Articles

my cpv vsage is crazily high maybe svchost problem

January 5, 2013 at 05:44:48
Specs: Windows Vista

my cpv vsage is vpto 100%-thgt maybe a svchost problem so did a few things someone told me to do 1/ Rkill.exe (Download: Rkill.exe) 2/ TDSSKiller.exe TDSSKiller.exe) 3/aswMBR (Download to your desktop: aswMBR.exe) 4/ ESET Online Scanner (In-browser scan here through Internet Explorer only. If in another browser, it should ask you to install the program on your computer. Go ahead and do so, following all the prompts.) 5/ Microsoft Fix It
the ESET Scanner fovnd 7 possible threats and removed them bvt svchost problems still here-ive 12 svchost.exe processes rvnning-really doing my head in-all the svchost programs i find free scan then have to pay to fix-plase help

See More: my cpv vsage is crazily high maybe svchost problem

Report •


#1
January 5, 2013 at 06:27:41

Try anti malware from malwarebytes.org
Make sure you update after you install it.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
January 5, 2013 at 06:37:58

thankyov for yovr reply-ive had that installed on my laptop since day 1-thats not cvring problem either

Report •

#3
January 5, 2013 at 06:42:40

It must be updated before each time you run it. Did you do that? You might want to run it is safe mode too.

If that doesn't work, run hijack this & post the log here.

How do you know when a politician is lying? His mouth is moving.


Report •

Related Solutions

#4
January 5, 2013 at 06:54:07

i always vpdate it when reqvested-i have it on avto-notify-sorry dont vnderstand "run hijack this & post the log here."excvse my ignorance im no compvter expert

Report •

#5
January 5, 2013 at 08:27:49

Goolge download hijack this. Download it & run it. It will show you all running processes. Post the list here.

How do you know when a politician is lying? His mouth is moving.


Report •

#6
January 5, 2013 at 09:52:32

i went to download hijack this-i tried it on two different sites came vp with seriovs threat

Report •

#7
January 5, 2013 at 10:35:21

"the ESET Scanner fovnd 7 possible threats and removed"
Post the log please.

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.


Report •

#8
January 5, 2013 at 10:53:59

i copied and pasted dialogve into start rvn box bvt says not fovnd

Report •

#9
January 5, 2013 at 13:18:03

could this have something to do with your keyboard using 'V' instead of 'U' ........

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#10
January 5, 2013 at 14:44:44

lol no my yew key doesnt work bvt doesnt affect copy and paste

Report •

#11
January 5, 2013 at 14:52:34

"i copied and pasted dialogve into start rvn box bvt says not fovnd'
Use the other option.

Report •

#12
January 5, 2013 at 14:57:20

excvse my ignorance John bvt how do i navigate to the directory

Report •

#13
January 5, 2013 at 15:03:01

05/01/2013 16:32:44 HTTP filter file http://ak.imgfarm.com/images/nocach... Win32/AdInstaller potentially unwanted application cueball-PC\cueball Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.

02/01/2013 13:59:09 Real-time file system protection file C:\Users\cueball\AppData\Local\Temp\av4F6A.tmp a variant of Win32/Toolbar.Babylon potentially unwanted application cleaned by deleting cueball-PC\cueball Event occurred on a new file created by the application: C:\Users\cueball\Downloads\aswMBR(2).exe.

these are the only threats that are logged in eset


Report •

#14
January 5, 2013 at 15:17:14

Run both of these & post the logs please.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

1b: Run Junkware Removal Tool
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...


Report •

#15
January 5, 2013 at 15:26:27

John before i do that i went into Task Manager and looked at services-the ones that came to my eye were : Winhttp - W32Time - Winmgmt-WinRM-when i right click on them one tab is goto process-they all goto one of the 12 svchost processes and one of them is over 90000k and another is over 50000k

Report •

#16
January 5, 2013 at 15:31:51

neale, google all of those & see what they bring up.

Run the other programs to find what is lurking.


Report •

#17
January 6, 2013 at 05:00:49

John im trying to download AdwCleaner.exe bvt im getting popvp saying "Covld not be saved becavse yov cannot save the contents of that folder.Change the folder properties and try again or try saving in different location" i havnt a clve sorry

Report •

#18
January 6, 2013 at 10:42:01

neale, right click on it & run as administrator.

Report •

#19
January 6, 2013 at 11:14:37

thankyov John ill try that-ive always wanted to know what vn as administator means-covld yov explain please-and sorry for my being slo-im wheelchairbovnd and hovsebovnd and my carer is in and ovt

Report •

#20
January 6, 2013 at 11:18:54

i cant even rvn as administrator becavse the error message is coming p when i click on save to download it-i tried right clicking on save bvt nothing

Report •

#21
January 6, 2013 at 13:41:19

Your infections are doing their job neale, blocking you trying to fix the problems.

I've just uploaded this one for another person with a similar problem.

See if you can download it & run it in Normal mode.

If it will not run in Normal mode, try running it in Safe mode.

http://www.load.to/lyiYOY2m3S/BeeNi...


Report •

#22
January 6, 2013 at 16:28:18

this link is for ilivid media player-another problem i think im getting which covld be cavsing the problems is my avto vpdate doesnt seem to be working-my last windows vpdate was 22/12 - when i google microsoft vpdate website then click on link all it does is send me to a basic page telling me to goto startvp control panel then vpdates-is this a virvs stopping me goin to microsoft website?

Report •

#23
January 6, 2013 at 16:32:47

"this link is for ilivid media player"
What link?

" is this a virvs stopping me goin to microsoft website?"
Yes.

What time zone are you in?


Report •

#24
January 7, 2013 at 02:53:49

im in vk time

Report •

#25
January 7, 2013 at 03:02:47

Refer #23

"this link is for ilivid media player"
What link?


Report •

#26
January 7, 2013 at 03:09:17

"im in vk time"
I'm in Western Australia time.
http://www.timeanddate.com/worldclo...

Report •

#27
January 7, 2013 at 03:09:48

http://www.load.to/lyiYOY2m3S/BeeNi...

this link was vnder yr message posted at 13.41.19 pacific


Report •

#28
January 7, 2013 at 03:13:13

"this link was vnder yr message posted at 13.41.19 pacific"
Give me a very clear description of what is happening, step by step.

1:
2:
3:
4:
Etc


Report •

#29
January 7, 2013 at 03:20:49

If you know how to take screenshots & upload them to a site of your choosing, that will help show me what is happening.

Report •

#30
January 7, 2013 at 03:34:34

i managed to load ADWCleaner-i tried it throvgh internet explorer and it worked-i got resvlts and logs bvt dont know how to post them on here

Report •

#31
January 7, 2013 at 03:37:20

Open the log, Copy & Paste the contents here.

Report •

#32
January 7, 2013 at 03:41:11

In case I need screenshots ( SS ) as we progress.

How To Capture a Screen Shot with the Snipping Tool in Windows Vista / Windows 7
http://graphicssoft.about.com/od/mi...

If any program won't run ( due to the infection ) let me know. Post the log/logs after each run.
Screenshots ( SS ) may also requested, or if you want to illustrate a point yourself, use the uploader.
If any of the logs are too large, upload them to a site of your choosing or, all can be done with this. I use Imgur.com
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use
http://i.imgur.com/rr0p9.gif
http://i.imgur.com/zsqmE.gif
http://i.imgur.com/OA9LW.gif
http://i.imgur.com/PujnZ.gif


Report •

#33
January 7, 2013 at 03:41:41

# AdwCleaner v2.104 - Logfile created 01/07/2013 at 11:25:26
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : cueball - CUEBALL-PC
# Boot Mode : Normal
# Running from : C:\Users\cueball\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUQELSIY\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\DealPly
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\cueball\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\cueball\AppData\Local\Babylon
Folder Deleted : C:\Users\cueball\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\cueball\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Folder Deleted : C:\Users\cueball\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\cueball\AppData\Local\Wajam
Folder Deleted : C:\Users\cueball\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\cueball\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\cueball\AppData\LocalLow\ShoppingReport
Folder Deleted : C:\Users\cueball\AppData\Roaming\Babylon
Folder Deleted : C:\Users\cueball\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Hotbar
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100632&mntrId=f05e75ea0000000000000025d3014a77 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-GB)

File : C:\Users\cueball\AppData\Roaming\Mozilla\Firefox\Profiles\dnovkpdu.default\prefs.js

C:\Users\cueball\AppData\Roaming\Mozilla\Firefox\Profiles\dnovkpdu.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5");
Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100632&mntrId[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100632&mntrId=f[...]
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 20);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "GB");
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "E4099D1450A7283144510A6A02387919");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "20");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 20);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.222:28:06");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 57681791);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.crossriderapp435.435.active", true);
Deleted : user_pref("extensions.crossriderapp435.435.affid", "0");
Deleted : user_pref("extensions.crossriderapp435.435.backgroundjs", "function buttonClick() { \n \n i[...]
Deleted : user_pref("extensions.crossriderapp435.435.backgroundver", 6);
Deleted : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
Deleted : user_pref("extensions.crossriderapp435.435.domain", "");
Deleted : user_pref("extensions.crossriderapp435.435.emailsig", "");
Deleted : user_pref("extensions.crossriderapp435.435.exposesites", "");
Deleted : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp435.435.group", 0);
Deleted : user_pref("extensions.crossriderapp435.435.homepage", "");
Deleted : user_pref("extensions.crossriderapp435.435.iframe", false);
Deleted : user_pref("extensions.crossriderapp435.435.js", "$jquery(document).ready(function() {\n //if(locatio[...]
Deleted : user_pref("extensions.crossriderapp435.435.name", "Premiumplay Codec-C");
Deleted : user_pref("extensions.crossriderapp435.435.premium", true);
Deleted : user_pref("extensions.crossriderapp435.435.publisher", "WebPicks");
Deleted : user_pref("extensions.crossriderapp435.435.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp435.435.thankyou", "");
Deleted : user_pref("extensions.crossriderapp435.435.ver", 21);
Deleted : user_pref("extensions.crossriderapp435.apps", "435");
Deleted : user_pref("extensions.crossriderapp435.bic", "13283d00ffef597ff9b8dd9fa5f37fff");
Deleted : user_pref("extensions.crossriderapp435.cid", 435);
Deleted : user_pref("extensions.crossriderapp435.firstrun", false);
Deleted : user_pref("extensions.crossriderapp435.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp435.installationdate", 1316471443);
Deleted : user_pref("extensions.crossriderapp435.jsver", 3);
Deleted : user_pref("extensions.crossriderapp435.lastcheck", 21941191);
Deleted : user_pref("extensions.crossriderapp435.lastcheckitem", 21941338);
Deleted : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1316480270564");
Deleted : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1316480270543");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={164AADAA-FC68-405A-B77C-5774BC8FEB9C}&m[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\cueball\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100632&mntrId=f05e75ea0000000000000[...]
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100632&mntrI[...]
Deleted [l.39] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.42] : keyword = "babylon.com",
Deleted [l.45] : search_url = "hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100632&mntrId=f0[...]
Deleted [l.1392] : homepage = "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100632&mntrId=f05e75ea0000000000000025[...]
Deleted [l.1625] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100632&mntrId=f[...]

-\\ Opera v [Unable to get version]

File : C:\Users\cueball\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15588 octets] - [07/01/2013 11:22:04]
AdwCleaner[S1].txt - [15497 octets] - [07/01/2013 11:25:26]


Report •

#34
January 7, 2013 at 03:45:36

Ok, that got rid of a hell of a lot. Probably a lot more lurking.

Run Junkware Removal Tool
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...


Report •

#35
January 7, 2013 at 03:48:07

A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom.

Malware Prevention
http://www.malwarevault.com/index.html
"There is no magic involved. The majority of malware is installed by the user themselves"


Report •

#36
January 7, 2013 at 03:51:18

http://www.bleepingcomputer.com/dow... when i went to download this IE is giving me message in red "JRT.exe is not commonly downloaded and covld harm yovr compter Actions?

Report •

#37
January 7, 2013 at 03:54:36

That's because it's an exe.

False positive > Ignore.


Report •

#38
January 7, 2013 at 04:10:42

Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.1 (01.06.2013:2)
OS: Windows Vista (TM) Home Premium x86
Ran by cueball on 07/01/2013 at 11:57:05.23
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sparktrust
Successfully deleted: [Registry Key] hkey_local_machine\software\sparktrust
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\codeccheck"
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\cueball\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\cueball\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Program Files\crossriderwebapps"
Successfully deleted: [Folder] "C:\Program Files\imesh applications"

~~~ FireFox

Successfully deleted the following from C:\Users\cueball\AppData\Roaming\mozilla\firefox\profiles\dnovkpdu.default\prefs.js

user_pref("extensions.crossrider.bic", "13283d00ffef597ff9b8dd9fa5f37fff");
Emptied folder: C:\Users\cueball\AppData\Roaming\mozilla\firefox\profiles\dnovkpdu.default\minidumps [269 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/01/2013 at 12:09:28.66
End of JRT log


Report •

#39
January 7, 2013 at 04:15:53

Nice work neale, your getting into the swing of it now.

I'm trying to keep things moving, before I go to bed, if you look at the time clock on the link I sent you, you will see the current time here.


Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
RogueKiller tutorial
http://en.kioskea.net/faq/11626-rog...
•Please quit all programs
•Right-click the RogueKiller file and select "Run as Administrator'
•Press: SCAN
•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.
An RKreport (Mode: Delete) is created on the Desktop.
Please provide the RKreport (Mode: Delete) in your reply.
Restart the computer.


Report •

#40
January 7, 2013 at 04:16:16

when i goto Compvter then c drive in the list is "inject" and "inject.log" these are 21184KB and 18573KB what are these and why so big

Report •

#41
January 7, 2013 at 04:17:26

hey my friend yov goto bed-we can continve when yr next free-i really appreciate yr help-i cant thank yov enovgh

Report •

#42
January 7, 2013 at 04:19:02

"i cant thank yov enovgh"
I'm staying with you for about another hour neale.

Report •

#43
January 7, 2013 at 04:22:23


Access denied
Details:
Web page: http://do.wnloads.net/go/ThankYouDL?dl=http://install2.optimum-installer.com/o/7zip_Bundle/Setup.exe?filedescription=Setup&subid=google_7-zip-display-GB-728x90-bluev1-border-middle&user_id=f1904973-29d2-469f-860b-4e7df3d001d4&thankYouUrl=http://manythanks.fordownloading.net/ThankYou/7zip?source=google_7-zip-display-GB-728x90-bluev1-border-middle&subid1=software&subid2=www.softpedia.com&userid=f1904973-29d2-469f-860b-4e7df3d001d4&reason=complete&cancelUrl=http://manythanks.fordownloading.net/ThankYou/7zip?source=google_7-zip-display-GB-728x90-bluev1-border-middle&subid1=software&subid2=www.softpedia.com&userid=f1904973-29d2-469f-860b-4e7df3d001d4&adprovider=google_downloads.net&subid2=software&subid3=www.softpedia.com
Comment: Access to the web page was blocked by ESET NOD32 Antivirus. The web page is on the list of websites with potentially dangerous content.

Report •

#44
January 7, 2013 at 04:23:03

""inject" and "inject.log""
Right click on each of those > Properties.

SS of each please.


Report •

#45
January 7, 2013 at 04:26:24

"Access denied
Details:"

Use the uploader as posted earlier & give me the link.
For other files.
http://i.imgur.com/C1qBB.gif
http://i.imgur.com/wqOKq.gif


Report •

#46
January 7, 2013 at 04:29:58

Opp's I see it is your AV blocking the download, go into it's options allow / give permission.

Report •

#47
January 7, 2013 at 04:30:36

im sorry John im getting very confvsed now-i like to think im a reasonably intelligent gvy bvt my medication affects my concentration levels and memory-i cant tell yov how frvstrating it is-can we continve 2morrow or later today vk time when yr vp-im sorry jvst afraid of missing something

Report •

#48
January 7, 2013 at 04:31:15

i take painkillers twice strength of morphine every 2 hrs

Report •

#49
January 7, 2013 at 04:34:41

I've just zipped it up & uploaded RogueKiller.

http://www.load.to/EpWnqXvLgU/neale...


Report •

#50
January 7, 2013 at 04:39:40

"im sorry John im getting very confvsed now"

That's Ok neale, I shall hang around a while, knew I was pushing & it would be hard on you.

I got mixed up on post #43, thinking it was this site doing the blocking.


Report •

#51
January 7, 2013 at 04:40:37

wovld it be easier to go on skype and i can share screen with yov-we can do this later vk time when yove slept and im feeling better

Report •

#52
January 7, 2013 at 04:45:09

Haven't got Skype, we are well on the way, when I wake up, you will probably have done RogueKiller.

http://www.load.to/EpWnqXvLgU/neale...


Report •

#53
January 7, 2013 at 04:48:31

as yov can see from my 1st ever message i ran Rkill and a few other programs-have a good sleep-give me a shovt when yr available thanks again so mvch for helping me as yov are

Report •

#54
January 7, 2013 at 04:50:44

"as yov can see from my 1st ever message i ran Rkill and a few other programs"
Yep, I was aware of those.

After RogueKiller, run Hitman Pro
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
http://dl.surfright.nl/HitmanPro35.exe
Review
http://www.youtube.com/watch?v=WmPQ...


Report •


Ask Question