Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow computer page redirects


  • Please log in to reply
11 replies to this topic

#1 kaeso

kaeso

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 25 July 2014 - 12:49 AM

Fixing computer for computer illiterate family member who claims that since trying to download some sketchy MP3, computer has been running incredibly slow with page redirects to advertisement sites. 

 

I've run malwarebytes and microsoft security essentials but it doesn't look like that has solved the problems

 

running 64bit windows 7, mostly google chrome usage

 

Thanks!

 

 



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:56 AM

Posted 25 July 2014 - 12:21 PM

Hi kaeso!

Did Malwarebytes find anything? If so:

Open MalwareBytes Anti-Malware and then click on History

On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.

Go to the bottom left corner to Export and select Text File (*.txt)

Save it to the desktop, preferably named ‘mbamlog’ or etc and paste it here.

 

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Thank you!

 



#3 kaeso

kaeso
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 26 July 2014 - 02:24 PM

Malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/24/2014
Scan Time: 10:25:49 PM
Logfile: mbamlog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.25.01
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lizzy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323825
Time Elapsed: 13 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
PUP.Optional.SWBooster.A, HKLM\SOFTWARE\WOW6432NODE\SW-Booster, Quarantined, [c1f471325a21bf77214c01cfa959b050], 
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [b104f3b0205bc96d148b4cdd8c786b95], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}, Quarantined, [2b8a663d7407a88e70b6735a867c6799], 
PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27, Quarantined, [05b0f9aae596ce683e661118b64e39c7], 
PUP.Optional.Booster, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\D0E87C27, Quarantined, [298ce7bccfacfd39a6fdc66328dc47b9], 
PUP.Optional.WeCare, HKU\S-1-5-21-3471421413-1524304357-1424031584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wecarereminder, Quarantined, [9322dfc4cfacb086f174dee9a65c30d0], 
PUP.Optional.SuperFish.A, HKU\S-1-5-21-3471421413-1524304357-1424031584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [278ea8fb3f3cbc7aa436ab2254ae9b65], 
 
Registry Values: 2
PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27|svn, SW-Sustainer, Quarantined, [05b0f9aae596ce683e661118b64e39c7]
PUP.Optional.Booster, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\D0E87C27|DisplayName, SW-Sustainer, Quarantined, [298ce7bccfacfd39a6fdc66328dc47b9]
 
Registry Data: 1
PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL, Good: (), Bad: (C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL),Replaced,[1c994e557605df57ea224878c53dfd03]
 
Folders: 1
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster, Quarantined, [1c994e557605df57ea224878c53dfd03], 
 
Files: 4
PUP.Optional.MultiPlug.A, C:\Users\Lizzy\AppData\Local\Temp\{8AC13531-AB7F-43D9-A132-E35D512217C7}\Addons\search_installer.exe, Quarantined, [4a6b6a3936452e08d7dcd8cb89785ba5], 
PUP.Optional.OptimumInstaller.A, C:\Users\Lizzy\Downloads\Player-Chrome.exe, Quarantined, [bff6178cf7841c1af063c690cb36837d], 
PUP.Optional.Firseria, C:\Users\Lizzy\Downloads\Setup.exe, Quarantined, [496c0a990279e84e662b90486a9a817f], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\Assistant_x64.dll, Quarantined, [1c994e557605df57ea224878c53dfd03], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by kaeso, 26 July 2014 - 02:24 PM.


#4 kaeso

kaeso
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 26 July 2014 - 02:26 PM

minitoolbox log

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Lizzy (administrator) on 26-07-2014 at 12:25:49
Running from "C:\Users\Lizzy\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/26/2014 00:18:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 134810245
 
Error: (07/26/2014 00:18:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 134810245
 
Error: (07/26/2014 00:18:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/24/2014 10:51:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1029
 
Error: (07/24/2014 10:51:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1029
 
Error: (07/24/2014 10:51:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/24/2014 10:42:03 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (07/24/2014 10:41:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/24/2014 10:22:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/24/2014 10:22:27 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
 
System errors:
=============
Error: (07/24/2014 10:41:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/24/2014 10:22:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/24/2014 10:22:43 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SW-Sustainer service to connect.
 
Error: (07/12/2014 09:46:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (07/12/2014 09:46:52 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SW-Sustainer service to connect.
 
Error: (07/09/2014 07:57:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
 
Error: (07/06/2014 07:26:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (07/06/2014 05:10:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
 
Error: (07/04/2014 03:17:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
 
Error: (07/04/2014 10:22:59 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer IDEA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FEBA9AF2-7E83-4FD6-AD7F-5F1364144432}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
 
 
=========================== Installed Programs ============================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Color LaserJet 2600 series (HKLM\...\HP Color LaserJet 2600 series) (Version:  - )
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{6E579724-82F9-454C-A98E-39DDDAB167FF}) (Version: 1.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.25.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.25.0 - Renesas Electronics Corporation) Hidden
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SNT (HKLM-x32\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 2.1.0.1844 - SNT)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.6 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{41C2B21A-63BB-4377-9567-A97B15F21E59}) (Version: 1.3.7.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.6 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.11.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2003 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.9 - TOSHIBA Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.16.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.29 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.29 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 47%
Total physical RAM: 3996.55 MB
Available physical RAM: 2102.97 MB
Total Pagefile: 7991.27 MB
Available Pagefile: 5360.89 MB
Total Virtual: 4095.88 MB
Available Virtual: 3987.1 MB
 
========================= Partitions: =====================================
 
1 Drive c: (TI106339W0E) (Fixed) (Total:104.94 GB) (Free:55.06 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\LIZZY-PC
 
Administrator            Guest                    Lizzy                    
 
 
**** End of log ****


#5 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:56 AM

Posted 28 July 2014 - 12:23 PM

Sorry for the late reply

Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

Please download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish

Copy and paste the log content.

The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")

 

Thank you!



#6 kaeso

kaeso
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 30 July 2014 - 12:30 AM

# AdwCleaner v3.301 - Report created 29/07/2014 at 22:27:51
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lizzy - LIZZY-PC
# Running from : C:\Users\Lizzy\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SNT
Folder Deleted : C:\ProgramData\saFeweb
Folder Deleted : C:\ProgramData\ToakieThheCoouponi
Folder Deleted : C:\Program Files (x86)\saFeweb
Folder Deleted : C:\Program Files (x86)\ToakieThheCoouponi
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Lizzy\AppData\Local\torch
Folder Deleted : C:\Users\Lizzy\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Lizzy\AppData\LocalLow\tuvaro
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Lizzy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=2280&r=2014/03/19&hid=10695516513844503744&lg=EN&cc=US&unqvl=50
Deleted [Startup_urls] : hxxp://search.gboxapp.com/
Deleted [Homepage] : hxxp://search.gboxapp.com/
 
*************************
 
AdwCleaner[R0].txt - [4437 octets] - [29/07/2014 22:25:45]
AdwCleaner[S0].txt - [4163 octets] - [29/07/2014 22:27:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4223 octets] ##########


#7 kaeso

kaeso
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 30 July 2014 - 12:42 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lizzy on Tue 07/29/2014 at 22:32:01.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{39A00B38-AD91-45BB-8094-13B672CBC888}
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{4B567F23-CF27-40E7-AFB6-7006B3B296E9}
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{6E3DA683-8C81-4CDC-BCA3-EFCA1E914057}
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{90F67028-84CA-49EE-937F-14720585304F}
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{9B21A2F9-F1B0-4D2D-9A48-ABA82B0D17CB}
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{A93C262A-DB0E-4759-BA76-1177AC796D3F}
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{C690601C-0A1D-4F54-94F5-FD61CC8696E0}
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{CFC0145D-C95E-43D3-B099-7B85E578A51A}
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{DB4089E4-A0E0-455B-875C-F7425EF8DC44}
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{F3EB6D9D-A8F7-4B1C-A5CB-D24570F89745}
Successfully deleted: [Empty Folder] C:\Users\Lizzy\appdata\local\{F8E8C44A-5160-4E03-B7D2-3C13A821B411}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/29/2014 at 22:42:23.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 kaeso

kaeso
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 30 July 2014 - 01:47 AM

I ran eset the first time and accidentally uninstalled (and thus deleting the log) before trying to post it. i do remember it found and deleted 11 things



#9 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:56 AM

Posted 30 July 2014 - 12:33 PM

Ok so now what is the situation?

 

Download HitmanPro x64 HERE from onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!



#10 kaeso

kaeso
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 31 July 2014 - 12:25 AM

HitmanPro 3.7.9.221
www.hitmanpro.com
 
   Computer name . . . . : LIZZY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Lizzy-PC\Lizzy
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (31 days left)
 
   Scan date . . . . . . : 2014-07-30 22:17:34
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 37
 
   Objects scanned . . . : 1,536,281
   Files scanned . . . . : 30,566
   Remnants scanned  . . : 258,261 files / 1,247,454 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Lizzy\Desktop\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 4.4 days (2014-07-26 12:20:45)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 55ADA329F40AC0E0F13EC464E56D09C12078ADEF021A934F059BCD3E962EC46E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\ (Tuvaro) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\ (Tuvaro) -> PendingDelete
   HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
   HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> PendingDelete
   HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
   HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
 
Cookies _____________________________________________________________________
 
   C:\Users\Lizzy\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Lizzy\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\1C1AHOB1.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\2IUX1MKO.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\2WE463UB.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\39AR37NN.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\4D31WNSA.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\4S28BCTW.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\5MNK22ND.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\8HMKXF0E.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\A9GCULYA.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\AGEN7U8V.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\ARBO97BZ.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\FXX37N92.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\IJUY45Q2.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\KR639RGX.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\KVALW5IT.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\LEUC0P1Z.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\LFR9EE27.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\M4Y9NI26.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\OI1YZ6VM.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\OVPA09MW.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\RO3W7FYY.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\TRMXF5DT.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\TVV75DKO.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\U5HVZ2A3.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\UYQJFJ5V.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\VLPZY2AK.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\XCS9D29L.txt
   C:\Users\Lizzy\AppData\Roaming\Microsoft\Windows\Cookies\XN14P8IS.txt
 
 
 


#11 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:56 AM

Posted 31 July 2014 - 05:43 AM

Are there now symptoms from your first post?

Thank you!



#12 kaeso

kaeso
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 01 August 2014 - 01:36 AM

It seems a lot better! Thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users