Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Needs a general clean up etc....Slow / Virus?


  • Please log in to reply
17 replies to this topic

#1 charleane

charleane

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 21 February 2014 - 08:23 PM

Hi my computer seems to be running slow lately. It is taking long for Google chrome home page to open and sometimes i have to click it a few times before it finally opens. When i click on a link it opens a whole new page...this was not happening before. Also, recently i had a problem with a delta search which i managed to get rid of. I just want to restore the health of my computer and get rid of any potential niggles that might be causing it to under perform. 

Please someone offer me some advise and checks to run. Thank you :-)



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:40 PM

Posted 21 February 2014 - 08:51 PM

In many cases these issues are the result of unwanted toolbars, add-ons/plug-ins, and browser extensions which come bundled with other free software you download. They can often be the source of various issues and problems to include Adware, pop-up ads browser hijacking which may change your home page and search engine, and user profile corruption. As such many of them are classified as Potentially Unwanted Programs (PUPs).

Some toolbars and Add-ons can be removed from within its program group shortcut in Start Menu > All Programs or by using Add/Remove Programs or Programs and Features in Control Panel, so always check there first.

Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders.

Note: Some programs can be difficult to remove if their services and running processes are not disabled or turned off prior to attempting removal because they are in use. As such, it is easier to uninstall after booting into safe mode so there are less processes which can interfere with uninstalling the program.

Remove anything else (newly installed programs) you do not recognize.

If the program is not listed in Add/Remove or Programs and Features, and there is no uninstaller in the program's folder, the next place to check is your browser extensions and add-ons/plug-ins.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:40 PM

Posted 21 February 2014 - 08:52 PM


After doing the above...continue as follows:

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
.
4. As a final step, download and scan with Malwarebytes Anti-Malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 charleane

charleane
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 22 February 2014 - 12:06 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/22/2014 04:50:09 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 02/22/2014 04:54:22 PM
Execution time: 0 hours(s), 4 minute(s), and 12 seconds(s)


#5 charleane

charleane
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 22 February 2014 - 01:00 PM

# AdwCleaner v3.019 - Report created 22/02/2014 at 17:23:57
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scahlet V - SUPERFLUOUS
# Running from : C:\Users\Scahlet V\Desktop\birthday\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : bonanzadealslive
[#] Service Deleted : bonanzadealslivem
Service Deleted : WajamUpdaterV3
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\BonanzaDealsLive
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\BatBrowse
Folder Deleted : C:\Program Files (x86)\BonanzaDeals
Folder Deleted : C:\Program Files (x86)\BonanzaDealsLive
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Users\Scahlet V\AppData\Local\BonanzaDealsLive
Folder Deleted : C:\Users\Scahlet V\AppData\Local\BrowserSafeguard
Folder Deleted : C:\Users\Scahlet V\AppData\Local\Wajam
Folder Deleted : C:\Users\SCAHLE~1\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Scahlet V\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Scahlet V\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Scahlet V\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
Folder Deleted : C:\Users\Scahlet V\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Scahlet V\Documents\BitLord
Folder Deleted : C:\Users\Scahlet V\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
File Deleted : C:\Users\Scahlet V\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Users\Scahlet V\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
File Deleted : C:\Windows\System32\Tasks\BonanzaDealsUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\Software\BonanzaDealsLive
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16798
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\Scahlet V\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [6132 octets] - [28/08/2013 10:45:54]
AdwCleaner[R1].txt - [968 octets] - [29/08/2013 11:51:33]
AdwCleaner[R2].txt - [11357 octets] - [22/02/2014 17:12:10]
AdwCleaner[S0].txt - [5738 octets] - [28/08/2013 10:56:29]
AdwCleaner[S1].txt - [1032 octets] - [29/08/2013 11:54:50]
AdwCleaner[S2].txt - [11396 octets] - [22/02/2014 17:23:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [11457 octets] ##########


#6 charleane

charleane
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 22 February 2014 - 01:19 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Scahlet V on 22/02/2014 at 18:06:22.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3427966836-2000970083-3755404984-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3427966836-2000970083-3755404984-1000\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Scahlet V\appdata\local\{52F602BD-FAD7-4739-90F2-511304E522FC}
Successfully deleted: [Empty Folder] C:\Users\Scahlet V\appdata\local\{93FBDB3A-8C3F-4984-BDBE-443C3C4FDFD1}
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Scahlet V\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/02/2014 at 18:17:33.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:40 PM

Posted 22 February 2014 - 03:00 PM

Now try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
 

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 charleane

charleane
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 22 February 2014 - 03:22 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.22.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16798
Scahlet V :: SUPERFLUOUS [administrator]
 
22/02/2014 18:22:37
MBAM-log-2014-02-22 (20-22-00).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 438759
Time elapsed: 1 hour(s), 47 minute(s), 22 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Users\Scahlet V\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> No action taken.
 
Files Detected: 30
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll.vir (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\IE\priam_bho.dll.vir (PUP.Optional.Wajam) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\update.exe.vir (PUP.Optional.Wajam) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Scahlet V\AppData\Local\Temp\SetupDataMngr_Searchqu.exe.vir (PUP.Optional.Bandoo.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Scahlet V\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir (PUP.Optional.BabSolution.A) -> No action taken.
C:\Program Files (x86)\FlvPlayer\FLVPlayerApp.exe (PUP.Optional.InstallCore) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3Y3Q7Y5\Setup[1].exe (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3Y3Q7Y5\wajam_install[1].exe (PUP.Optional.Wajam) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIKZDP8H\mism[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMYX1B1I\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Temp\is1496958499\11182710_stp\wajam_download.exe (PUP.Optional.Wajam) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Temp\is1496958499\11182719_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Temp\is1496958499\21586522_stp\BatBrowseSetup.exe (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Users\Scahlet V\Desktop\FlvPlayerSetup (1).exe (PUP.Optional.InstallCore) -> No action taken.
C:\Users\Scahlet V\Desktop\FlvPlayerSetup.exe (PUP.Optional.InstallCore) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Temp\ct3288691\ism.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Scahlet V\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
 
(end)


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:40 PM

Posted 22 February 2014 - 03:54 PM

Your Malwarebytes Anti-Malware log shows "No action taken" for PUP detections.

The default action for these detections is "Show in results list and do not check for removal"...you need to change the settings in order to remove those items. If you changed those settings previously, then double-check and make sure they were saved correctly.

Launch Malwarebytes, go to the Settings tab > Scanner Settings and Under action for PUP > Select: Show in Results List and Check for removal.

PUP-boxes.png

After doing that, rescan again with Malwarebytes

  • Make sure that everything detected is checked and then click the Remove Selected button.
  • Then click the Logs tab and copy/paste the contents of the new report in your next reply.


Another reason for "No action taken" can occur if you forget to click "Remove Selected" and instead just click "Save Logfile" or save the report before having Malwarebytes remove the threats.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 charleane

charleane
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 22 February 2014 - 08:33 PM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\spigot\Search Settings\wth164.dll.old.vir a variant of Win32/Toolbar.Widgi.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\spigot\Search Settings\wthx164.dll.old.vir a variant of Win64/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe.vir Win32/Wajam.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Scahlet V\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Scahlet V\AppData\Roaming\BabSolution\Shared\EnhancedNT.dll.vir a variant of Win32/Toolbar.Babylon.W potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\bus9C20\enhancedNT.dll a variant of Win32/Toolbar.Babylon.W potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\busB97E\enhancedNT.dll a variant of Win32/Toolbar.Babylon.W potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\busF5C4\enhancedNT.dll a variant of Win32/Toolbar.Babylon.W potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\EFE9CF63-BAB0-7891-8E6D-B94F2323D076\Latest\ccp.exe Win32/Toolbar.Babylon.M potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\EFE9CF63-BAB0-7891-8E6D-B94F2323D076\Latest\enhancedNT.dll a variant of Win32/Toolbar.Babylon.W potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\EFE9CF63-BAB0-7891-8E6D-B94F2323D076\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\F41CA2AF-BAB0-7891-B2D8-A528977E955C\Latest\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\F41CA2AF-BAB0-7891-B2D8-A528977E955C\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\F41CA2AF-BAB0-7891-B2D8-A528977E955C\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\F41CA2AF-BAB0-7891-B2D8-A528977E955C\Latest\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\is-A0EFC.tmp\iobitappsToolbar-stub-1.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\is1496958499\11182497_stp\wajam_validate.exe Win32/Wajam.F potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\is1496958499\12130992_stp\wajam_validate.exe Win32/Wajam.F potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\is1496958499\21586241_stp\wajam_validate.exe Win32/Wajam.F potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\is1496958499\23492411_stp\wajam_validate.exe Win32/Wajam.F potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\is2121167326\414667_Setup.EXE Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\is552972367\1419127_Setup.EXE a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\is552972367\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Local\Temp\is552972367\wajam_validate.exe Win32/Wajam.F potentially unwanted application deleted - quarantined
C:\Users\Scahlet V\AppData\Roaming\2V2Z1C1P1H1P1Q1F2W1G1I1F1T1QtAtB\Advanced SystemCare Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined


#11 charleane

charleane
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 22 February 2014 - 08:52 PM

For Malware bytes scan i manually checked the boxes of PUP detections and pressed delete myself. 

I recently did a new quick scan and the results are below.

it was just a quick scan. Is that sufficient or shall i do another full scan?

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.22.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16798
Scahlet V :: SUPERFLUOUS [administrator]
 
23/02/2014 01:38:52
mbam-log-2014-02-23 (01-38-52).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 215011
Time elapsed: 7 minute(s), 54 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:40 PM

Posted 22 February 2014 - 09:07 PM

Malwarebytes Anti-Malware is designed to remove malware as effectively with a QUICK SCAN as it will with a Full Scan which takes much longer to complete. Both scans use heuristics that bypasses polymorphic blackhat packers & encryption, MD5 Hash, check memory (loaded .exes and .dlls), unique strings, autostart load points and hotspots (everywhere current malware is known to load from) and multiple other malware checks which are not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes.

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 charleane

charleane
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 22 February 2014 - 09:12 PM

Hi Quietman7

Google chrome seems to launch a bit quicker. However, i notice that when i downlaod something fro the net, it goes into a random folder instead of the downlaod folder? 



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:40 PM

Posted 22 February 2014 - 09:24 PM

How to change Google Chrome download locations
How To Set the File Download Location in Google Chrome
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 charleane

charleane
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 22 February 2014 - 09:29 PM

Thank you so much for all your help.

Can i do this scan combination from time to time to keep my computer in good health?

Is there anything else i can do to keep my laptop healthy?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users