Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Advise


  • This topic is locked This topic is locked
57 replies to this topic

#1 ted45

ted45

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 21 September 2016 - 04:54 PM

Hi,This is my first post so I hope I'm in the right place.
 
I have many issues with my laptop. Running very slow, freezing, buffering and unable to use System Restore successfully.
 
I have scanned with MBAM free and my AV Avast and found nothing.
 
I am not very 'techy' but I can follow instructions and I await your advice.
 
Thanks,

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:11:04 AM

Posted 22 September 2016 - 01:16 AM

Hello! My name is The Codesee, nice to meet you  :)

 

Please follow the steps below:

 

:step1: Please download MiniToolBox to your desktop
 

1. Double click MiniToolBox

2. Select the items below and press go

3. Post the log in your next reply

  • List Installed Programs
  • List Restore Points
  • List last 10 Event Viewer log
  • Flush DNS
:step2: Please download Security Check to your desktop
 

1. Double click SecurityCheck and follow the on-screen instructions.

2. A log should open called checkup.txt.

3. Post the log in your next reply

 

:step3: Please download TFC (Temp File Cleaner) to your desktop

 

1. Close all open applications

2. Double click TFC

3. Click the start button and the program will run

4. When done, press OK to restart your computer

 

Logs I expect in your next reply:

  1. MiniToolBox Log
  2. Security Check Log

Edited by The_Codesee, 22 September 2016 - 01:17 AM.


#3 ted45

ted45
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 22 September 2016 - 03:05 AM

Thanks for your speedy response, Codesee. Please find the logs as required:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by TEDISTED (administrator) on 22-09-2016 at 08:02:44
Running from "C:\Users\TEDISTED\Desktop\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Model: Satellite Pro L300D Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/22/2016 07:29:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\C\83> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/22/2016 07:29:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\C\83> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/22/2016 07:28:57 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\1\8A> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/22/2016 07:28:57 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\1\8A> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/22/2016 07:28:51 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\C\44> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/22/2016 07:28:51 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\C\44> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/22/2016 07:28:45 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\0\0C> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/22/2016 07:28:45 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\0\0C> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/22/2016 07:28:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\B\06> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/22/2016 07:28:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TEDISTED\APPDATA\LOCAL\MOONCHILD PRODUCTIONS\PALE MOON\PROFILES\7YLEPXZC.DEFAULT-1456868378918\CACHE\B\06> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (09/21/2016 10:21:42 PM) (Source: Service Control Manager) (User: )
Description: VBoxAsw Support Driver%%3 = The system cannot find the path specified.


Error: (09/21/2016 09:57:19 PM) (Source: Service Control Manager) (User: )
Description: VBoxAsw Support Driver%%3 = The system cannot find the path specified.


Error: (09/21/2016 09:13:06 PM) (Source: Service Control Manager) (User: )
Description: VBoxAsw Support Driver%%3 = The system cannot find the path specified.


Error: (09/21/2016 09:13:06 PM) (Source: Service Control Manager) (User: )
Description: Avast Antivirus%%3 = The system cannot find the path specified.


Error: (09/21/2016 09:04:09 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (09/21/2016 08:59:44 PM) (Source: Service Control Manager) (User: )
Description: VBoxAsw Support Driver%%3 = The system cannot find the path specified.


Error: (09/21/2016 08:59:44 PM) (Source: Service Control Manager) (User: )
Description: Avast Antivirus%%3 = The system cannot find the path specified.


Error: (09/21/2016 08:47:56 PM) (Source: Service Control Manager) (User: )
Description: VBoxAsw Support Driver%%3 = The system cannot find the path specified.


Error: (09/21/2016 08:47:56 PM) (Source: Service Control Manager) (User: )
Description: Avast Antivirus%%3 = The system cannot find the path specified.


Error: (09/21/2016 08:18:28 PM) (Source: Service Control Manager) (User: )
Description: VBoxAsw Support Driver%%3 = The system cannot find the path specified.



Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2016-09-19 18:01:58.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:01:57.181
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:01:55.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:01:53.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:01:52.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:01:50.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:01:49.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:01:47.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:01:45.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:01:44.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adblock Plus for IE (32-bit) (HKLM\...\{E93152F1-E3AE-4B2A-9BAC-F770203F67E5}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824166751}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
ATI Catalyst Install Manager (HKLM\...\{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Catalyst Control Center - Branding (HKLM\...\{69E5255D-9D43-4CFF-8984-843ABD7753B7}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (HKLM\...\{07C9627A-CA0B-2AA2-062E-204359DF7BA1}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (HKLM\...\{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Full New (HKLM\...\{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Light (HKLM\...\{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (HKLM\...\{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (HKLM\...\{86DBA852-5D5E-1856-D828-620E792EDC0D}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (HKLM\...\{71B929E2-3556-93DB-DEC0-FD56D3EFB473}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Czech (HKLM\...\{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Danish (HKLM\...\{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Dutch (HKLM\...\{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Finnish (HKLM\...\{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization French (HKLM\...\{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization German (HKLM\...\{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Greek (HKLM\...\{2920435D-CE92-5024-1694-DFD43A5FF074}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Hungarian (HKLM\...\{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Italian (HKLM\...\{27265B80-303E-EFFF-6052-B11F91B634C3}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Japanese (HKLM\...\{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Korean (HKLM\...\{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Norwegian (HKLM\...\{55398A75-13E0-570F-BD16-2EE5D9E5523D}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Polish (HKLM\...\{65BF23C0-4EF9-27CC-7B6F-190F4008A569}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Portuguese (HKLM\...\{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Russian (HKLM\...\{358004B9-3A16-87FF-4487-4D6F0C70E52F}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Spanish (HKLM\...\{71C47830-182D-79FA-0790-0366E6E2C2EB}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Swedish (HKLM\...\{86728841-C151-B8E4-43C6-DD289DE570B6}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Thai (HKLM\...\{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Catalyst Control Center Localization Turkish (HKLM\...\{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}) (Version: 2008.0422.2139.36895 - ATI) Hidden
CCC Help Chinese Standard (HKLM\...\{629044C7-745A-64B8-467F-2F93ED50008B}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Chinese Traditional (HKLM\...\{5F131988-3326-AD64-1817-D76A2FE3C2D3}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Czech (HKLM\...\{38A3E884-313A-7AE0-11BC-482DE0C8766A}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Danish (HKLM\...\{70495081-1DC8-AD4B-C197-12138B8FBC9E}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Dutch (HKLM\...\{BC713970-8C3C-852B-4139-636F21114B7F}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help English (HKLM\...\{61C63422-E5E2-8576-2B82-0E01F5AD2538}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Finnish (HKLM\...\{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help French (HKLM\...\{AC2EE52D-05CD-8140-5D29-5AA29590971E}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help German (HKLM\...\{65D602E4-DCDE-0743-6A0A-F1A203449F47}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Greek (HKLM\...\{FA493449-3E34-4E05-8CA7-26A42E9F180E}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Hungarian (HKLM\...\{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Italian (HKLM\...\{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Japanese (HKLM\...\{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Korean (HKLM\...\{77CAD946-C573-6647-B222-B6870C072932}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Norwegian (HKLM\...\{6B4874CA-13CF-2477-B697-B448201B56B6}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Polish (HKLM\...\{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Portuguese (HKLM\...\{A103C127-2168-4493-8D01-4BF180BED12C}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Russian (HKLM\...\{F67E6AE5-F87B-025F-2D6B-26491304393F}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Spanish (HKLM\...\{F0646787-1A2F-34E9-A61D-9DAD69F606F8}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Swedish (HKLM\...\{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Thai (HKLM\...\{0EFB2016-41D2-5F30-8F60-25250F6DABDD}) (Version: 2008.0422.2138.36895 - ATI) Hidden
CCC Help Turkish (HKLM\...\{93F3EBDD-4007-C233-7320-977AC0941054}) (Version: 2008.0422.2138.36895 - ATI) Hidden
ccc-core-static (HKLM\...\{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}) (Version: 2008.0422.2139.36895 - ATI) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Heimdal (HKLM\...\Heimdal) (Version: 1.10.6.0 - CSIS Security Group)
herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Pale Moon 26.4.1 (x86 en-US) (HKLM\...\Pale Moon 26.4.1 (x86 en-US)) (Version: 26.4.1 - Moonchild Productions)
PASSAGE 3 (English version) (HKLM\...\P3E) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skins (HKLM\...\{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}) (Version: 2008.0422.2139.36895 - ATI) Hidden
Skype™ 7.27 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TRORDCLauncher (HKLM\...\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA) Hidden
Unchecky v1.0.1 (HKLM\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
========================= Restore Points ==================================

16-09-2016 19:56:07 Restore Operation
19-09-2016 14:18:19 Removed Visual Studio 2012 x86 Redistributables
19-09-2016 15:36:18 Removed Smart Switch
19-09-2016 18:25:32 Revo Uninstaller's restore point - Avast Free Antivirus
21-09-2016 17:39:45 Revo Uninstaller's restore point - Adobe Flash Player 23 ActiveX
21-09-2016 17:44:51 Revo Uninstaller's restore point - CCleaner
21-09-2016 17:47:50 Revo Uninstaller's restore point - SUPERAntiSpyware
21-09-2016 17:50:43 Revo Uninstaller's restore point - Smart Switch
21-09-2016 17:55:29 Removed Smart Switch
21-09-2016 18:22:57 Installed Adobe Flash Player 18 NPAPI.
21-09-2016 18:31:58 Installed Adobe Flash Player 18 NPAPI.
21-09-2016 18:33:52 Installed Adobe Flash Player 18 NPAPI.
21-09-2016 19:05:31 Restore Operation
21-09-2016 19:36:10 Restore Operation
21-09-2016 19:49:21 Restore Operation
21-09-2016 20:01:37 Restore Operation
21-09-2016 21:08:59 Restore Operation

**** End of log **** Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avast Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.5    
 SUPERAntiSpyware     
 Adobe Flash Player     23.0.0.162  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

i am posting these logs before I have run TFC in case I am unable to log on following the re-boot.

 

Thanks for your help.
 

 



#4 ted45

ted45
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 22 September 2016 - 04:52 AM

Codesee, please do not take offence but are you qualified to help me? I have just checked your profile and you seem to be just another poster.



#5 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:11:04 AM

Posted 22 September 2016 - 10:47 AM

Codesee, please do not take offence but are you qualified to help me? I have just checked your profile and you seem to be just another poster.

 

I like people who ask questions like this as it's always good to be sure. I am new to Bleeping Computer but I have had experience helping others with malware issues on other forums. I don't think many people who respond in this subforum have a "qualification" in helping resolve malware issues as we are all here voluntarily to help resolve people's computer problems  You are welcome to use my help if you want :)

 

You may also refer here: Instructions for posting advice in Am I Infected Forum.

 

I will review the logs you posted now


Edited by The_Codesee, 22 September 2016 - 10:48 AM.


#6 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:11:04 AM

Posted 22 September 2016 - 11:04 AM

Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

 

I recommend you run Windows Disk Defragenter: https://support.microsoft.com/en-gb/help/17126/windows-7-improve-performance-defragmenting-hard-disk

 

Note: If you already have Malwarebytes Anti-Malware installed, skip downloading the file & step 1.

 

:step1: Please download Malwarebytes Anti-Malware to your desktop

1. Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.


2. On the dashboard, click update now.


3. After that, click scan now - the scan will now begin.


4. When the scan's completed, select apply actions - make sure the action is quarantine.


5. Restart your computer.

 
How to get the log:

1. On the Malwarebytes Anti-Malware dashboard, select the history tab and click application logs.


2. Select the log which has the time and date of when you did the scan.


3. Click copy to clipboard and paste it into your reply.


:step2: Please download AdwCleaner to your desktop

1. Double click adwcleaner_x.xxx.exe.


2. If prompted, click I agree.


3. Click scan. When it's finished, select clean.


4. Allow AdwCleaner to restart your computer.


5. Once your computer's restarted, a log should appear.


6. Please post this in your next reply.

 
:step3: Please download Junkware Removal Tool to your desktop

1. Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)


2. Press any key and the scan will begin.


3. At the end, a log will open. Please post this in your next reply.

 

Logs I expect in your next reply:

  1. Malwarebytes Log

  2. AdwCleaner Log

  3. Junkware Removal Tool (JRT) Log


Edited by The_Codesee, 22 September 2016 - 11:07 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:04 AM

Posted 22 September 2016 - 01:50 PM

Hi ted, also if it helps you I am watching the topic. I follow along especially with new folks.. It's a way to find out who we can trust.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:11:04 AM

Posted 22 September 2016 - 01:58 PM

Hi ted, also if it helps you I am watching the topic. I follow along especially with new folks.. It's a way to find out who we can trust.

 

Thank you, this is good to hear. Please also point out any mistakes in my advice as I am new :)



#9 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:04 PM

Posted 23 September 2016 - 02:58 AM

Hello ted45 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan
 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 ted45

ted45
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 23 September 2016 - 03:09 AM

Hi The Codesee, I appreciate that all of the helpers must start somewhere but what concerns me is that you, yourself, posted in asking for advice, You can see how this would not instil a great deal of confidence in me? On this occasion I will follow the advice of Satchfan. Good luck for the future  :thumbup2:


Edited by ted45, 23 September 2016 - 03:10 AM.


#11 ted45

ted45
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 23 September 2016 - 04:01 AM

Hi, Satchfan and thanks for helping me.

 

I have already hit a snag .I ran AdwCleaner and it found 9 threats but stuck on Clean up by 'not responding'. I will try again unless I hear from you.



#12 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:04 PM

Posted 23 September 2016 - 05:40 AM

Let’s see what was found. Please post the AdwCleaner scan log which should be located at C:\AdwCleaner[RO].txt

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 ted45

ted45
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 23 September 2016 - 06:28 AM

Hi Satchfan.

 

I had the log from AdwCleaner  then I went out while JRT was running. When I returned, JRT and the log had both disappeared. Not having much luck so far. Will start again and post each log as I receive them.



#14 ted45

ted45
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 23 September 2016 - 07:13 AM

Satchfan,things are not going well. I have located the original text but I am unable to post it as copy/paste. Is there another method to post it?



#15 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:04 PM

Posted 23 September 2016 - 07:18 AM

Satchfan,things are not going well.

Don't worry, this is only a minor glitch.

 

When you have highlighted all the text, copy it, (Ctrl+C), then click in the reply box below and press Ctrl+V.

 

If that doesn't work let me know.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users