Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by Browser Shop


  • Please log in to reply
5 replies to this topic

#1 heartfilia

heartfilia

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 28 November 2014 - 03:55 PM

I get a bunch of ads on every page, and a ton of pop-ups. If I'm on a page that has something to do with shopping, it gets much, much worse. It's really slowed down my computer and makes doing work really hard.

 

So far, I've looked up guides on how to remove it, which basically consisted of: Run AdwCleaner, Run Malware Bytes, and then run Hitman Pro. No dice with any of those. I've also tried removing all the associated extensions and installed programs. Still occuring. Is there any way to get rid of these without reinstalling Windows or something drastic?



BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:04 AM

Posted 28 November 2014 - 04:51 PM

Hello heartfilia.
Those programs usually make some changes.
Please follow these downloads if you can.

Download Screen317 Security Check from Here or Here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please Copy and Paste the contents of that document.

Note 1:: If any security program requests permission to access the Internet, allow it to
Note 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message, (or similar) restart computer and Security Check should run
 

 

 

Next -

Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

  • List content of Hosts
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)

 

 

Now please open your version of AdwCleaner and hit Uninstall

 

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.
 
Do not reboot your computer until you complete the next step.

 NOW :

  • Download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.

 Next

  • Click on the Clean button only once for accuracy
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
    Copy and Paste the contents of that log in your next reply.

Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.

 

 

And Next -

Please download Junkware Removal Tool to your desktop.
* Temporarily Disable your Antivirus now to avoid potential conflicts.
* Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

Next, and very important -

 

Now go to Control Panel and open Internet Options > Down to the box that has your normal Home Page and check this. Re-set it if it is not correct, and click APPLY > OK. While there go across the top to Connections, Down to LAN Settings, Click that and make sure the only box ticked is Automatically detect settings >Click OK to close the box and Apply at the bottom.

 

Please leave the logs requested and if the situation has improved

 

Thank You -

Minor edit to clean up post -


Edited by noknojon, 28 November 2014 - 05:00 PM.


#3 heartfilia

heartfilia
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 29 November 2014 - 01:07 AM

First off, thanks so much for the help. I've done all the steps requested and so far, no change. Here are all the logs:

 


System 317:
 
 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Java 7 Update 45  
 Java version 32-bit out of Date! 
 Adobe Flash Player 15.0.0.239  
 Adobe Reader XI  
 Mozilla Firefox 29.0.1 Firefox out of Date!  
 Google Chrome 38.0.2125.111 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
MiniToolBox log:
 
MiniToolBox by Farbar  Version: 21-07-2014
Ran by asus (administrator) on 28-11-2014 at 23:00:28
Running from "C:\Users\asus\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/28/2014 10:34:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13551089
 
Error: (11/28/2014 10:34:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13551089
 
Error: (11/28/2014 10:34:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/28/2014 10:34:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13550028
 
Error: (11/28/2014 10:34:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13550028
 
Error: (11/28/2014 10:34:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/28/2014 10:34:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13549030
 
Error: (11/28/2014 10:34:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13549030
 
Error: (11/28/2014 10:34:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/28/2014 06:49:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14352
 
 
System errors:
=============
Error: (11/28/2014 00:35:09 PM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
%%2
 
Error: (11/28/2014 00:34:49 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (11/28/2014 00:32:44 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error: 
%%1053
 
Error: (11/28/2014 00:32:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.
 
Error: (11/28/2014 11:34:44 AM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
%%2
 
Error: (11/28/2014 11:32:41 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error: 
%%1053
 
Error: (11/28/2014 11:32:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.
 
Error: (11/27/2014 11:56:12 PM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
 
Error: (11/23/2014 05:31:48 PM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
%%2
 
Error: (11/23/2014 05:29:29 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (12/13/2013 09:32:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 
 
12.0.4518.1014. This session lasted 180156 seconds with 360 seconds of active time.  This session ended with a crash.
 
 
 
=========================== Installed Programs ============================
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - 
 
Asmedia Technology)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Autodesk SketchBook Copic Edition (HKLM\...\{0BE81E54-A77D-4A8D-AB2A-598CEE7DC192}) (Version: 2.00.0000 - Autodesk)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FireAlpaca 1.0.52 (HKLM\...\FireAlpaca_is1) (Version: 1.0.52 - firealpaca.com)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3309 - Hewlett-Packard)
HP MediaSmart DVD (Version: 3.0.3309 - Hewlett-Packard) Hidden
HP Officejet 6600 Basic Device Software (HKLM\...\{C4C4BECF-764C-406D-A1AD-F73611B0F668}) (Version: 28.0.1315.0 - Hewlett-
 
Packard Co.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® OpenCL CPU Runtime (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 
 
15.0.0.0083 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - 
 
Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CFAAF1E3-8C21-491E-9DD9-D60ABAFAB2BC}) (Version: 15.00.0000.0708 - Intel 
 
Corporation)
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
LINE (HKLM\...\LINE) (Version: 3.1.10.36 - NHN Japan)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes 
 
Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - 
 
Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft 
 
Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 
 
9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 
 
9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 
 
9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 
 
9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft 
 
Corporation)
NewBlue Motion Blends for Windows (HKLM\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
NewBlue plug-ins bundle patch build 121206 (HKLM\...\NewBlue plug-ins bundle patch build 121206_is1) (Version: 3.0.0.0 - 
 
NewBlue Inc.)
Notepad++ (HKLM\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, 
 
Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm 
 
Atheros)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek 
 
Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor 
 
Corp.)
SketchUp 2015 (HKLM\...\{D640B9A3-D937-47E2-9BFA-A593DFA8AF21}) (Version: 15.0.9351 - Trimble Navigation Limited)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sony Vegas 7.0 (HKLM\...\{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}) (Version: 7.0.216 - Sony)
SP45575 - Wallpaper Picture Position Enabler for Windows 7 (HKLM\...\{86391634-A94B-4355-8397-3D85C2F942DA}) (Version: 
 
1.0.0 - Hewlett-Packard International Pte. Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-
 
0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-
 
0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-
 
0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Vegas Pro 11.0 (HKLM\...\{B5B98340-0296-11E2-8B8E-F04DA23A5C58}) (Version: 11.0.700 - Sony)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VST Bridge 1.1 (HKLM\...\VST Bridge_is1) (Version:  - )
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-6 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom 
 
Technology Corp.)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xilisoft MKV Converter (HKLM\...\Xilisoft MKV Converter) (Version: 7.7.3.20131014 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130619 - Xilisoft)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 83%
Total physical RAM: 3483.68 MB
Available physical RAM: 581.76 MB
Total Pagefile: 6965.64 MB
Available Pagefile: 3000.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.67 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:198.05 GB) NTFS
2 Drive d: (BROTHER) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\ASUS-PC
 
Administrator            asus                     Guest                    
 
 
**** End of log ****
 
Rkill:
 
Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/28/2014 11:19:14 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\TEMP\mrtC061.tmp\stdrt.exe (PID: 1932) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 
AdWCleaner:
 
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : asus - ASUS-PC
# Running from : C:\Users\asus\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [807 octets] - [28/11/2014 23:44:39]
AdwCleaner[R1].txt - [866 octets] - [28/11/2014 23:48:18]
AdwCleaner[S0].txt - [788 octets] - [28/11/2014 23:52:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [847 octets] ##########
 
Junkware Removal Tool:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Professional x86
Ran by asus on Fri 11/28/2014 at 23:59:10.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\asus\AppData\Roaming\mozilla\firefox\profiles\693iqoy8.default\prefs.js
 
user_pref("extensions.4Sf0hc1xqOBW.url", "hxxp://firstblue.eu/sync2/?q=hfZ9ofV9CShEAen0rHnMg708BNmGWj8lkGhGheDUojw9rdsFqTw8rHUHrchIC7n0rjnEqHa8rjn8qjwHtNhVCT94tMVKhd98qdw4rdr5
Emptied folder: C:\Users\asus\AppData\Roaming\mozilla\firefox\profiles\693iqoy8.default\minidumps [3 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/29/2014 at  0:01:50.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:04 AM

Posted 29 November 2014 - 02:23 AM

There is a chance that it was downloaded from BitTorrent or an Email.

 

>>>  Percentage of memory in use: 83% <<<

This is bordering on over-loading, and is a reason why your computer will run slower. I panic if mine gets above 60%.

Drive c: () (Fixed) (Total:465.66 GB) (Free:198.05 GB) NTFS << This may give you some idea.

 

If you do know of installed programs that can be removed, then this is where to start.

Please download CCleaner to your desktop.
On the left side click Tools and  highlight any program you do not need, then click Uninstall on the Right side.
 

 

All of our tools will be removed, but they take very little space.

 

So we will look a bit deeper,

 

I do not notice any antivirus installed, is this correct ?? They are free, and we can leave a basic list, or type MSE into Google to download Microsoft Security Essentials.

 

Please download Malwarebytes Anti-Malware

  • Follow the simple directions to install the program to desktop

     

  • If already installed please check for Updates first, and then run a Scan.
  • Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
  • Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
  • If you find malware and tick it to remove it, you may be asked th re-boot the computer to finish cleaning.
  • Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next -

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Note: This is a beta version so please be sure to read the disclaimer as it is always being upgraded..
  • Scan your system for malware / rootkits
    With some infections, you may see two messages boxes.
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart.
  • Continue with the rest of these instructions.

If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

 

 

Thank You -



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:04 AM

Posted 29 November 2014 - 04:32 PM

Hi -

Would you also post this for me please .........

 

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<= Full Directions Here (only Copy / Paste the link)

 

Thank You -



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:04 AM

Posted 07 December 2014 - 12:24 AM

Hello heartfilia

You have not posted back for over a week, Is there another problem, or have you solved this one.........

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users