system clean up

[jessicaesparza0]

General system cleanup

 

[flashh4]

Howdy Jessica and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================

 

    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop. Or from Here >> http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

 

 

 

 

NEXT

 

 

 

AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.




When the scan is complete, click  OK, then  Show Results to view the results.



    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.



Please don't attach the scans / logs, use "copy/paste".


Post next:
1. Junkware Removal Log
2. Malwarebytes log

3. AdwCleaner Log

 

Thanks
Chuck


 

[jessicaesparza0]

It wont let me copy and paste so here is the doc from the first scan

JRT.txt

[flashh4]

This is a copy from Jessica's log !! It's easier to read this way !

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jessica on Tue 04/01/2014 at 21:36:32.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [service] qknfd
Successfully deleted: [service] qknfd
Failed to stop: [service] yontoo desktop updater



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yontoo desktop
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
========================================================================================
    TBHostSupport    REG_SZ    "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Jessica\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\vafplayer
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.layers
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.layers.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\addonsframework.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\buttonsite.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthost.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\webcakeieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\tuguu sl
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1555409374-822635218-1740452693-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\performersoft
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ebe677c0-cbcb-4ebf-8098-e27e1b5271cf}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2EA2BC18-64AA-4D7B-99EF-4869CB5BC0A2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}



~~~ Files

Successfully deleted: [File] "C:\Users\Jessica\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Jessica\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Jessica\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Jessica\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Jessica\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Jessica\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\ProgramData\ibupdaterservice"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Jessica\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\Jessica\AppData\Roaming\mysearchdial"
Successfully deleted: [Folder] "C:\Users\Jessica\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Jessica\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\Jessica\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Jessica\AppData\Roaming\yontoo"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\defineext"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\iac"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\webplayer"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\locallow\minibar"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\locallow\mysearchdial"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\locallow\sweetpacks"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\locallow\televisionfanaticei"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\Windows\syswow64\jmdp"
Successfully deleted: [Folder] "C:\Users\Jessica\documents\optimizer pro"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Jessica\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Successfully deleted: [Folder] C:\Users\Jessica\appdata\local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/01/2014 at 21:45:02.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[flashh4]

Lots of junk there Jessica that was removed ! There will be more that i see so stay with me untill i give you the "All Clean Speech" at the end of the cleaning !!

 

Thanks

Chuck

[jessicaesparza0]

log from malwarebytes

 

dfdgdfgdfgdgfdgd.txt

[flashh4]

Hi Jessica, please continue !! You may run these & post their logs & i will try & get to them before 6:00 PM tonight !!

 

AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.


 

 

 

NEXT

 

 

 

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com
 

 

 

 

 

NEXT

 

 

 

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

 

 

Post next

1. AdwCleaner log

2. DDS logs (2)

3. OTL logs (2)

 

Thanks

Chuck

[flashh4]

This topic is now locked !!

 

Chuck