Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Problem


  • Please log in to reply
15 replies to this topic

#1 shayward2015

shayward2015

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 15 November 2014 - 12:43 AM

Boy where do I start. When my computer is on a browser (it doesn't matter which one) it has all of these pop ups and avast sometimes says that it cant find anything but when it does find something it fails to get it off. My computer is very slow, meaning games and the internet. I have tried defragmenting,  getting rid of unnecessary files, and doing multiple full scans on avast but nothing seems to help.

Edit: Moved topic from Windows 8 to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 jamal01

jamal01

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 15 November 2014 - 12:48 AM

Assuming it is a legit copy of Windows I would back up any files that you need to a usb. Scan that USB to ensure it is not infected. Reinstall windows with recovery DVD or other recovery media. 



#3 shayward2015

shayward2015
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 15 November 2014 - 01:05 AM

I don't want to do a total system restore just yet, I want to know what my options are, but thank you.



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,032 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 15 November 2014 - 02:05 AM

G'day shayward2015, and Welcome to BC.

 

Lets take a look and see what we can find to explain the pop ups etc etc

 

 

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Download MiniToolBox, save it to your desktop and run it.
    Checkmark the following checkboxes:
    Flush DNS
    Report IE Proxy Settings
    Reset IE Proxy Settings
    Report FF Proxy Settings
    Reset FF Proxy Settings
    List content of Hosts
    List IP configuration
    List Winsock Entries
    List last 10 Event Viewer log
    List Installed Programs
    List Users, Partitions and Memory size.
    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

 

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#5 shayward2015

shayward2015
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 15 November 2014 - 04:21 PM

This the first test results

 Results of screen317's Security Check version 0.99.89 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
Windows Defender  
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome 38.0.2125.111 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

This is the results of the second test.

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Shelby (administrator) on 15-11-2014 at 13:17:35
Running from "C:\Users\Shelby\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:13828

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Qualcomm Atheros AR9485 802.11b|g|n WiFi Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Shelby
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : netgear.com

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1A-D2-24-95-17-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : netgear.com
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b|g|n WiFi Adapter
   Physical Address. . . . . . . . . : 48-D2-24-95-17-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1180:8063:d1e0:97b7%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.254.44(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, November 12, 2014 10:42:56 PM
   Lease Expires . . . . . . . . . . : Sunday, November 16, 2014 1:09:11 PM
   Default Gateway . . . . . . . . . : 192.168.254.254
   DHCP Server . . . . . . . . . . . : 192.168.254.254
   DHCPv6 IAID . . . . . . . . . . . : 323539492
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-AC-9B-F4-A0-48-1C-C5-64-91
   DNS Servers . . . . . . . . . . . : 192.168.254.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : A0-48-1C-C5-64-91
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  dslrouter.netgear.com
Address:  192.168.254.254

Name:    google.com
Addresses:  2607:f8b0:400a:804::1002
   173.194.33.130
   173.194.33.137
   173.194.33.134
   173.194.33.136
   173.194.33.133
   173.194.33.142
   173.194.33.131
   173.194.33.135
   173.194.33.132
   173.194.33.129
   173.194.33.128

Pinging google.com [173.194.33.128] with 32 bytes of data:
Reply from 173.194.33.128: bytes=32 time=31ms TTL=56
Reply from 173.194.33.128: bytes=32 time=32ms TTL=56

Ping statistics for 173.194.33.128:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 31ms, Maximum = 32ms, Average = 31ms
Server:  dslrouter.netgear.com
Address:  192.168.254.254

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=84ms TTL=50
Reply from 98.138.253.109: bytes=32 time=83ms TTL=50

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 83ms, Maximum = 84ms, Average = 83ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...1a d2 24 95 17 d3 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...48 d2 24 95 17 d3 ......Qualcomm Atheros AR9485 802.11b|g|n WiFi Adapter
  3...a0 48 1c c5 64 91 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.254.254   192.168.254.44     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.254.0    255.255.255.0         On-link    192.168.254.44    281
   192.168.254.44  255.255.255.255         On-link    192.168.254.44    281
  192.168.254.255  255.255.255.255         On-link    192.168.254.44    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.254.44    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.254.44    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  4    281 fe80::/64                On-link
  4    281 fe80::1180:8063:d1e0:97b7/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/14/2014 07:24:48 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2350

Start Time: 01d00041a5bc0df4

Termination Time: 58

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: f19aba2d-6c76-11e4-bf16-a0481cc56491

Faulting package full name:

Faulting package-relative application ID:

Error: (11/14/2014 06:46:47 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (11/14/2014 04:34:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9703

Error: (11/14/2014 04:34:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9703

Error: (11/14/2014 04:34:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2014 04:34:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5609

Error: (11/14/2014 04:34:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5609

Error: (11/14/2014 04:34:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2014 04:34:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3687

Error: (11/14/2014 04:34:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3687

System errors:
=============
Error: (11/14/2014 07:03:53 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (11/13/2014 02:30:54 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (11/12/2014 10:37:58 PM) (Source: Service Control Manager) (User: )
Description: The Server service terminated with the following error:
%%1115

Error: (11/12/2014 10:37:58 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1115

Error: (11/12/2014 10:37:56 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%1747

Error: (11/12/2014 10:37:44 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:22:26 PM on ‎11/‎12/‎2014 was unexpected.

Error: (11/12/2014 05:59:45 PM) (Source: DCOM) (User: SHELBY)
Description: App

Error: (11/10/2014 08:13:28 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (11/08/2014 08:40:07 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (11/08/2014 08:37:21 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:03:41 PM on ‎11/‎8/‎2014 was unexpected.

Microsoft Office Sessions:
=========================
Error: (11/14/2014 07:24:48 PM) (Source: Application Hang)(User: )
Description: iexplore.exe11.0.9600.17416235001d00041a5bc0df458C:\Program Files\Internet Explorer\iexplore.exef19aba2d-6c76-11e4-bf16-a0481cc56491

Error: (11/14/2014 06:46:47 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (11/14/2014 04:34:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9703

Error: (11/14/2014 04:34:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9703

Error: (11/14/2014 04:34:37 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2014 04:34:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5609

Error: (11/14/2014 04:34:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5609

Error: (11/14/2014 04:34:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2014 04:34:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3687

Error: (11/14/2014 04:34:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3687

CodeIntegrity Errors:
===================================
  Date: 2014-11-14 19:15:01.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-11-14 19:14:59.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-11-12 22:54:23.811
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-11-12 22:54:22.494
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-11-12 22:42:51.134
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-11-12 22:42:50.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-11-12 22:39:03.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-11-12 22:39:02.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-11-12 22:36:16.751
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-11-12 22:36:15.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

 

=========================== Installed Programs ============================
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Lexmark 3500-4500 Series (HKLM\...\Lexmark 3500-4500 Series) (Version:  - Lexmark International, Inc.)
Linkey (HKCU\...\Linkey) (Version: 0.0.0.333 - Aztec Media Inc)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mod Manager Packages (HKCU\...\Mod Manager Packages) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.2.16.10 - Electronic Arts Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 3682.26 MB
Available physical RAM: 2054.22 MB
Total Pagefile: 5056.71 MB
Available Pagefile: 2314.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.91 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:442.69 GB) (Free:331.45 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:21.96 GB) (Free:2.09 GB) NTFS

========================= Users: ========================================

User accounts for \\SHELBY

Administrator            Guest                    Shelby                  

**** End of log ****



#6 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,032 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 15 November 2014 - 05:33 PM

There are two programs to run ....run them one after the other....Do Not reboot in between please.

 

 

1. Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.

 
    RKill.exe:    http://www.bleepingcomputer.com/download/rkill/dl/10/

       iExplore.exe (renamed rKill.exe):     http://www.bleepingcomputer.com/download/rkill/dl/11/

Rkill.com   RKill Download Link Download Now Rkill.com


Important: Do not reboot your computer until you complete the next step.

 

 

2.  Please download AdwCleaner by Xplode and save to your Desktop.
 * Double-click on AdwCleaner.exe to run the tool.
 * Vista / Windows 7 / 8 users right-click and select Run As Administrator.
 * Click on the Scan button (only once)
 * AdwCleaner will begin...be patient as the scan may take some time to complete.
 * After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Check the removals and see if you are OK with the list.

* Now
 * Click on the Clean button (only once)
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#7 shayward2015

shayward2015
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 15 November 2014 - 08:55 PM

Those are the results for the first test and im going to do the second test right now.

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/15/2014 05:11:41 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000



#8 shayward2015

shayward2015
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 15 November 2014 - 09:06 PM

Those are the results of the second test. after my computer was done restarting it was a lot slower than before, I don't know what that means. 

 

 

# AdwCleaner v4.101 - Report created 15/11/2014 at 17:56:06
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Shelby - SHELBY
# Running from : C:\Users\Shelby\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
Service Deleted : wStLibG64

***** [ Files / Folders ] *****

[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files (x86)\Linkey
Folder Deleted : C:\Program Files (x86)\Mega Browse
Folder Deleted : C:\Program Files (x86)\Re-Markable-soft
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files (x86)\Plus-HD-9.3
Folder Deleted : C:\Users\Shelby\AppData\Local\emaze
Folder Deleted : C:\Users\Shelby\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Shelby\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Shelby\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Shelby\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Shelby\Documents\Mobogenie
Folder Deleted : C:\Users\Shelby\Documents\Optimizer Pro
Folder Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak
File Deleted : C:\WINDOWS\System32\drivers\wStLibG64.sys
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\Shelby\daemonprocess.txt
File Deleted : C:\Users\Shelby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Deleted : C:\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : ae1c3042-3388-45b9-b3c5-7de311620ae3-3
Task Deleted : ae1c3042-3388-45b9-b3c5-7de311620ae3-5

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{4b65bceb-1634-436d-b4dd-814ba4b56fb5}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Linkey.Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe



#9 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,032 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 15 November 2014 - 09:57 PM

now run.... 

 

 

Please download Junkware Removal Toolby Thisisu

Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.

Click on Run to initiate the installation.

To avoid potential conflicts, Temporarily Disable your Antivirus

You may want to be offline when you do this.

Run the tool by double-clicking it.

If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste this in your next post..

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#10 shayward2015

shayward2015
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 16 November 2014 - 10:56 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 8.1 x64
Ran by Shelby on Sun 11/16/2014 at 19:23:03.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511301198}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{28127A69-A27B-465F-9984-360569458C0E}

 

~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\Re-Markable_wd.job
Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/16/2014 at 19:46:21.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#11 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,032 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 16 November 2014 - 11:15 PM

Download MalwareBytes Anti-Malware to your desktop.

   Please download MALWAREBYTES Anti Malwareto your desktop.

NOTE. If you already have MBAM 2.0 installed scroll down. to the paragraph written in red


Otherwise....follow these instructions Please...

    Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:

        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

    Click Finish.
    On the Dashboard, click the 'Update Now >>' link....IMPORTANT !!
 
    After the update completes, click the 'Scan Now >>' button.
   (Or, alternatively, on the Dashboard, click the Scan Now >> button...... If an update is available, click the Update Now button

    A Threat Scan will begin.
    When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    (In most cases, a restart will be required.)
    Wait for the prompt to restart the computer to appear, then click on Yes.




If you already have MBAM 2.0 installed:

    On the Dashboard, click the 'Update Now >>' link
   After the update completes, click the 'Scan Now >>' button.
   (Or, alternatively, on the Dashboard, click the Scan Now >> button.
    If an update is available, click the Update Now button.)
    A Threat Scan will begin.
   When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    (In most cases, a restart will be required.)

   Wait for the prompt to restart the computer to appear, then click  Yes.




 How To Find Your Logs ...
(Export log to save as txt

    After the restart , and you are back on your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the Scan Log which shows the Date and time of the scan just performed.
    Click 'Export'.
    Click 'Text file (*.txt)'
    In the Save File dialog box which appears, click on Desktop.
    In the File name box type a name for your scan log.
    A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    Click Ok
    Copy and Paste that saved log to your next reply, for me to review.




(Copy to clipboard for pasting into forum replies )

    After the restart and you are back on your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply, for my review.

 

 

Please be aware this next scan can easily take in excess of three hours

 

Please download ESET Online Scan and save the file to your Desktop.
    Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    Double-click esetsmartinstaller_enu.exe to run the program.
    Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start
    Agree to the Terms of Use once more and click Start. Allow components to download.
    Place a checkmark next to Enable detection of potentially unwanted applications.
    Click Hide advanced settings. Place a checkmark next to:
        Scan archives
        Scan for potentially unsafe applications
        Enable Anti-Stealth technology

    Ensure Remove found threats is CHECKED
    Click Start.
    Wait for the scan to finish. Please be patient as this can take some time.
    Upon completion, click List of found threats.... If no threats were found, skip the next two bullet points.
    Click Export to text file... and save the file to your Desktop, naming it something unique such as MyEsetScan.
    Push the Back button.
    Place a checkmark next to Uninstall Application on Close and click Finish.
   Re-enable your anti-virus software.
    Copy the contents of the log and paste in your next reply.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#12 shayward2015

shayward2015
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 17 November 2014 - 09:03 PM

That is the first test

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/17/2014
Scan Time: 12:29:40 PM
Logfile: scan.txt
Administrator: Yes

Version: 0.00.0.0000
Malware Database: v2014.11.17.06
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Shelby

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344322
Time Elapsed: 1 hr, 57 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

 

 

 

 

 

That is the second test

 

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsa7D2F.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsa7D2F.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsb3326.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsb3326.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-9.3\ae1c3042-3388-45b9-b3c5-7de311620ae3-3.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-9.3\ae1c3042-3388-45b9-b3c5-7de311620ae3-5.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-9.3\Plus-HD-9.3-bg.exe.vir a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-9.3\Plus-HD-9.3-bho.dll.vir a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-9.3\Plus-HD-9.3-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-9.3\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.BP potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-9.3\utils.exe.vir Win32/Packed.VMDetector.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\smdmf.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\smdmfldr.dll.vir a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\smdmfldr_u.dll.vir a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr.dll.vir a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemk.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkbho.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkmgrc2.cfg.vir a variant of Win32/AdWare.Bandoo.AG application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemku.exe.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\tbicon.exe.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\del_DM_LL_nsd9103.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\smdmf.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\smdmfldr.dll.vir Win64/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\smdmfldr_u.dll.vir Win64/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg.vir a variant of Win64/Adware.Bandoo.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Shelby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.51_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\wStLibG64.sys.vir Win64/Riskware.NetFilter.A application cleaned by deleting - quarantined
C:\Users\Shelby\AppData\Local\Temp\nsn8E1B.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Users\Shelby\AppData\Local\Temp\nstAA5E.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Users\Shelby\AppData\Local\Temp\nstC6BF.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Users\Shelby\AppData\Local\Temp\nsuE247.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Users\Shelby\AppData\Local\Temp\nsg2771\SpSetup.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\Shelby\AppData\Local\Temp\nsqB13E.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Shelby\AppData\Local\Temp\nsqB13E.tmp\Starter.exe Win32/Toolbar.SearchSuite.T potentially unwanted application deleted - quarantined
C:\Users\Shelby\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Mod Manager Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\Users\Shelby\Downloads\Mod_Setup.exe a variant of Win32/InstallCore.JE.gen potentially unwanted application deleted - quarantined
C:\Users\Shelby\Downloads\setup (1).exe a variant of Win32/AdWare.iBryte.AL application cleaned by deleting - quarantined
C:\Users\Shelby\Downloads\Setup (2).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined
C:\Users\Shelby\Downloads\setup (3).exe Win32/OutBrowse.Y potentially unwanted application deleted - quarantined
C:\Users\Shelby\Downloads\setup (4).exe Win32/OutBrowse.Y potentially unwanted application deleted - quarantined
C:\Users\Shelby\Downloads\SoftonicDownloader_for_directx.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application deleted - quarantined
C:\Users\Shelby\Downloads\SoftonicDownloader_for_slender-the-eight-pages (1).exe a variant of Win32/SoftonicDownloader.F potentially unwanted application deleted - quarantined
C:\Users\Shelby\Downloads\SoftonicDownloader_for_slender-the-eight-pages.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application deleted - quarantined
C:\Users\Shelby\Downloads\torrent.exe a variant of Win32/AdWare.iBryte.AM application cleaned by deleting - quarantined
C:\Windows\apppatch\apppatch64\SPVCLdr64.dll a variant of Win32/ClientConnect.A potentially unwanted application deleted (after the next restart) - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsa7D2F.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsa7D2F.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsb3326.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsb3326.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsd115F.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsfBAFE.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsi8E7C.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsi9743.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsj1AFA.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsj5A3A.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsjB332.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsl8D4E.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsnFA2.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsoB4EC.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsp4D5.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsr14AF.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsu89D8.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\nsw6690.exe Win32/Conduit.SearchProtect.R potentially unwanted application deleted - quarantined
C:\Windows\Temp\110245b6\SettingsManagerSetup.exe a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application deleted - quarantined
C:\Windows\Temp\1c090798\SettingsManagerSetup.exe a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application deleted - quarantined
C:\Windows\Temp\3d6159b5\SettingsManagerSetup.exe a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application deleted - quarantined
 



#13 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,032 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 17 November 2014 - 09:16 PM

  • How is the computer running now ?

 

 

Please download Temp File Cleaner by Old Timer
Usage Instructions:

    Download TFC from the download link above and save the file on your desktop.
    Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
    Double-click on the TFC icon.
    When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
    When done, press OK > Exit, and reboot your computer and finish the cleanup


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#14 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,032 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 17 November 2014 - 09:17 PM

....and then run Screen317 again for me please,

 

Download Security Check by Screen317 from HERE


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#15 shayward2015

shayward2015
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 17 November 2014 - 10:17 PM

 Results of screen317's Security Check version 0.99.90  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (38.0.2125.111) 
 Google Chrome (chrome.exe..) 
 Google Chrome (debug.log..) 
 Google Chrome (Dictionaries...) 
 Google Chrome (master_preferences...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users