Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow PC, adware and possible virus?


  • Please log in to reply
4 replies to this topic

#1 TrillTP

TrillTP

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 19 July 2015 - 11:41 AM

I've been having a problem with too much cpu being used but the problem is not what i'm running, or how much is in my storage (being it always ran fast). I've used adwcleaner to fix things and this is what ive found. I want to know my computer was cleaned right.

 

 

# AdwCleaner v4.208 - Logfile created 19/07/2015 at 09:15:47
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1 Service Pack 1 (x64)
# Username : DJKAM1213 - DJKAM-PC
# Running from : C:\Users\DJKAM1213\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[x] Not Deleted : SCService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\SearchDonkey
Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
Folder Deleted : C:\Users\DJKAM1213\AppData\Local\emaze
Folder Deleted : C:\Users\DJKAM1213\AppData\Local\GCC
Folder Deleted : C:\Users\DJKAM1213\AppData\Local\Oxy
Folder Deleted : C:\Users\DJKAM1213\AppData\Local\StormFall
Folder Deleted : C:\Users\DJKAM1213\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\DJKAM1213\AppData\Roaming\Oxy
Folder Deleted : C:\Users\DJKAM1213\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\DJKAM1213\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\DJKAM1213\AppData\Roaming\StormFall
Folder Deleted : C:\Users\DJKAM1213\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc
Folder Deleted : C:\Users\DJKAM1213\AppData\Local\Chromium\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\DJKAM1213\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_faoigfclahgbjjjaopddafnnapmeppnc_0.localstorage
File Deleted : C:\Users\DJKAM1213\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_faoigfclahgbjjjaopddafnnapmeppnc_0.localstorage-journal
File Deleted : C:\Users\DJKAM1213\daemonprocess.txt
File Deleted : C:\Users\DJKAM1213\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk
File Deleted : C:\Users\DJKAM1213\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\DJKAM1213\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : RunAsStdUser Task
Task Deleted : UpdaterEX
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKCU\Software\Appscion
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v
 
[C:\Users\DJKAM1213\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 
[C:\Users\DJKAM1213\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : EA894A8492F36365B6A4D913413D1243CB73D0D9F6BA400E0672CB41F89BA5E9"},"software_reporter":{"prompt_reason":"2B394364944A8F2D2C2555A617A1D6E2DC6E0FC752103A038702D3E9FC9CDDE8","prompt_seed":"7DE06A1259C08A9CDB73A0D61D1EFF608ABC359F4C54E8896A6E0034BD23853C","prompt_version":"04154ECF8720CFA4C6718648FC35229A480CF8EB1AFC4770781CD24FD0272182"},"sync":{"remaining_rollback_tries":"A1BD7E0C52876FCAA47622DA881D843D6D20A18833669C9E5FD304A5944C8D50"}},"super_mac":"7CD847E8097A1A9E940D89F577F97060F6E6B17511F1129D4CC4447A2815D202"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://start.sweetpacks.com/?barid={06ABFD7B-D48C-11E2-8486-D08753122865}&src=10&crg=3.5000006.10042&st=23","hxxp://feed.snap.do/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=US&userid=9a5cdb49-ae2f-417b-95b1-d811ef420353&searchtype=hp&installDate=15/06/2013
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [14500 bytes] - [19/07/2015 08:25:33]
AdwCleaner[S0].txt - [5309 bytes] - [19/07/2015 09:15:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5368  bytes] ##########
 


BC AdBot (Login to Remove)

 


m

#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:13 PM

Posted 19 July 2015 - 12:35 PM

Hello and welcome,

 

Download Security Check from here or here and save it to your Desktop.

§  Double-click SecurityCheck.exe

§  Follow the onscreen instructions inside of the black box.

§  Notepad document should open automatically called checkup.txt; please post the contents of that document.

--------------

Kaspersky Virus Removal Tool

Please download Kaspersky Virus Removal Tool from here.

§  Right click on KVRT.exe and select Run as Administrator.

§  Read the EULA, then select Accept.

§  Wait for Kaspersky Virus Removal Tool to initialize.

§  In the main screen, select Change parameters, place a checkmark in System drive, then click OK.

§  Click Start scan.

§  Wait for Kaspersky Virus Removal Tool to complete scanning.

§  When the scan is finished, select Neutralize all for all detected objects.

§  Close Kaspersky Virus Removal Tool when done.

Informe me if something is detected.

------------

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.

NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

-------------

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

-------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 TrillTP

TrillTP
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 23 July 2015 - 01:35 AM

Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Internet Security   
Windows Defender              
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 40  
 Java version 32-bit out of Date! 
 Google Chrome (43.0.2357.132) 
 Google Chrome (43.0.2357.134) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#4 TrillTP

TrillTP
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 23 July 2015 - 11:39 AM

And Kaspersky Detected Ads



#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:13 PM

Posted 24 July 2015 - 10:44 AM

Hello,

 

Please, post other logs.

Update your Antivirus. 

Uninstall Java. 

 

 

 

You don't need Java.

Using Java is an unnecessary security risk...especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system. Although Java is commonly used in business environments and many VPN providers still use it, the average user does not need to install Java software. I recommend just uninstalling Java if you don't use it. If you must use Java, many security researchers and computer security organizations caution users to limit their usage and to disable Java Plug-ins or add-ons in your browsers.

Quote

If you need Java for a specific Web site, consider adopting a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site(s) that require(s) it.

Krebs On Security: ...Java

Quote

To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment.

US CERT: Disable Java in web browsers

 


Edited by severac, 24 July 2015 - 10:46 AM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users