Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hez computer browser default changes and pop ups


  • Please log in to reply
21 replies to this topic

#1 Hez

Hez

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 24 November 2015 - 01:18 AM

I have a Lenovo desktop running Windows 8.

I have several issues.  I accidently caused download of "nowuseeit" and cannot delete it.  Also, browser default search keeps getting changed back to ASK. 

Finally, computer seems to be slowing down quite noticeably.  Pop ups seem to be coming up more often.

Can you help me?  Please!



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:49 AM

Posted 24 November 2015 - 02:38 AM

Hello, 

 

let's see what we can do.

 

rKill.exehttp://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

--------

 

Kaspersky Virus Removal Tool

Please download Kaspersky Virus Removal Tool from here.

§  Right click on KVRT.exe and select Run as Administrator.

§  Read the EULA, then select Accept.

§  Wait for Kaspersky Virus Removal Tool to initialize.

§  In the main screen, select Change parameters, place a checkmark in System drive, then click OK.

§  Click Start scan.

§  Wait for Kaspersky Virus Removal Tool to complete scanning.

§  When the scan is finished, select Neutralize all for all detected objects.

§  Close Kaspersky Virus Removal Tool when done.

Informe me if something is detected.

-------

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.

NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

--------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  In EULA window click I agree.

§  In Options uncheck Reset Winsock settings.

§  Click on Scan button.

§  When the scan has finished click on Cleaning button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[C1].txt as well.

-------

 

Please download Junkware Removal Tool  to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

----------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 Hez

Hez
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 25 November 2015 - 08:52 PM

Hello Severac,

Here's what I have for you......

I think I may have confused the instructions given.  Please let me know if you want me to run a program again.

AND, thank you for helping me.

Hezekiah known as  "Hez"

==============================================

Log from scan for rKill.exe is -

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/25/2015 01:22:45 AM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\jmesoft\Service.exe (PID: 1592) [WD-HEUR]
 * C:\Windows\jmesoft\hotkey.exe (PID: 4796) [WD-HEUR]
 * C:\Windows\jmesoft\JME_LOAD.exe (PID: 4856) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    www.100sexlinks.com
  127.0.0.1    100sexlinks.com

  20 out of 15492 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 11/25/2015 01:23:33 AM
Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)
[END   END   END]

====================================

KVRT Scan results.....Note: I did a screen Capture and have pasted the image.

I HAD A SCREEN CAPTURE JPG IMAGE OF THE SCREEN AND GOT AN ERROR MESSAGE FOR THIS POST.

I will rerun this and see what I did wrong and seen the requested to you.

Sorry for the confusion on my end.....Hez

===========================================

Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 11/25/2015 4:17 AM, SYSTEM, BOLTON, Protection, IsLicensed, 13,
Protection, 11/25/2015 4:17 AM, SYSTEM, BOLTON, Protection, Malware Protection, Stopping,
Protection, 11/25/2015 4:17 AM, SYSTEM, BOLTON, Protection, Malware Protection, Stopped,
Update, 11/25/2015 4:19 AM, SYSTEM, BOLTON, Manual, Rootkit Database, 2015.11.4.2, 2015.11.23.1,
Update, 11/25/2015 4:19 AM, SYSTEM, BOLTON, Manual, Remediation Database, 2015.11.10.2, 2015.11.22.2,
Update, 11/25/2015 4:19 AM, SYSTEM, BOLTON, Manual, Domain Database, 2015.11.11.4, 2015.11.24.9,
Update, 11/25/2015 4:19 AM, SYSTEM, BOLTON, Manual, IP Database, 2015.11.10.1, 2015.11.24.1,
Update, 11/25/2015 4:19 AM, SYSTEM, BOLTON, Manual, Malware Database, 2015.11.12.3, 2015.11.25.3,
Scan, 11/25/2015 4:59 AM, SYSTEM, BOLTON, Manual, Start:11/25/2015 4:22 AM, Duration:22 min 33 sec, Threat Scan, Completed, 9 Malware Detections, 160 Non-Malware Detections,
Error, 11/25/2015 5:01 AM, SYSTEM, BOLTON, Protection, IsLicensed, 13,
Protection, 11/25/2015 5:01 AM, SYSTEM, BOLTON, Protection, Malware Protection, Stopping,
Protection, 11/25/2015 5:01 AM, SYSTEM, BOLTON, Protection, Malware Protection, Stopped,
Error, 11/25/2015 5:16 AM, SYSTEM, BOLTON, Protection, IsLicensed, 13,
Protection, 11/25/2015 5:16 AM, SYSTEM, BOLTON, Protection, Malware Protection, Stopping,
Protection, 11/25/2015 5:16 AM, SYSTEM, BOLTON, Protection, Malware Protection, Stopped,

(end)

======================================================

ADwCleaner text log file - copy and paste:

# AdwCleaner v5.022 - Logfile created 25/11/2015 at 05:10:14
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Boltons1421 - BOLTON
# Running from : C:\Users\Boltons1421\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[-] Folder Deleted : C:\ProgramData\pokki
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\Boltons1421\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Boltons1421\AppData\Roaming\Settings Manager

***** [ Files ] *****

[-] File Deleted : C:\Users\Boltons1421\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Boltons1421\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Boltons1421\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YTD Video Downloader.lnk
[-] File Deleted : C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage
[-] File Deleted : C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage-journal
[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Pokki

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_8c0fb60d03e3ff6fd84a1ee0ac970f06a99b8304
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Settings Manager
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Web browsers ] *****

[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "Ask Web Search");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("browser.search.hiddenOneOffs", "Ask Web Search,Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en),Yahoo!");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Ask Web Search");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=715483&p=");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.BUTTON_STRUCTURE", "[{\"b\":224541277,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224541278,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.search.defaultenginename.prev", "Ask Web Search");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.search.defaultenginename.savedPrev", "true");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.search.defaultenginename.tb", "Ask Web Search");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.search.selectedEngine.prev", "Ask Web Search");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.search.selectedEngine.savedPrev", "true");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.search.selectedEngine.tb", "Ask Web Search");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser//index.jhtml?ptb=8FE16019-7B31-4D6D-868D-229BA3958654&n=781c2c14&p2=^BA5^xdm[...]
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.startup.homepage.savedPrev", "true");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.startup.page.savedPrev", 1);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.startup.page.tb", 1);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.browser.version.last", "42.0");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.firstKnownVersion", "7.18.8.35401");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=8FE16019-7B31-4D6D-868D-229BA3958654&n=781c2c14&p2=^BA5^xdm133^YYA^us&si=49588_TESTTEST-OMF");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.hp.enabled", false);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.hp.guardType", "HPR");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.hp.user.defined", false);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.initialized", true);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.installKeysSource", "Cookies");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.installType", "XPI");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.installation.contextKey", "");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.installation.dlpCountryCode", "US");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.installation.installDate", "2015112212");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.installation.partnerId", "^BA5^xdm133^YYA^us");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.installation.partnerSubId", "49588_TESTTEST-OMF");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.installation.pixelUrl", "hxxp://free.onlinemapfinder.com/install_pixels.jhtml?partner=^BA5^xdm133^YYA^us&sub_id=49588_TESTTEST-OMF&coId=2165c7073d2c[...]
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.installation.success", true);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.installation.toolbarId", "8FE16019-7B31-4D6D-868D-229BA3958654");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.lastActivePing", "1448444870583");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.lastKnownVersion", "7.18.8.47473");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.options.defaultSearch", true);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.options.homePageEnabled", true);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.options.keywordEnabled", true);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.options.tabEnabled", true);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.partnerPixelFired", true);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.successUrl", "hxxp://free.onlinemapfinder.com/installComplete.jhtml");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.toolbar.ownSearch", false);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.toolbarCollapsed", true);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "onlinemapfinder@mindspark.com");
[-] [C:\Users\Boltons1421\AppData\Roaming\Mozilla\Firefox\Profiles\m89s8vll.default\prefs.js] [Preference] Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=715483&p={searchTerms}");
[-] [C:\Users\Boltons1421\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Boltons1421\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Boltons1421\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : palikan.com
[-] [C:\Users\Boltons1421\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_sftopnsrc_15_48&cd=2XzuyEtN2Y1L1Qzu0BtDtDyDzyyE0E0EyEyEtC0B0EzztDyEtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyByB0C0BtAtD0BzztGyDyCtByEtGzytA0AzytGyE0ByE0CtGtByE0A0EyDzz0D0E0FtAyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0BtByEtA0ByEyCtG0DyD0CyDtGyEyEyC0DtG0A0B0DzytGyCtAtAtD0BtCzztC0CtA0D0A2QtN0A0LzuyE&cr=1185290595&ir=
[-] [C:\Users\Boltons1421\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.palikan.com/?f=1&a=plk_sftopnsrc_15_48&cd=2XzuyEtN2Y1L1Qzu0BtDtDyDzyyE0E0EyEyEtC0B0EzztDyEtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyByB0C0BtAtD0BzztGyDyCtByEtGzytA0AzytGyE0ByE0CtGtByE0A0EyDzz0D0E0FtAyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0BtByEtA0ByEyCtG0DyD0CyDtGyEyEyC0DtG0A0B0DzytGyCtAtAtD0BtCzztC0CtA0D0A2QtN0A0LzuyE&cr=1185290595&ir=
[-] [C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Naomi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15200 bytes] ##########

==============================================

JRT LOG TEXT FILE:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64
Ran by Boltons1421 (Administrator) on Wed 11/25/2015 at  5:31:07.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Users\Boltons1421\AppData\Local\{00BB36E7-2413-5A5F-498B-7FB76DE3832F} (Empty Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\SlimCleaner Plus (Scheduled Scan - Boltons1421) (Task)
Successfully deleted: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Boltons1421).job (Task)



Registry: 4

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0223941442385998mcinstcleanup (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\MapsGalaxy_39Service (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC28ABC4-361B-4DDB-9039-F9CBA8CC1CE9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/25/2015 at  5:34:23.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 Hez

Hez
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 26 November 2015 - 02:07 AM

Severac,

This is a follow-up to the email I sent earlier today.

The KVRT scan result was not with the earlier email.

I tried to include it in the 1st email as a image (jpg) screencapture file.  It was not allowed.

Your instructional email stated "informe me if something is detected". 

I've since deleted the screencapture image.  But, YES, there was about 5 or 6 lines in the resulting file log.

When I ran the KVRT scan a second time, the log file was empty.

I hope this is helpful.  I await your next set of instructions.

Hez



#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:49 AM

Posted 26 November 2015 - 03:10 AM

So far so good, I think so. 

 

Can you open MBAM again and post me this log:

 

 

Scan, 11/25/2015 4:59 AM, SYSTEM, BOLTON, Manual, Start:11/25/2015 4:22 AM, Duration:22 min 33 sec, Threat Scan, Completed, 9 Malware Detections, 160 Non-Malware Detections,

 

I want to see detection list: 

Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

------

 

Do you still have pop up problems?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 Hez

Hez
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 26 November 2015 - 05:21 AM

Severac,

I'm getting better at interpreting the instructions.  Here is the scan log for the recent date.

As for your question, the POP-UPS seems to have gone away......Thank you! 

However, the computer seems noticeably sloooooooower.  Waiting for your next instructions.......Hez

====================================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/26/2015
Scan Time: 1:08 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.26.02
Rootkit Database: v2015.11.23.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Boltons1421

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394415
Time Elapsed: 23 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#7 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:49 AM

Posted 26 November 2015 - 12:39 PM

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  List Installed Programs

Click Go and post the result (MTB.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

-----------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#8 Hez

Hez
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 26 November 2015 - 04:29 PM

Severac,

Below are the results of running the Minitoolbox program:

=====================

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Boltons1421 (administrator) on 26-11-2015 at 13:12:28
Running from "C:\Users\Boltons1421\Desktop"
Microsoft Windows 8.1  (X64)
Model: 10130 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.)
Canon MX470 series On-screen Manual (HKLM-x32\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX470 series User Registration (HKLM-x32\...\Canon MX470 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.01.0187 - REALTEK Semiconductor Corp.)
Screen Recorder Launcher (HKCU\...\ScreenRecorderLauncher) (Version: 1.7 - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

**** End of log ****
 



#9 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:49 AM

Posted 26 November 2015 - 04:51 PM

Uninstall Spybot - Search & Destroy. 

 

I can't see any programs that can cause slower response. 

 

And I don't see any malware activity anymore. 

 

Try to defragment your drives, to delete programs that you don't use...


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#10 Hez

Hez
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 26 November 2015 - 05:25 PM

Please clarify how I defrag.

I've done it on past computers, but, Windows 8 has me uncertain. 

Which of these below I defrag?  Or, is there another process?

This PC

Windows8_OS (C:)



#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:49 AM

Posted 26 November 2015 - 05:44 PM

You can defragment your PC.

 

Info: http://windows.microsoft.com/en-us/windows-8/improve-performance-optimizing-hard-drive


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#12 Hez

Hez
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 28 November 2015 - 01:18 AM

Spybot S&D is now uninstalled.

I'll defrag next......Hez



#13 Hez

Hez
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 28 November 2015 - 02:31 AM

Severac,

Clicked on "Defragment and optimize your drives" and got the following after clicking on ANALYZE for each drive: Retyped by hand.

Drive*****                                   Media Type                Last run                               Current Status

Windows8_OS(C:)                     Hard disk drive          11/27/2015 10:39AM           OK (1% fragmented)

PBR_DRV                                  Hard disk drive           SAME                                  OK(0% fragmented)

WINRE_DRV                             Hard disk drive           SAME                                  OK(0% fragmented)

\\?\Volume{0b68354d-0da5-     

40a0-acc0-bf11d235efdf}\          Hard disk drive           SAME                                  OK(0% fragmented)

 

\\?\Volume{59e7ef6f-0133-

4f01-944e-6ad4c12fdf68}\          Hard disk drive           SAME                                  OK(0% fragmented)

 

\\?\Volume{de919bd0-1d92-

400e-a16f-4168a47d40a}\          Hard disk drive           SAME                                  OK(0% fragmented)

.....................................................................................................

Scheduled Optimization--ON;   Drives are being optimized automatically;  Frequency - weekly

End

What to do now?  Still experiencing some slowness from when bought computer in June!!!      Hez



#14 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:49 AM

Posted 28 November 2015 - 03:51 AM

Ok, you don't need to think about the defragmentation, it is set to Scheduled optimization. 

 

------

 

Let's see what is starting with Windows when you boot your system:

 

Autoruns by Sysinternals

Please follow the instructions below to give me an Autoruns log containing your start-up entries:

§  Download Autoruns from here.

§  Extract the content of the Autoruns.zip folder on the Desktop.

§  Open the Autoruns folder, right click on Autoruns.exe and click Run as Administrator.

§  Accept the EULA on opening, then wait for all the entries to load.

§  Click on File, then Save and save the file to your Desktop as *.txt file format not default *.arn file format.

§  Go on ge.tt and upload the Autoruns file you saved.

§  Please copy and post the download URL of your uploaded file in your next reply.


Edited by severac, 28 November 2015 - 03:51 AM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#15 Hez

Hez
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 28 November 2015 - 04:57 PM

Severac,

I "think" I got it right.  I'm not sure.  The dialog box information I've typed in below:

[title of dialog box]   Opening"BOLTON Autorun for Severac.txt";

Inside dialog box:  Your have chosen to open:    BOLTON Autorun for Severac.txt;  which is: Text Document (68.5 KB);

from: http://s3.kkloud.com.s3.amazonaws.com What should Firefox do with this file?

.

.

I'm hoping the URL I just entered is what you want.

If I got it all wrong, please help me get to what you need.

Thanks again.............Hez






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users