Jump to content

help.. infected with the pup.optional virus


Recommended Posts

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

here is my DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6001.18349  BrowserJavaVersion: 10.25.2
Run by mike at 10:19:51 on 2013-08-15
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1918.948 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: IAOLTBSearch Class: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - 
mURLSearchHooks: IAOLTBSearch Class: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - 
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AOL Toolbar Loader: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - 
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - 
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - 
uRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [HPAdvisor] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" view=DOCKVIEW,SYSTRAY
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mfwakeys.lnk - c:\program files\motu\firewire audio\MFWAKeys.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\motupe~1.lnk - c:\windows\installer\{faaf4f08-107f-42b4-b01c-b5bacb65e7d3}\_B46567FF76B580C507E5B5.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{DED016E1-85DE-4016-81C9-1DDF14D8BBDB} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{F7417609-1128-4915-BA20-EC44B8D6A5C8} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\ds97wq52.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-08 13:45; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files\wajam\firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - ExtSQL: !HIDDEN! 2011-07-13 09:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-31 701512]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-25 1153368]
R2 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2013-3-28 109064]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-4-8 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-31 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-14 40776]
R3 mfwagsif;MOTU Audio GSIF;c:\windows\system32\drivers\mfwagsif.sys [2007-1-4 21752]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2007-1-4 25336]
R3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2007-1-4 58104]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2007-1-4 23288]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [2007-1-4 233720]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-8-27 129808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files\hosts_anti_adwares_pups\hosts_anti-adware.exe -update --> c:\program files\hosts_anti_adwares_pups\HOSTS_Anti-Adware.exe -update [?]
S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]
S3 akMPC4kU;AKAI MPC4000 Driver;c:\windows\system32\drivers\akMPC4kU.sys [2008-1-4 11392]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-9-23 84832]
S3 Linksys_adapter;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200vista.sys [2012-5-19 1073216]
S3 RDID1045;Roland FANTOM-X;c:\windows\system32\drivers\Rdwm1045.sys [2008-3-26 56832]
S3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-6-21 407368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2008-4-19 33736]
.
=============== Created Last 30 ================
.
2013-08-15 00:55:44 -------- d-----w- c:\users\mike\appdata\roaming\Video Media Download
2013-08-15 00:48:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-15 00:10:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-14 23:43:40 -------- d-----w- c:\users\mike\appdata\local\Wajam
2013-08-14 23:43:26 -------- d-----w- c:\program files\Wajam
2013-08-14 23:05:25 -------- d-----w- c:\windows\ERUNT
2013-08-14 23:04:38 -------- d-----w- c:\program files\CCleaner
2013-08-14 17:47:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-14 09:29:52 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fa735305-81bf-4b05-a261-23aed768e873}\offreg.dll
2013-08-13 08:55:17 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fa735305-81bf-4b05-a261-23aed768e873}\mpengine.dll
2013-08-07 16:23:51 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2013-08-07 16:01:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-08-07 16:01:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-08-07 16:01:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-08-07 16:01:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-08-07 16:01:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-08-07 16:01:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-07 16:01:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-07 16:01:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-07 16:01:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-07 16:01:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-08-07 15:48:31 -------- d-----w- c:\programdata\HitmanPro
2013-08-04 02:04:46 -------- d-----w- c:\users\mike\appdata\local\DDMSettings
2013-07-28 04:02:10 178688 ----a-w- c:\windows\system32\unrar.dll
2013-07-28 04:02:09 -------- d-----w- c:\program files\DirectVobSub
2013-07-28 04:02:05 -------- d-----w- c:\program files\DSP-worx
2013-07-28 04:02:04 -------- d-----w- c:\users\mike\appdata\roaming\LavFilters
2013-07-28 04:02:04 -------- d-----w- c:\users\mike\appdata\roaming\CDXReader
2013-07-28 04:01:58 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2013-07-24 23:22:12 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-07-24 23:21:10 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M  ====================
.
2013-08-15 00:08:54 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-08-15 00:08:54 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-07 15:56:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 15:56:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 10:20:58.05 ===============
 
 
 
and here is the ATTACH.txt 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 7/17/2007 12:19:49 AM
System Uptime: 8/14/2013 6:27:32 PM (16 hours ago)
.
Motherboard: ECS  |  | Nettle2
Processor: AMD Athlon 64 X2 Dual Core Processor 4000+ | Socket M2  | 2100/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 68.109 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 0.87 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0717
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #11
PNP Device ID: ROOT\*6TO4MP\0717
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\1040
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #15
PNP Device ID: ROOT\*6TO4MP\1040
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\1604
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #20
PNP Device ID: ROOT\*6TO4MP\1604
Service: tunnel
.
Class GUID: {ade50d0f-e431-4cb2-ac42-04fd9e1e7c17}
Description: PortIO32 - Xbox 360 Device Driver
Device ID: ROOT\UNKNOWN\0000
Manufacturer: JungleFlasher
Name: PortIO32 - Xbox 360 Device Driver
PNP Device ID: ROOT\UNKNOWN\0000
Service: portio32
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
4Musics WAV to MP3 Converter 4.3
abgx360 v1.0.1
Ace MP3 To WAV Converter
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.0 Professional
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe PDF ePub DRM Removal 4.7.5
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.6
aksys
Aksys S56
Antares Auto-Tune v4.39
Antares Autotune VST RTAS TDM v5.08
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
BeAnywhere Drive
Bonjour
Cakewalk VST Adapter 4.4.4.0
CCleaner
CSi STARTER-Sonar 4
dBpoweramp DSP Effects
dBpoweramp Music Converter
DC-Bass Source 1.3.0
deskPDF 2.5 Professional Edition
DirectVobSub 2.40.4209
DivX Content Uploader
DivX Converter
DivX Setup
Docudesk GPL Ghostscript 8.15
DreamStation DXi2
EarMaster Pro 5
eLicenser Control
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
FL Studio 9
Free M4a to MP3 Converter 7.0
Free Mp3 Wma Converter V 1.8.0
Google Chrome
Google Earth Plug-in
Google Update Helper
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Update
IL Download Manager
ImgBurn
iPrep v008.8
iTunes
iWisoft Flash SWF to Video Converter 3.4
iZotope Trash
Java 7 Update 25
Java Auto Updater
KARMA Triton Demo
KORG Legacy Collection - DIGITAL EDITION RTAS
KORG Legacy Collection - DIGITAL EDITION VST
Korg Legacy Collection v1.1.10
LightScribe  1.4.142.1
Malwarebytes Anti-Malware version 1.75.0.1300
Melodyne 3.1
Melodyne 3.2 Demo
Melodyne plugin
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
mIRC
Mixed In Key 2.5
MOTU FireWire Audio
MOTU FireWire/USB Audio Installer
MOTU USB MIDI Installer
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
neroxml
Nitro PDF Professional
Norton Internet Security
NVIDIA Drivers
OJOsoft MP3 Converter
OJOsoft WAV to MP3 Converter
OpenSource Flash Video Splitter 1.0.0.5
Platform
PoiZone
Princeton Digital 2016 Plate Reverb VST
PSSWCORE
Python 2.4.3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Reason 4.0
reFX Nexus VSTi RTAS v2.2.0
Rhapsody
Rhapsody Player Engine
Rob Papen BLUE Version 1.8.5d
Rob Papen SubBoomBass 1.0.3c
Roland FANTOM-X Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RTC Client API v1.2
Sakura
Sandboxie 3.58 (32-bit)
Sawer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Slice Audio File Splitter
SmartSoft Video Converter
Snapfish Media Detector
Soft Data Fax Modem with SmartCP
SONAR 5 Producer Edition
SONAR 7 Producer Edition
SopCast 3.2.9
Spybot - Search & Destroy
Studio Manager
SUPERAntiSpyware
SuperNZB v3.2.1
swMSM
SyncroSoft Emu (Remove only)
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VC80CRTRedist - 8.0.50727.6195
VCRedistSetup
Veetle TV 0.9.18
VIA Platform Device Manager
VirtualDJ Home FREE
VLC media player 1.1.5
Wajam
Wav2MP3 Wizard v3.2 (Build 354)
WavePad Sound Editor
Waves Mercury Complete VST DX RTAS v1.01
Windows 7 Upgrade Advisor
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 11.1
Xbox Backup Creator
Xilisoft Video Converter 3
Xilisoft Video Editor
Yamaha MOTIF ES6/7/8 Voice Editor
YAMAHA Studio Manager
.
==== End Of File ===========================
 
Link to post
Share on other sites

And heres the Rogue Killer report txt 

 

 

 

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : mike [Admin rights]
Mode : Scan -- Date : 08/15/2013 10:31:05
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] TopArcadeHits.job : C:\Users\mike\AppData\Local\TopArcadeHits\updater.exe [x] -> FOUND
[V2][sUSP PATH] TopArcadeHits : C:\Users\mike\AppData\Local\TopArcadeHits\updater.exe [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[inline] SSDT[339] : NtTraceEvent @ 0x84A44835 -> HOOKED (Unknown @ 0x83727C00)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: Hitachi HDT725032VLA SCSI Disk Device +++++
--- User ---
[MBR] 43b9e8a8a7ad49ba0c2bf8a6de75ab27
[bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296182 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606582270 | Size: 9060 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[0]_S_08152013_103105.txt >>
Link to post
Share on other sites

Please uninstall Wajam from your add/remove programs.

 

Then.....

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[V1][sUSP PATH] TopArcadeHits.job : C:\Users\mike\AppData\Local\TopArcadeHits\updater.exe [x] -> FOUND
[V2][sUSP PATH] TopArcadeHits : C:\Users\mike\AppData\Local\TopArcadeHits\updater.exe [x] -> FOUND

 

 

Now click Delete on the right hand column under Options


----------------------------------------------

 

Last......

Please download AdwCleaner from here and save it on your Desktop.
 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

 

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
  • Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

    Note:
    Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
    If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

    Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

    You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

    /DisableAskDetection - This option disables Ask Toolbar detection.

  • MrC
Link to post
Share on other sites

heres is my ADWcleaner txt file

 

 

# AdwCleaner v2.306 - Logfile created 08/15/2013 at 11:55:28
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 1 (32 bits)
# User : mike - MIKE-PC
# Boot Mode : Normal
# Running from : C:\Users\mike\Desktop\AdwCleaner (1).exe
# Option [search]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\END
 
***** [Registry] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v7.0.6001.18349
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\prefs.js
 
Found : user_pref("extensions.wajam.affiliate_id", "5926");
Found : user_pref("extensions.wajam.firstrun", "false");
Found : user_pref("extensions.wajam.no_trace", "false");
Found : user_pref("extensions.wajam.trace_log", "1376589000902 - processDOMLoad - mappingListJsonString is n[...]
Found : user_pref("extensions.wajam.unique_id", "D6DD7B51EF95D075AA25A1C6C1F8CF32");
Found : user_pref("extensions.wajam.version", "1.26");
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [10478 octets] - [07/08/2013 08:47:18]
AdwCleaner[R2].txt - [10539 octets] - [07/08/2013 09:03:21]
AdwCleaner[R3].txt - [1368 octets] - [14/08/2013 15:40:17]
AdwCleaner[R4].txt - [1428 octets] - [14/08/2013 15:42:10]
AdwCleaner[R5].txt - [1662 octets] - [15/08/2013 11:55:28]
AdwCleaner[s1].txt - [10605 octets] - [07/08/2013 09:03:35]
AdwCleaner[s2].txt - [1492 octets] - [14/08/2013 15:42:47]
 
########## EOF - C:\AdwCleaner[R5].txt - [1843 octets] ##########
Link to post
Share on other sites

Some adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Last.........

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

here is my adwcleaner txt

 

 

# AdwCleaner v2.306 - Logfile created 08/15/2013 at 12:07:24
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 1 (32 bits)
# User : mike - MIKE-PC
# Boot Mode : Normal
# Running from : C:\Users\mike\Desktop\AdwCleaner (1).exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\END
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v7.0.6001.18349
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\prefs.js
 
Deleted : user_pref("extensions.wajam.affiliate_id", "5926");
Deleted : user_pref("extensions.wajam.firstrun", "false");
Deleted : user_pref("extensions.wajam.no_trace", "false");
Deleted : user_pref("extensions.wajam.trace_log", "1376589000902 - processDOMLoad - mappingListJsonString is n[...]
Deleted : user_pref("extensions.wajam.unique_id", "D6DD7B51EF95D075AA25A1C6C1F8CF32");
Deleted : user_pref("extensions.wajam.version", "1.26");
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [10478 octets] - [07/08/2013 08:47:18]
AdwCleaner[R2].txt - [10539 octets] - [07/08/2013 09:03:21]
AdwCleaner[R3].txt - [1368 octets] - [14/08/2013 15:40:17]
AdwCleaner[R4].txt - [1428 octets] - [14/08/2013 15:42:10]
AdwCleaner[R5].txt - [1912 octets] - [15/08/2013 11:55:28]
AdwCleaner[R6].txt - [2031 octets] - [15/08/2013 12:05:51]
AdwCleaner[R7].txt - [2091 octets] - [15/08/2013 12:07:11]
AdwCleaner[s1].txt - [10605 octets] - [07/08/2013 09:03:35]
AdwCleaner[s2].txt - [1492 octets] - [14/08/2013 15:42:47]
AdwCleaner[s3].txt - [328 octets] - [15/08/2013 12:05:46]
AdwCleaner[s4].txt - [2040 octets] - [15/08/2013 12:07:24]
 
########## EOF - C:\AdwCleaner[s4].txt - [2100 octets] ##########
Link to post
Share on other sites

heres my ADw cleaner.txt

 

 

# AdwCleaner v2.306 - Logfile created 08/15/2013 at 12:30:59
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 1 (32 bits)
# User : mike - MIKE-PC
# Boot Mode : Normal
# Running from : C:\Users\mike\Desktop\AdwCleaner (1).exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v7.0.6001.18349
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [10478 octets] - [07/08/2013 08:47:18]
AdwCleaner[R2].txt - [10539 octets] - [07/08/2013 09:03:21]
AdwCleaner[R3].txt - [1368 octets] - [14/08/2013 15:40:17]
AdwCleaner[R4].txt - [1428 octets] - [14/08/2013 15:42:10]
AdwCleaner[R5].txt - [1912 octets] - [15/08/2013 11:55:28]
AdwCleaner[R6].txt - [2031 octets] - [15/08/2013 12:05:51]
AdwCleaner[R7].txt - [2091 octets] - [15/08/2013 12:07:11]
AdwCleaner[R8].txt - [1607 octets] - [15/08/2013 12:30:26]
AdwCleaner[s1].txt - [10605 octets] - [07/08/2013 09:03:35]
AdwCleaner[s2].txt - [1492 octets] - [14/08/2013 15:42:47]
AdwCleaner[s3].txt - [328 octets] - [15/08/2013 12:05:46]
AdwCleaner[s4].txt - [2169 octets] - [15/08/2013 12:07:24]
AdwCleaner[s5].txt - [1538 octets] - [15/08/2013 12:30:59]
 
########## EOF - C:\AdwCleaner[s5].txt - [1598 octets] ##########
Link to post
Share on other sites

here is my JRT.txt 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows Vista Home Premium x86
Ran by mike on Thu 08/15/2013 at 12:37:16.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/15/2013 at 12:40:00.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Delete any copies of AdwCleaner you have and....

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
MrC
Link to post
Share on other sites

heres my adwcleaner log

 

 

# AdwCleaner v3.000 - Report created 22/08/2013 at 09:29:31
# Updated 20/08/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 1 (32 bits)
# Username : mike - MIKE-PC
# Running from : C:\Users\mike\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\.autoreg
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6001.18349
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\prefs.js ]
 
Line Found : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,vshareus@toolbar:1.0.0,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1,{C[...]
Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
Line Found : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Found : user_pref("extentions.webcake.installId", "cbce7edf-43a0-4466-a0b6-3a8c73fb6880");
 
-\\ Google Chrome v28.0.1500.95
 
[ File : C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1677 octets] - [22/08/2013 09:09:12]
AdwCleaner[R1].txt - [1597 octets] - [22/08/2013 09:29:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1657 octets] ##########
Link to post
Share on other sites

OK...Next:

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Last.........

    Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

    Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

    Make sure that everything is checked, and click Remove Selected.

    Please let me know how computer is running now,

MrC

Link to post
Share on other sites

here is my adwcleaner log

 

 

# AdwCleaner v3.000 - Report created 22/08/2013 at 09:56:01
# Updated 20/08/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 1 (32 bits)
# Username : mike - MIKE-PC
# Running from : C:\Users\mike\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\.autoreg
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6001.18349
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\prefs.js ]
 
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,vshareus@toolbar:1.0.0,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1,{C[...]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "cbce7edf-43a0-4466-a0b6-3a8c73fb6880");
 
-\\ Google Chrome v28.0.1500.95
 
[ File : C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1677 octets] - [22/08/2013 09:09:12]
AdwCleaner[R1].txt - [1737 octets] - [22/08/2013 09:29:31]
AdwCleaner[R2].txt - [1797 octets] - [22/08/2013 09:51:30]
AdwCleaner[s0].txt - [1728 octets] - [22/08/2013 09:56:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1788 octets] ##########
Link to post
Share on other sites

here is my JRT log 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows Vista Home Premium x86
Ran by mike on Thu 08/22/2013 at 10:07:05.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/22/2013 at 10:10:04.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

heres the log from malwarebytes

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.22.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
mike :: MIKE-PC [administrator]

8/22/2013 2:59:16 PM
MBAM-log-2013-08-22 (18-39-40).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 545398
Time elapsed: 2 hour(s), 58 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> No action taken.

Files Detected: 6
C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> No action taken.

(end)
 

Link to post
Share on other sites

its working good now, i've run malwarebytes and rebooted about 3 times and no infection. The key however was to go to my mozilla firefox folder and manually remove "top arcade hits" by going into my tools-- extensions tab. 

 

this website gave me the step by step on how to do it.

http://botcrawl.com/how-to-remove-the-top-arcade-hits-virus/

 

ill post an update later today, if everything is still running smooth

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.