Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 machine driving me crazy


  • Please log in to reply
15 replies to this topic

#1 hussain21

hussain21

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 06 January 2016 - 08:52 PM

Hello everyone

 

i have created and account just to post my issue here

 

my laptop is windows 10 and i use it mainly to play games from steam , cracked games and downloading movies

 

for the past few weeks the device became unbearably unresponsive , lag spikes , freezes that last for hours , and lastly crasging and freezing in the games which is very annoying

 

in the task manager it shows that disk usage is 100% , which is weird as i see everything having low impact on the disk

 

im thinking that i might be infected by a malware/virus as when i turn off my windows defender the lag suddenly goes away for an hour or so then comes back

 

i have tried many tools but i couldnt find the exact problem

 

 

at the moment im typing this from safe mode , which is the only way for me to use the device without having it freezing for the next hour or so

 

 

can someone please help me find the issue ?

 

thanks in advance



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 06 January 2016 - 09:11 PM

G'day hussain21, and Welcome to BC

 

The answer to your problem is actually in your post..." cracked games and downloading movies"

 

That will get you infected every time, without fail.

 

Please run the following for me, and copy and paste the logs back here in your reply.

 

 

Download Security Check and save it to your Desktop.

    Double-click SecurityCheck.exe
    Follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

 

Please download  http://www.bleepingcomputer.com/download/minitoolbox/ to desktop to run it.
 Checkmark the following boxes:

  • List content of Hosts
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)

 

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.

    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. This gives a preliminary reading, and clears your Antivirus/Antimalware programs.
    You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
    Double-click on the Rkill desktop icon to run the tool.
    If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    A black DOS box will briefly flash for a minute or so, and then disappear. This is normal and indicates the tool ran successfully.
    If not, delete the file, then download and use the one provided in Link 2.
    Do not reboot until you run the next few tools.
    If the tool does not run from any of the links provided, please let me know.
    If normal mode still doesn't work, run the tool from safe mode.
    When the scan is done Notepad will open with Rkill log.
    Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

    Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
    Click on the Scan button.
    AdwCleaner will begin...be patient as the scan may take some time to complete.
    When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    Look over the log especially under Files/Folders for any program you want to save.
    If there's a program you may want to save, just uncheck it from AdwCleaners list
    If you're not sure, post the log for review. (all items found are usually  adware/spyware/foistware)
    If you're ready to clean it all up.....click the Clean button.
    After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    NOTE - To restore an item that has been deleted by accident:
    Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

To fully empty the Quarantine Manager, re-open Adwarecleaner and hit the Uninstall button, and reboot..
The program can be reinstalled later with the Updated Data base included

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#3 hussain21

hussain21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 06 January 2016 - 10:19 PM

Good day to you too
 
i had my suspecion on the cracked games and the movies too
 
 
i will post logs and edit this post as soon as i finish with each program you recommended
 
 Edit : im editing this post from my phone , as my laptop froze as soon as i finished posting and is yet to response , only the mouse arrow seem to be reaponsive a little bit
Edit : 9 minutes later the freeze decided to stop , downloading and running the second program now


securety check log :
 
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 76  
 Java 8 Update 31  
 Java 8 Update 40  
 Java version 32-bit out of Date!
  Adobe Flash Player     19.0.0.226 Flash Player out of Date!  
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox 38.0.1 Firefox out of Date!  
 Google Chrome 34.0.1847.116 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

i cant edit/post on this thread ?

 


Edited by hussain21, 06 January 2016 - 10:44 PM.


#4 hussain21

hussain21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 06 January 2016 - 10:46 PM

whenever i try to post the log from mini toolbox it says i dont have permission to post in the thread , but normal editing or posting work

 

 

what can i do ?

 



#5 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 06 January 2016 - 10:48 PM

Run  RKILL   <<<<< click this link


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#6 hussain21

hussain21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 06 January 2016 - 10:54 PM

Rkiller log :

 

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/07/2016 11:42:55 AM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\hp\Downloads\SecurityCheck.exe (PID: 212) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Prey\current => c:\Windows\Prey\versions\1.4.2 [Dir]

Checking Windows Service Integrity:

 * fcvsc [Missing Service]
 * HdAudAddService [Missing Service]
 * HyperVideo [Missing Service]
 * netvsc [Missing Service]
 * tunnel [Missing Service]
 * wfpcapture [Missing Service]

 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1                   onhax.net
  127.0.0.2                   www.onhax.net
  127.0.0.2                   forum.onhax.net
  127.0.0.1                   labs.onhax.net
  127.0.0.1                   do2dear.net
  127.0.0.1                   https://forum.onhax.net
  127.0.0.1                   dlgratis.com
  127.0.0.1                   p30world.com
  127.0.0.1                   104.28.14.60
  127.0.0.1                   104.28.15.60
  127.0.0.1                   piratecity.net

Program finished at: 01/07/2016 11:45:41 AM
Execution time: 0 hours(s), 2 minute(s), and 46 seconds(s)
 



#7 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 06 January 2016 - 11:04 PM

Now try ADWCLEANER     


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#8 hussain21

hussain21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 07 January 2016 - 12:03 AM

# AdwCleaner v5.028 - Logfile created 07/01/2016 at 12:01:09
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : hp - HP-HP
# Running from : C:\Users\hp\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\AelllSaver
[-] Folder Deleted : C:\Program Files (x86)\FuiundBestoDeaL
[-] Folder Deleted : C:\Program Files (x86)\NueWSaeveur
[-] Folder Deleted : C:\Program Files (x86)\save inet
[!] Folder Not Deleted : C:\Program Files (x86)\AelllSaver
[!] Folder Not Deleted : C:\Program Files (x86)\FuiundBestoDeaL
[!] Folder Not Deleted : C:\Program Files (x86)\NueWSaeveur
[!] Folder Not Deleted : C:\Program Files (x86)\save inet
[-] Folder Deleted : C:\Program Files (x86)\Optimizer Pro
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[-] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Babylon
[-] Folder Deleted : C:\ProgramData\SNT
[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[-] Folder Deleted : C:\ProgramData\AelllSaver
[-] Folder Deleted : C:\ProgramData\FuiundBestoDeaL
[-] Folder Deleted : C:\ProgramData\NueWSaeveur
[-] Folder Deleted : C:\ProgramData\save inet
[!] Folder Not Deleted : C:\ProgramData\AelllSaver
[!] Folder Not Deleted : C:\ProgramData\FuiundBestoDeaL
[!] Folder Not Deleted : C:\ProgramData\NueWSaeveur
[!] Folder Not Deleted : C:\ProgramData\save inet
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder Deleted : C:\Users\Guest\AppData\Local\torch
[-] Folder Deleted : C:\Users\hp\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\hp\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\hp\AppData\Local\torch
[-] Folder Deleted : C:\Users\hp\AppData\LocalLow\Minibar
[-] Folder Deleted : C:\Users\hp\AppData\Roaming\Babylon
[-] Folder Deleted : C:\Users\hp\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\hp\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[-] Folder Deleted : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder Deleted : C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
[-] Folder Deleted : C:\Users\Public\Documents\tencent

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\foxydeal.sqlite
[-] File Deleted : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\invalidprefs.js
[-] File Deleted : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\searchplugins\safeguard-secure-search.xml
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TFsFltX64.sys
[-] File Deleted : C:\WINDOWS\SysWOW64\drivers\bd0001.sys
[-] File Deleted : C:\WINDOWS\SysWOW64\drivers\bd0002.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : MdmUpdateTaskMachineCore

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
[-] Key Deleted : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
[-] Key Deleted : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
[-] Key Deleted : HKCU\Software\5c57dcd1e03eec46
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\32c9ad25-d7f8-64b9-2f6a-b1744179132e
[-] Key Deleted : HKLM\SOFTWARE\5c57dcd1e03eec46
[-] Key Deleted : HKLM\SOFTWARE\93dc3b57-e78a-4195-92e0-79810ff619e3
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-584836823
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key Deleted : HKCU\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\smarttweak
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\Webplayer
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qq.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\v.qq.com
[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qq.com
[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\v.qq.com

***** [ Web browsers ] *****

[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.FF19Solved", "true");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.UserID", "UN34946421317698109");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.dum", "2");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.fullUserID", "UN34946421317698109.IN.20131006020634");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.installDate", "06/10/2013 02:06:36");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.installSessionId", "61b4e8eb-d269-49c7-bff6-d1a50e06ef5f");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.installSp", "false");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.installUsage", "23/04/2014 20:33:41");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.installUsageEarly", "23/04/2014 20:33:41");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.installerVersion", "1.10.0.6");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.keyword", "true");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.originalSearchAddressUrl", "");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.searchRevert", "false");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.searchUninstallUserMode", "1");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.searchUserMode", "1");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.versionFromInstaller", "10.29.0.20");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("CT3251747.xpeMode", "1");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Amazon.com,AVG Secure Search,DuckDuckGo,eBay,Twitter,Wikipedia (en)");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "WebSearch");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xveap6ev.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : babylon.com
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.yahoo.com
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch
[-] [C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : max-start.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [16033 bytes] ##########
 



#9 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 07 January 2016 - 12:06 AM

Ok....are things a little more "normal " now ?


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 07 January 2016 - 12:12 AM

If things are going ok...proceed with minitoolbox and sophos etc...if not....Tell me what is happening

 

 

 

please run MiniToolBox for me now.........the link and instructions are in my first post to you

 

 

 

 

 

and then...

 

Download  http://downloads.sophos.com/tools/withides/Sophos%20Virus%20Removal%20Tool.exe and save it to your desktop.

    Double click the icon and select Run
    Click Next
    Select I accept the terms in this license agreement, then click Next twice
    Click Install
    Click Finish to launch the program
    Once the virus database has finished updating, click Start Scanning
    If any threats are found click Details, then View log file... (found in the bottom left hand corner)
   Copy and paste the results in your reply

    Close the Notepad document,     Close the Threat Details screen, then click Start Cleanup

    Click Exit to close the program

 

 

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#11 hussain21

hussain21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 07 January 2016 - 12:15 AM

sorry for the delayed repley

 

as far as i see , there isnt much of a difference , just the freeze times seem to get smaller and the freeze duration too , might be just be paranoid me

 

 

i have run mini tool box before the last program , but everytime i try to post the log it resirect me to the page "you dont have permission for that"

 

 

"You do not have permission for that action." whenever i copy the log from minitoolbox , and try tp paste it here
 

EDIT : should i re run minitoolbox or proceed with the next program ?


Edited by hussain21, 07 January 2016 - 12:22 AM.


#12 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 07 January 2016 - 12:23 AM

I think, given the level of infection, that you would be best served by opening a new topic HERE   

 

That is the Malware Removal Area....it is staffed by Experts who have access to tools which are unavailable in the area.

 

Be sure to provide a link there back to this topic.....and please provide a link here to the new topic.

 

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  •  

When you have done that, Copy and Paste your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs or you're using Windows 8.1, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one, to prevent others answering incorrectly.

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#13 hussain21

hussain21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 07 January 2016 - 12:33 AM

I think, given the level of infection, that you would be best served by opening a new topic HERE   

 

That is the Malware Removal Area....it is staffed by Experts who have access to tools which are unavailable in the area.

 

Be sure to provide a link there back to this topic.....and please provide a link here to the new topic.

 

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  •  

When you have done that, Copy and Paste your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs or you're using Windows 8.1, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one, to prevent others answering incorrectly.

 

 

 

 

i have created a thread in the proper section

 

LINK



#14 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 AM

Posted 07 January 2016 - 12:37 AM

When you download and run frst....EDIT your first post there and add to it

 

This is so there are not two posts appearing....that would maybe persuade one of the experts there to go past it thinking there was already a reply.

 

And then.....be patient.   they will not respond as quickly as I did....It has been known to take up to five days.....

 

Good Luck.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#15 hussain21

hussain21
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 07 January 2016 - 12:40 AM

When you download and run frst....EDIT your first post there and add to it

 

This is so there are not two posts appearing....that would maybe persuade one of the experts there to go past it thinking there was already a reply.

 

And then.....be patient.   they will not respond as quickly as I did....It has been known to take up to five days.....

 

Good Luck.

 

alright

 

 

and thank you very much for the help






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users