Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I'm infected.


  • Please log in to reply
20 replies to this topic

#1 ed-e-dee

ed-e-dee

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:10:47 PM

Posted 12 February 2017 - 06:42 AM

Hi Guy's

 

My computer has becoming very slow in the last couple of weeks and has trouble opening pages and sites, 

If I'm in Ebay it takes forever to open up a segment, I'm back here for your help.

 

thank you

Eddie.


Eddee

BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:47 AM

Posted 12 February 2017 - 07:06 AM

Eddie:
 
:welcome: to the Bleeping Computer Am I infected? What do I do? Forum.  I am sorry to hear that you are having issues with your computer.  My name is Phil and I will help you with your issues.  Let's run some preliminary scans and see what shows up.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

Thank you and have a great day.

Regards,
Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:10:47 PM

Posted 13 February 2017 - 07:42 AM

Hi Phil,   Thanks for giving me your time.

Malwarebytes was clear.

Eset found something.

 

 


Eddee

#4 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:10:47 PM

Posted 13 February 2017 - 07:52 AM

C:\Users\admin\Downloads\boost-speed-setup (1).exe	a variant of Win32/Auslogics.C potentially unwanted application	cleaned by deleting
C:\Users\admin\Downloads\boost-speed-setup.exe	a variant of Win32/Auslogics.C potentially unwanted application	cleaned by deleting
C:\Users\admin\Downloads\ccsetup518.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting
C:\Users\admin\Downloads\ccsetup521.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting
C:\Users\admin\Downloads\ccsetup522 (1).exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting
C:\Users\admin\Downloads\ccsetup522.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting
C:\Users\admin\Downloads\ccsetup524 (1).exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting
C:\Users\admin\Downloads\ccsetup524.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting
C:\Users\admin\Downloads\ccsetup525.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting
C:\Users\admin\Downloads\ccsetup526.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	cleaned by deleting
C:\Users\admin\Downloads\Tina Demetri.doc	VBA/TrojanDownloader.Agent.BVW trojan	cleaned

Eddee

#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:47 AM

Posted 13 February 2017 - 01:26 PM

Eddie:

Thanks for your post and the ESET scanner results.

 

In the future, you also might want to download your CCleaner updates directly from the Piriform website.  Wherever you are downloading those updates from, the CCleaner updates are being bundled with a toolbar.

 

Let's do a couple of more scans.

.

:step1: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

.

:step2: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt into your next message.

.

:step3: Please reboot your computer and let me know how it is working now. If there are any issues, please describe them in as much detail as possible.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:10:47 PM

Posted 14 February 2017 - 06:26 AM

Hi Phil.

# AdwCleaner v6.043 - Logfile created 14/02/2017 at 22:13:35
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : admin - COMPUTER
# Running from : C:\Users\admin\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found:  C:\quardata

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pdfconverterhq.dl.myway.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nicerdays.org
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nicerdays.org
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.conduit.com
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - qvo6
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - babylon.com
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - findwide
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - industriya
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - conduit.search
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - yahoo.com search
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://search.conduit.com/?gd=&ctid=CT3319611&octid=EB_ORIGINAL_CTID&ISID=MAD58EA0C-FF47-40DE-A7DF-C72503227F5B&Searc
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://search.conduit.com/?gd=&ctid=CT3319611&octid=EB_ORIGINAL_CTID&ISID=MAD58EA0C-FF47-40DE-A7DF-C72503227F5B&Searc
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - mallpejgeafdahhflmliiahjdpgbegpk
Chrome pref Found:  [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://search.conduit.com/?gd=&ctid=CT3319611&octid=EB_ORIGINAL_CTID&ISID=MAD58EA0C-FF47-40DE-A7DF-C72503227F5B&Sear

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5605 Bytes] - [06/02/2016 17:01:27]
C:\AdwCleaner\AdwCleaner[C2].txt - [3320 Bytes] - [06/02/2016 17:59:38]
C:\AdwCleaner\AdwCleaner[C3].txt - [3030 Bytes] - [18/06/2016 22:24:25]
C:\AdwCleaner\AdwCleaner[C4].txt - [3266 Bytes] - [27/10/2016 17:52:54]
C:\AdwCleaner\AdwCleaner[C5].txt - [4853 Bytes] - [15/01/2017 14:37:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [4283 Bytes] - [06/02/2016 17:00:42]
C:\AdwCleaner\AdwCleaner[S2].txt - [3078 Bytes] - [06/02/2016 17:58:50]
C:\AdwCleaner\AdwCleaner[S3].txt - [2808 Bytes] - [18/06/2016 22:23:44]
C:\AdwCleaner\AdwCleaner[S4].txt - [3198 Bytes] - [27/10/2016 17:52:39]
C:\AdwCleaner\AdwCleaner[S5].txt - [4546 Bytes] - [15/01/2017 14:36:38]
C:\AdwCleaner\AdwCleaner[S6].txt - [1956 Bytes] - [15/01/2017 14:39:43]
C:\AdwCleaner\AdwCleaner[S7].txt - [3970 Bytes] - [14/02/2017 22:13:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [4043 Bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by admin (Administrator) on Tue 14/02/2017 at 22:17:27.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 25

Successfully deleted: C:\Users\admin\AppData\Local\nico mak computing (Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJU5CKG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OJCK737 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1XBQ91 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BW2JX9R7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYDO14GD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHSBV1Y5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N8DQNAV3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONXTWJ0X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PK2FCKUX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA8ECJ92 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD8EZKZS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUBMASW8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJU5CKG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OJCK737 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L1XBQ91 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BW2JX9R7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYDO14GD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHSBV1Y5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N8DQNAV3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONXTWJ0X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PK2FCKUX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA8ECJ92 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD8EZKZS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUBMASW8 (Temporary Internet Files Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 14/02/2017 at 22:18:41.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you.


Eddee

#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:47 AM

Posted 14 February 2017 - 06:42 AM

Eddie:

 

Thank you for your logs.  If you see something in the AdwCleaner logs that you want to keep, please uncheck that item or items, and then run AdwCleaner again in "Clean" mode.  This will remove those items that it has detected.

 

Please then reboot your computer to complete the cleaning, and report back with any issues you might be still experiencing.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:10:47 PM

Posted 14 February 2017 - 08:04 PM

Hi Phil.

Still slow to open up pages but in saying that not all . I had to type some emails today and the files were very slow to attach ,,Gumtree site useless .

So I guess it's a little better but far from good,

 

Thanks  Phil


Eddee

#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:47 AM

Posted 15 February 2017 - 01:18 PM

Eddie:

 

Thank you for your post.  Did you run AdwCleaner in "Clean" mode as I requested?  I would like to examine the "Clean" log.  Would you copy and paste it into your next reply, please?

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:10:47 PM

Posted 16 February 2017 - 02:16 AM

# AdwCleaner v6.043 - Logfile created 16/02/2017 at 17:11:41
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : admin - COMPUTER
# Running from : C:\Users\admin\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

 

***** [ Web browsers ] *****

[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.conduit.com
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: qvo6
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: babylon.com
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: findwide
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: industriya
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: conduit.search
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: yahoo.com search
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://search.conduit.com/?gd=&ctid=CT3319611&octid=EB_ORIGINAL_CTID&ISID=MAD58EA0C-FF47-40DE-A7DF-C72503227F5B&SearchSource=55&CUI=&UM=5&UP=SP1CA8FB5B-BB6B-4591-9A01-C13DAEA58AE9&SSPV=
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://search.conduit.com/?gd=&ctid=CT3319611&octid=EB_ORIGINAL_CTID&ISID=MAD58EA0C-FF47-40DE-A7DF-C72503227F5B&SearchSource=55&CUI=&UM=5&UP=SP1CA8FB5B-BB6B-4591-9A01-C13DAEA58AE9&SSPV=
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk
[-] [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://search.conduit.com/?gd=&ctid=CT3319611&octid=EB_ORIGINAL_CTID&ISID=MAD58EA0C-FF47-40DE-A7DF-C72503227F5B&SearchSource=55&CUI=&UM=5&UP=SP1CA8FB5B-BB6B-4591-9A01-C13DAEA58AE9&SSPV=

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5605 Bytes] - [06/02/2016 17:01:27]
C:\AdwCleaner\AdwCleaner[C2].txt - [3320 Bytes] - [06/02/2016 17:59:38]
C:\AdwCleaner\AdwCleaner[C3].txt - [3030 Bytes] - [18/06/2016 22:24:25]
C:\AdwCleaner\AdwCleaner[C4].txt - [3266 Bytes] - [27/10/2016 17:52:54]
C:\AdwCleaner\AdwCleaner[C5].txt - [4853 Bytes] - [15/01/2017 14:37:00]
C:\AdwCleaner\AdwCleaner[C6].txt - [4438 Bytes] - [14/02/2017 23:13:53]
C:\AdwCleaner\AdwCleaner[C7].txt - [3096 Bytes] - [16/02/2017 17:11:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [4283 Bytes] - [06/02/2016 17:00:42]
C:\AdwCleaner\AdwCleaner[S2].txt - [3078 Bytes] - [06/02/2016 17:58:50]
C:\AdwCleaner\AdwCleaner[S3].txt - [2808 Bytes] - [18/06/2016 22:23:44]
C:\AdwCleaner\AdwCleaner[S4].txt - [3198 Bytes] - [27/10/2016 17:52:39]
C:\AdwCleaner\AdwCleaner[S5].txt - [4546 Bytes] - [15/01/2017 14:36:38]
C:\AdwCleaner\AdwCleaner[S6].txt - [1956 Bytes] - [15/01/2017 14:39:43]
C:\AdwCleaner\AdwCleaner[S7].txt - [4134 Bytes] - [14/02/2017 22:13:35]
C:\AdwCleaner\AdwCleaner[S8].txt - [4206 Bytes] - [14/02/2017 23:13:12]
C:\AdwCleaner\AdwCleaner[S9].txt - [3781 Bytes] - [16/02/2017 16:29:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [3826 Bytes] ##########

 

 

Nothing on here.

I'm still getting very slow when getting to another page or photo,,,,, In Ebay It's veery slow to change over.


Eddee

#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:47 AM

Posted 16 February 2017 - 06:04 AM

Eddie:
 
Thank you for your post.  The scans did not find much in the way of malware, so let's take a look at your computer itself.
 
.
 
:step1: Please download the free version of the Piriform Speccy program by clicking on this link.

  • Navigate to your Downloads folder and install Speccy.
  • Next, launch Speccy and wait for it to populate with your computer system information.
  • Once it has completed its scan, please go to the "File" menu, at the top left, and select "Publish Snapshot...".
  • When the publishing has completed, you will be provided with a unique URL; please select the option "Copy to Clipboard".
  • Exit Speccy.
  • Open Notepad and use Ctrl-V to paste the Speccy URL into a .txt file, with a name of your choosing, in case it is needed again.
  • Please paste the Speccy URL into your next reply so that I can view the details of your computer system. No personal information is included.

.

:step2: We need to check your hard disk for errors.

To determine if your C: drive is an SSD or conventional hard drive for Windows 8/8.1. or 10, please press the Windows logo key and search for "optimize" in the Windows Start menu. Select: Defragment and optimize your drives. See this link for more information.
For Windows 7 and earlier, please the Windows logo key + R together, then type control and press the <Enter> key. Click on "System and Security" and then click on "Device Manager". Next, click on "Disk Drives" to open up a list of disk drives on your computer. If it is an SSD drive, it should say so in the description; but if you are not sure, "Google" the model number of the drive that you want to run chkdsk on.

It is important not to run chkdsk /r on an SSD as it will lead to excessive wear and shorten the life of an SSD. For SSD drives, use the chkdsk /f command.

  • Please open an Elevated Command Prompt. To do this:
  • Press the Windows "Start" button.
  • Type "cmd.exe" into the "Search" box.
  • At the top of the list that generates, you should see "cmd.exe".
  • Right click "cmd.exe" and select "Run as Administrator".
  • Type the following command exactly: chkdsk /r unless you have an SSD hard drive, in which case, type chkdsk /f.
  • Please note that there is a space between "chkdsk" and "/r" or "/f".
  • You will get a message that the volume is locked and do you want to reboot.
  • Click on "Yes" to permit the computer to reboot.
  • When the computer reboots, do not press any keys. Let the chkdsk run, which will take several hours.
  • The computer will reboot automatically when the "chkdsk" has finished.

Please follow the instructions here to find the results of the "chkdsk" scan.

Please copy and paste those results into your next reply.

You should run this command when you will not need your computer. The chkdsk scan can take five to ten hours, or more, depending on whether the hard drive is SSD or conventional, and the size and amount of data on the drive.

.

:step3: Please run an System File Checker (SFC) scan to assess the integrity of the Windows 7 file system.

  • Click on the "Start" button.
  • In the "search" box at the bottom, type cmd.
  • Look for Cmd.exe to appear at the top of the menu.
  • Right-click on cmd.exe and choose Run As Administrator.
  • Type sfc /scannow. Ensure that there is a space between "sfc" and "/scannow"
  • The scan will start and may take from 20 minutes to an hour to run.
  • Please report the results from the System File Checker in your next post. Does it report "No Resource Integrity Violations Found", "Errors Repaired", or "Unable to Repair", or words to that effect?

If SFC reports uncorrectable errors, please immediately navigate to the folder: C:\Windows\Logs\CBS, locate the file "CBS.log, and copy, not move it, to your Desktop. That file is "volatile", so we need to ensure that it is not overwritten with new results.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:47 AM

Posted 19 February 2017 - 07:14 AM

Eddie:
 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#13 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:10:47 PM

Posted 24 February 2017 - 04:44 AM

http://speccy.piriform.com/results/KRdZENAN3aT3tgI3BF4BzLm


Eddee

#14 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:10:47 PM

Posted 24 February 2017 - 04:47 AM

So sorry , had a few problems to sort out was not able to get back to you. I will get back to you with the rest of the test, 24 hours. ok.


Eddee

#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:47 AM

Posted 24 February 2017 - 01:27 PM

Eddie:

 

Thank you for the update and for the Speccy report.  It does show that your computer would not be considered a "speed demon", so that might be one reasons that things are slowing down.  As more and more "stuff" accumulates on computers as they are used, they do tend to lose some of their previous performance.  Some folks routinely reinstall their Windows and all of their programs and data every year or two, just for that reason.

 

I will await the results of the other tests with interest.  Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users