Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop slow and laggy


  • Please log in to reply
29 replies to this topic

#1 cbcac

cbcac

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 01 July 2016 - 02:38 PM

This laptop belongs to my son.  It was new in December but it is now slow and laggy.  Our desktop just had some problems that I was working out with help on another post and now I suspect this one needs a look too.  Can someone please help me check it for bugs and clean it up?

 

Here are some of the issues besides laggy and slow.

It keeps changing the home page for ie back to yahoo instead of google. 

It seems to ignore us sometimes and take a long time to acknowledge when we click

It is slow on the internet

This one is likely just part of the price range of computer we bought but it has a very short wifi reach.  In some rooms it doesn't connect well.  Our phone work fine in those places.  Could that be a bug?

 

Thanks in advance!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:28 AM

Posted 01 July 2016 - 05:48 PM

Use the programs below to find and remove both adware and malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

EDIT: After looking at your other active post....if you have Eset installed on this computer you can omit doing the Online Scan below.

If you haven't run a scan recently using the possibly installed Eset....do that.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 01 July 2016 - 06:42 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 cbcac

cbcac
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 02 July 2016 - 01:28 AM

cc cleaner done


I ran some things while I was waiting.  Here are some logs.  I will run your suggestions and post logs too. 

 

Thanks!


Edited by cbcac, 02 July 2016 - 01:29 AM.


#4 cbcac

cbcac
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 02 July 2016 - 01:31 AM

Mini tool box

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by iorn man2 (administrator) on 01-07-2016 at 14:26:51
Running from "C:\Users\iorn man2\AppData\Local\Microsoft\Windows\INetCache\IE\FIQZJV2P"
Microsoft Windows 10 Home  (X64)
Model: Inspiron 3543 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Dell Wireless 1704 802.11b/g/n (2.4GHz) = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set subinterface interface=N subinterface=ethernet_32770 mtu=1477

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-V1UC752
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 74-E6-E2-48-27-28
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 2E-33-7A-FB-56-15
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Dell Wireless 1704 802.11b/g/n (2.4GHz)
   Physical Address. . . . . . . . . : 2C-33-7A-FB-56-15
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:cd0a:2310::2a(Preferred)
   Lease Obtained. . . . . . . . . . : Tuesday, June 21, 2016 10:19:49 AM
   Lease Expires . . . . . . . . . . : Sunday, July 31, 2016 1:46:12 PM
   IPv6 Address. . . . . . . . . . . : 2602:306:cd0a:2310:8590:7cd6:2109:fdf1(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:306:cd0a:2310:d88:6744:a78e:36de(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:306:cd0a:2310:51e5:8fbb:5acd:c4cc(Deprecated)
   Link-local IPv6 Address . . . . . : fe80::8590:7cd6:2109:fdf1%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.143(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, July 1, 2016 1:46:09 PM
   Lease Expires . . . . . . . . . . : Saturday, July 2, 2016 1:46:10 PM
   Default Gateway . . . . . . . . . : fe80::1e1b:68ff:fe37:1d80%4
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 86782842
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-EC-01-BD-74-E6-E2-48-27-28
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:28f2:e99:932f:5dce(Preferred)
   Link-local IPv6 Address . . . . . : fe80::28f2:e99:932f:5dce%5(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 83886080
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-EC-01-BD-74-E6-E2-48-27-28
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.attlocal.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4000:803::200e
   216.58.218.174

Pinging google.com [2607:f8b0:4000:803::200e] with 32 bytes of data:
Request timed out.
Reply from 2607:f8b0:4000:803::200e: time=24ms

Ping statistics for 2607:f8b0:4000:803::200e:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 24ms, Average = 24ms
Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Request timed out.
Reply from 2001:4998:44:204::a7: time=777ms

Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 777ms, Maximum = 777ms, Average = 777ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...74 e6 e2 48 27 28 ......Realtek PCIe FE Family Controller
  2...2e 33 7a fb 56 15 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...2c 33 7a fb 56 15 ......Dell Wireless 1704 802.11b/g/n (2.4GHz)
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.143     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.143    281
    192.168.1.143  255.255.255.255         On-link     192.168.1.143    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.143    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.143    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.143    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  4    281 ::/0                     fe80::1e1b:68ff:fe37:1d80
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:5ef5:79fb:28f2:e99:932f:5dce/128
                                    On-link
  4    281 2602:306:cd0a:2310::/64  On-link
  4     41 2602:306:cd0a:2310::/64  fe80::1e1b:68ff:fe37:1d80
  4    281 2602:306:cd0a:2310::2a/128
                                    On-link
  4    281 2602:306:cd0a:2310:d88:6744:a78e:36de/128
                                    On-link
  4    281 2602:306:cd0a:2310:51e5:8fbb:5acd:c4cc/128
                                    On-link
  4    281 2602:306:cd0a:2310:8590:7cd6:2109:fdf1/128
                                    On-link
  4    281 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::28f2:e99:932f:5dce/128
                                    On-link
  4    281 fe80::8590:7cd6:2109:fdf1/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/01/2016 02:07:16 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/01/2016 01:52:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: McUICnt.exe, version: 7.0.9010.0, time stamp: 0x571ba4d4
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc000000d
Fault offset: 0x00000000000f56a0
Faulting process id: 0x868
Faulting application start time: 0xMcUICnt.exe0
Faulting application path: McUICnt.exe1
Faulting module path: McUICnt.exe2
Report Id: McUICnt.exe3
Faulting package full name: McUICnt.exe4
Faulting package-relative application ID: McUICnt.exe5

Error: (06/25/2016 01:09:48 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/25/2016 01:06:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-V1UC752)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/25/2016 01:00:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-V1UC752)
Description: Activation of app DellInc.DellShop_htrsf667h5kn2!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/21/2016 04:50:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-V1UC752)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/21/2016 01:47:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: McUICnt.exe, version: 7.0.9010.0, time stamp: 0x571ba4d4
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc000000d
Fault offset: 0x00000000000f56a0
Faulting process id: 0x2710
Faulting application start time: 0xMcUICnt.exe0
Faulting application path: McUICnt.exe1
Faulting module path: McUICnt.exe2
Report Id: McUICnt.exe3
Faulting package full name: McUICnt.exe4
Faulting package-relative application ID: McUICnt.exe5

Error: (06/21/2016 10:21:24 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 1.F.D.F.9.0.1.2.6.D.C.7.0.9.5.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-V1UC752-2.local.

Error: (06/21/2016 10:21:24 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.143:5353   23 1.F.D.F.9.0.1.2.6.D.C.7.0.9.5.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-V1UC752.local.

Error: (06/21/2016 10:21:24 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 B.0.C.B.D.F.C.E.B.2.C.C.0.5.C.7.0.1.3.2.A.0.D.C.6.0.3.0.2.0.6.2.ip6.arpa. PTR DESKTOP-V1UC752-2.local.

System errors:
=============
Error: (07/01/2016 01:56:41 PM) (Source: Service Control Manager) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1 = Incorrect function.

Error: (07/01/2016 01:56:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (07/01/2016 01:56:38 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (07/01/2016 01:56:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (07/01/2016 01:56:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (07/01/2016 01:56:38 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (07/01/2016 01:56:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (07/01/2016 01:56:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (07/01/2016 01:56:38 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (07/01/2016 01:56:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Microsoft Office Sessions:
=========================
Error: (07/01/2016 02:07:16 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (07/01/2016 01:52:00 PM) (Source: Application Error)(User: )
Description: McUICnt.exe7.0.9010.0571ba4d4ntdll.dll10.0.10586.306571af2ebc000000d00000000000f56a086801d1d3c9a182e242C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exeC:\WINDOWS\SYSTEM32\ntdll.dllf69900f4-0f85-4eb5-82bc-17ff11a77295

Error: (06/25/2016 01:09:48 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (06/25/2016 01:06:16 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-V1UC752)
Description: Microsoft.WindowsMaps_8wekyb3d8bbwe!App-2144927148

Error: (06/25/2016 01:00:33 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-V1UC752)
Description: DellInc.DellShop_htrsf667h5kn2!App-2144927141

Error: (06/21/2016 04:50:08 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-V1UC752)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023170

Error: (06/21/2016 01:47:35 PM) (Source: Application Error)(User: )
Description: McUICnt.exe7.0.9010.0571ba4d4ntdll.dll10.0.10586.306571af2ebc000000d00000000000f56a0271001d1cbed5a91f781C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exeC:\WINDOWS\SYSTEM32\ntdll.dllb35a55b7-2e1d-4816-b7e4-a3772e8698c9

Error: (06/21/2016 10:21:24 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 1.F.D.F.9.0.1.2.6.D.C.7.0.9.5.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-V1UC752-2.local.

Error: (06/21/2016 10:21:24 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.143:5353   23 1.F.D.F.9.0.1.2.6.D.C.7.0.9.5.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-V1UC752.local.

Error: (06/21/2016 10:21:24 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 B.0.C.B.D.F.C.E.B.2.C.C.0.5.C.7.0.1.3.2.A.0.D.C.6.0.3.0.2.0.6.2.ip6.arpa. PTR DESKTOP-V1UC752-2.local.

CodeIntegrity Errors:
===================================
  Date: 2016-06-19 12:23:47.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-16 15:23:58.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-16 10:52:57.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-29 22:20:13.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-28 13:40:06.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-25 19:18:07.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-01 13:13:28.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-25 18:38:16.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-16 15:39:17.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-16 15:36:59.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.0.1.14 - Byte Technologies LLC)
Chromium (HKCU\...\Chromium) (Version: 46.0.2480.0 - Chromium)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{694AFFC3-93D4-4049-AF26-78739488EB4D}) (Version: 3.0.97.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell System Detect (HKCU\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 7.35.295.0 - Dell Inc.)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4404 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.189 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.10.10.0 - OneSystemCare)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Pluto TV version 0.1.5 (HKLM-x32\...\Pluto TV_is1) (Version: 0.1.5 - Pluto TV)
Product Registration (HKLM\...\{694AFFC3-93D4-4049-AF26-78739488EB4D}) (Version: 3.0.97.0 - Dell Inc.) Hidden
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Search Provided by Yahoo (HKLM-x32\...\YahooProvidedSearch) (Version:  - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.5.13082 - Electronic Arts)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.716 - Broadcom Corporation)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 8103.24 MB
Available physical RAM: 4990.62 MB
Total Virtual: 9383.24 MB
Available Virtual: 5758.04 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:915.82 GB) (Free:820.64 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-V1UC752

Administrator            cbcra                    DefaultAccount          
Guest                    iorn man2               

**** End of log ****



#5 cbcac

cbcac
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 02 July 2016 - 01:34 AM

TDSSKILLER

 

01:33:10.0613 0x227c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
01:33:10.0613 0x227c  UEFI system
01:33:15.0663 0x227c  ============================================================
01:33:15.0663 0x227c  Current date / time: 2016/07/02 01:33:15.0663
01:33:15.0663 0x227c  SystemInfo:
01:33:15.0732 0x227c 
01:33:15.0732 0x227c  OS Version: 10.0.10586 ServicePack: 0.0
01:33:15.0732 0x227c  Product type: Workstation
01:33:15.0732 0x227c  ComputerName: DESKTOP-V1UC752
01:33:15.0732 0x227c  UserName: iorn man2
01:33:15.0732 0x227c  Windows directory: C:\WINDOWS
01:33:15.0732 0x227c  System windows directory: C:\WINDOWS
01:33:15.0732 0x227c  Running under WOW64
01:33:15.0732 0x227c  Processor architecture: Intel x64
01:33:15.0732 0x227c  Number of processors: 4
01:33:15.0732 0x227c  Page size: 0x1000
01:33:15.0732 0x227c  Boot type: Normal boot
01:33:15.0732 0x227c  ============================================================
01:33:16.0133 0x227c  KLMD registered as C:\WINDOWS\system32\drivers\36671450.sys
01:33:16.0380 0x227c  System UUID: {6684CABD-35A1-05A8-A8E7-897BAA52A9BD}
01:33:16.0666 0x227c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:33:16.0666 0x227c  ============================================================
01:33:16.0666 0x227c  \Device\Harddisk0\DR0:
01:33:16.0666 0x227c  GPT partitions:
01:33:16.0666 0x227c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {DA2D2ED6-F033-4863-898B-F7C4471A653A}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000
01:33:16.0666 0x227c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4F68B0A7-25D6-478E-B95F-4F949410892C}, Name: Microsoft reserved partition, StartLBA 0xFA800, BlocksNum 0x40000
01:33:16.0666 0x227c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {869ABF44-E58B-4CC8-8F9B-8AD410849DDF}, Name: Basic data partition, StartLBA 0x13A800, BlocksNum 0x727A3800
01:33:16.0666 0x227c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {37C3FA36-66B5-463C-8CF6-2C2329352160}, Name: , StartLBA 0x728DE000, BlocksNum 0x1AA800
01:33:16.0666 0x227c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5EDC72B2-261F-446C-9EA8-BC76DED5B0AF}, Name: , StartLBA 0x72A88800, BlocksNum 0x1C7E000
01:33:16.0666 0x227c  MBR partitions:
01:33:16.0666 0x227c  ============================================================
01:33:16.0685 0x227c  C: <-> \Device\Harddisk0\DR0\Partition3
01:33:16.0685 0x227c  ============================================================
01:33:16.0685 0x227c  Initialize success
01:33:16.0685 0x227c  ============================================================



#6 cbcac

cbcac
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 02 July 2016 - 01:37 AM

I ran AdwCleaner but I DID NOT click on clean.  I wanted someone to look at the logs first. 

 

# AdwCleaner v5.201 - Logfile created 01/07/2016 at 14:59:07
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : iorn man2 - DESKTOP-V1UC752
# Running from : C:\Users\iorn man2\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

Service Found : rtop

***** [ Folders ] *****

Folder Found : C:\ProgramData\ByteFence
Folder Found : C:\ProgramData\814fce42-1561-0
Folder Found : C:\ProgramData\814fce42-55e7-1
Folder Found : C:\ProgramData\eeca4f1c-1577-451f-93a3-01c89ac0144e
Folder Found : C:\ProgramData\Application Data\ByteFence
Folder Found : C:\ProgramData\Application Data\814fce42-1561-0
Folder Found : C:\ProgramData\Application Data\814fce42-55e7-1
Folder Found : C:\ProgramData\Application Data\eeca4f1c-1577-451f-93a3-01c89ac0144e
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
Folder Found : C:\Program Files (x86)\OneSystemCare
Folder Found : C:\Users\iorn man2\AppData\Roaming\One System Care
Folder Found : C:\Program Files\ByteFence

***** [ Files ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : One System Care Monitor
Task Found : updateTask
Task Found : ByteFence Scan
Task Found : {7A057F47-0F7A-7978-0F11-0B08787F117F}

***** [ Registry ] *****

Key Found : HKCU\Software\ByteFence
Key Found : HKCU\Software\ICSW1.17
Key Found : HKCU\Software\One System Care
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\Wincy
Key Found : HKCU\Software\yahooprovidedsearch
Key Found : HKLM\SOFTWARE\ByteFence
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\yahooprovidedsearch
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found : [x64] HKLM\SOFTWARE\ByteFence
Key Found : HKU\.DEFAULT\Software\ByteFence
Key Found : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\ByteFence
Key Found : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\ICSW1.17
Key Found : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\One System Care
Key Found : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\PRODUCTSETUP
Key Found : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\Wincy
Key Found : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\yahooprovidedsearch
Key Found : HKU\S-1-5-18\Software\ByteFence
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_e30037d0&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYUvFNdICIXvFE3vmIXvFQ9Jmk3NVM3vCoVNVE9GqYVNUI3wGYGwVM4J6oUwVU9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9ISILNFdcIaUXNEBcGqQANFdcFCk8NoM4J6k3vFJdICk3vFM9JCoUwVw4J6k3vFE4ICISNVE9IWYUNVM9I6oVwVQ4J6k3wVxdJmIVvFI4ISoUNVJdJGYWwVJdJqYXwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6oVvFI9J6IYvFI4IGYUwVQ9I6oVwVJdIWYYwVw4ICIXNVE4ISISvmpdJqYYwVI9IaYYvmo9JaYTvmldJGYWNVA9ISoUvmk4IGQIwV5dJGYNvmE4IHFbMnMbQGMVNGt4NqBaMGV6MHFbMnVoN9I4ATsux81cMo1bMo0exnwfyXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D&param2=NGp8LWJbMWpdNJ%3D%3D
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_e30037d0&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYUvFNdICIXvFE3vmIXvFQ9Jmk3NVM3vCoVNVE9GqYVNUI3wGYGwVM4J6oUwVU9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9ISILNFdcIaUXNEBcGqQANFdcFCk8NoM4J6k3vFJdICk3vFM9JCoUwVw4J6k3vFE4ICISNVE9IWYUNVM9I6oVwVQ4J6k3wVxdJmIVvFI4ISoUNVJdJGYWwVJdJqYXwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6oVvFI9J6IYvFI4IGYUwVQ9I6oVwVJdIWYYwVw4ICIXNVE4ISISvmpdJqYYwVI9IaYYvmo9JaYTvmldJGYWNVA9ISoUvmk4IGQIwV5dJGYNvmE4IHFbMnMbQGMVNGt4NqBaMGV6MHFbMnVoN9I4ATsux81cMo1bMo0exnwfyXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D&param2=NGp8LWJbMWpdNJ%3D%3D
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_e30037d0&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYUvFNdICIXvFE3vmIXvFQ9Jmk3NVM3vCoVNVE9GqYVNUI3wGYGwVM4J6oUwVU9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9ISILNFdcIaUXNEBcGqQANFdcFCk8NoM4J6k3vFJdICk3vFM9JCoUwVw4J6k3vFE4ICISNVE9IWYUNVM9I6oVwVQ4J6k3wVxdJmIVvFI4ISoUNVJdJGYWwVJdJqYXwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6oVvFI9J6IYvFI4IGYUwVQ9I6oVwVJdIWYYwVw4ICIXNVE4ISISvmpdJqYYwVI9IaYYvmo9JaYTvmldJGYWNVA9ISoUvmk4IGQIwV5dJGYNvmE4IHFbMnMbQGMVNGt4NqBaMGV6MHFbMnVoN9I4ATsux81cMo1bMo0exnwfyXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D&param2=NGp8LWJbMWpdNJ%3D%3D
Data Found : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_e30037d0&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaISEaQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ4IGYUvFNdICIXvFE3vmIXvFQ9Jmk3NVM3vCoVNVE9GqYVNUI3wGYGwVM4J6oUwVU9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9ISILNFdcIaUXNEBcGqQANFdcFCk8NoM4J6k3vFJdICk3vFM9JCoUwVw4J6k3vFE4ICISNVE9IWYUNVM9I6oVwVQ4J6k3wVxdJmIVvFI4ISoUNVJdJGYWwVJdJqYXwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbF6oVvFI9J6IYvFI4IGYUwVQ9I6oVwVJdIWYYwVw4ICIXNVE4ISISvmpdJqYYwVI9IaYYvmo9JaYTvmldJGYWNVA9ISoUvmk4IGQIwV5dJGYNvmE4IHFbMnMbQGMVNGt4NqBaMGV6MHFbMnVoN9I4ATsux81cMo1bMo0exnwfyXFbMn0aC6AoxrFaIWVdOqZoNqAexbFaIUwkynIew6NoNpRcNXFbJpseyDF%3D&param2=NGp8LWJbMWpdNJ%3D%3D
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E827B633-09AB-4236-AEA5-E2DF0987669D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E827B633-09AB-4236-AEA5-E2DF0987669D}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {E827B633-09AB-4236-AEA5-E2DF0987669D}
Key Found : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E827B633-09AB-4236-AEA5-E2DF0987669D}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.myway.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.tb.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\lego-worlds.en.softonic.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\lego-worlds.en.softonic.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net

***** [ Web browsers ] *****

[C:\Users\iorn man2\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Found : search provided by yahoo
[C:\Users\iorn man2\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Found : hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_52&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtByEzztByBtBzz0CzyyD0EtN0D0Tzu0StCyEyDyCtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0B0FyC0C0D0EtDtGtA0AzytBtGtAtB0C0EtGyDyCzyyDtGtD0CtD0FyC0B0AtCyB0CyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyDtCtAyDyE0EtBtGyDtD0D0AtGyEtB0EyDtGzy0B0AtDtG0AzytC0Fzz0A0C0FtDyEzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D88898633%26a%3Dwbf_instlmtrx_15_52%26os%3DWindows%2B10%2BHome&uref=chmm

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [10859 bytes] - [01/07/2016 14:52:20]
C:\AdwCleaner\AdwCleaner[S2].txt - [10713 bytes] - [01/07/2016 14:59:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10787 bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by iorn man2 (Administrator) on Fri 07/01/2016 at 15:05:28.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 7

Successfully deleted: C:\ProgramData\814fce42-1561-0 (Folder)
Successfully deleted: C:\ProgramData\814fce42-55e7-1 (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\pluto tv (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\One System Care Monitor (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Program Files (x86)\onesystemcare (Folder)

 

Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_698B9BBA8B2600A3731950986CC78EF1 (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0163081466878009mcinstcleanup (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF36CE8E-C660-48D6-B912-CE52CAF67928} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E827B633-09AB-4236-AEA5-E2DF0987669D} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/01/2016 at 15:06:21.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 cbcac

cbcac
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 02 July 2016 - 01:38 AM

ESET Online Scanner

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=660e2ebff8bb1346b4388900f7fb4478
# end=init
# utc_time=2016-07-01 08:21:23
# local_time=2016-07-01 03:21:23 (-0600, Central Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29981
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=660e2ebff8bb1346b4388900f7fb4478
# end=updated
# utc_time=2016-07-01 08:23:43
# local_time=2016-07-01 03:23:43 (-0600, Central Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=660e2ebff8bb1346b4388900f7fb4478
# engine=29981
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-07-01 10:46:14
# local_time=2016-07-01 05:46:14 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=freeze
# scanned=204195
# found=12
# cleaned=12
# scan_time=8550
sh=6FAEBB1FFE7CADBF242125DC84E35C9C9374469D ft=1 fh=e2f41433f697006c vn="a variant of Win32/InstallCore.AFF.gen potentially unwanted application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3242182399-714648837-692155903-1001\$R2DCLV0.partial"
sh=6FAEBB1FFE7CADBF242125DC84E35C9C9374469D ft=1 fh=e2f41433f697006c vn="a variant of Win32/InstallCore.AFF.gen potentially unwanted application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3242182399-714648837-692155903-1001\$R327PV8.partial"
sh=6FAEBB1FFE7CADBF242125DC84E35C9C9374469D ft=1 fh=e2f41433f697006c vn="a variant of Win32/InstallCore.AFF.gen potentially unwanted application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3242182399-714648837-692155903-1001\$RANRN0B.partial"
sh=939A1D855045AEDF7573517A04907117D9740BF7 ft=1 fh=dbeea90bc487b5b5 vn="a variant of Win32/DownloadAdmin.P potentially unwanted application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3242182399-714648837-692155903-1001\$RMTOCE5.exe"
sh=939A1D855045AEDF7573517A04907117D9740BF7 ft=1 fh=dbeea90bc487b5b5 vn="a variant of Win32/DownloadAdmin.P potentially unwanted application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3242182399-714648837-692155903-1001\$RON7WPO.exe"
sh=F142AB82842E4E0D68E684C97B22B1F73A482A31 ft=1 fh=227f1a7b606e2eb7 vn="a variant of Win32/InstallCore.AFF.gen potentially unwanted application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3242182399-714648837-692155903-1001\$RTJ4ZCK.exe"
sh=939A1D855045AEDF7573517A04907117D9740BF7 ft=1 fh=dbeea90bc487b5b5 vn="a variant of Win32/DownloadAdmin.P potentially unwanted application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3242182399-714648837-692155903-1001\$RVRZ3VJ.exe"
sh=939A1D855045AEDF7573517A04907117D9740BF7 ft=1 fh=dbeea90bc487b5b5 vn="a variant of Win32/DownloadAdmin.P potentially unwanted application (cleaned by deleting)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3242182399-714648837-692155903-1001\$RW1J6ZW.exe"
sh=6E827F5B7D6B1026220124CBFC144A9EEAADC5B1 ft=0 fh=0000000000000000 vn="VBS/Kryptik.FT trojan (cleaned by deleting)" ac=C fn="C:\Users\iorn man2\AppData\Local\226201b3626ad883\Folemuka.dat"
sh=03FCB5CF14ED26A0EC7E37634029C478286560C1 ft=0 fh=0000000000000000 vn="VBS/Kryptik.FT trojan (cleaned by deleting)" ac=C fn="C:\Users\iorn man2\AppData\Local\2763181b7e3de88b\Roca.dat"
sh=54CB273CF8F5B467A3EBF423018B8CC7CFD1669A ft=1 fh=460f8bd2d41ebe60 vn="a variant of Win32/DealPly.CV potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\uninstall.exe"
sh=9585CFB30A23FA9DFA1F93F398A6356A4873CB7A ft=1 fh=a0036373ee35ff67 vn="a variant of Win32/DealPly.CV potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\iorn man2\AppData\Local\{90F3A6AF-B45B-CA17-D9C3-EFFFFDAB1367}\uninstall.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=660e2ebff8bb1346b4388900f7fb4478
# end=init
# utc_time=2016-07-01 10:48:24
# local_time=2016-07-01 05:48:24 (-0600, Central Daylight Time)
# country="United States"
# osver=6.2.9200 NT
 



#8 cbcac

cbcac
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 02 July 2016 - 02:21 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/2/2016
Scan Time: 1:41 AM
Logfile: Malware.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.02.01
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: iorn man2

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331514
Time Elapsed: 10 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E827B633-09AB-4236-AEA5-E2DF0987669D}, Quarantined, [8cadeb34712968ceae2f18b14bb77f81],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YAHOOPROVIDEDSEARCH, Quarantined, [9d9c4ed1168475c161b93ac3c43f0cf4],
PUP.Optional.InstallCore, HKU\S-1-5-21-3242182399-714648837-692155903-1001\SOFTWARE\ICSW1.17, Quarantined, [2811ee314a506dc903af54532bd8cf31],
PUP.Optional.WinYahoo, HKU\S-1-5-21-3242182399-714648837-692155903-1001\SOFTWARE\wincy, Quarantined, [3efb908f643679bd1f1f8554d2307c84],
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3242182399-714648837-692155903-1001\SOFTWARE\ONE SYSTEM CARE, Quarantined, [3009e33cb6e4280e69670ba354afba46],
PUP.Optional.ProductSetup, HKU\S-1-5-21-3242182399-714648837-692155903-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [91a847d84258270f3d2af6bb946f8b75],

Registry Values: 7
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E827B633-09AB-4236-AEA5-E2DF0987669D}|URL, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_52&param1=1&param2=f[8cadeb34712968ceae2f18b14bb77f81]D4%26b[8cadeb34712968ceae2f18b14bb77f81]DIE%26cc[8cadeb34712968ceae2f18b14bb77f81]Dus%26pa[8cadeb34712968ceae2f18b14bb77f81]DWincy%26cd[8cadeb34712968ceae2f18b14bb77f81]D2XzuyEtN2Y1L1QzuyByE0EyC0EtByEzztByBtBzz0CzyyD0EtN0D0Tzu0StCyEyDyCtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0B0FyC0C0D0EtDtGtA0AzytBtGtAtB0C0EtGyDyCzyyDtGtD0CtD0FyC0B0AtCyB0CyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyDtCtAyDyE0EtBtGyDtD0D0AtGyEtB0EyDtGzy0B0AtDtG0AzytC0Fzz0A0C0FtDyEzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr[8cadeb34712968ceae2f18b14bb77f81]D88898633%26a[8cadeb34712968ceae2f18b14bb77f81]Dwbf_instlmtrx_15_52%26os[8cadeb34712968ceae2f18b14bb77f81]DWindowsQuarantinedB10QuarantinedBHome&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E827B633-09AB-4236-AEA5-E2DF0987669D}|TopResultURLFallback, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_52&param1=1&param2=f[d960b867059571c5fae3e4e57b876f91]D4%26b[d960b867059571c5fae3e4e57b876f91]DIE%26cc[d960b867059571c5fae3e4e57b876f91]Dus%26pa[d960b867059571c5fae3e4e57b876f91]DWincy%26cd[d960b867059571c5fae3e4e57b876f91]D2XzuyEtN2Y1L1QzuyByE0EyC0EtByEzztByBtBzz0CzyyD0EtN0D0Tzu0StCyEyDyCtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0B0FyC0C0D0EtDtGtA0AzytBtGtAtB0C0EtGyDyCzyyDtGtD0CtD0FyC0B0AtCyB0CyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyDtCtAyDyE0EtBtGyDtD0D0AtGyEtB0EyDtGzy0B0AtDtG0AzytC0Fzz0A0C0FtDyEzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr[d960b867059571c5fae3e4e57b876f91]D88898633%26a[d960b867059571c5fae3e4e57b876f91]Dwbf_instlmtrx_15_52%26os[d960b867059571c5fae3e4e57b876f91]DWindowsQuarantinedB10QuarantinedBHome&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YAHOOPROVIDEDSEARCH|UninstallString, "C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\uninstall.exe" /Uninstall /s /noun, Quarantined, [9d9c4ed1168475c161b93ac3c43f0cf4]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3242182399-714648837-692155903-1001\SOFTWARE\ONE SYSTEM CARE|OSID, 6.2, Quarantined, [3009e33cb6e4280e69670ba354afba46]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3242182399-714648837-692155903-1001\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002215/DriverPro.exe, Quarantined, [231660bf7c1e68ce408fb4fac53ef010]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3242182399-714648837-692155903-1001\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softservers.net/171002215/LiveSupport.exe, Quarantined, [0039c55ae8b20f27814e426c12f19b65]
PUP.Optional.ProductSetup, HKU\S-1-5-21-3242182399-714648837-692155903-1001\SOFTWARE\PRODUCTSETUP|tb, 0T1J1E1B1J0S0S0X0K2W1D1M, Quarantined, [91a847d84258270f3d2af6bb946f8b75]

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\WL, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}, Quarantined, [7ebb051af7a3d26409515b4362a26898],

Files: 34
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico, Quarantined, [ec4dcf505b3f1323f345754f4db6ee12],
PUP.Optional.WinYahoo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk, Quarantined, [fa3f66b99802b48298ce0cd514ef758b],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\Danish.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\Dutch.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\English.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\French.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\German.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\Italian.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\Norwegian.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\Parameters.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\Portuguese.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\Spanish.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.OneSystemCare, C:\Users\iorn man2\AppData\Roaming\One System Care\Languages\Swedish.xml, Quarantined, [86b3899614863006dd687c3e0ff3f709],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\HowToRemove.html, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\chromium-min.jpg, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\control panel-min-min.JPG, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\down.png, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\ff menu.JPG, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\ff search engine-min.png, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\hp-min ff.png, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\hp-min ie.png, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\search engine.gif, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\setup pages.gif, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\sp-min.png, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\start-min.jpg, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\HowToRemove\up.png, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\config.dat, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\info.dat, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\install.log, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\Sqlite3.dll, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\STTL.DAT, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\tami, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\TTL.DAT, Quarantined, [7ebb051af7a3d26409515b4362a26898],
PUP.Optional.WinYahoo, C:\Users\iorn man2\AppData\Local\{7D8A4BD6-5922-276E-34BA-028610D2FE1E}\uninst.dat, Quarantined, [7ebb051af7a3d26409515b4362a26898],

Physical Sectors: 0
(No malicious items detected)

(end)



#9 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:28 AM

Posted 02 July 2016 - 06:02 AM

Rerun AdwCleaner and be sure to choose Clean after scan finishes. All needs to be removed.

 

After posting the AdwCleaner results.....please do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 cbcac

cbcac
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 02 July 2016 - 01:37 PM

# AdwCleaner v5.201 - Logfile created 02/07/2016 at 13:32:48
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-01.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : iorn man2 - DESKTOP-V1UC752
# Running from : C:\Users\iorn man2\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : rtop

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\ByteFence
[-] Folder Deleted : C:\ProgramData\eeca4f1c-1577-451f-93a3-01c89ac0144e
[#] Folder Deleted : C:\ProgramData\Application Data\ByteFence
[#] Folder Deleted : C:\ProgramData\Application Data\eeca4f1c-1577-451f-93a3-01c89ac0144e
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder Deleted : C:\Program Files\ByteFence

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : updateTask
[-] Task Deleted : ByteFence Scan

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\ByteFence
[-] Key Deleted : HKCU\Software\yahooprovidedsearch
[-] Key Deleted : HKLM\SOFTWARE\ByteFence
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : [x64] HKLM\SOFTWARE\ByteFence
[-] Key Deleted : HKU\.DEFAULT\Software\ByteFence
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKU\S-1-5-21-3242182399-714648837-692155903-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\lego-worlds.en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\lego-worlds.en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net

***** [ Web browsers ] *****

[-] [C:\Users\iorn man2\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo
[-] [C:\Users\iorn man2\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_instlmtrx_15_52&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtByEzztByBtBzz0CzyyD0EtN0D0Tzu0StCyEyDyCtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0B0FyC0C0D0EtDtGtA0AzytBtGtAtB0C0EtGyDyCzyyDtGtD0CtD0FyC0B0AtCyB0CyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyDtCtAyDyE0EtBtGyDtD0D0AtGyEtB0EyDtGzy0B0AtDtG0AzytC0Fzz0A0C0FtDyEzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyC%26cr%3D88898633%26a%3Dwbf_instlmtrx_15_52%26os%3DWindows%2B10%2BHome&uref=chmm

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5458 bytes] - [02/07/2016 13:32:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [10859 bytes] - [01/07/2016 14:52:20]
C:\AdwCleaner\AdwCleaner[S2].txt - [10887 bytes] - [01/07/2016 14:59:07]
C:\AdwCleaner\AdwCleaner[S3].txt - [7347 bytes] - [02/07/2016 13:30:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5752 bytes] ##########



#11 cbcac

cbcac
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 02 July 2016 - 01:43 PM

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run EADM Electronic Arts "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
Yes HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\iorn man2\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:RunOnce Uninstall C:\Users\iorn man2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\iorn man2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\iorn man2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\iorn man2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run QuickSet Dell Inc. c:\Program Files\Dell\QuickSet\QuickSet.exe
Yes HKLM:Run RtHDVBg Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX5REC
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run WavesSvc Waves Audio Ltd. "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
Yes Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
No Startup Common PlutoTV.lnk  C:\Program Files (x86)\Pluto TV\PlutoTV.exe
 


Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes Task Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse McAfee, Inc. C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe /script=mcnrdhck.lua /periodicRunCount=7
Yes Task Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse McAfee, Inc. C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe /timeout=60000 /script=mcnrdhck.lua /hcmode=postdatupdate /datver=2664.0 /datupdatestatus=0
Yes Task SystemToolsDailyTest  "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
Yes Task UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337  C:\Windows\TEMP\DeleteFolderTask.exe
 


3D Builder Microsoft Corporation 5/28/2016  11.1.8.0
Alarms & Clock Microsoft Corporation 7/1/2016  10.1605.1623.0
App connector Microsoft Corporation 4/16/2016  1.3.3.0
Apple Application Support (32-bit) Apple Inc. 7/1/2016 152 MB 4.3.1
Apple Application Support (64-bit) Apple Inc. 7/1/2016 170 MB 4.3.1
Apple Mobile Device Support Apple Inc. 7/1/2016 43.2 MB 9.3.0.15
Apple Software Update Apple Inc. 3/12/2016 4.91 MB 2.2.0.150
Bonjour Apple Inc. 3/12/2016 3.28 MB 3.1.0.1
Calculator Microsoft Corporation 7/1/2016  10.1605.1582.0
Camera Microsoft Corporation 6/2/2016  2016.404.120.0
Candy Crush Soda Saga king.com 6/25/2016  1.68.500.0
CCleaner Piriform 7/2/2016  5.19
Chromium Chromium 12/27/2015  46.0.2480.0
CyberLink Media Suite Essentials CyberLink Corp. 5/29/2016 131 MB 12
Dell Customer Connect Dell Inc. 12/25/2015 9.76 MB 1.3.28.0
Dell Digital Delivery Dell Products, LP 11/28/2015 5.09 MB 3.1.1018.0
Dell Foundation Services Dell Inc. 6/7/2016 20.7 MB 3.3.7200.0
Dell Product Registration Dell Inc. 6/25/2016 15.1 MB 3.0.97.0
Dell Shop Dell Inc 5/28/2016  2.2.1.0
Dell SupportAssist Dell 5/29/2016 108 MB 1.1.6664.10
Dell System Detect Dell 4/16/2016  6.12.0.1
Dell Touchpad Synaptics Incorporated 4/16/2016 46.4 MB 19.0.9.4
Dell Update Dell Inc. 12/25/2015 5.50 MB 1.7.1015.0
Dropbox 20 GB Dropbox, Inc. 4/16/2016 5.43 MB 3.1.11.0
DW WLAN Card Dell Inc. 4/16/2016  7.35.295.0
EPSON WorkForce 645 Series Printer Uninstall SEIKO EPSON Corporation 6/6/2016  
ESET Online Scanner v3  7/1/2016  
Get Office Microsoft Corporation 6/11/2016  17.7031.23501.0
Get Skype Skype 4/16/2016  3.2.1.0
Get Started Microsoft Corporation 7/1/2016  3.11.1.0
Groove Music Microsoft Corporation 6/25/2016  3.6.22051.0
iCloud Apple Inc. 7/2/2016 134 MB 5.2.1.69
Intel® Management Engine Components Intel Corporation 11/28/2015  11.0.0.1153
Intel® Processor Graphics Intel Corporation 7/1/2016  20.19.15.4404
Intel® Security Assist Intel Corporation 11/28/2015 2.36 MB 1.0.0.532
iTunes Apple Inc. 7/1/2016 282 MB 12.4.1.6
Java 8 Update 66 Oracle Corporation 1/2/2016 177 MB 8.0.660.18
Mail and Calendar Microsoft Corporation 6/25/2016  17.6965.40901.0
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 7/2/2016 66.9 MB 2.2.1.1043
Maps Microsoft Corporation 6/25/2016  5.1606.1670.0
McAfee LiveSafe McAfee, Inc. 7/1/2016 181 MB 14.0.9029
McAfee WebAdvisor McAfee, Inc. 6/7/2016 34.7 MB 4.0.189
Messaging + Skype Microsoft Corporation 4/24/2016  2.15.20002.0
Microsoft Office Microsoft Corporation 11/28/2015 594 MB 15.0.4693.1005
Microsoft Solitaire Collection Microsoft Studios 6/3/2016  3.9.5250.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/28/2015 3.14 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11/28/2015 1.36 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11/28/2015 733 KB 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 1/1/2016 1.89 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 1/1/2016 1.52 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 4/16/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 5/13/2016 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 4/16/2016 17.1 MB 12.0.30501.0
Microsoft Wi-Fi Microsoft Corporation 5/1/2016  1.1604.4.0
Minecraft Mojang 12/25/2015 288 MB 1.0.3.0
Money Microsoft Corporation 7/1/2016  4.11.156.0
Movies & TV Microsoft Corporation 6/25/2016  3.6.21441.0
Netflix Netflix, Inc. 7/1/2016  6.10.26.0
News Microsoft Corporation 7/1/2016  4.11.156.0
NVIDIA 3D Vision Driver 361.43 NVIDIA Corporation 1/2/2016 31.6 MB 361.43
NVIDIA GeForce Experience 2.8.1.21 NVIDIA Corporation 1/1/2016 26.0 MB 2.8.1.21
NVIDIA Graphics Driver 361.43 NVIDIA Corporation 1/2/2016 548 MB 361.43
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 11/28/2015 348 MB 9.15.0428
OneNote Microsoft Corporation 7/1/2016  17.7070.58001.0
Origin Electronic Arts, Inc. 7/1/2016 236 MB 9.7.2.53208
People Microsoft Corporation 4/16/2016  10.0.10811.0
Phone Microsoft Corporation 6/3/2016  2.17.27003.0
Phone Companion Microsoft Corporation 7/1/2016  10.1605.1661.0
Photos Microsoft Corporation 6/3/2016  16.526.11220.0
Pluto TV version 0.1.5 Pluto TV 12/27/2015 128 MB 0.1.5
QuickSet64 Dell Inc. 11/28/2015 10.5 MB 11.1.31
Realtek Card Reader Realtek Semiconductor Corp. 11/28/2015 11.0 MB 10.0.10125.31214
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 5/29/2016 38.2 MB 6.0.1.7544
Sports Microsoft Corporation 7/1/2016  4.11.156.0
STAR WARS™ Battlefront™ Electronic Arts 5/29/2016 38.2 GB 1.0.5.13082
Store Microsoft Corporation 5/1/2016  11602.1.26.0
Sway Microsoft Corporation 6/16/2016  17.7070.45221.0
The Weather Channel The Weather Channel. 6/16/2016  2016.614.69.0
Twitter Twitter Inc. 7/1/2016  5.1.3.0
Voice Recorder Microsoft Corporation 6/16/2016  10.1605.1471.0
Weather Microsoft Corporation 7/1/2016  4.11.156.0
WIDCOMM Bluetooth Software Broadcom Corporation 11/28/2015 233 MB 12.0.1.716
Xbox Microsoft Corporation 6/19/2016  15.18.14017.0
 



#12 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:28 AM

Posted 02 July 2016 - 02:45 PM

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

Yes HKCU:RunOnce Uninstall C:\Users\iorn man2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\iorn man2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\iorn man2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\iorn man2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"

Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
Yes Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes Task SystemToolsDailyTest  "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently

 

Delete....Yes Task UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337  C:\Windows\TEMP\DeleteFolderTask.exe

Use CCleaner by clicking on the item and choosing Delete on the right.

 

Uninstall these programs:

Candy Crush Soda Saga king.com 6/25/2016  1.68.500.0

Dell Customer Connect Dell Inc. 12/25/2015 9.76 MB 1.3.28.0

Dell SupportAssist Dell 5/29/2016 108 MB 1.1.6664.10

ESET Online Scanner v3  7/1/2016

Java 8 Update 66 Oracle Corporation 1/2/2016 177 MB 8.0.660.18

McAfee LiveSafe McAfee, Inc. 7/1/2016 181 MB 14.0.9029 (Uninstall...Unless you actually use it)

McAfee WebAdvisor McAfee, Inc. 6/7/2016 34.7 MB 4.0.189

 

Did you intentionally install Chromium or did you think you were installing Google Chrome? If you wanted Google Chrome

you should do a clean uninstall of Chromium and install Chrome. Clean uninstall means you would be deleting your profile

which includes passwords and bookmarks. The reason I mention this is because often Chromium is installed by adware purveyors. 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 cbcac

cbcac
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 09 July 2016 - 02:27 PM

Ok sorry I got busy and this project dropped off my radar.  I have some questions. I am so thankful for your help and expertise and I am not trying to argue just not sure of some reasons for removals. 

 

He uses dropbox to back up his photos he takes on the computer.  Will it still work if I disable it?

He uses iTunes so same above question?

I don't know what ShadowPlay Microsoft and Microsoft OneDrive are.  Hum...

 

Candy crush - what if he likes to play it?  Is it causing harm

Dell programs - can you explain why I don't want them?

ESET - isn't it a trusted anti-virus?

Java - If I remove this will some things not play or work when I am online?

McAfee - I am fine with removing

 

I don't know anything about Chromium and I don't think he uses Chrome either.

 

Thanks again and sorry to be a pain and ask questions instead of just doing what you asked.  :(



#14 buddy215

buddy215

  • Moderator
  • 13,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:28 AM

Posted 09 July 2016 - 03:43 PM

The Dropbox items are used to call home for updates....not likely....and only using the free version it is likely adware.

Same for iTunes...updating

 

Shadow Play is used to record game playing....rarely used and can easily be manually turned on.

 

Candy Crush is bundled with other downloads and is adware...I doubt it was intentionally installed by the user.

 

The Dell programs have been used by malware and can be easily installed if the user requires remote assistance from Dell.

 

Only the Online version of Eset is being uninstalled....the online on demand scanner

 

Old Java is a malware magnet.....I doubt the user needs it but if a website uses a Java applet it will let the user know and it can be easily installed at that point.

Most Users don't need Java.

 

Be sure to uninstall Chromium and McAfee Site Advisor....useless.

 

The Startup and Tasks entries can easily be REenabled for any reason using CCleaner.

 

A lot of Adware was removed....is there a significant improvement in performance or does more need to be done....?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 cbcac

cbcac
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 09 July 2016 - 04:01 PM

Ok thanks.  I will do all of that as soon as he is not using it.  Yes, it is much better thanks!  My problem now is this. 

 

I don't have a proper anti-virus on this laptop as I am sure you can see.  I use ESET on our family desktop and the easy answer is to renew it (it expired on the desktop reciently) and add this laptop so I have it on both pcs.  I need a good anti-virus that doesn't bog down a system or get in the way too much asking the user a lot of questions.  I love ESET for this it worked well and fit that list well.  My problem is that now also need parental controls.  I do not know if I need a combo software that does both or two stand alone software packages.  I want them both to work well, not bug the user too much, and not bog down the system.  Any ideas for me or any idea where to post to find that answer?

 

Thanks for all of your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users