Tech Support Guy banner
Cancel

Computer isn't performing as it should

3864 Views 57 Replies 3 Participants Last post by  blues_harp28
cherdon
My PC is becoming increasingly slower and I dont know why. Also when i left click on my logitech mouse (not wireless) it will be ok for awhile then i have to keep clicking on it over and over before it finally does something. To make a long story short, my computer isn't running how it should be. I do scans all the time with CC Cleaner and Malwarebytes and the only thing that has ever showed up was PUP something. I also use free version of AVG AntiVirus 2015. Any help would be greatly appreciated.
I just ran an AVG scan and 2 threats were found: MalSign.Generic.AB7
Save
Like
Status
Not open for further replies.
1 - 20 of 58 Posts
blues_harp28
Let us have some Pc specifications.
Check and post
TSG System Information Utility - found here.
http://static.techguy.org/download/SysInfo.exe
======
Download Security Check by screen317 from.
http://screen317.spywareinfoforum.org/
Or
http://www.bleepingcomputer.com/download/securitycheck/dl/123/

Save it to your Desktop.
Double click the install icon.
A command Prompt window will open.
Let it scan the Pc - press any key when asked.
It should now open in Notepad.
Copy and Paste the result of the scan in the reply box below.
======
Download AdwCleaner by Xplode to your desktop.
http://www.bleepingcomputer.com/download/adwcleaner/
Click on the Download Now @BleepingComputer button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close any browsers that may be open - double click on the ADWCleaner icon on your desktop
Click on the Scan button.
Let it scan your Pc - when that is done click on the Report button.
Allow it to clean and reboot your Pc.
The report will appear on your desktop - Copy and Paste it into your next post.
======
If you can post the log file from AVG - I am not a AVG user but check the following.
http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=86493
See less See more
Save
Like
flavallee
Microsoft Windows XP Home Edition
76477-OEM-0011903-00247
CISNET
AMD Sempron[tm] 2800+1.99GHz 512 MB of RAM
Click to expand...
Go to My Account - Edit Your Details, then edit/update the "Computer Specs" section on your computer.

This saves time and saves asking you questions.

---------------------------------------------------------
Save
Like
cherdon
Results of screen317's Security Check version 0.99.89
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2015
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
JavaFX 2.1.0
Java 7 Update 60
Java version out of Date!
Adobe Reader XI
Google Chrome 38.0.2125.101
Google Chrome 38.0.2125.104
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
See less See more
Save
Like
flavallee
SysInfo.exe information for blues_harp28:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 2038 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 384 Mb
Hard Drives: C: Total - 305234 MB, Free - 267295 MB;
Motherboard: ASRock, G31M-S
Antivirus: AVG AntiVirus 2015, Updated: Yes, On-Demand Scanner: Enabled

------------------------------------------------------------
See less See more
Save
Like
flavallee
While you're waiting for blues_harp28 to reply back, do the following so we can see what's installed and auto-loading in your computer and if any obvious issues need to be addressed:

Go here and click the large green "Download" button to download and save HiJackThis 2.0.5 (HijackThis.exe) to your desktop.

After it's been downloaded and saved, close all open windows.

Double-click it and allow its main window to load.

Uncheck "Do not show this window when I start HiJackThis".

Click "Do a system scan and save a log file".

When the scan is finished in 30 - 60 seconds, a log file will appear.

Save that log file.

Return here to your thread, then copy-and-paste the ENTIRE log file here.

----------------------------------------------------------

Right-click MY COMPUTER, then click Properties.

Advise what's listed in the Computer: section at the bottom of the "General" tab - exactly as you see it there.

---------------------------------------------------------
See less See more
Save
Like
cherdon
# AdwCleaner v4.000 - Report created 20/10/2014 at 09:44:37
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Cheryl - CHERYL-A778CF1B
# Running from : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\002
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Cheryl\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Cheryl\Local Settings\Application Data\emaze
Folder Deleted : C:\Program Files\Greener Web
Folder Deleted : C:\Documents and Settings\Cheryl\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Cheryl\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Cheryl\Application Data\UpdaterEX
Folder Deleted : C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\CT3286042
Folder Deleted : C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
[!] Folder Deleted : C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma
File Deleted : C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\Extensions\[email protected]
File Deleted : C:\Documents and Settings\Cheryl\Local Settings\Application Data\CRE\oiffmnkajgkhjjchngmajlomfdhfjdma.crx
File Deleted : C:\WINDOWS\system32\drivers\netfilter.sys
File Deleted : C:\END
File Deleted : C:\Documents and Settings\Cheryl\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\user.js
File Deleted : C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\iolllphbfidpiigenecjjflaefapfnef
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iolllphbfidpiigenecjjflaefapfnef
Key Deleted : HKCU\Software\Google\Chrome\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKCU\Software\5c2d9dce26fe910
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279412
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287810
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\HP\Common\HPDeviceDetection3.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Cheryl\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ClickConnect
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v16.0.1 (en-US)

[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.browser.search.defaultthis.engineName", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.FF19Solved", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.fullUserID", "UN13496357482158973.IN.20130924090515");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.originalHomepage", "about:home");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.installerVersion", "1.7.1.4");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.installDate", "10/6/2013 12:26:17");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.UserID", "UN13496357482158973");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.originalSearchEngine", "");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.browser.search.defaultthis.engineName", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.installDate", "24/09/2013 09:05:22");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.versionFromInstaller", "10.20.0.21");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.installerVersion", "1.4.2.3");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.originalHomepage", "about:home");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.startPageXPETakeover", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.installDate", "24/09/2013 09:20:56");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.installSp", "TRUE");
[yqnlpmdi.default] - Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN41203567832709256&UM=2&SearchSource=13");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.originalSearchAddressUrl", "");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.installSessionId", "{FFDF1E3D-DBD6-4158-92FA-07FED79A2D07}");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.keyword", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.originalSearchEngine", "");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.originalSearchEngineName", "");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.searchRevert", "false");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.addressUrlXPETakeover", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.searchUserMode", "2");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.versionFromInstaller", "10.20.1.8");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.smartbar.homepage", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3279412.xpeMode", "0");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.FF19Solved", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.smartbar.homepage", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279412&SearchSource=2&CUI=UN13496357482158973&UM=2&q=");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.installSessionId", "{62D37484-C07A-4437-B515-9B652C8490C4}");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.UserID", "UN41203567832709256");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.autoDisableScopes", 0);
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.searchUserMode", "2");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.installSp", "TRUE");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.browser.search.defaultthis.engineName", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.defaultSearchXPETakeover", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.smartbar.homepage", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.installSessionId", "-1");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.keyword", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.searchRevert", "false");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.originalSearchAddressUrl", "");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.searchRevert", "false");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.searchUserMode", "2");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3286042.versionFromInstaller", "10.16.2.9");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.FF19Solved", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.UserID", "UN28844371481046811");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.fullUserID", "UN28844371481046811.IN.20130924092015");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.installSp", "TRUE");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.installerVersion", "1.7.100.2");
[yqnlpmdi.default] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279412&SearchSource=2&CUI=UN13496357482158973&UM=2&q=");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.keyword", "true");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3279412&CUI=UN13496357482158973&UM=2&SearchSource=13");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.originalSearchEngine", "appbario13 Customized Web Search");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.xpeMode", "0");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.originalSearchEngineName", "appbario13 Customized Web Search");
[yqnlpmdi.default] - Line Deleted : user_pref("CT3287810.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[yqnlpmdi.default] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "VisualBee V.11 Customized Web Search");
[yqnlpmdi.default] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.11 Customized Web Search");
[yqnlpmdi.default] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3287810");
[yqnlpmdi.default] - Line Deleted : user_pref("extensions.enabledAddons", "quick_start%40gmail.com:3.2.6,{972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.1");
[yqnlpmdi.default] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "VisualBee V.11 Customized Web Search");
[yqnlpmdi.default] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN41203567832709256&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource[...]
[yqnlpmdi.default] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&SearchSource=2&CUI=UN41203567832709256&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
[yqnlpmdi.default] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3287810");
[yqnlpmdi.default] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3287810");
[yqnlpmdi.default] - Line Deleted : user_pref("smartbar.machineId", "WF3GYXWUHY9NMPGHUB57RG2LVTEYIITLJAVL21HHYAB6OH7LQLJY9IV0YPWUXVOS/T02QPCJ9SH0KJAKKVGRMW");
[yqnlpmdi.default] - Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://www.better-search.net/?src=10&st=12&i=998&did=10874&ppd=,,,,,,,,,www.smilebox.com&barid=1605756657614268188");

-\\ Google Chrome v38.0.2125.104

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [19423 octets] - [20/10/2014 09:41:39]
AdwCleaner[S0].txt - [19750 octets] - [20/10/2014 09:44:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19811 octets] ##########
See less See more
Save
Like
cherdon
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:59:19 AM, on 10/20/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 16.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cheryl\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342092933781
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: NameServer = 8.26.56.26,8.20.247.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: NameServer = 8.26.56.26,8.20.247.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: NameServer = 8.26.56.26,8.20.247.20
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

--
End of file - 6340 bytes
See less See more
Save
Like
flavallee
You jumped the gun and did a "Scan" and "Clean" instead of a "Scan" and "Report".

Since you've already done a "Scan" and "Clean", you need to do it a second time and then submit its log after the computer restarts.

The second run is to confirm the first run found and deleted everything.

----------------------------------------------------------
Save
Like
blues_harp28
Download MalwareBytes and SuperAntiSpyware to your desktop.
Download the Free versions of both programs.

MalwareBytes

SuperAntiSpyware

Once they are downloaded to your desktop.
Close all open browser windows.

MalwareBytes
Click on the Install icon - allow it to update during the install process.
Start Malwarebytes Anti-Malware.
Before you run a scan.
Under Settings > Detection and Protection in the left pane.
Under Detection Options - make sure that all three entries are ticked.
Under Non-Malware detections - set to Treat detections as Malware.

Now click - Scan button.
Then select - Threat Scan.
Then - Scan Now.
If any infections are found during the scan, the number of them will be listed.
When the scan is finished, make sure to select and remove Everything in the list.
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start Malwarebytes Anti-Malware again.
Click History > Application Logs.
Select the most recent scan log.
Click View.
Select Export >Text File.
Name it mbam > then save it on the desktop.
Copy-and-paste its contents in the reply box below.

SuperAntiSpyware
Click on the install icon - allow it to update during the install process.
Select the Quick Scan option.
Click Scan your Computer.
Any infections or problems will be highlighted in red.
After the scan is finished.
Click Continue.
Check that everything is listed.
Click Remove Threats.
Click OK - then click Finish
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start SuperAntiSpyware again.
Click View Scan Logs.
Highlight the scan log entry.
Click - View Selected Log.
The scan log will appear in Notepad.
Copy and paste in your next post.
=====
Edit
You have Superantispyware installed - Scan - remove what it finds and post the log file.
See less See more
Save
Like
cherdon
Computer:

Intel(R) Celeron(R) CPU
E3200 @ 2.40GHz
2.39 GHz, 1.99 GB of RAM
Save
Like
cherdon
So sorry, didn't realize I did that..will do again
Save
Like
flavallee
Intel(R) Celeron(R) CPU
E3200 @ 2.40GHz
2.39 GHz, 1.99 GB of RAM
Click to expand...
The Intel Celeron E3200 2.40 GHz processor is running at its rated speed. :up:

All 2 GB of RAM is being recognized and used. :up:

-----------------------------------------------------------

blues_harp28 has returned, so I'll leave you with him. :up:

-----------------------------------------------------------
Save
Like
cherdon
I did it but system never restarted, this is the log that appeared, no clean button came up for me to click on ????

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:11:25 AM, on 10/20/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 16.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Cheryl\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342092933781
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: NameServer = 8.26.56.26,8.20.247.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: NameServer = 8.26.56.26,8.20.247.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: NameServer = 8.26.56.26,8.20.247.20
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

--
End of file - 6341 bytes
See less See more
Save
Like
cherdon
Thanks flavallee
Save
Like
blues_harp28
It is AdwCleaner that needs to run until it comes back clean.
Run AdwCleaner again - Scan > then Clean.
Allow it to clean and reboot your Pc.
Then post the latest log file.
======
Once that is done - scan with Malwarebytes and Superantispyware
======
Take your time - and post when you are ready.
Save
Like
flavallee
Thanks flavallee
Click to expand...
You're welcome. :) :up:

-----------------------------------------------------------
Save
Like
cherdon
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/20/2014
Scan Time: 10:17:39 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.20.04
Rootkit Database: v2014.10.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Cheryl

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292051
Time Elapsed: 50 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Conduit.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gpaiibklhaneknloaoccoidbaffjjlnb, No Action By User, [53777b9a1d5f86b0c87cc75308fb15eb],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1214440339-1659004503-1801674531-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gpaiibklhaneknloaoccoidbaffjjlnb, No Action By User, [7f4b14012e4e55e149fc32e8c63dbc44],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
See less See more
Save
Like
blues_harp28
Malwarebytes - "No Action By User";) - you will need to scan again and then, remove all that it finds.
When you are ready Scan with Superantispyware - post the log file after removing all that it finds.
======
Run AdwCleaner again - Scan > then Clean.
Allow it to clean and reboot your Pc.
Then post the latest log file.
Save
Like
cherdon
# AdwCleaner v4.000 - Report created 20/10/2014 at 11:23:54
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Cheryl - CHERYL-A778CF1B
# Running from : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner (2).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v16.0.1 (en-US)

-\\ Google Chrome v38.0.2125.104

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [19423 octets] - [20/10/2014 09:41:39]
AdwCleaner[R1].txt - [931 octets] - [20/10/2014 11:22:08]
AdwCleaner[S0].txt - [19892 octets] - [20/10/2014 09:44:37]
AdwCleaner[S1].txt - [914 octets] - [20/10/2014 11:23:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [973 octets] ##########
See less See more
Save
Like
1 - 20 of 58 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top