Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wifi issues after installing win 10 it appears


  • Please log in to reply
24 replies to this topic

#1 chucksno

chucksno

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 21 November 2015 - 09:39 PM

In appears since upgrading my home network to windows 10 (2 laptops) that the wifi comes and goes.  I have an ipod as well which seems to not be operating as efficiently as it once did.  I am still checking on that.  Not sure if the laptops are a driver issue or other?  

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 23 November 2015 - 08:06 AM

Hi chucksno :)

Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 chucksno

chucksno
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 23 November 2015 - 03:04 PM

MiniToolBox by Farbar  Version: 02-11-2015

Ran by Owner (administrator) on 23-11-2015 at 14:59:57

Running from "C:\Users\Owner\Downloads"

Microsoft Windows 10 Home  (X64)

Model: Satellite C655 Manufacturer: TOSHIBA

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

54.235.90.58    ojbalidmphhoopheigckkcpldegcohhe

========================= IP Configuration: ================================

 

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)

Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) = Local Area Connection (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : Suzy

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)

   Physical Address. . . . . . . . . : 00-26-6C-04-C4-67

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Local Area Connection* 2:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 9C-B7-0D-64-41-A5

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

   Physical Address. . . . . . . . . : 9C-B7-0D-64-41-A5

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::dcb6:77b5:f770:d029%4(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.2.122(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Saturday, November 21, 2015 2:18:50 PM

   Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM

   Default Gateway . . . . . . . . . : 192.168.2.1

   DHCP Server . . . . . . . . . . . : 192.168.2.1

   DHCPv6 IAID . . . . . . . . . . . : 245151501

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-C2-E0-93-00-26-6C-04-C4-67

   DNS Servers . . . . . . . . . . . : 192.168.2.1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter isatap.{5D8C4AAE-D44F-4E03-AC4C-019C9A91793F}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2c64:1ef9:bbc7:5b83(Preferred)

   Link-local IPv6 Address . . . . . : fe80::2c64:1ef9:bbc7:5b83%3(Preferred)

   Default Gateway . . . . . . . . . : ::

   DHCPv6 IAID . . . . . . . . . . . : 318767104

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-C2-E0-93-00-26-6C-04-C4-67

   NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  UnKnown

Address:  192.168.2.1

 

Name:    google.com

Addresses:  2607:f8b0:4009:808::200e

      216.58.216.206

 

 

Pinging google.com [216.58.216.206] with 32 bytes of data:

Reply from 216.58.216.206: bytes=32 time=24ms TTL=54

Reply from 216.58.216.206: bytes=32 time=25ms TTL=54

 

Ping statistics for 216.58.216.206:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 24ms, Maximum = 25ms, Average = 24ms

Server:  UnKnown

Address:  192.168.2.1

 

Name:    yahoo.com

Addresses:  2001:4998:c:a06::2:4008

      2001:4998:58:c02::a9

      2001:4998:44:204::a7

      206.190.36.45

      98.139.183.24

      98.138.253.109

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=97ms TTL=44

Reply from 206.190.36.45: bytes=32 time=80ms TTL=44

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 80ms, Maximum = 97ms, Average = 88ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

  5...00 26 6c 04 c4 67 ......Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)

  7...9c b7 0d 64 41 a5 ......Microsoft Wi-Fi Direct Virtual Adapter

  4...9c b7 0d 64 41 a5 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

  1...........................Software Loopback Interface 1

  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

  3...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.122     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.2.0    255.255.255.0         On-link     192.168.2.122    281

    192.168.2.122  255.255.255.255         On-link     192.168.2.122    281

    192.168.2.255  255.255.255.255         On-link     192.168.2.122    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link     192.168.2.122    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link     192.168.2.122    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination      Gateway

  3    306 ::/0                     On-link

  1    306 ::1/128                  On-link

  3    306 2001::/32                On-link

  3    306 2001:0:5ef5:79fd:2c64:1ef9:bbc7:5b83/128

                                    On-link

  4    281 fe80::/64                On-link

  3    306 fe80::/64                On-link

  3    306 fe80::2c64:1ef9:bbc7:5b83/128

                                    On-link

  4    281 fe80::dcb6:77b5:f770:d029/128

                                    On-link

  1    306 ff00::/8                 On-link

  3    306 ff00::/8                 On-link

  4    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (11/12/2015 04:49:26 PM) (Source: CVHSVC) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

 

Error: (11/10/2015 03:24:21 PM) (Source: Perflib) (User: )

Description: ASP.NET_2.0.50727

 

Error: (11/10/2015 03:24:21 PM) (Source: Perflib) (User: )

Description: ASP.NET_2.0.507278

 

Error: (11/09/2015 12:46:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SUZY)

Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/09/2015 12:46:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SUZY)

Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/09/2015 12:46:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SUZY)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/07/2015 05:10:17 AM) (Source: CVHSVC) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

 

Error: (11/06/2015 03:24:32 PM) (Source: Application Hang) (User: )

Description: The program MicrosoftEdge.exe version 11.0.10240.16566 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

Process ID: ab0

 

Start Time: 01d118d09de00b67

 

Termination Time: 4294967295

 

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

 

Report Id: 62470d47-84c4-11e5-8d6d-00266c04c467

 

Faulting package full name: Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe

 

Faulting package-relative application ID: MicrosoftEdge

 

Error: (11/06/2015 03:24:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SUZY)

Description: Package Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.

 

Error: (11/02/2015 10:59:14 AM) (Source: Application Hang) (User: )

Description: The program MicrosoftEdge.exe version 11.0.10240.16566 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

Process ID: 102c

 

Start Time: 01d115852453eb58

 

Termination Time: 4294967295

 

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

 

Report Id: a84e0bbf-817a-11e5-8d6d-00266c04c467

 

Faulting package full name: Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe

 

Faulting package-relative application ID: MicrosoftEdge

 

 

System errors:

=============

Error: (11/21/2015 03:22:23 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

 

Error: (11/21/2015 10:34:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 

Code: 8 0x0 0x0

 

Error: (11/21/2015 10:34:45 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 

Code: 4 0x0 0x0

 

Error: (11/21/2015 10:34:45 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 

Code: 1 0xc 0x4

 

Error: (11/21/2015 09:11:58 AM) (Source: bowser) (User: )

Description: The master browser has received a server announcement from the computer GENESISSNOAP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D8C4AAE-D44F-4E03-AC4C-019C9A91793F}.

The master browser is stopping or an election is being forced.

 

Error: (11/20/2015 07:26:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 

Code: 8 0x0 0x0

 

Error: (11/20/2015 07:26:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 

Code: 4 0x0 0x0

 

Error: (11/20/2015 07:26:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 

Code: 1 0xc 0x4

 

Error: (11/19/2015 08:31:13 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

 

Error: (11/14/2015 07:23:29 AM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

 

 

Microsoft Office Sessions:

=========================

Error: (11/12/2015 04:49:26 PM) (Source: CVHSVC)(User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

 

Error: (11/10/2015 03:24:21 PM) (Source: Perflib)(User: )

Description: ASP.NET_2.0.50727

 

Error: (11/10/2015 03:24:21 PM) (Source: Perflib)(User: )

Description: ASP.NET_2.0.507278

 

Error: (11/09/2015 12:46:21 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SUZY)

Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141

 

Error: (11/09/2015 12:46:21 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SUZY)

Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141

 

Error: (11/09/2015 12:46:18 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SUZY)

Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141

 

Error: (11/07/2015 05:10:17 AM) (Source: CVHSVC)(User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

 

Error: (11/06/2015 03:24:32 PM) (Source: Application Hang)(User: )

Description: MicrosoftEdge.exe11.0.10240.16566ab001d118d09de00b674294967295C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe62470d47-84c4-11e5-8d6d-00266c04c467Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge

 

Error: (11/06/2015 03:24:30 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SUZY)

Description: Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe+MicrosoftEdge

 

Error: (11/02/2015 10:59:14 AM) (Source: Application Hang)(User: )

Description: MicrosoftEdge.exe11.0.10240.16566102c01d115852453eb584294967295C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exea84e0bbf-817a-11e5-8d6d-00266c04c467Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-11-06 16:14:34.159

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-06 16:14:34.141

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-06 16:14:33.920

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-06 16:14:33.787

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-06 11:54:06.951

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-06 11:54:06.936

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-06 11:54:06.918

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-06 11:54:06.904

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-06 11:54:06.879

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-11-06 11:54:06.865

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

=========================== Installed Programs ============================

 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)

Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)

Avery Toolbar (HKLM-x32\...\{41565232-5636-006A-76A7-A758B70C2300}) (Version: 12.35.0.2649 - APN, LLC)

Bejeweled 3 (HKLM-x32\...\WTA-3f8eda8d-fe5e-469d-8fda-fffd49b49e53) (Version: 2.2.0.97 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Brother HL-4040CDN (HKLM-x32\...\{143FB53B-2F7A-44AA-B55F-A9E36AD280EE}) (Version: 1.00 - Brother)

Chuzzle Deluxe (HKLM-x32\...\WTA-76817534-38f1-41e5-a988-e41b13e46bd9) (Version: 2.2.0.95 - WildTangent) Hidden

CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

FATE - The Traitor Soul (HKLM-x32\...\WTA-fea624ec-5cc9-45a0-9a10-d70fa5211377) (Version: 2.2.0.95 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)

H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.6401 - HRB Technology, LLC.)

H&R Block Michigan 2013 (HKLM-x32\...\{F46C910F-0113-4D51-8268-A89E14C5D18B}) (Version: 1.13.5901 - HRB Technology, LLC.)

H&R Block Michigan 2014 (HKLM-x32\...\{DCB4E829-E4BD-411C-8B41-C95BB2ABD073}) (Version: 1.14.5001 - HRB Technology, LLC.)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)

iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)

Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)

Jewel Quest: The Sleepless Star - Collector's Edition (HKLM-x32\...\WTA-dcfcb625-762e-4d54-86a7-3c01e220b0d0) (Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)

Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )

PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )

Penguins! (HKLM-x32\...\WTA-83e7eb90-4b62-4ac3-a649-f9085e351600) (Version: 2.2.0.95 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-d9ca6cb5-83b2-42d6-bf77-edb8e122603e) (Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Polar Bowler (HKLM-x32\...\WTA-87f655b9-5d36-44d0-b8e8-e00d9078030a) (Version: 2.2.0.95 - WildTangent) Hidden

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)

Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)

Solid Savings (HKLM-x32\...\Solid Savings) (Version: 1.26.153.1 - 215 Apps)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)

Tom Clancy's Splinter Cell (HKLM-x32\...\WTA-478857a5-8380-4f65-aff1-c8dd56f1d670) (Version: 2.2.0.97 - WildTangent) Hidden

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)

TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)

Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)

TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)

TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.1 - TOSHIBA Corporation)

TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)

Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)

TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)

Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)

TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)

TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)

TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.1 - TOSHIBA Corporation)

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)

TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)

ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)

Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden

WeatherBug (HKLM-x32\...\{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}) (Version: 7.0.0.12 - Earth Networks, Inc.)

WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)

WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.4.16 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Zuma's Revenge (HKLM-x32\...\WTA-fe710af1-1f73-4b57-b067-50a68f0729b1) (Version: 2.2.0.97 - WildTangent) Hidden

 

========================= Devices: ================================

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 55%

Total physical RAM: 4043.86 MB

Available physical RAM: 1800.75 MB

Total Virtual: 8139.86 MB

Available Virtual: 5480.18 MB

 

========================= Partitions: =====================================

 

1 Drive c: (TI106136W0E) (Fixed) (Total:452.33 GB) (Free:364.63 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\SUZY

 

Administrator            DefaultAccount           Guest                   

Owner                   

 

 

**** End of log ****



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 23 November 2015 - 05:08 PM

It appears that you have adware installed on your system. Is this a work laptop, or a personal laptop? If it's a work laptop, do you have the authorization to be assisted here and follow our directions?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 chucksno

chucksno
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 23 November 2015 - 05:24 PM

Its a personal that I use for work and personal but I have complete freedom...thx Aura



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 23 November 2015 - 05:28 PM

Good :) Uninstall the following programs please.

  • Adobe AIR - Outdated and vulnerable;
  • Avery Toolbar - Unless you use it, but I doubt;
  • Google Toolbar for Internet Explorer - Unless you use it;
  • Java 6 Update 20 - Outdated and vulnerable;
  • Norton PC Checkup;
  • Solid Savings - Adware;

Once done, follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode

  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;

Your next reply(ies) should therefore contain:

  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

Edited by Chris Cosgrove, 23 November 2015 - 06:50 PM.
Moved from Networking to 'Am I infected?.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 chucksno

chucksno
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 23 November 2015 - 06:58 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 10 Home x64
Ran by Owner (Administrator) on Mon 11/23/2015 at 17:58:48.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

File System: 10
 
Successfully deleted: C:\ProgramData\apn (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage (File)
Successfully deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage (File)
Successfully deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage (File)
Successfully deleted: C:\Users\Owner\AppData\Roaming\pccustubinstaller (Folder)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_0E996B06-C00C3AE1.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File)
 
 
 
Registry: 2
 
Successfully deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{38D30BA7-5E5B-4AD9-AD66-5BFF4AFDC498} (Registry Key)
Successfully deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6FEB7DBE-E69E-4068-ACB6-20861BB1046A} (Registry Key)
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/23/2015 at 18:01:28.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v5.022 - Logfile created 23/11/2015 at 18:10:55
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Owner - SUZY
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Owner\AppData\Local\VNT
[-] Folder Deleted : C:\Users\Owner\AppData\Local\Temp\apn
 
***** [ Files ] *****
 

***** [ DLLs ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 
[-] Task Deleted : bench-sys
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\VNT
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.search.ask.com/web?tpid=AVR2V6&o=APN10714&l=dis&pf=V7&p2=%5EASU%5EYYYYYY%5EYY%5EUS&gct=&itbv=11.8.1.411&doi=2013-05-22&apn_uid=7EE43B82-AC05-4F78-A999-A29BE8EB6DDA&apn_ptnrs=%5EASU&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=cr_26.0.1410.64&psv=&pt=tb&trgb=&q={searchTerms}
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2639 bytes] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/23/2015
Scan Time: 6:26 PM
Logfile:
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.23.09
Rootkit Database: v2015.11.23.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341930
Time Elapsed: 27 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.BenchUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bench-S-1-5-21-303826998-458376529-2769116677-1000, Delete-on-Reboot, [d99c463b147755e1911c1655956ec838],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211621178}, Quarantined, [185d86fbb0db42f41d89f5820df63dc3],
 
Registry Values: 2
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211621178}|AppName, Solid Savings-bg.exe, Quarantined, [185d86fbb0db42f41d89f5820df63dc3]
PUP.Optional.SocialPrivacy, HKU\S-1-5-21-303826998-458376529-2769116677-1000\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|sp@sp.com, C:\Program Files (x86)\Social Privacy\FF\, Quarantined, [c7aecfb2513a2a0ca599316c20e3fd03]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.APNToolBar, C:\Users\Owner\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe, Quarantined, [86efb6cb79125adca7c440e6867b619f],
PUP.Optional.APNToolBar, C:\Users\Owner\Downloads\PIP2610_AVR54_.exe, Quarantined, [f87ddba6701b38fec4a766c01fe2bd43],
PUP.Optional.SafeInstall, C:\Users\Owner\Downloads\adobeflashplayer.exe, Quarantined, [601591f01d6e62d4a1230c1f02ffc040],
 
Physical Sectors: 0
(No malicious items detected)
 

(end)
 



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 23 November 2015 - 07:02 PM

Good :) Now follow the instructions below please.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;
Once done, can you give me your Toshiba Model Part Number? Instructions on how to find it can be found at the link below.

http://support.toshiba.com/sscontent?contentId=4007069

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 chucksno

chucksno
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 23 November 2015 - 07:59 PM

Satellite C655  PSC2EU-08E02H​



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 23 November 2015 - 08:05 PM

These are the latest drivers for your Network Controller. Download and install them, then restart your computer.

http://cdgenp01.csd.toshiba.com/content/support/downloads/TC00503900A.exe

Sadly they don't seems to be officially Windows 10 compatible.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 chucksno

chucksno
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 23 November 2015 - 08:21 PM

I believe it took, it just didn't confirm saying like updated etc...it just finished the bar left to right and went away



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 23 November 2015 - 08:56 PM

When you executed the .exe, did it ask you to Extract and Install, or Extract?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 chucksno

chucksno
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 23 November 2015 - 09:14 PM

it says setup will start when extraction is complete and it doesn't show it starting up?  sorry I tried to follow the path to the temp local but couldn't find



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 PM

Posted 23 November 2015 - 09:19 PM

I downloaded the file myself and executed it. Once you execute it, click on the Options button and change the extract folder to a more suitable location (see my screenshot below for an example).
Sgi06va.png
Once done, go in the folder you extracted the content to, and execute Setup.exe.
XU75bVo.png

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 chucksno

chucksno
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 23 November 2015 - 09:21 PM

I may be out of pocket till Tuesday as I am heading to my men's hockey league...You canucks will appreciate that!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users