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\Pedrosa\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\Pedrosa\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> No action taken.
C:\Windows\System32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Program Files\TubeSaver-1 (PUP.Optional.TubeSaver.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\userCode (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\icons (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\icons\actions (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\popupResource (PUP.Optional.CrossRider.A) -> No action taken.

Files Detected: 127
C:\Program Files\TubeSaver-1\TubeSaver-1-bho.dll (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files\lucky leap\luckyleapBHO.dll (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Program Files\TubeSaver-1\TubeSaver-1-bg.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files\TubeSaver-1\TubeSaver-1-buttonutil.dll (PUP.Optional.Crossrider) -> No action taken.
C:\Program Files\TubeSaver-1\TubeSaver-1-buttonutil.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files\TubeSaver-1\TubeSaver-1-codedownloader.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files\TubeSaver-1\TubeSaver-1-enabler.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\Program Files\TubeSaver-1\utils.exe (PUP.Optional.Lyrics.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.PerformerSoft.A) -> No action taken.
C:\Users\Pedrosa\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Pedrosa\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Windows\Tasks\TubeSaver-1-codedownloader.job (PUP.Optional.TubeSaver.A) -> No action taken.
C:\Windows\Tasks\TubeSaver-1-enabler.job (PUP.Optional.TubeSaver.A) -> No action taken.
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Pedrosa\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\Pedrosa\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\Pedrosa\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\Pedrosa\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\Pedrosa\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BitGuard.A) -> No action taken.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BitGuard.A) -> No action taken.
C:\Program Files\TubeSaver-1\41560.crx (PUP.Optional.TubeSaver.A) -> No action taken.
C:\Program Files\TubeSaver-1\41560.xpi (PUP.Optional.TubeSaver.A) -> No action taken.
C:\Program Files\TubeSaver-1\background.html (PUP.Optional.TubeSaver.A) -> No action taken.
C:\Program Files\TubeSaver-1\TubeSaver-1.ico (PUP.Optional.TubeSaver.A) -> No action taken.
C:\Program Files\TubeSaver-1\uninstall.exe (PUP.Optional.TubeSaver.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\background.html (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\crossriderManifest.json (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\manifest.json (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\popup.html (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\manifest.xml (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins.json (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\101_cortica_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\102_dealply_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\103_intext_5_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\104_jollywallet_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\105_corticas_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\107_coupish_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\108_icm_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\116_ads_only_5_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\117_coupons_intext_ads_5_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\119_similar_web_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\120_luck_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\123_intext_adv_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\125_arcadi2_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\126_revizer_ws_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\127_revizer_p_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\128_superfish_pricora_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\129_widdit_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\135_arcadi3_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\138_getdeal_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\13_CrossriderAppUtils.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\141_corticas_ru_m.js.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\142_intext_fa_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\14_CrossriderUtils.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\155_ibario_pops_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\159_cortica_rollover_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\17_jQuery.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\19_CHAppAPIWrapper.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\1_base.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\21_debug.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\22_resources.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\28_initializer.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\47_resources_background.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\4_jquery_1_7_1.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\64_appApiMessage.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\72_appApiValidation.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\78_CrossriderInfo.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\80_CHPopupAppAPI.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\87_ginyas_wrapper.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\91_monetizationLoader.js.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\92_superfish_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\93_superfish_no_coupons_m.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\plugins\97_resourceApiWrapper.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\userCode\background.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\extensionData\userCode\extension.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\icons\icon128.png (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\icons\icon16.png (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\icons\icon48.png (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\icons\actions\1.png (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\background.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\main.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api\chrome.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api\cookie.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api\message.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api\pageAction.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\api\pageActionBG.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\app_api.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\bg_app_api.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\consts.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\cookie_store.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\crossriderAPI.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\delegate.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\events.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\extensionDataStore.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\installer.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\logFile.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\logging.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\onBGDocumentLoad.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\reports.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\storageWrapper.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\updateManager.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\util.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\xhr.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\popupResource\newPopup.js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Pedrosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenjjinakdkeiddddjnjpfcopdohlfem\1.24.17_0\js\lib\popupResource\popup.js (PUP.Optional.CrossRider.A) -> No action taken.

(end)

 

The PC is that slow i am struggling to get this out



#4 pedrosa71

pedrosa71

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 20 October 2013 - 02:34 PM

DDS it said not to attach in the instructions, just paste so here it is

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.25.2
Run by Pedrosa at 20:16:20 on 2013-10-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2814.943 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Pedrosa\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = ????????????????????????????????
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = about:blank
mStart Page = about:blank
mDefault_Page_URL = about:blank
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\utorrentbar\tbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [HP Deskjet 3050A J611 series (NET)] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN19T445Q405PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [HP Deskjet 3050A J611 series (NET) #2] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1B74843Q05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET) #2" -AutoStart 1
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [uTorrent] "c:\users\pedrosa\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{EB85E2A9-5DBB-4DC1-8D85-38DBBC69C1AC} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pedrosa\appdata\roaming\mozilla\firefox\profiles\minblqc3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN31498757822621513&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\hewlett-packard\smartprint\qpextension\components\FFQpBHO3.5.dll
FF - component: c:\program files\hewlett-packard\smartprint\qpextension\components\FFQpBHO3.6.dll
FF - component: c:\program files\hewlett-packard\smartprint\qpextension\components\hpWebPrinting35.dll
FF - component: c:\program files\hewlett-packard\smartprint\qpextension\components\hpWebPrinting36.dll
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\ipsffplgn\components\IPSFF3.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\pedrosa\appdata\roaming\mozilla\firefox\profiles\minblqc3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\pedrosa\appdata\roaming\mozilla\firefox\profiles\minblqc3.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\pedrosa\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-09-16 20:15; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\coFFPlgn
FF - ExtSQL: 2013-09-17 01:40; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.0.36\IPSFF
FF - ExtSQL: 2013-09-17 21:05; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\pedrosa\appdata\roaming\mozilla\firefox\profiles\minblqc3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2009-06-24 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
.
FF - user.js: security.csp.enable - false
.
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 35e907a9000000000000001f1674add2
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15963
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.619:12:16
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120665&tsp=5006
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"
.
=============== Created Last 30 ================
.
2013-10-20 09:05:09 54016 ----a-w- c:\windows\system32\drivers\dqjrvbc.sys
2013-10-19 18:01:28 -------- d-----w- c:\windows\Downloaded Program Files
2013-10-19 16:01:00 712264 ----a-w- c:\windows\isRS-000.tmp
2013-10-19 16:00:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-19 16:00:31 -------- d-----w- c:\users\pedrosa\appdata\roaming\Malwarebytes
2013-10-19 16:00:09 -------- d-----w- c:\programdata\Malwarebytes
2013-10-19 16:00:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-19 16:00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-19 12:14:50 -------- d-----w- c:\windows\system32\wbem\mof\good
2013-10-19 12:14:50 -------- d-----w- c:\windows\system32\wbem\mof\bad
2013-10-19 12:14:49 -------- d-----w- c:\windows\system32\wbem\Logs
2013-10-19 11:49:04 -------- d-----w- c:\program files\common files\ParetoLogic
2013-10-19 11:49:03 -------- d-----w- c:\program files\ParetoLogic
2013-10-19 07:30:43 -------- d-----w- c:\users\pedrosa\appdata\roaming\ParetoLogic
2013-10-19 07:30:43 -------- d-----w- c:\users\pedrosa\appdata\roaming\DriverCure
2013-10-19 07:29:58 -------- d-----w- c:\programdata\ParetoLogic
2013-10-18 20:56:32 -------- d-----w- c:\users\pedrosa\appdata\roaming\eCyber
2013-10-18 20:43:57 -------- d-----w- c:\users\pedrosa\appdata\roaming\iSafe
2013-10-11 01:48:05 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-10-11 01:48:05 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-10-11 01:48:05 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-11 01:48:05 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-11 01:48:05 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-11 01:48:05 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-11 01:48:05 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-10-11 01:48:05 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-10-11 01:48:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-10-11 01:48:03 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-11 01:48:03 37376 ----a-w- c:\windows\system32\cdd.dll
2013-10-11 01:48:01 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 09:58:02 4879744 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-10-09 09:58:02 4879744 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-10-03 16:20:58 -------- d-----w- c:\programdata\3A266
.
==================== Find3M  ====================
.
2013-10-08 19:57:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 19:57:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-09 07:47:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-09 07:47:36 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-09 07:47:36 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-29 17:45:34 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-02 02:48:05 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-08-27 15:05:48 245760 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
.
============= FINISH: 20:26:32.04 ===============
 



#5 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,385 posts

Posted 20 October 2013 - 03:45 PM

Ive run the MBAM log which is below, ive tried to delete the offending files but it wont let me, it just locks up any way i will try and do the next section DDS and will post if the PC let me.

 

It could be that the system is just slow, as you said:

 

The PC is that slow i am struggling to get this out

 

Maybe it will be a bit more responsive in Safe Mode. After those are removed, the system should be noticeably faster, so just wait for it to complete.

Please don't forget the Security Check scan that still needs to be posted.

Please Run Malwarebytes' Anti-Malware.

  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Close MBAM.

Now reboot to Safe Mode - Restart your computer and begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Please Run Malwarebytes' Anti-Malware.

  • Click the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


If not asked to restart your computer, please do so now.

Please download AdwCleaner by Xplode onto your desktop.

 

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Please download Junkware Removal Tool to your Desktop.

  • Disconnect from the Internet (unplug your connection to your router or modem).
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Restart your security software and reconnect to the Internet.
  • Please post the contents of JRT.txt into your reply.

 

Please post the logs from MBAM, Security Check, AdwCleaner, and Junkware Removal Tool, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#6 pedrosa71

pedrosa71

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 21 October 2013 - 12:32 AM

Heres the security log

 

Results of screen317's Security Check version 0.99.74 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 SUPERAntiSpyware    
 Malwarebytes Anti-Malware version 1.75.0.1300 
 JavaFX 2.1.1   
 Java 7 Update 25 
 Java™ 6 Update 7 
 Java version out of Date!
 Adobe Flash Player  11.9.900.117 
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Mozilla Firefox (24.0)
 Mozilla Thunderbird (3.0.3) Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbam.exe 
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



#7 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,385 posts

Posted 08 January 2014 - 08:45 PM

Are you still with us pedrosa71?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#8 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,385 posts

Posted 20 January 2014 - 09:01 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button