Page 2 of 4 First 1234 Last
  1. #21
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,980

    Re: Corrine Help please

    Quote Originally Posted by nd2121 View Post
    Ok i just ran TDSSKILLER and 0 (nothing) was found.

    Oh boy what does this mean?
    That's good, actually.

    1. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    2. Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #22

    Re: Corrine Help please

    Quote Originally Posted by Corrine View Post
    Having fun yet?

    You missed my edit, adding the information about Java: "Regarding Java, update 21 should have been replaced by the update you installed. It is version update (JRE 6 -> JRE 6) where Oracle isn't good at removing the old version."

    Do you use Adobe Reader frequently? Personally, I got tired of both the Adobe Reader security vulnerabilities and switched to Sumatra PDF. If you're interested, see my blog post here: Replacing Adobe Reader with Sumatra PDF. Otherwise, to continue using Adobe Reader, uninstall Version 10 and download the latest version here: Adobe - Adobe Reader download - All versions.
    1) Please look at my control panel add remove programs. You will see that the 21 and 55 versions are still showing. If you say it is ok to leave both I will.


    2) Did you see where I said the TDSSKILLER found 0 (nothing) What do I do now about this virus?

  3. #23
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,980

    Re: Corrine Help please

    Go ahead and uninstall the Java 7 Update 21.

    I replied about TDSS Killer above your last post and provided additional instructions.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  4. #24

    Re: Corrine Help please

    BTW my MSE program icon just disappeared from the bottom right taskbar?? Can you fix that when we are all done?

  5. #25

    Re: Corrine Help please

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows (TM) Vista Home Premium x64
    Ran by lee on Thu 05/01/2014 at 21:39:54.06
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}



    ~~~ Files

    Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
    Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
    Successfully disinfected: [Shortcut] C:\Users\lee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk
    Successfully disinfected: [Shortcut] C:\Users\lee\AppData\Roaming\microsoft\windows\start menu\Programs\Search.lnk



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\freerip"
    Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
    Successfully deleted: [Folder] "C:\ProgramData\systweak"
    Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
    Successfully deleted: [Folder] "C:\Users\lee\AppData\Roaming\drivercure"
    Successfully deleted: [Folder] "C:\Users\lee\AppData\Roaming\speedypc software"
    Successfully deleted: [Folder] "C:\Users\lee\AppData\Roaming\systweak"
    Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\mywebsearch"
    Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\pricegong"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
    Successfully deleted: [Folder] "C:\Program Files (x86)\viewpoint"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\lee\AppData\Roaming\mozilla\firefox\profiles\g84aw4dt.default\user.js
    Successfully deleted: [File] C:\Users\lee\AppData\Roaming\mozilla\firefox\profiles\g84aw4dt.default\searchplugins\web search.xml
    Successfully deleted the following from C:\Users\lee\AppData\Roaming\mozilla\firefox\profiles\g84aw4dt.default\prefs.js

    user_pref("CT3306061.originalSearchEngine", "TrustWorthy Customized Web Search");
    user_pref("CT3306061.originalSearchEngineName", "TrustWorthy Customized Web Search");
    user_pref("CT3306061.smartbar.homepage", "true");
    user_pref("CT3309758.smartbar.homepage", "true");
    user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309758&octid=CT3309758&SearchSource=61&CUI=UN36841720421608311&UM=2&UP=SP61D80811-EE0F-4E04-BD89
    user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    user_pref("browser.search.defaultenginename", "Connect DLC 5 Customized Web Search");
    user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
    user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN18412241543604267&UM=2&SearchSource=3&q={searchTerms}");
    user_pref("browser.search.selectedEngine", "Web Search");
    user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
    user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3309758&CUI=UN36841720421608311&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3309758&oct
    user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN36841720421608311&UM=2&q=,hxxp://search.condui
    user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
    user_pref("smartbar.homePageOwnerCTID", "CT3306061");
    user_pref("smartbar.machineId", "8CEWOSJ7MNL8CXFVB8A7RHYUO0BUNOGXEZ/EIGSR8JLSV5IIT7ZZ5L3UC151U7CHOQT5SY/IFLFVF4XVEMAGHG");
    user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3309758&CUI=UN36841720421608311&UM=2&SearchSource=13");
    user_pref("yahoo.ytff.ybButtons.used", "spt_skin,cobrand_tbfull,wlp_glxy,ultf30,yhoo_glxy,ebox_glxy_ff_us,vis_srch_glxy,spr82,championslg,pres_glxy,clkstrm240,cacheldr,epa4,se
    Emptied folder: C:\Users\lee\AppData\Roaming\mozilla\firefox\profiles\g84aw4dt.default\minidumps [17 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 05/01/2014 at 21:52:50.47
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #26
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,980

    Re: Corrine Help please

    A restart may solve the problem of MSE in the task bar.

    Please Note: I have an early appointment tomorrow so will be shutting down now. I'll look at the other log tomorrow.

    After you've run AdwCleaner, please let me know how your computer is. In addition, please rescan with DDS and post those logs so I can see what AVG leftovers are remaining.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #27

    Re: Corrine Help please

    Quote Originally Posted by Corrine View Post
    A restart may solve the problem of MSE in the task bar.

    Please Note: I have an early appointment tomorrow so will be shutting down now. I'll look at the other log tomorrow.

    After you've run AdwCleaner, please let me know how your computer is. In addition, please rescan with DDS and post those logs so I can see what AVG leftovers are remaining.
    Ok I thank you for all your time. Very much appreciated. couple of quick questions before you go.

    1) MSE is back after a reboot

    2) adw cleaner is just saying pending???? What does that mean?

    I clicked log and posted below but I am not sure how long should I leave it running. It just says pending/


  8. #28

    Re: Corrine Help please

    AdwCleaner v3.205 - Report created 01/05/2014 at 22:07:50
    # Updated 28/04/2014 by Xplode
    # Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # Username : lee - HOME-PC
    # Running from : C:\Users\lee\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16421


    -\\ Mozilla Firefox v21.0 (en-US)

    [ File : C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\g84aw4dt.default\prefs.js ]


    [ File : C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\nzp3gljz.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [7335 octets] - [01/05/2014 21:58:09]
    AdwCleaner[R1].txt - [792 octets] - [01/05/2014 22:07:50]
    AdwCleaner[S0].txt - [7549 octets] - [01/05/2014 22:01:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [911 octets] ##########

  9. #29

    Re: Corrine Help please

    # AdwCleaner v3.205 - Report created 01/05/2014 at 22:25:47
    # Updated 28/04/2014 by Xplode
    # Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # Username : lee - HOME-PC
    # Running from : C:\Users\lee\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16421


    -\\ Mozilla Firefox v21.0 (en-US)

    [ File : C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\g84aw4dt.default\prefs.js ]


    [ File : C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\nzp3gljz.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [7335 octets] - [01/05/2014 21:58:09]
    AdwCleaner[R1].txt - [990 octets] - [01/05/2014 22:07:50]
    AdwCleaner[R2].txt - [1049 octets] - [01/05/2014 22:17:26]
    AdwCleaner[S0].txt - [7549 octets] - [01/05/2014 22:01:02]
    AdwCleaner[S1].txt - [972 octets] - [01/05/2014 22:25:47]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1031 octets] ##########

  10. #30

    Re: Corrine Help please

    Quote Originally Posted by nd2121 View Post
    Quote Originally Posted by Corrine View Post
    A restart may solve the problem of MSE in the task bar.

    Please Note: I have an early appointment tomorrow so will be shutting down now. I'll look at the other log tomorrow.

    After you've run AdwCleaner, please let me know how your computer is. In addition, please rescan with DDS and post those logs so I can see what AVG leftovers are remaining.
    Ok I thank you for all your time. Very much appreciated. couple of quick questions before you go.

    1) MSE is back after a reboot

    2) adw cleaner is just saying pending???? What does that mean?

    I clicked log and posted below but I am not sure how long should I leave it running. It just says pending/

    It does not say finished and shows nothing but pending. Just hangs on pending and does not move

    1) first it does a quick search (2 min)

    2) Then comes with this pending thing that does not go away

    I am confused on how to use this program?

  11. #31

    Re: Corrine Help please

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by lee at 23:01:06 on 2014-05-01
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6156 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Common Files\aol\1250564758\ee\aolsoftware.exe
    C:\Windows\system32\hasplms.exe
    c:\hp\HPEZBTN\HPBtnSrv.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Common Files\aol\1250564758\ee\aolupdates.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = Google
    uSearch Page = Google
    uDefault_Page_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
    uSearchAssistant = Google
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin32\Speckie32.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    mRun: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1250564758\ee\AOLSoftware.exe"
    mRun: [EfficientReminderFree] <no file>
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin32\Speckie32.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{F06BCFFE-0B9F-43E9-BD86-132AA1088824} : DHCPNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
    SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin64\Speckie64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin64\Speckie64.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Hosts: 127.0.0.1 Spyware Info | Spyware Info
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\g84aw4dt.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.sysnative.com/forums/security-arena/9693-corrine-help-please.html#post72139
    FF - prefs.js: network.proxy.http - 119.110.73.23
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\lee\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll
    FF - plugin: C:\Users\lee\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1200112.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2014-05-01 22:22; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\g84aw4dt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-4 21184]
    R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-8-9 91784]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 hasplms;HASP License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
    R2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2009-8-17 198240]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-7 66560]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-5 1494304]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-4-27 290520]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-8-18 1153368]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 System Update kb70007;System Update kb70007;C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [2014-4-30 16384]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-7 4915040]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-8-17 459776]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
    R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-2-7 35112]
    S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
    S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2011-8-22 44624]
    S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-4-7 40464]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2014-05-02 00:46:06 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-05-02 00:45:59 313256 ----a-w- C:\Windows\System32\javaws.exe
    2014-05-02 00:45:59 189352 ----a-w- C:\Windows\System32\javaw.exe
    2014-05-02 00:45:58 189352 ----a-w- C:\Windows\System32\java.exe
    2014-05-02 00:09:25 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-02 00:09:25 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-05-02 00:01:29 0 ----a-w- C:\Windows\SysWow64\RENBC87.tmp
    2014-05-02 00:01:29 0 ----a-w- C:\Windows\SysWow64\RENBC86.tmp
    2014-05-02 00:01:29 0 ----a-w- C:\Windows\SysWow64\RENBC85.tmp
    2014-04-28 22:17:49 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2014-04-28 22:17:49 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2014-04-28 02:53:56 154840 ----a-w- C:\Windows\System32\RCoInstII64.dll
    2014-04-28 02:53:35 2770976 ----a-w- C:\Windows\System32\FMAPO64.dll
    2014-04-28 02:53:30 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
    2014-04-28 02:53:28 209096 ----a-w- C:\Windows\System32\AERTAC64.dll
    2014-04-28 02:53:28 108640 ----a-w- C:\Windows\System32\AERTAR64.dll
    2014-04-26 01:05:53 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2014-03-10 22:17:22 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
    2014-02-03 21:14:10 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    .
    ============= FINISH: 23:03:06.81 ===============

  12. #32

    Re: Corrine Help please

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/17/2009 11:34:00 PM
    System Uptime: 5/1/2014 10:55:01 PM (1 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | CPU 1 | 2500/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 686 GiB total, 305.487 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 9.442 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Compact Flash
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#7&15BE85E8&0&20060413092100000&0#
    Manufacturer: Generic-
    Name: Compact Flash
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#7&15BE85E8&0&20060413092100000&0#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: MS/MS-Pro
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#7&15BE85E8&0&20060413092100000&3#
    Manufacturer: Generic-
    Name: MS/MS-Pro
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#7&15BE85E8&0&20060413092100000&3#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: SD/MMC
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#7&15BE85E8&0&20060413092100000&2#
    Manufacturer: Generic-
    Name: SD/MMC
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#7&15BE85E8&0&20060413092100000&2#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: SM/xD-Picture
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#7&15BE85E8&0&20060413092100000&1#
    Manufacturer: Generic-
    Name: SM/xD-Picture
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#7&15BE85E8&0&20060413092100000&1#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    60tons (remove only)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 13 Plugin
    Adobe Reader X (10.1.4)
    Aktiv MP3 Recorder
    Allied Intent Xtended 2.0
    Any Video Converter 3.2.5
    AOL Uninstaller (Choose which Products to Remove)
    APB Reloaded
    Apple Application Support
    Apple Mobile Device Support
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Audacity 1.2.6
    Audacity 1.3.12 (Unicode)
    Battlefield 2 Server
    Battlefield 2(TM)
    Battlefield 4™
    bitRipper
    BitTorrent
    Boilsoft Video Splitter 5.28
    Bonjour
    Cards_Calendar_OrderGift_DoMorePlugout
    Catalina Savings Printer
    CCleaner
    CCScore
    CDBurnerXP
    CheshireCat's One Click File Joiner
    CheshireCat's One Click Thumbnailer
    Cisco WebEx Meetings
    Compatibility Pack for the 2007 Office system
    ConvertHelper 2.2
    ConvertXtoDVD 4.1.19.365
    Coupon Printer for Windows
    CutePDF Writer 2.8
    CyberLink DVD Suite Deluxe
    Daniusoft MP3 WAV Converter(Build 2.3.1.0)
    Defraggler
    Directory Lister Pro v1.35
    Diskeeper 2011
    DivX Plus DirectShow Filters
    DivX Setup
    Driver Booster
    Easy Video Joiner 5.21
    Efficient Reminder Free 3.55
    Enhanced Multimedia Keyboard Solution
    ESN Sonar
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    Eve of Destruction 2.0 Levels
    Eve of Destruction v2.0
    Express Dictate
    Express Scribe
    FlightGear v3.0.0
    FLV Converter 3.2
    FormatFactory 3.3.1.0
    Free M4a to MP3 Converter 7.1
    Free Video Joiner 1.1
    Freez FLV to MP3 Converter
    GameSpy Comrade
    GIMP 2.6.11
    GOM Player
    GOM Video Converter
    Google Earth
    Google Update Helper
    Grand Theft Auto IV
    GTA2
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hot CPU Tester Pro 4.4.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Officejet Pro 8600 Basic Device Software
    HP Officejet Pro 8600 Help
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Total Care Advisor
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPTCSSetup
    I.R.I.S. OCR
    ImTOO iPod Computer Transfer
    inSSIDer 3
    Intel® Matrix Storage Manager
    IrfanView (remove only)
    iTunes
    iWisoft Free Video Converter 1.2
    Java 7 Update 55 (64-bit)
    K-Lite Codec Pack 10.4.0 Full
    Kodak EasyShare software
    LabelPrint
    LightScribe Applications
    LightScribe Diagnostic Utility
    LightScribe System Software
    LightScribe Template Labeler
    Logitech Gaming Software 5.04
    Logitech Unifying Software 2.10
    Magic Photo Editor 5.2
    Malwarebytes Anti-Malware version 1.75.0.1300
    Medal of Honor Airborne
    Media Player Classic - Home Cinema v1.4.2499.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft DirectX SDK (June 2010)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Excel Viewer
    Microsoft Office Home and Student 60 day trial
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Standard Edition 2003
    Microsoft Office Word Viewer 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft Windows Media Video 9 VCM
    Microsoft Works
    MiniGet 1.0.8.2504
    Mozilla Developer Preview (3.7a1)
    Mozilla Firefox 21.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP3 Parser (KB973685)
    My HP Games
    MyProfessionalBusinessCards
    MySoftware Fonts
    netbrdg
    NETGEAR Print Server Utility
    Network Recording Player
    Noise Reduction Plug-in 2.0i
    NVIDIA 3D Vision Controller Driver 331.82
    NVIDIA Control Panel 331.82
    NVIDIA GeForce Experience 1.8.1
    NVIDIA Graphics Driver 331.82
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.13.0725
    NVIDIA Update 10.11.15
    NVIDIA Update Core
    OfotoXMI
    OpenAL
    OpenOffice 4.0.1
    Origin
    Pale Moon 24.5.0 (x64 en-US)
    Paltalk Messenger 11.2
    PeaZip 2.7.beta
    PeerBlock 1.1 (r518)
    Perfect Resize 7
    PhotoScape
    Picasa 3
    PokerStars
    PokerStars.net
    Power2Go
    PowerDirector
    PSSWCORE
    PunkBuster Services
    Python 2.5.2
    QuickTime
    Ralink Wireless LAN
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Redist
    Replay Video Capture
    Revo Uninstaller 1.95
    RTC Client API v1.2
    Sandbox
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    SFR
    SHASTA
    Should I Remove It
    Silent Hunter Wolves of the Pacific
    skin0001
    SKINXSDK
    Skype™ 5.5
    Smart Defrag 3
    SoulSeek 157 NS 13e
    Sound Forge Pro 10.0
    Source SDK Base 2007
    Speckie
    SpeedFan (remove only)
    Spybot - Search & Destroy
    SpywareBlaster 4.5
    SpywareGuard v2.2
    staticcr
    Steam
    SUPERAntiSpyware Free Edition
    System Requirements Lab
    System Update kb70007
    Team Fortress 2
    TeamViewer 9
    Total Eclipse 4.3
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VC80CRTRedist - 8.0.50727.6195
    Verizon Media Manager
    VideoToolkit01
    VidSplitter
    Vista Codec Package
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC media player 2.0.4
    VPRINTOL
    VS10Runtimex64
    Vz In Home Agent
    WebEx Event Manager for Internet Explorer
    Windows 7 Upgrade Advisor
    Windows Live ID Sign-in Assistant
    Windows Movie Maker 2.6
    WinRAR archiver
    WIRELESS
    World of Warplanes
    Worldwide Web Research
    XviD v1.2.0 CVS
    Zero Ballistics
    .
    ==== End Of File ===========================

  13. #33
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,980

    Re: Corrine Help please

    Hi, nd2121.

    You need a it of patience. The results from AdwCleaner are merely that the program didn't find anything to remove. It appears that JRT (Junkware Removal Tool) had already done the heavy lifting.

    Your log doesn't show any signs of AVG so it appears that the uninstaller tool did the trick.

    When updating Flash Player, you need to update for both IE (even if you don't use it regularly) and non-IE browsers. So, although you did part of the update, you still need to update for IE as your log shows "Adobe Flash Player 11 ActiveX". The direct download for Flash Player For Internet Explorer 7, 8, 9, 10, 11 is available here: http://download.macromedia.com/get/f...3_active_x.exe

    Are you still getting pop-ups?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  14. #34

    Re: Corrine Help please

    Ok I am back,

    I have Windows Vista btw

    1) updating Flash Player, I followed your instructions last night to the letter. I know I did both. I do not know why it did not stick. I just did it again and followed your link

    2) So I am glad you had to go last night. I was getting really tired. Working on this computer all day. So I checked last night before I turned off computer. The Russian bride ads were gone. So I went back to Healthgrades > Find a Doctor | Doctor Reviews | Hospital Ratings This is where I saw all the pop ups when I turned off ad block plus. So I crossed my fingers and tried it. The POP UPs are GONE! It seems the virus liked that Doctor website for some reason. I use it to look up doctors.

    So it seems that the virus might be gone. YET, I do not know what we did last night to fix it. Non of the programs looked like they found anything. I would agree if any program did it. It was JWT. Yet I remember it did not find anything or much of anything. My computer seems a little faster also.

    Although it does seem Adblock plus is letting one ad in on google. For example when I look up cars. It shows a cars.com ad. The ads on the bottom of the page are gone. Don't think it is the vrius just abp now? Any idea?

    3) So at 10am not convinced it was really gone and that we just found the droids and not the mother ship. I did an emisoft scan. It found 3 no risk traces and ZERO virus. I also started MSE scan So far over 5 hours scanning and no virus showed up yet like yesterday. Why does it take so long with MSE? It is still going. I want to make 100% sure we going it all. Last night MSE kept showing win32/ buvmat!rts. Of course I removed the virus and stopped using all scans when you started to help me. I will uninstall all virus scanners except MSE. I just wanted to try different ones to make sure

    4) The scrolling on Plalemoon seems jerky now? Anything we can do to fitx it? Was never that way before.

    5) Is there any other scan we can try to make sure it is 100% clean? I am really paranoid that we did not get it all. I think there was one main (mother ship) sending out many little virus.

    6) Would you recommend a system Restore? To get the system back before the virus?

    7) Besides Smart defrag. Any better free defragger out there?

    8) Besides toolwiz care free. Any better system optimizer?

    9) Would you recommend doing any scans in safe mode and if yes, which ones?

    Without your help I would of been lost. I really do not know how to thank you.

  15. #35
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,980

    Re: Corrine Help please

    Hi, nd2121. I'll do my best to address your enumerated items:

    1) updating Flash Player
    No idea why is still showed the old version in the log but you should be fine now -- that is until the next update! Keep in mind that, unless there is an out-of-band update, Adobe generally updates Flash Player on "Patch Tuesday" (2nd Tuesday of the month).

    2) So I am glad you had to go last night. I was getting really tired. Working on this computer all day. So I checked last night before I turned off computer. The Russian bride ads were gone.
    I can understand you you felt. To begin with, our computers have become an important tool -- whether it is for work or playing games, doing research, staying in contact with friends . . . so when there is a problem, it is very frustrating until fixed.
    The removal of the trojans was handled by Malwarebytes and MSE. The developers of the Junkware Removal Tool and AdwCleaner work very closely with the security community, regularly receiving additional items to add to detection. I am sure that was why JRT was able to remove the additional items that were causing the problem. AdBlock Plus is good but not perfect.

    3) Why does it take so long with MSE? It is still going. I want to make 100% sure we going it all. Last night MSE kept showing win32/ buvmat!rts. Of course I removed the virus and stopped using all scans when you started to help me. I will uninstall all virus scanners except MSE. I just wanted to try different ones to make sure
    Why does MSE take so long? Look at what you have on your C: Drive: 686 GiB total, 311.006 GiB free. It also takes longer to scan compressed files -- having to decompress to scan and then compress again.

    You may want to keep either Malwarebytes or SUPERAntiSpyware for occasional scanning of your computer. Once a week or so should be sufficient.

    4) The scrolling on Plalemoon seems jerky now? Anything we can do to fitx it? Was never that way before.
    That I'm not sure about but satrow may have a suggestion.

    5) Is there any other scan we can try to make sure it is 100% clean? I am really paranoid that we did not get it all. I think there was one main (mother ship) sending out many little virus.
    Yes, due to how badly infected your computer was, I have plans for running another tool. Those instructions follow.

    6) Would you recommend a system Restore? To get the system back before the virus?
    Now, not after you've done all this work to update and clean your computer. Don't do anything now but later we'll take care of any infected restore points.

    7) Besides Smart defrag. Any better free defragger out there?
    I know there are a lot of people with personal preferences. Personally, I stick with the built in Windows defrag tool.




    Ok, just because of the nature of what was on your computer, I would like you to run ComboFix. It is a very powerful tool so please follow the instructions exactly. (While you're doing that, I'll take care of the cat & dogs and get dinner started so take your time!)

    Please follow these instructions carefully. Download ComboFix from the following location: Link 1

    !!! IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. (Don't worry about MSE.)

      Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
    • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
    • Double-click ComboFix.exe on your desktop and follow the prompts.
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.

    8) Besides toolwiz care free. Any better system optimizer?

    9) Would you recommend doing any scans in safe mode and if yes, which ones?

    Without your help I would of been lost. I really do not know how to thank you.[/QUOTE]


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  16. #36

    Re: Corrine Help please

    If it is ok with you. I would like to wait for combo fix. I am in the middle of doing a full scan with MSE. It is almost on its 8 hour. According to the scale over 3/4. It looks like it might be done in a hour or so. Since I already put in 8 hours I would like to wait for MSE to finish.


    PS The Palemoon Jerky motion has gone away

  17. #37
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,980

    Re: Corrine Help please

    Most definitely finish the MSE scan first I'll want some time to review the ComboFix log. Then we'll determine if any additional scans are needed. Following that, we'll "clean up" the tools we used.

    Glad Pale Moon is working smoothly again.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  18. #38

    Re: Corrine Help please

    I still wait for MSE, BUT

    I BELIEVE I AM STILL INFECTED. Please note this happens only on palemoon (never before). Not firefox or IE

    1) I belong to a band forum. The Doors Message Board
    When I click on reply or Quote to reply. Nothing happens. When I disable Adblock plus a pop up opens and takes me to

    Welcome to www.lpcloudbox327.com ( DO NOT CLICK THIS, Just to show where I am being DIRECTED)

    I then get asked to click for media player and the same Long VIRUS AD is posted.



    HELP! lol this is not funny

    It seems that palemoon is the only browser infected? Is that possible?

  19. #39
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,980

    Re: Corrine Help please

    When MSE finishes, please follow the instructions to run ComboFix.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  20. #40

    Re: Corrine Help please

    MSE finished ( NOTHING FOUND NO VIRUS) going to do it now after a quick reboot

Page 2 of 4 First 1234 Last

Similar Threads

  1. Corrine - 5,000 posts
    By jcgriff2 in forum The Lounge
    Replies: 13
    Last Post: 04-23-2014, 11:25 AM
  2. Happy Birthday Corrine!
    By Will Watts in forum The Lounge
    Replies: 17
    Last Post: 08-07-2013, 10:13 AM
  3. Corrine - 4,000+ Posts
    By jcgriff2 in forum The Lounge
    Replies: 8
    Last Post: 08-01-2013, 09:09 AM
  4. Just to let Jan and Corrine....
    By The Howling Wolves in forum The Lounge
    Replies: 3
    Last Post: 02-22-2013, 12:14 AM

Log in

Log in