pop-ups

marykatepenczkowski · February 16, 2014, 06:37:44 AM

and yes i downloaded those things on purpose

Corrine · February 16, 2014, 05:50:43 PM

Thank you. I'd like to see a screen capture of the pop-ups you are still receiving. In addition, from my previous post:

1. Is Norton Internet Security up to date? From the initial DDS.txt log it shows Disabled/Outdated.

2. Please post a copy of Attach.txt with your next reply. A copy should be on your desktop.

3. Please go to your Downloads folder and move ComboFix.exe to your Desktop: Right-click c:\users\Mary-Kate\Downloads\ComboFix.exe, select Cut, go to C:\Users\Mary-Kate\Desktop and paste (Edit/Paste).

marykatepenczkowski · March 07, 2014, 02:00:24 AM

no, it is not up to date, i did not pay for it. heres the attachment

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2012 10:09:07 AM
System Uptime: 1/24/2014 11:51:27 PM (239 hours ago)
.
Motherboard: AMD | | PLCSC8
Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics | Socket FT1 | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 504.756 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP37: 1/4/2014 8:55:04 PM - Windows Update
RP38: 1/24/2014 3:01:18 PM - Windows Live Essentials
RP39: 1/24/2014 11:35:56 PM - Restore Operation
RP40: 1/25/2014 2:30:40 PM - before decrypter
RP41: 1/28/2014 10:17:20 PM - before freemake
.
==== Installed Programs ======================
.
a2zLyrics
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.3)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Quick Stream
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Babylon toolbar
Bejeweled 3
Bonjour
Bundled software uninstaller
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Consumer Input Firefox Extension (remove only)
D3DX10
DefaultTab
Farmscapes
FATE
Free Media Player 2.0.7
Freemake Video Converter version 4.1.3
HandBrake 0.9.9.1
iCloud
iTunes
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
Microsoft Application Error Reporting
Microsoft Office 365 Home Premium - en-us
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MP3 Rocket
MP3 Rocket Toolbar
MP3 Rocket Toolbar Updater
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Norton Anti-Theft
Norton Internet Security
Norton Online Backup
Norton Online Backup ARA
Norton PC Checkup
Norton Security Dashboard
Nuance PDF Reader
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Origin
Penguins!
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Playtopus
Polar Bowler
Premium Sound HD
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Search Protect
Synaptics Pointing Device Driver
Toshiba App Place
TOSHIBA Application Installer
Toshiba Book Place
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
Toshiba Password Utility
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

and how would i go about screen shotting the popups

Corrine · March 07, 2014, 02:51:10 AM

A. Without a current license for Norton, you need to pay for a license or uninstall it and either use Windows Defender or install another antivirus program. If you elect to uninstall Norton, please do the following:

1. With Windows 8, Right-click in the screen's bottom-left corner and choose the Control Panel from the pop-up menu.
2. When the Control Panel appears, choose Uninstall a Program from the Programs category and removal all of the installed Norton Programs:

Code Select

Norton Anti-Theft
Norton Internet Security
Norton Online Backup
Norton Online Backup ARA
Norton PC Checkup
Norton Security Dashboard

3. Next, run the removal tool from here: Download and run the Norton Removal Tool to uninstall your Norton product
4. Restart your computer.
5. If Windows Defender is not automatically re-enabled, do the following:

Type Action Center and click Settings to open Action Center.
Click on Security to expand the Security area.
Wait a minute to let the Security area refresh to show Security vulnerabilities.
You should see a message to Turn on now for Windows Defender. Click the Turn on now button.
Make sure Windows Firewall is also turned on.
In Defender, click the Update tab, and then click the Update button.

B. You have a2zLyrics shown in installed programs. It is considered a "parasite" which produces browser ads. It is classified as malware, spyware, adware, or other potentially unwanted software. Please follow the instructions above for accessing the Uninstall list and remove a2zLyrics.

C. If you are still getting pop-ups, see the instructions at Use Snipping Tool to capture screen shots - Microsoft Windows Help for using the Snipping Tool. After you capture the "snip", save it to your computer and attach the copy with your next reply.

Let me know what you end up doing with the antivirus and the status of pop-ups after removing a2zLyrics. Then we'll talk about needed updates.

marykatepenczkowski · July 03, 2014, 02:33:23 PM

Every time i try to uninstall those Norton programs it takes forever, and im not exaggerating, it says that it's "uninstalling" but it never actually does anything, and i tried about 4 times. now, i tried to cancel the unistallment and it wont cancel either so i guess ill restart my computer but i dont know what to do.. i found out what most of the problem was though, i think it's the "aa2zlyrics" or whatever it was because where the ads are there's a little caption, and it says "sponsored by aa2zlyrics"

Corrine · July 03, 2014, 03:09:53 PM

Hi, Mary.

It has been months since we started this process so things have likely changed on your computer. Going this long without an up to date antivirus software is not a good idea. Since you are having problems with the uninstall process, please follow the instruction sin the link I provided above for the removal tool. Be sure to also make sure Windows Defender is active after restarting your computer.

As to the sponsored by a2zLyrics, it is Adware (see Adware:Win32/AddLyrics) and shown as the first item in the Installed Programs list of your log. Start by uninstalling it.

marykatepenczkowski · July 14, 2014, 12:19:03 AM

im not completely sure what you want me to do with the link you sent me, if you can give me some more instruction that'd be very helpful, thank you

Corrine · July 14, 2014, 12:28:25 AM

Hi, Mary.

You posted:

Quotei found out what most of the problem was though, i think it's the "aa2zlyrics" or whatever it was because where the ads are there's a little caption, and it says "sponsored by aa2zlyrics"

In looking at your log, you have a2zLyrics installed on your computer. In the Control Panel, from Programs, choose Uninstall a Program. When the programs load, click a2zLyrics and select Uninstall.

marykatepenczkowski · July 14, 2014, 12:41:20 AM

i went into the control panel and uninstall a program and a2zlyrics wasn't there. im not sure why nut it says i only hav 57 programs installed

Corrine · July 14, 2014, 04:16:49 PM

Hi, Mary.

Since it has been almost 6 months since the start of your thread, I'd like to clean up the tools we started with and have you get updated versions. (Yes, there is a reason behind my madness. :D )

Please follow these instructions in the order provided.

1. Please download Delfix from here.

Ensure the following boxes are checked:

Remove disinfection tools
Create registry backup
Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

2. Please shutdown/restart your computer.

3. Download DDS.scr by sUBs from here and save it to your desktop. <--Note: that is a direct download link.

Disable any script blocker and then double-click dds.scr to run.
Shortly after two logs will appear, DDS.txt & Attach.txt
The logs will automatically be saved to your desktop.
Copy the contents of both logs & post in your next reply

Corrine · September 28, 2014, 05:08:24 PM

Quote from: marykatepenczkowski on September 28, 2014, 04:32:15 PM
this is the log from JRT, but this isnt the same computer that had the problems before. so i dont have the software on this computer.

That is what happens when I don't read carefully! I'm going to split this into a new thread to avoid confusion since I went back to the beginning of the thread to see what had been done before. The new topic is here: http://www.landzdown.com/analysis-and-malware-removal/pop-ups-on-new-computer/

marykatepenczkowski · October 02, 2014, 08:43:21 PM

# DelFix v10.8 - Logfile created 02/10/2014 at 16:41:40
# Updated 29/07/2014 by Xplode
# Username : Joe - JOE-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : C:\Users\Joe\Desktop\dds.txt
Deleted : C:\Users\Joe\Desktop\JRT.txt
Deleted : C:\Users\Joe\Downloads\adwcleaner_3.310 (1).exe
Deleted : C:\Users\Joe\Downloads\adwcleaner_3.310.exe
Deleted : C:\Users\Joe\Downloads\dds.scr
Deleted : C:\Users\Joe\Downloads\JRT (1).exe
Deleted : C:\Users\Joe\Downloads\JRT (2).exe
Deleted : C:\Users\Joe\Downloads\JRT.exe
Deleted : C:\Users\Joe\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

########## - EOF - ##########

marykatepenczkowski · October 02, 2014, 08:47:24 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Joe at 16:45:42 on 2014-10-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6031.4656 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\Power Saver\TBatmgrTrayicon.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe
C:\Program Files\Toshiba\TECO\TecoHook.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer provided by TOSHIBA
mWindow Title = Internet Explorer provided by TOSHIBA
mWinlogon: Userinit = userinit.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F97807D8-17EA-4102-A1A7-C03CFA318212} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [BatteryManager] C:\Program Files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-11-21 632168]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-11-21 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-9-17 20464]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2013-9-12 356192]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2014-6-6 20592]
R3 ETD;ELAN PS/2_SMBus Port Input Device;C:\windows\System32\drivers\ETD.sys [2014-3-4 404296]
R3 ETDSMBus;ETDSMBus;C:\windows\System32\drivers\ETDSMBus.sys [2014-6-6 24904]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-6-6 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-10-28 449496]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-9-17 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-9-17 795632]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\drivers\RtsP2Stor.sys [2014-6-6 291032]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-6-6 888536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-6-6 131544]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-6-6 169432]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-2-25 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-6-6 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2013-8-21 138624]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-7-22 1255736]
.
=============== Created Last 30 ================
.
2014-10-01 12:03:23   519680   ----a-w-   C:\windows\SysWow64\qdvd.dll
2014-10-01 12:03:23   371712   ----a-w-   C:\windows\System32\qdvd.dll
2014-09-30 12:09:01   11578928   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DEC31A62-088B-4F46-8AA4-80CE4986527B}\mpengine.dll
2014-09-25 21:26:45   --------   d-----w-   C:\windows\ERUNT
2014-09-25 20:43:26   536576   ----a-w-   C:\windows\SysWow64\sqlite3.dll
2014-09-23 19:46:10   2048   ----a-w-   C:\windows\SysWow64\tzres.dll
2014-09-23 19:46:10   2048   ----a-w-   C:\windows\System32\tzres.dll
2014-09-23 11:58:24   --------   d-----w-   C:\Program Files (x86)\neurowise
2014-09-10 16:29:09   2777088   ----a-w-   C:\windows\System32\msmpeg2vdec.dll
2014-09-10 16:29:09   2285056   ----a-w-   C:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 11:59:39   793600   ----a-w-   C:\windows\SysWow64\TSWorkspace.dll
2014-09-10 11:59:39   1031168   ----a-w-   C:\windows\System32\TSWorkspace.dll
2014-09-10 11:59:05   2565120   ----a-w-   C:\windows\System32\d3d10warp.dll
2014-09-10 11:59:05   1987584   ----a-w-   C:\windows\SysWow64\d3d10warp.dll
2014-09-10 11:58:56   96768   ----a-w-   C:\windows\SysWow64\sspicli.dll
2014-09-10 11:58:56   728064   ----a-w-   C:\windows\System32\kerberos.dll
2014-09-10 11:58:56   550912   ----a-w-   C:\windows\SysWow64\kerberos.dll
2014-09-10 11:58:56   22016   ----a-w-   C:\windows\SysWow64\secur32.dll
2014-09-10 11:58:56   1460736   ----a-w-   C:\windows\System32\lsasrv.dll
2014-09-10 11:58:52   578048   ----a-w-   C:\windows\System32\aepdu.dll
2014-09-10 11:58:52   424448   ----a-w-   C:\windows\System32\aeinv.dll
.
==================== Find3M ====================
.
2014-09-15 13:06:02   278152   ------w-   C:\windows\System32\MpSigStub.exe
2014-09-02 09:08:14   224728   ----a-w-   C:\windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-08-23 02:07:00   404480   ----a-w-   C:\windows\System32\gdi32.dll
2014-08-23 01:45:55   311808   ----a-w-   C:\windows\SysWow64\gdi32.dll
2014-08-23 00:59:01   3163648   ----a-w-   C:\windows\System32\win32k.sys
2014-08-18 22:29:49   2724864   ----a-w-   C:\windows\System32\mshtml.tlb
2014-08-18 22:29:35   4096   ----a-w-   C:\windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53   5833728   ----a-w-   C:\windows\System32\jscript9.dll
2014-08-18 22:15:34   547328   ----a-w-   C:\windows\System32\vbscript.dll
2014-08-18 22:15:09   66048   ----a-w-   C:\windows\System32\iesetup.dll
2014-08-18 22:14:38   48640   ----a-w-   C:\windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10   83968   ----a-w-   C:\windows\System32\MshtmlDac.dll
2014-08-18 22:08:55   4232704   ----a-w-   C:\windows\SysWow64\jscript9.dll
2014-08-18 22:03:47   139264   ----a-w-   C:\windows\System32\ieUnatt.exe
2014-08-18 22:03:37   111616   ----a-w-   C:\windows\System32\ieetwcollector.exe
2014-08-18 22:03:01   758272   ----a-w-   C:\windows\System32\jscript9diag.dll
2014-08-18 21:57:44   2724864   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17   940032   ----a-w-   C:\windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26   454656   ----a-w-   C:\windows\SysWow64\vbscript.dll
2014-08-18 21:45:23   61952   ----a-w-   C:\windows\SysWow64\iesetup.dll
2014-08-18 21:45:12   72704   ----a-w-   C:\windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44   51200   ----a-w-   C:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09   61952   ----a-w-   C:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07   112128   ----a-w-   C:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24   597504   ----a-w-   C:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17   2104832   ----a-w-   C:\windows\System32\inetcpl.cpl
2014-08-18 21:23:16   1249280   ----a-w-   C:\windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48   60416   ----a-w-   C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13   2310656   ----a-w-   C:\windows\System32\wininet.dll
2014-08-18 21:08:54   2014208   ----a-w-   C:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44   1068032   ----a-w-   C:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48   1812992   ----a-w-   C:\windows\SysWow64\wininet.dll
2014-07-25 06:35:46   875688   ----a-w-   C:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06   869544   ----a-w-   C:\windows\System32\msvcr120_clr0400.dll
2014-07-14 02:02:45   1216000   ----a-w-   C:\windows\System32\rpcrt4.dll
2014-07-14 01:40:58   664064   ----a-w-   C:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23   7168   ----a-w-   C:\windows\System32\KBDYAK.DLL
2014-07-09 02:03:22   7168   ----a-w-   C:\windows\System32\KBDBASH.DLL
2014-07-09 01:31:42   7168   ----a-w-   C:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41   6656   ----a-w-   C:\windows\SysWow64\KBDBASH.DLL
.
============= FINISH: 16:46:30.14 ===============

marykatepenczkowski · October 02, 2014, 08:48:11 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2014 3:47:10 PM
System Uptime: 10/2/2014 4:44:29 PM (0 hours ago)
.
Motherboard: TOSHIBA | | ZFWAA
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz | SOCKET 0 | 1296/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 688 GiB total, 646.336 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP15: 8/26/2014 7:29:40 AM - Windows Update
RP16: 8/27/2014 7:38:13 PM - Windows Update
RP17: 9/2/2014 8:26:30 AM - Windows Update
RP18: 9/9/2014 7:40:12 AM - Windows Update
RP19: 9/10/2014 12:28:37 PM - Windows Update
RP20: 9/16/2014 7:42:26 AM - Windows Update
RP21: 9/19/2014 7:54:03 AM - Windows Update
RP22: 9/23/2014 3:46:06 PM - Windows Update
RP23: 9/23/2014 5:59:43 PM - Windows Update
RP24: 9/30/2014 8:08:33 AM - Windows Update
RP25: 10/1/2014 9:44:36 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader XI (11.0.03) MUI
Atheros Driver Installation Program
Bejeweled 3
Cut the Rope
ETDWare PS/2-X64 11.8.20.3_WHQL
Google Chrome
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Jack of All Tribes
King Oddball
Luxor Evolved
Microsoft .NET Framework 4.5.1
Microsoft Office
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Audio Enhancement
TOSHIBA Battery Manager
Toshiba Book Place
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Flash Cards
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA System Driver
TOSHIBARegistration
Update Installer for WildTangent Games App
Utility Common Driver
WildTangent Games
WildTangent Games App (Toshiba Games)
.
==== End Of File ===========================

Corrine · October 03, 2014, 05:15:27 PM

Quote from: Corrine on September 28, 2014, 05:08:24 PM
Quote from: marykatepenczkowski on September 28, 2014, 04:32:15 PM
this is the log from JRT, but this isnt the same computer that had the problems before. so i dont have the software on this computer.
That is what happens when I don't read carefully! I'm going to split this into a new thread to avoid confusion since I went back to the beginning of the thread to see what had been done before. The new topic is here: http://www.landzdown.com/analysis-and-malware-removal/pop-ups-on-new-computer/

To avoid confusion, I split the posts about this second computer to a new thread. Please see my instructions here: pop-ups on new computer.

Locking this thread to avoid further confusion.