Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slow in downloading sites and pages


  • Please log in to reply
22 replies to this topic

#1 JoeWatson

JoeWatson

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 23 April 2015 - 10:53 PM

My computer isn't slow except when I'm connected to the net with  Firefox 37.0.1 or Chrome 42.0.2311.90 to download pages and sites which take a long time.

 

I had a look on the internet for a solution and got the following:

 

PCHealthboos.link

 

Tweak Bit (Microsoft Partner)

 

Reimage

Super Anti spyware but I think I would probably do more harm than good as most of them get into the registry.

 

I have scanned with MalwareBytesAntiMalware and ESET 8.0.304.0 which have shown no problems.

 

Any suggestions please


Edited by hamluis, 24 April 2015 - 11:44 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 enemyofthestate

enemyofthestate

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 April 2015 - 03:44 PM

use the adaware program on this site



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:58 AM

Posted 24 April 2015 - 04:04 PM

PC Healthboost is software which claims to be an optimizing/registry cleaning tool that purports to improve performance, make repairs and enhance the speed of a computer. The optimization and performance improvement claims made by such software vendors are borderline scams. There is no statistical evidence to back such claims. Advertisements to do so are a marketing ploy intended to goad users into using an unnecessary and potential dangerous product. I would not trust any results such programs detect as problematic or needing repair nor recommend using the options to fix them.

Further, these types of junk optimization programs are often considered Potentially Unwanted Programs (PUPs) so they may be detected or even removed by some security scanners which specifically look for PUPs and adware.

I recommend you remove it.

If you have used this program...there is no telling what damage it has already done to your registry and other areas it purports to clean.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.

Why you should not use Registry Cleaners and Optimization Tools


Be sure to read Microsoft's support policy for the use of registry cleaning utilities in that topic...Microsoft does not support the use of registry cleaners.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:58 AM

Posted 24 April 2015 - 04:07 PM

If you think your may have picked up some adware/PUPs, the first step is to check Programs and Features (Add/Remove Programs) in Control Panel for newly installed junk software and remove anything you do not recognize or did not download recently. In most cases, using the program's uninstaller not only removes it more effectively, but it also restores many changed configuration settings. Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders.

Scroll through the list and remove anything else (newly installed programs) you do not recognize. To view the most recently installed programs, click on the “Installed On” column to sort all programs by installation date.


The next place to check is your browser extensions and add-ons/plug-ins.To reset your browser settings to default:To reset the browser home page if it was changed, please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:58 AM

Posted 24 April 2015 - 04:13 PM

Let me know when you have done the above.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 02 May 2015 - 04:38 AM

Sorry to be late in replying but have been hospitalised for a few days. OK now.

 

A bit wary of resetting Firefox as the last time I tried this I lost all my bookmarks.

 

Would you be kind enough to look at my current plugins as I am not sure which ones I should either disable or uninstall, if possible. You can check out at https://www.dropbox.com/home?preview=About.docx

 

Thank youi



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:58 AM

Posted 02 May 2015 - 06:09 AM

Sorry to hear about the hospitalization...I hope you are recovering well.

I am not registered with dropbox so I cannot check out your plugins. If you list them here I will have a look.

BTW...Safe Mode Firefox (debugging startup mode by restart with Add-ons disabled) is used for troubleshooting purposes by allowing you to temporarily disable all the custom settings, themes and extensions. There are also options to make them permanent or reset all preferences to default.Using this procedure allows you to check if any of the plugins/add-ons are causing specific problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 02 May 2015 - 08:06 PM

Ill start going through your list. Meantime I've put a list of plugins below:

 

About:plugins

 

Installed plugins

Find updates for installed plugins at mozilla.com/plugincheck

OpenH264 Video Codec provided by Cisco Systems, Inc.

File: 1.3

Path: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\e082npqn.default\gmp-gmpopenh264\1.3

Version: 1.3

State: Disabled

Play back web video and use video chats.

MIME Type

Description

Suffixes

VLC Web Plugin

File: npvlc.dll

Path: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

Version: 2.2.1.0

State: Enabled

VLC media player Web Plugin

MIME Type

Description

Suffixes

audio/mpeg

MPEG audio

mp2,mp3,mpga,mpega

audio/x-mpeg

MPEG audio

mp2,mp3,mpga,mpega

video/mpeg

MPEG video

mpg,mpeg,mpe

video/x-mpeg

MPEG video

mpg,mpeg,mpe

video/mpeg-system

MPEG video

mpg,mpeg,mpe,vob

video/x-mpeg-system

MPEG video

mpg,mpeg,mpe,vob

audio/mp4

MPEG-4 audio

aac,mp4,mpg4

audio/x-m4a

MPEG-4 audio

m4a

video/mp4

MPEG-4 video

mp4,mpg4

application/mpeg4-iod

MPEG-4 video

mp4,mpg4

application/mpeg4-muxcodetable

MPEG-4 video

mp4,mpg4

video/x-m4v

MPEG-4 video

m4v

video/x-msvideo

AVI video

avi

application/ogg

Ogg stream

ogg

video/ogg

Ogg video

ogv

application/x-ogg

Ogg stream

ogg

application/x-vlc-plugin

VLC plug-in

 

video/x-ms-asf-plugin

Windows Media Video

asf,asx

video/x-ms-asf

Windows Media Video

asf,asx

application/x-mplayer2

Windows Media

 

video/x-ms-wmv

Windows Media

wmv

video/x-ms-wvx

Windows Media Video

wvx

audio/x-ms-wma

Windows Media Audio

wma

application/x-google-vlc-plugin

Google VLC plug-in

 

audio/wav

WAV audio

wav

audio/x-wav

WAV audio

wav

audio/3gpp

3GPP audio

3gp,3gpp

video/3gpp

3GPP video

3gp,3gpp

audio/3gpp2

3GPP2 audio

3g2,3gpp2

video/3gpp2

3GPP2 video

3g2,3gpp2

video/divx

DivX video

divx

video/flv

FLV video

flv

video/x-flv

FLV video

flv

application/x-matroska

Matroska video

mkv

video/x-matroska

Matroska video

mkv

audio/x-matroska

Matroska audio

mka

application/xspf+xml

Playlist xspf

xspf

audio/x-mpegurl

MPEG audio

m3u

video/webm

WebM video

webm

audio/webm

WebM audio

webm

application/vnd.rn-realmedia

Real Media File

rm

audio/x-realaudio

Real Media Audio

ra

audio/amr

AMR audio

amr

audio/x-flac

FLAC audio

flac

Microsoft Office 2010

File: NPAUTHZ.DLL

Path: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

Version: 14.0.4730.1010

State: Enabled

Office Authorization plug-in for NPAPI browsers

MIME Type

Description

Suffixes

application/x-msoffice14

14.0.4730.1010

*

Microsoft Office 2010

File: NPSPWRAP.DLL

Path: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

Version: 14.0.4761.1000

State: Enabled

The plug-in allows you to open and edit files using Microsoft Office applications

MIME Type

Description

Suffixes

application/x-sharepoint

SharePoint Plug-in for Firefox

 

NPLastPass

File: nplastpass.dll

Path: C:\Program Files (x86)\LastPass\nplastpass.dll

Version: 2.5.5.0

State: Enabled

LastPass Plugin

MIME Type

Description

Suffixes

application/x-vnd-lastpass

nplastpass

 

Java™ Platform SE 8 U45

File: npjp2.dll

Path: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

Version: 11.45.2.14

State: Disabled

Next Generation Java Plug-in 11.45.2 for Mozilla browsers

MIME Type

Description

Suffixes

application/x-java-applet

Java Applet

 

application/x-java-bean

JavaBeans

 

application/x-java-vm

   

application/x-java-applet;version=1.1.1

   

application/x-java-bean;version=1.1.1

   

application/x-java-applet;version=1.1

   

application/x-java-bean;version=1.1

   

application/x-java-applet;version=1.2

   

application/x-java-bean;version=1.2

   

application/x-java-applet;version=1.1.3

   

application/x-java-bean;version=1.1.3

   

application/x-java-applet;version=1.1.2

   

application/x-java-bean;version=1.1.2

   

application/x-java-applet;version=1.3

   

application/x-java-bean;version=1.3

   

application/x-java-applet;version=1.2.2

   

application/x-java-bean;version=1.2.2

   

application/x-java-applet;version=1.2.1

   

application/x-java-bean;version=1.2.1

   

application/x-java-applet;version=1.3.1

   

application/x-java-bean;version=1.3.1

   

application/x-java-applet;version=1.4

   

application/x-java-bean;version=1.4

   

application/x-java-applet;version=1.4.1

   

application/x-java-bean;version=1.4.1

   

application/x-java-applet;version=1.4.2

   

application/x-java-bean;version=1.4.2

   

application/x-java-applet;version=1.5

   

application/x-java-bean;version=1.5

   

application/x-java-applet;version=1.6

   

application/x-java-bean;version=1.6

   

application/x-java-applet;version=1.7

   

application/x-java-bean;version=1.7

   

application/x-java-applet;jpi-version=1.8.0_45

   

application/x-java-bean;jpi-version=1.8.0_45

   

application/x-java-vm-npruntime

   

application/x-java-applet;deploy=11.45.2

   

application/x-java-applet;javafx=8.0.45

   

Java Deployment Toolkit 8.0.450.14

File: npdeployJava1.dll

Path: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll

Version: 11.45.2.14

State: Disabled (STATE_VULNERABLE_NO_UPDATE)

NPRuntime Script Plug-in Library for Java™ Deploy

MIME Type

Description

Suffixes

application/java-deployment-toolkit

   

Intel® Identity Protection Technology

File: npIntelWebAPIIPT.dll

Path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

Version: 4.0.5.0

State: Enabled

Intel web components for Intel® Identity Protection Technology

MIME Type

Description

Suffixes

application/x-vnd-intel-webapi-ipt-4.0.5

npIntelWebAPIipt-3-5

 

Intel® Identity Protection Technology

File: npIntelWebAPIUpdater.dll

Path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

Version: 4.0.5.0

State: Enabled

Intel web components updater - Installs and updates the Intel web components

MIME Type

Description

Suffixes

application/x-vnd-intel-webapi-updater

npIntelWebAPIupdater-2-0

intel_webapi_updater-2-0

 

 

Shockwave Flash

File: NPSWF32_17_0_0_169.dll

Path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

Version: 17.0.0.169

State: Enabled

Shockwave Flash 17.0 r0

MIME Type

Description

Suffixes

application/x-shockwave-flash

Adobe Flash movie

swf

application/futuresplash

FutureSplash movie

spl

Citrix Online Web Deployment Plugin 1.0.0.104

File: npappdetector.dll

Path: C:\Users\Jo\AppData\Local\Citrix\Plugins\104\npappdetector.dll

Version: 1.0.0.104

State: Disabled

Citrix Online App Detector Plugin

MIME Type

Description

Suffixes

application/x-col-application-detector

Citrix Online App Detector Plugin

colappdetector



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:58 AM

Posted 03 May 2015 - 06:24 AM


Please download the following tools to your desktop and use them in the order listed. They will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
Malwarebytes Anti-Malware 2.0
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Install Malwarebytes Anti-Malware and perform a THREAT SCAN following these instructions.
  • If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • When finished, post the complete log in your next reply to include the top portion which shows database version and your operating system.
  • Refer to this topic for instructions on how to save/export a Scan log...How do I access and save logs from Malwarebytes Anti-Malware?.
.
3. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


Close all open programs and shut down any protection/security software to avoid potential conflicts.

4. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 03 May 2015 - 10:47 PM

Log files etc as requested below:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/04/2015 08:45:05 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\Windows\System32\user32.dll : 1,008,640 : 11/21/2010 10:24 AM : e573bd9ab55c8e333c202b9e255f972e [NoSig]
 +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 05/17/2014 10:32 AM : 2c9cc9f492ca596b1b9fc1ae5e916356 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/21/2010 10:24 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/21/2010 10:24 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 genuine.microsoft.com
  127.0.0.1 mpa.one.microsoft.com
  127.0.0.1 sls.microsoft.com

Program finished at: 05/04/2015 08:46:15 AM
Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04-May-15
Scan Time: 8:50:19 AM
Logfile: Log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.03.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386314
Time Elapsed: 9 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 04-May-15 6:47:32 AM, SYSTEM, JO-PC, Protection, IsLicensed, 13,
Protection, 04-May-15 6:47:32 AM, SYSTEM, JO-PC, Protection, Malware Protection, Stopping,
Protection, 04-May-15 6:47:32 AM, SYSTEM, JO-PC, Protection, Malware Protection, Stopped,
Error, 04-May-15 6:57:09 AM, SYSTEM, JO-PC, Protection, IsLicensed, 13,
Protection, 04-May-15 6:57:09 AM, SYSTEM, JO-PC, Protection, Malware Protection, Stopping,
Protection, 04-May-15 6:57:09 AM, SYSTEM, JO-PC, Protection, Malware Protection, Stopped,
Update, 04-May-15 8:49:39 AM, SYSTEM, JO-PC, Manual, Malware Database, 2015.4.26.5, 2015.5.3.6,
Scan, 04-May-15 8:59:52 AM, SYSTEM, JO-PC, Manual, Start:04-May-15 8:50:19 AM, Duration:9 min 32 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

 

# AdwCleaner v4.203 - Logfile created 04/05/2015 at 10:31:05
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jo - JO-PC
# Running from : C:\Users\Jo\Desktop\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.135


*************************

AdwCleaner[R0].txt - [2326 bytes] - [25/04/2015 18:12:46]
AdwCleaner[R1].txt - [1148 bytes] - [04/05/2015 09:22:17]
AdwCleaner[R2].txt - [1208 bytes] - [04/05/2015 09:25:40]
AdwCleaner[R3].txt - [1084 bytes] - [04/05/2015 10:24:14]
AdwCleaner[S0].txt - [2141 bytes] - [25/04/2015 18:15:47]
AdwCleaner[S1].txt - [1049 bytes] - [04/05/2015 09:30:08]
AdwCleaner[S2].txt - [1010 bytes] - [04/05/2015 10:31:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1069  bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 7 Professional x64
Ran by Jo on 04-May-15 at 10:35:31.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Jo\AppData\Roaming\mozilla\firefox\profiles\e082npqn.default\prefs.js

user_pref(extensions.s4fToolbar.ua-13-appname, Baiduspider);
user_pref(extensions.s4fToolbar.ua-13-description, Baiduspider/2.0);
user_pref(extensions.s4fToolbar.ua-13-useragent, Mozilla/5.0 (compatible; Baiduspider/2.0; +hxxp://www.baidu.com/search/spider.html));
Emptied folder: C:\Users\Jo\AppData\Roaming\mozilla\firefox\profiles\e082npqn.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04-May-15 at 10:39:52.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:58 AM

Posted 04 May 2015 - 04:57 AM

Now try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
 

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Enable detection of potentially unwanted applications
    • Enable detection of potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • Please be patient as the scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.

ESET Online Scanner FAQs

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. ESET's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.

 

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 04 May 2015 - 08:03 PM

I have ESET NOD 32 version 8.0.304.0 anti virus already installed on my computer.  Can I use this or do I have to use the online scan? If I have to use the online scan do I have to shut down the software already installed.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:58 AM

Posted 04 May 2015 - 08:53 PM

Do this instead.

Perform a scan with emsisoft_emergency_kit.pnglogo.png

Please download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
  • Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
    rxYDlQ1.png
    .
  • When asked to run an online update, click Yes.
    dQaKPnk.png
    .
  • When the update is finished, click the Back to Security Status link in the left corner.
  • On the main screen click the Scan PC button.
  • Select Smart Scan, then click the Scan button.
  • When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
    g5ojhHp.png
    .
  • Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
  • Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
  • Copy and paste the contents of that logfile in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 JoeWatson

JoeWatson
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 05 May 2015 - 02:25 AM

Emsisoft log file below:

 

Emsisoft Emergency Kit - Version 9.0
Last update: 05-May-15 9:21:26 AM
User account: Jo-PC\Jo

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    05-May-15 9:22:33 AM
Value: HKEY_USERS\S-1-5-21-186362546-100312684-664110717-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-186362546-100312684-664110717-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    193674
Found    2

Scan end:    05-May-15 10:24:02 AM
Scan time:    1:01:29

Value: HKEY_USERS\S-1-5-21-186362546-100312684-664110717-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-186362546-100312684-664110717-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)

Quarantined    2
 



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:58 AM

Posted 05 May 2015 - 05:09 AM

In reviewing your logs....I noted the following entries to your HOSTS file?

* HOSTS file entries found:

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


Such entries are added to prevent the download of programs that are protected by Windows validation or require its authentication. They are typically used on systems with illegal software and non-genuine Windows.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users