Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what the problem is whether spyware, malware or what


  • This topic is locked This topic is locked
12 replies to this topic

#1 JayJax

JayJax

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:01:27 PM

Posted 29 July 2013 - 12:33 AM

My computer has been doing really well after I got onto Ghostery at Firefox.    Much faster.

 

But now its been screwing up.   I get pop-up advertisements and several of them were for Amazon.com and I have never had a problem with their site.   A lot of them seem to have to do with online games, its hard to put my finger on.

 

But my computer is really slow sometimes.  When I select a link many times it doesn't respond till I reload the screen.   it doesn't scroll smoothly.  Sometimes when i close out my window I will see that another screen is underneath somekind of ad or info.

 

I ran Combo Fix a few days ago and after it restarted my computer was unusable so I managed to do a system retore to an earlier date.

 

I have run a couple of programs and I see a few notations that are questionable but I'm not sure exactly whats normal on these reports.   i have run several of them (I should have kept track which but I didn't think it would still be a problem.

 

Some of the programs say everything is fine.

 

I will post the results of what I have and info about my computer and would appreciate feedback as this is getting really old.   I hate when this stuff gets onto my computer and I have been much more careful about my downloads but obviously not careful enough.

 

Here is the mini toolbox results

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by JUST4ME (administrator) on 28-07-2013 at 14:53:16
Running from "C:\Users\JUST4ME\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

#       ::1             localhost

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.2 metric=1 publish=Yes
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.3 metric=1 publish=Yes


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : JUST4ME-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : 48-5D-60-65-57-6E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6032:18e7:e898:6f69%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, July 28, 2013 8:18:36 AM
   Lease Expires . . . . . . . . . . : Monday, July 29, 2013 1:11:43 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 222846304
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-A9-07-A1-40-61-86-B9-C8-BA
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 40-61-86-B9-C8-BA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {BC4C855E-AF7A-4783-86A0-AA9DA64C1A5D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C12549D6-5308-4F4E-A1BB-5F116E357755}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4000:805::1008
      74.125.227.38
      74.125.227.39
      74.125.227.40
      74.125.227.41
      74.125.227.46
      74.125.227.32
      74.125.227.33
      74.125.227.34
      74.125.227.35
      74.125.227.36
      74.125.227.37


Pinging google.com [74.125.227.192] with 32 bytes of data:
Reply from 74.125.227.192: bytes=32 time=26ms TTL=53
Reply from 74.125.227.192: bytes=32 time=27ms TTL=53

Ping statistics for 74.125.227.192:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 27ms, Average = 26ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=196ms TTL=41
Reply from 98.139.183.24: bytes=32 time=172ms TTL=41

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 172ms, Maximum = 196ms, Average = 184ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...48 5d 60 65 57 6e ......Atheros AR9285 Wireless Network Adapter
 10...40 61 86 b9 c8 ba ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link       192.168.1.2     26
      169.254.0.0      255.255.0.0      192.168.1.3      192.168.1.2     26
  169.254.255.255  255.255.255.255         On-link       192.168.1.2    281
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    281
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      169.254.0.0      255.255.0.0      192.168.1.2       1
      169.254.0.0      255.255.0.0      192.168.1.3       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::6032:18e7:e898:6f69/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/28/2013 00:10:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2294

Error: (07/28/2013 00:10:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2294

Error: (07/28/2013 00:10:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2013 00:10:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1248

Error: (07/28/2013 00:10:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1248

Error: (07/28/2013 00:10:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2013 11:38:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2215

Error: (07/28/2013 11:38:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2215

Error: (07/28/2013 11:38:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2013 11:38:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1201


System errors:
=============
Error: (07/26/2013 00:00:59 AM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/26/2013 00:00:05 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/26/2013 00:00:05 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/26/2013 00:00:05 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/26/2013 00:00:05 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/26/2013 00:00:05 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/26/2013 00:00:05 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/26/2013 00:00:03 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/26/2013 00:00:03 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/25/2013 11:59:51 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/28/2013 00:10:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2294

Error: (07/28/2013 00:10:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2294

Error: (07/28/2013 00:10:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2013 00:10:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1248

Error: (07/28/2013 00:10:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1248

Error: (07/28/2013 00:10:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2013 11:38:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2215

Error: (07/28/2013 11:38:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2215

Error: (07/28/2013 11:38:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/28/2013 11:38:37 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1201


CodeIntegrity Errors:
===================================
  Date: 2013-07-25 17:21:31.544
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-25 17:21:31.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



=========================== Installed Programs ============================

Adobe AIR (Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Advanced SystemCare 6 (Version: 6.2)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Browser Guard 4.0 (Version: 4.0.0.1884)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.1
Canon MX410 series MP Drivers
Canon MX410 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
CCleaner (Version: 3.27)
Dropbox (Version: 2.2.9)
ESET Online Scanner v3
Google Update Helper (Version: 1.3.21.153)
Haali Media Splitter
iCloud (Version: 2.1.2.8)
IObit Malware Fighter (Version: 2.0)
iTunes (Version: 11.0.4.4)
Jarte 5.0 (Version: 5.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Nitro Reader 3 (Version: 3.5.4.10)
Paint.NET v3.5.10 (Version: 3.60.0)
PC Tools AntiVirus Free 9.1 (Version: 9.1)
PhotoScape
Picasa 3 (Version: 3.9)
QuickTime (Version: 7.74.80.86)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek Ethernet Controller Driver (Version: 7.53.216.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
SlimDrivers (Version: 2.2.30085)
Smart Defrag 2 (Version: 2.7)
Speccy (Version: 1.22)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Wise Registry Cleaner 7.63

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 3886.04 MB
Available physical RAM: 1694.46 MB
Total Pagefile: 7770.26 MB
Available Pagefile: 5427.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3950.8 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:253.83 GB) NTFS

========================= Users: ========================================

User accounts for \\JUST4ME-PC

Administrator            Guest                    JUST4ME                  

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

24-07-2013 02:40:08 Windows Update
24-07-2013 16:21:16 Installed Reasonable NoClone 2013
24-07-2013 16:36:34 IObit Uninstaller restore point
24-07-2013 16:39:19 IObit Uninstaller restore point
25-07-2013 16:57:05 IObit Uninstaller restore point
25-07-2013 17:12:28 Removed Google Talk Plugin
25-07-2013 17:13:18 Removed Google Drive
25-07-2013 17:17:08 IObit Uninstaller restore point
25-07-2013 17:18:30 IObit Uninstaller restore point
25-07-2013 17:20:54 IObit Uninstaller restore point
25-07-2013 17:21:43 IObit Uninstaller restore point
25-07-2013 17:22:17 IObit Uninstaller restore point
25-07-2013 17:23:48 IObit Uninstaller restore point
27-07-2013 05:05:22 IObit Uninstaller restore point
27-07-2013 05:06:39 IObit Uninstaller restore point
27-07-2013 05:07:47 IObit Uninstaller restore point
27-07-2013 16:21:33 Windows Update
28-07-2013 13:20:05 IObit Uninstaller restore point

**** End of log ****

 


Edited by JayJax, 29 July 2013 - 12:41 AM.


BC AdBot (Login to Remove)

 


#2 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:01:27 PM

Posted 29 July 2013 - 12:59 AM

I highlighted something in red that mentions the problem I had with ComboFix and a few other things.  

 

Lots of Errors but I don't know what they mean.

 

 

I also did a SPECY report I couldn't copy it in its entirety for some reason here but I noticed in the operating system a reference to Visual Bee which is something I had problems with some months ago.  Its just oneline that I can see. 

 

 

Is there a way to attach files here or must they be copy/paste?

 

From Specy:

 

Process List
Scheduler
    7/29/2013 12:58 AM;    GoogleUpdateTaskMachineUA
    7/29/2013 10:58 AM;    GoogleUpdateTaskMachineCore
    7/30/2013 3:00 AM;    SlimDrivers Scan
    7/30/2013 11:33 PM;    Wise Registry Cleaner Schedule Task
    8/4/2013 8:19 AM;    RealPlayerRealUpgradeScheduledTaskS-1-5-21-1829162350-2934200306-3440166539-1000
    ASC6_PerformanceMonitor
    CCleanerSkipUAC
    RealPlayerRealUpgradeLogonTaskS-1-5-21-1829162350-2934200306-3440166539-1000
    SmartDefragUpdate
    SmartDefrag_Startup
    VisualBeeRecovery

 



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 29 July 2013 - 01:24 AM

These are all Antivirus related tools and you should only have 1 installed .......Please read HERE
IMPORTANT NOTE: Using more than one anti-virus program is not advisable.

 

The below items All include Antivirus as part of their programs. You would be better to uninstall all except Microsoft Security Essentials

PC Tools AntiVirus Free 9.1 (Version: 9.1)
Microsoft Security Essentials (Version: 4.2.223.1)
IObit Malware Fighter (Version: 2.0)
Advanced SystemCare 6 (Version: 6.2) <
Exclusive: IObit Advanced SystemCare with Antivirus

 

These 2 programs are not required, as you do not need a "Registry Cleaner" or Smart Defrag from IObit.
Wise Registry Cleaner 7.63
Smart Defrag 2 (Version: 2.7)

 

Was ComboFix ever correctly uninstalled as it shows in Errors as ComboFix\catchme.sys

 

Thank You -

EDIT - The correct way to post a Speccy link >

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Directions Here


Edited by noknojon, 29 July 2013 - 01:29 AM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 29 July 2013 - 02:42 AM

This assumes that you use Firefox (installed)

 

Uninstall VisualBee extension from Firefox

How to remove extensions and themes

1. At the top of the Firefox window, click on the Firefox button, and then click Add-ons. The Add-ons Manager tab will open.
2. In the Add-ons Manager tab, select the Extensions or Appearance panel.
3. Select the add-on you wish to remove.
4. Click the Remove button.
5. Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

 

Thanks -



#5 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:01:27 PM

Posted 29 July 2013 - 08:59 AM

Regarding Visual Bee as a Firefox add-on:

 

I did not sign up for Visual Bee thru Firefox I picked it up when I downloaded a program in the past, I forget which one but it slipped by me somehow.  So I cannot remove it (it isn't listed) in Firefox extensions.

 

However, I noticed while doing so that Firefox there listed a  TopArcade Hits Program which I did not ask to have either and if memory serves that was involved in at least some of the pop-ups I was getting.

 


 

This is most disconcerting that I have had extensions on Firefox I never requested.

 

TopArcadeHits had no uninstall key all it had was disable.   After removing I restarted Firefox and TopArcadeHits is still listed however it is a "faded" item.  I have never had anything like that with Firefox add-ons getting things I did not request or them being faded but still listed which must indicate they must still have a presence ?

 

I wonder if this is not all / mostly due to my signing up for a new email address at inbox.com.    I also downloaded their toolbar which I do not normally instally toolbars from sites however part of their site services.   Normally i do not download toolbars but the reason I did this one is that Inbox offers an upload/storage for photos which I wanted to do so I could sort through them and eventually get rid of duplicate images but which have different names.    And I have a strong suspicion that toolbar download may be the source of many/most of these problems.

 

The inbox toolbar was necessary if I wanted to do more than upload photos one at a time so that I why I got the inbox.toolbar.

 

I uninstalled the toolbar a couple days it wasn't doing what I needed.

 

I'm still working on your other suggestions about virus programs etc but I wanted to note this info while it was fresh in my mind.  

 

I never uninstalled ComboFix because when I did a system restore it was no longer listed and system restore was the only way I got my computer to function again.

 

I keep getting site-specific NOTICES that pop up while attempting to log on.   The first I noticed was Amazon.com which I have used for a long time and never had these annoying pop-ups and I do not think Amazon would be a part of this kind of thing.

 

The other site I just noticed this morning was Ancestry.com also had some sort of URGENT notice pop-up while signing on.  I also do not think this is from Ancestry as they advertise many thinks and its never by pop-up but by emails.


Edited by JayJax, 29 July 2013 - 09:23 AM.


#6 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:01:27 PM

Posted 29 July 2013 - 09:37 AM

http://speccy.piriform.com/results/OkQ1csQiKmQY5clAeigjCKo


Edited by JayJax, 29 July 2013 - 09:44 AM.


#7 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:01:27 PM

Posted 29 July 2013 - 10:01 AM

These are all Antivirus related tools and you should only have 1 installed .......Please read HERE
IMPORTANT NOTE: Using more than one anti-virus program is not advisable.

 

The below items All include Antivirus as part of their programs. You would be better to uninstall all except Microsoft Security Essentials

PC Tools AntiVirus Free 9.1 (Version: 9.1)
Microsoft Security Essentials (Version: 4.2.223.1)
IObit Malware Fighter (Version: 2.0)
Advanced SystemCare 6 (Version: 6.2) <
Exclusive: IObit Advanced SystemCare with Antivirus

 

These 2 programs are not required, as you do not need a "Registry Cleaner" or Smart Defrag from IObit.
Wise Registry Cleaner 7.63
Smart Defrag 2 (Version: 2.7)

 

 

PC Tools uninstalled?   When I attempt to Uninstall it I get the message the uninstall file is missing and to correct it?

 

I did get IObit Malware Fighter uninstalled

 

Smart Defrag is uninstalled.

 

 

Anyone know what a Haali Media Splitter is?

 

 


Edited by JayJax, 29 July 2013 - 10:04 AM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 29 July 2013 - 05:39 PM

Haali Media Splitter
If you want to enable programs that use Microsoft's DirectShow (DirectX) framework, which includes almost all commercially produced video software, to open MP4 or MKV files you'll need to install a DirectShow splitter for these formats. That's exactly what Haali Media Splitter provides.
AFAIK it is not flagged as virus, trojan or other malware. this is a legitimate file from: Free-Codecs.com :: Download Haali Matroska Splitter 20.05.2010 : Haali Matroska Splitter is a new DirectShow splitter
However here is One Uninstall Guide

This Thread shows the best ways to Uninstall PC Tools (This occurs when the service engine for PC Tools AntiVirus has failed to start on your computer)
 
Advanced SystemCare 6 (Version: 6.2) < This needs to be fully uninstalled also Please ask if you want help, as it is "sticky
 

 

AdwCleaner may remove some installed toolbars, but you can Re-install any ones you wish later -

 

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Did you complete the sfc /scannow ?

 

Thanks -



#9 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:01:27 PM

Posted 29 July 2013 - 08:17 PM

 

Haali Media Splitter
If you want to enable programs that use Microsoft's DirectShow (DirectX) framework, which includes almost all commercially produced video software, to open MP4 or MKV files you'll need to install a DirectShow splitter for these formats. That's exactly what Haali Media Splitter provides.
AFAIK it is not flagged as virus, trojan or other malware. this is a legitimate file from: Free-Codecs.com :: Download Haali Matroska Splitter 20.05.2010 : Haali Matroska Splitter is a new DirectShow splitter
However here is One Uninstall Guide

This Thread shows the best ways to Uninstall PC Tools (This occurs when the service engine for PC Tools AntiVirus has failed to start on your computer)
 
Advanced SystemCare 6 (Version: 6.2) < This needs to be fully uninstalled also Please ask if you want help, as it is "sticky
 

 

AdwCleaner may remove some installed toolbars, but you can Re-install any ones you wish later -

 

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Did you complete the sfc /scannow ?

 

Thanks -

 

sfc scannow?   I must have missed that I will look for that.

 

PC TOOLS is sticky?  I'm not sure I understand?

 

I have the dds results but I'm not sure - they said not to paste but to attach.  How do I attach something? Thanks

 

I have to spend the evening working on reports for a meeting tomorrow so I'm going to concentrate on that but will return 24 hrs or so after meeting.  Thanks.


Edited by JayJax, 29 July 2013 - 08:20 PM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 29 July 2013 - 08:38 PM

Advanced SystemCare 6 (Version: 6.2) < This needs to be fully uninstalled also Please ask if you want help, as it is "sticky

Refers to the fact that the IObit Uninstaller may not always remove all traces, but I can help with that -

 

I have the dds results but I'm not sure - they said not to paste but to attach.

Note that this forum is not for DDS or other logs unless requested - This is only for Virus, Trojan, Spyware, and Malware Removal Logs section of the forum. If you wish an Expert to review those logs, I will post directions for you.

 

Thanks -



#11 JayJax

JayJax
  • Topic Starter

  • Members
  • 723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:01:27 PM

Posted 31 July 2013 - 03:04 AM

 

Advanced SystemCare 6 (Version: 6.2) < This needs to be fully uninstalled also Please ask if you want help, as it is "sticky

Refers to the fact that the IObit Uninstaller may not always remove all traces, but I can help with that -

 

I have the dds results but I'm not sure - they said not to paste but to attach.

Note that this forum is not for DDS or other logs unless requested - This is only for Virus, Trojan, Spyware, and Malware Removal Logs section of the forum. If you wish an Expert to review those logs, I will post directions for you.

 

Thanks -

i SEE the DDS was in another discussion here, I'm not sure how I ended up with two discussions for the same problem but yes, DDS is not for here thanks.

 

Why can I not keep the Advanced System Care as it seems to do much more than the Microsoft Program?   Is it part of the problem?

 

I'm sorry I may be getting confused about who said what where with these two topcs.   I'm not sure why I have two actually - I am sorry  if I seem confused but I guess I am  really.


Edited by JayJax, 31 July 2013 - 03:30 AM.


#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 31 July 2013 - 03:55 AM


Why can I not keep the Advanced System Care as it seems to do much more than the Microsoft Program?   Is it part of the problem?

Hell JayJax -

Please do not "wrap" your full posts in Quote or Code format, it makes them hard to understand -

Just Copy / Paste any line you wish to highlight to me .........

 

The IObit program will not "play well" (conflicts) with other installed programs. These include any other Antimalware program and also the fact that it includes a Registry Cleaner / Optimizer as part of the install.

It is also not currently helping your system as it claims that it will - The program is rarely used on forums today.

The Chinese IObit programs do cause some problems on some computers, so it is a general request to remove them.

 

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

 Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

 

Please leave a link the other topic as I will have them "merged" into one for you -

 

Thank You -

EDIT -

I have asked for this topic to be locked while you deal with the problem in Malware Removal Logs area -


Edited by noknojon, 31 July 2013 - 04:11 AM.


#13 hamluis

hamluis

    Moderator


  • Moderator
  • 56,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:27 PM

Posted 31 July 2013 - 07:35 AM

Reference:  http://www.bleepingcomputer.com/forums/t/502383/some-screwy-stuff-i-picked-up-somewhere-help-please/

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users