1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

    Dismiss Notice

Solved Slow Computer

Discussion in 'Virus, Spyware and Malware Removal Help' started by brewster393, May 20, 2015.

  1. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    I must first apologise if any mistakes creep in but it has taken me 20 minutes to get this far, my computer has slowed down so much that it (firefox) keeps crashing - I sometimes have to type words twice, also the Adobe flash plug-in keeps crashing.
    P.S. Firefox has crashed twice while I've been typing this.

    PLEASE HELP!!!

    P.P.S. Three Times!!!
     
  2. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    O.K. the similar thread 'slow machine and slow internet issues', is probably of interest to (firefox crashed) me - but I am unable to get into it because (firefox crashed) I "do not have permission to view this page or perform this action" (firefox crashed) can anyone please help!
     
  3. Highlander

    Highlander The Immortal iHF Master Craftsman Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    1,009
    Likes Received:
    483
    Trophy Points:
    93
    Here is a starting point.
    Open the Computer icon on your Desktop.
    Right click on the C drive
    Click on Properties
    Click on the Tools tab
    Click on Check now button
    Insure both options are selected, then click on the Start button
    Let the program run. It may take some time to finish.
    When the program is completed, reboot.

    Let us know how the computer runs now.
     
  4. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Download and run wipe and system ninja,



    https://privacyroot.com/software/www/en/wipe.php

    https://singularlabs.com/software/system-ninja/



    Then.....



    Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

    https://www.piriform.com/ccleaner/download
    [​IMG]

    Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

    [​IMG]

    Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

    To do this:

    • Hit options.
    • Settings.
    • Place a tick to run Ccleaner when the computer starts.


    [​IMG]

    Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

    [​IMG]



    Reboot your machine and then follow the instructions below.



    Step 1: eScanAV.



    Disable your antivirus prior to this scan.

    http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/

    Download the eScanAV Anti-Virus Toolkit (MWAV)
    http://www.escanav.com/english/cont...ter.asp?pcode=MWAV&src=english_dwn&type=alter



    Source

    http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
    Save the file to your desktop.
    Right click run as administrator.
    A new icon will appear on your desktop.
    Right click run as administrator on new icon.
    Click on the update tab.
    [​IMG]
    Once you have updated the program, make sure the settings are the same as the picture below.
    [​IMG]
    Once you have made sure the settings match the picture, hit the Scan & Clean button.
    Upon scan completion, click View Log.
    [​IMG]
    Copy and paste entire log into your next reply.
    Note: Reboot if needed to remove infections.



    Step 2: Zemana



    Run a full scan with Zemana antimalware.

    http://www.zemana.us/product/zemana-antimalware/default.aspx

    Install and select deep scan.

    [​IMG]

    Remove any infections found.

    Then click on the icon in the pic below.

    [​IMG]

    Double click on the scan log, copy and paste here in your reply.





    Step 3: Junkware Removal Tool.

    Please download Junkware Removal Tool and save it on your desktop.

    Source

    http://thisisudax.org/

    • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log is saved to your desktop and will automatically open.
    • Please post the JRT log.

    Step 4: Adware Cleaner.

    Please download AdwCleaner by Xplode onto your desktop.


    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
     
  5. DCiAdmin

    DCiAdmin Always room to learn a bit more Administrator iHF Legend WCG Team Member

    Joined:
    May 2, 2014
    Messages:
    1,618
    Likes Received:
    869
    Trophy Points:
    123
    Last edited: May 22, 2015
    Malnutrition and Cameldung like this.
  6. Cameldung

    Cameldung I Like It Here iHF Veteran Advisor WCG Team Member

    Joined:
    May 17, 2014
    Messages:
    5,381
    Likes Received:
    2,231
    Trophy Points:
    323
    I don't know how to make multiple likes to your post, but I'd like to.:)
     
    Malnutrition and DCiAdmin like this.
  7. driver_ian

    driver_ian In at the Deep End... Administrator iHF Legend Security Advisor

    Joined:
    May 2, 2014
    Messages:
    2,387
    Likes Received:
    523
    Trophy Points:
    123
    Brewster has had an issue uploading his logs so has asked I do it on his behalf..

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.7.6 (05.21.2015:1)
    OS: Windows 7 Ultimate x86
    Ran by Brewster on 22/05/2015 at 12:27:36.76
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] swdumon
    Successfully deleted: [Service] swdumon



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Browse Pax
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Reverse Page
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Reverse Page



    ~~~ Files

    Successfully deleted: [File] C:\Windows\System32\drivers\swdumon.sys
    Successfully deleted: [File] C:\Users\Brewster\appdata\local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage



    ~~~ Folders

    Successfully deleted: [Folder] C:\Users\Brewster\local settings\application data\slimware utilities inc





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 22/05/2015 at 12:33:27.69
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    # AdwCleaner v4.205 - Logfile created 22/05/2015 at 13:04:20
    # Updated 21/05/2015 by Xplode
    # Database : 2015-05-21.2 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x86)
    # Username : Brewster - BREWSTER-PUTER
    # Running from : C:\Users\Brewster\Downloads\adwcleaner_4.205.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Classes\PepperZip
    Key Deleted : HKLM\SOFTWARE\af749221-c2ca-ea4b-23ea-67343ad32922

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17801


    -\\ Mozilla Firefox v38.0.1 (x86 en-US)


    -\\ Google Chrome v41.0.2272.118


    *************************

    AdwCleaner[R1].txt - [13676 bytes] - [04/03/2015 15:59:32]
    AdwCleaner[R2].txt - [912 bytes] - [14/03/2015 14:27:38]
    AdwCleaner[R3].txt - [970 bytes] - [14/03/2015 15:02:07]
    AdwCleaner[R4].txt - [1282 bytes] - [22/05/2015 12:59:25]
    AdwCleaner[S1].txt - [14413 bytes] - [04/03/2015 16:10:08]
    AdwCleaner[S2].txt - [1035 bytes] - [14/03/2015 15:12:54]
    AdwCleaner[S3].txt - [1213 bytes] - [22/05/2015 13:04:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1272 bytes] ##########

    21 May 2015 16:53:42 [0ad8] - **********************************************************
    21 May 2015 16:53:42 [0ad8] - MWAV - eScanAV AntiVirus Toolkit.
    21 May 2015 16:53:42 [0ad8] - Copyright © MicroWorld Technologies
    21 May 2015 16:53:42 [0ad8] - **********************************************************
    21 May 2015 16:53:42 [0ad8] - Source: C:\Users\Brewster\Downloads\mwav.exe
    21 May 2015 16:53:42 [0ad8] - Version 14.0.178 (C:\USERS\BREWSTER\APPDATA\LOCAL\TEMP\MEXE.COM)
    21 May 2015 16:53:42 [0ad8] - Log File: C:\Users\Brewster\AppData\Local\Temp\MWAV.LOG
    21 May 2015 16:53:42 [0ad8] - MWAV Registered: TRUE
    21 May 2015 16:53:42 [0ad8] - User Account: Brewster (Administrator Mode)
    21 May 2015 16:53:42 [0ad8] - OS Type: Windows Workstation [InstallType: Client]
    21 May 2015 16:53:42 [0ad8] - OS: Windows 7 [OS Install Date: 05 Apr 2014 18:29:55]
    21 May 2015 16:53:42 [0ad8] - Ver: Professional Service Pack 1 (Build 7601)
    21 May 2015 16:53:42 [0ad8] - System Up Time: 31 Minutes, 4 Seconds


    21 May 2015 16:53:42 [0ad8] - Parent Process Name : C:\Users\Brewster\Downloads\mwav.exe
    21 May 2015 16:53:42 [0ad8] - Windows Root Folder: C:\Windows
    21 May 2015 16:53:42 [0ad8] - Windows Sys32 Folder: C:\Windows\system32
    21 May 2015 16:53:42 [0ad8] - DHCP NameServer: 192.168.1.254 192.168.1.254
    21 May 2015 16:53:42 [0ad8] - Interface0 DHCPNameServer: 192.168.1.254 192.168.1.254
    21 May 2015 16:53:42 [0ad8] - Interface0 NameServer: 208.67.222.222,208.67.220.220
    21 May 2015 16:53:42 [0ad8] - Interface1 DHCPNameServer: 192.168.1.254 192.168.1.254
    21 May 2015 16:53:42 [0ad8] - Local Fixed Drives: c:\,f:\
    21 May 2015 16:53:42 [0ad8] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
    21 May 2015 16:53:42 [0ad8] - [CREATED ZIP FILE: C:\Users\Brewster\AppData\Local\Temp\pinfect.zip]
    21 May 2015 16:53:43 [0ad8] - Latest Date of files inside MWAV: Mon Mar 2 17:13:53 2015.
    21 May 2015 16:53:45 [0ad8] - ** Changed Value of "Path"
    21 May 2015 16:53:46 [0ad8] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Brewster\AppData\Local\Temp\ESCANDB.LOG]
    21 May 2015 16:53:48 [0ad8] - Loaded/Created FileScan Cache Database...
    21 May 2015 16:53:48 [0ad8] - Loading AV Library [DB]...
    21 May 2015 16:54:20 [0ad8] - ArchiveScan: DISABLED
    21 May 2015 16:54:24 [0ad8] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
    21 May 2015 16:54:24 [0ad8] - MWAV doing self scanning...
    21 May 2015 16:54:24 [0ad8] - MWAV files are clean.
    21 May 2015 16:54:34 [0ad8] - ArchiveScan: DISABLED
    21 May 2015 16:54:34 [0ad8] - Virus Database Date: 02 Mar 2015
    21 May 2015 16:54:34 [0ad8] - Virus Database Count: 6701505
    21 May 2015 16:54:34 [0ad8] - Sign Version: 7.59505 [518257]
    21 May 2015 16:55:51 [0ad8] - **********************************************************
    21 May 2015 16:55:51 [0ad8] - MWAV - eScanAV AntiVirus Toolkit.
    21 May 2015 16:55:51 [0ad8] - Copyright © MicroWorld Technologies
    21 May 2015 16:55:51 [0ad8] -
    21 May 2015 16:55:51 [0ad8] - Support: support@escanav.com
    21 May 2015 16:55:51 [0ad8] - Web: http://www.escanav.com
    21 May 2015 16:55:51 [0ad8] - **********************************************************
    21 May 2015 16:55:51 [0ad8] - Version 14.0.178[DB] (C:\USERS\BREWSTER\APPDATA\LOCAL\TEMP\MEXE.COM)
    21 May 2015 16:55:51 [0ad8] - Log File: C:\Users\Brewster\AppData\Local\Temp\MWAV.LOG
    21 May 2015 16:55:51 [0ad8] - User Account: Brewster (Administrator Mode)
    21 May 2015 16:55:51 [0ad8] - Parent Process Name : C:\Users\Brewster\Downloads\mwav.exe
    21 May 2015 16:55:51 [0ad8] - Windows Root Folder: C:\Windows
    21 May 2015 16:55:51 [0ad8] - Windows Sys32 Folder: C:\Windows\system32
    21 May 2015 16:55:51 [0ad8] - OS: Windows 7 [OS Install Date: 05 Apr 2014 18:29:55]
    21 May 2015 16:55:51 [0ad8] - Ver: Professional Service Pack 1 (Build 7601)
    21 May 2015 16:55:51 [0ad8] - Latest Date of files inside MWAV: Mon Mar 2 17:13:53 2015.
    21 May 2015 16:55:51 [0ec4] - Options Selected by User:
    21 May 2015 16:55:51 [0ec4] - Memory Check: Enabled
    21 May 2015 16:55:51 [0ec4] - Registry Check: Enabled
    21 May 2015 16:55:51 [0ec4] - StartUp Folder Check: Enabled
    21 May 2015 16:55:51 [0ec4] - System Folder Check: Enabled
    21 May 2015 16:55:51 [0ec4] - Services Check: Enabled
    21 May 2015 16:55:51 [0ec4] - Scan Spyware: Enabled
    21 May 2015 16:55:51 [0ec4] - Scan Archives: Disabled
    21 May 2015 16:55:51 [0ec4] - Drive Check: Enabled
    21 May 2015 16:55:51 [0ec4] - All Drive Check :Disabled
    21 May 2015 16:55:51 [0ec4] - Drive Selected = C:\
    21 May 2015 16:55:51 [0ec4] - Folder Check: Disabled
    21 May 2015 16:55:51 [0ec4] - SCAN: All_Files [ANSI]
    21 May 2015 16:55:51 [0ec4] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
    21 May 2015 16:55:51 [0ec4] - Scanning DNS Records...
    21 May 2015 16:55:51 [0ec4] - Scanning Master Boot Record (Kernel)...
    21 May 2015 16:55:52 [0ec4] - Scanning Logical Boot Records...
    21 May 2015 16:55:54 [0ec4] - ***** Scanning For Hidden Rootkit Processes *****
    21 May 2015 16:55:55 [0ec4] - ***** Scanning For Hidden Rootkit Services *****
    21 May 2015 16:55:59 [0ec4] - ***** Scanning Memory Files *****
    21 May 2015 16:56:33 [0ec4] - ***** Scanning Registry Files *****
    21 May 2015 16:56:33 [0ec4] - ERROR(3)!!! Invalid Entry {B5FA2AE6-7A94-4382-8EA9-58C725AAB854} = C:\Windows\System32\ISCM32.dll (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). Action Taken: Removing it.
    21 May 2015 16:58:19 [0ec4] - ERROR(3)!!! Invalid Entry {55D63393-DB17-4A2B-9052-15D85B4B1344} = C:\Windows\System32\WSCM32.dll (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). Action Taken: Removing it.
    21 May 2015 16:58:21 [0ec4] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
    21 May 2015 16:58:21 [0ec4] - ERROR(3)!!! Invalid Entry StubPath = "C:\Program Files\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome (in key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}). Action Taken: Removing it.
    21 May 2015 16:58:24 [0ec4] - ***** Scanning StartUp Folders *****
    21 May 2015 16:58:39 [0ad8] - Please Wait Exiting Application...
    21 May 2015 16:58:39 [0ec4] - ***** Scanning complete. *****
    21 May 2015 16:58:39 [0ec4] - Total Objects Scanned: 2614
    21 May 2015 16:58:39 [0ec4] - Total Critical Objects: 0
    21 May 2015 16:58:39 [0ec4] - Total Disinfected Objects: 0
    21 May 2015 16:58:39 [0ec4] - Total Objects Renamed: 0
    21 May 2015 16:58:39 [0ec4] - Total Deleted Objects: 0
    21 May 2015 16:58:39 [0ec4] - Total Errors: 3
    21 May 2015 16:58:39 [0ec4] - Time Elapsed: 00:02:47
    21 May 2015 16:58:39 [0ec4] - Virus Database Date: 02 Mar 2015
    21 May 2015 16:58:39 [0ec4] - Virus Database Count: 6701505
    21 May 2015 16:58:39 [0ec4] - Sign Version: 7.59505 [518257]
    21 May 2015 16:58:39 [0ec4] - Scan Completed.
    21 May 2015 16:58:47 [0ad8] - Virus Database Date: 02 Mar 2015
    21 May 2015 16:58:47 [0ad8] - Virus Database Count: 6701505
    21 May 2015 16:58:47 [0ad8] - Sign Version: 7.59505 [518257]
    21 May 2015 16:58:59 [0ad8] - Uninitializing Scanner (3)...
    21 May 2015 16:59:00 [0ad8] - Freeing Libraries (3)...
    21 May 2015 16:59:00 [0ad8] - AV Library Unloaded (3)...
    21 May 2015 16:59:00 [0ad8] - Exiting App...
    21 May 2015 17:00:54 [0b3c] - **********************************************************
    21 May 2015 17:00:54 [0b3c] - MWAV - eScanAV AntiVirus Toolkit.
    21 May 2015 17:00:54 [0b3c] - Copyright © MicroWorld Technologies
    21 May 2015 17:00:54 [0b3c] - **********************************************************
    21 May 2015 17:00:54 [0b3c] - Version 14.0.178 (C:\USERS\BREWSTER\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
    21 May 2015 17:00:54 [0b3c] - Log File: C:\Users\Brewster\AppData\Local\Temp\MWAV.LOG
    21 May 2015 17:00:54 [0b3c] - Last Scan Date and Time: 21.05.2015 16:55:51
    21 May 2015 17:00:54 [0b3c] - MWAV Registered: TRUE
    21 May 2015 17:00:54 [0b3c] - User Account: Brewster (Administrator Mode)
    21 May 2015 17:00:54 [0b3c] - OS Type: Windows Workstation [InstallType: Client]
    21 May 2015 17:00:54 [0b3c] - OS: Windows 7 [OS Install Date: 05 Apr 2014 18:29:55]
    21 May 2015 17:00:54 [0b3c] - Ver: Professional Service Pack 1 (Build 7601)
    21 May 2015 17:00:54 [0b3c] - System Up Time: 38 Minutes, 15 Seconds


    21 May 2015 17:00:54 [0b3c] - Parent Process Name : C:\Windows\Explorer.EXE
    21 May 2015 17:00:54 [0b3c] - Windows Root Folder: C:\Windows
    21 May 2015 17:00:54 [0b3c] - Windows Sys32 Folder: C:\Windows\system32
    21 May 2015 17:00:54 [0b3c] - DHCP NameServer: 192.168.1.254 192.168.1.254
    21 May 2015 17:00:54 [0b3c] - Interface0 DHCPNameServer: 192.168.1.254 192.168.1.254
    21 May 2015 17:00:54 [0b3c] - Interface0 NameServer: 208.67.222.222,208.67.220.220
    21 May 2015 17:00:54 [0b3c] - Interface1 DHCPNameServer: 192.168.1.254 192.168.1.254
    21 May 2015 17:00:54 [0b3c] - Local Fixed Drives: c:\,f:\
    21 May 2015 17:00:54 [0b3c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
    21 May 2015 17:00:54 [0b3c] - [CREATED ZIP FILE: C:\Users\Brewster\AppData\Local\Temp\pinfect.zip]
    21 May 2015 17:00:54 [0b3c] - Latest Date of files inside MWAV: Mon Mar 2 17:13:53 2015.
    21 May 2015 17:00:55 [0b3c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Brewster\AppData\Local\Temp\ESCANDB.LOG]
    21 May 2015 17:00:55 [0b3c] - Loaded/Created FileScan Cache Database...
    21 May 2015 17:00:55 [0b3c] - Loading AV Library [DB]...
    21 May 2015 17:01:01 [0b3c] - ArchiveScan: DISABLED
    21 May 2015 17:01:01 [0b3c] - AV Library Loaded - MultiThreaded - 4 : [DB-DIRECT].
    21 May 2015 17:01:01 [0b3c] - MWAV doing self scanning...
    21 May 2015 17:01:01 [0b3c] - MWAV files are clean.
    21 May 2015 17:01:02 [0b3c] - ArchiveScan: DISABLED
    21 May 2015 17:01:02 [0b3c] - Virus Database Date: 02 Mar 2015
    21 May 2015 17:01:02 [0b3c] - Virus Database Count: 6701505
    21 May 2015 17:01:02 [0b3c] - Sign Version: 7.59505 [518257]
    21 May 2015 17:01:12 [0b3c] - Downloading AntiVirus and Anti-Spyware Databases...
    21 May 2015 17:06:31 [0b3c] - Update Successful...
    21 May 2015 17:08:36 [0b3c] - Indexed Spyware Databases Successfully Created...
    21 May 2015 17:08:37 [0b3c] - Old Sign Version: 7.59505 New Sign Version: 7.60686
    21 May 2015 17:09:11 [0b3c] - Reload of AntiVirus Signatures successfully done.
    21 May 2015 17:09:11 [0b3c] - Virus Database Date: 21 May 2015
    21 May 2015 17:09:11 [0b3c] - Virus Database Count: 5534362
    21 May 2015 17:09:11 [0b3c] - Sign Version: 7.60686 [519438]
    21 May 2015 17:15:03 [0b3c] - **********************************************************
    21 May 2015 17:15:03 [0b3c] - MWAV - eScanAV AntiVirus Toolkit.
    21 May 2015 17:15:03 [0b3c] - Copyright © MicroWorld Technologies
    21 May 2015 17:15:03 [0b3c] -
    21 May 2015 17:15:03 [0b3c] - Support: support@escanav.com
    21 May 2015 17:15:03 [0b3c] - Web: http://www.escanav.com
    21 May 2015 17:15:03 [0b3c] - **********************************************************
    21 May 2015 17:15:03 [0b3c] - Version 14.0.178[DB] (C:\USERS\BREWSTER\APPDATA\LOCAL\TEMP\MWAVSCAN.EXE)
    21 May 2015 17:15:03 [0b3c] - Log File: C:\Users\Brewster\AppData\Local\Temp\MWAV.LOG
    21 May 2015 17:15:03 [0b3c] - User Account: Brewster (Administrator Mode)
    21 May 2015 17:15:03 [0b3c] - Parent Process Name : C:\Windows\Explorer.EXE
    21 May 2015 17:15:03 [0b3c] - Windows Root Folder: C:\Windows
    21 May 2015 17:15:03 [0b3c] - Windows Sys32 Folder: C:\Windows\system32
    21 May 2015 17:15:03 [0b3c] - OS: Windows 7 [OS Install Date: 05 Apr 2014 18:29:55]
    21 May 2015 17:15:03 [0b3c] - Ver: Professional Service Pack 1 (Build 7601)
    21 May 2015 17:15:03 [0b3c] - Latest Date of files inside MWAV: Mon Mar 2 17:13:53 2015.
    21 May 2015 17:15:03 [0a84] - Options Selected by User:
    21 May 2015 17:15:03 [0a84] - Memory Check: Enabled
    21 May 2015 17:15:03 [0a84] - Registry Check: Enabled
    21 May 2015 17:15:03 [0a84] - StartUp Folder Check: Enabled
    21 May 2015 17:15:03 [0a84] - System Folder Check: Enabled
    21 May 2015 17:15:03 [0a84] - Services Check: Enabled
    21 May 2015 17:15:03 [0a84] - Scan Spyware: Enabled
    21 May 2015 17:15:03 [0a84] - Scan Archives: Disabled
    21 May 2015 17:15:03 [0a84] - Drive Check: Enabled
    21 May 2015 17:15:03 [0a84] - All Drive Check :Disabled
    21 May 2015 17:15:03 [0a84] - Drive Selected = C:\
    21 May 2015 17:15:03 [0a84] - Folder Check: Disabled
    21 May 2015 17:15:03 [0a84] - SCAN: All_Files [ANSI]
    21 May 2015 17:15:03 [0a84] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
    21 May 2015 17:15:03 [0a84] - Scanning DNS Records...
    21 May 2015 17:15:03 [0a84] - Scanning Master Boot Record (Kernel)...
    21 May 2015 17:15:03 [0a84] - Scanning Logical Boot Records...
    21 May 2015 17:15:05 [0a84] - ***** Scanning For Hidden Rootkit Processes *****
    21 May 2015 17:15:07 [0a84] - ***** Scanning For Hidden Rootkit Services *****
    21 May 2015 17:15:10 [0a84] - ***** Scanning Memory Files *****
    21 May 2015 17:15:14 [0a84] - ***** Scanning Registry Files *****
    21 May 2015 17:15:15 [0a84] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
    21 May 2015 17:15:15 [0a84] - ***** Scanning StartUp Folders *****
    21 May 2015 17:17:22 [0a84] - ***** Scanning Service Files *****
    21 May 2015 17:18:34 [0a84] - ERROR(2)!!! Invalid Entry "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\gupdate.
    21 May 2015 17:18:34 [0a84] - ERROR(2)!!! Invalid Entry "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\gupdatem.
    21 May 2015 17:19:10 [0a84] - ERROR(2)!!! Invalid Entry \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\MREMPR5.
    21 May 2015 17:19:10 [0a84] - ERROR(2)!!! Invalid Entry \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\MRENDIS5.
    21 May 2015 17:20:34 [0a84] - Giving rights(a) to [HKLM\SYSTEM\CurrentControlSet\Services\TrkWks].
    21 May 2015 17:20:52 [0a84] - ERROR(2)!!! Invalid Entry System32\drivers\rdvgkmd.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\VGPU.
    21 May 2015 17:21:18 [0a84] - ***** Scanning Registry and File system for Adware/Spyware *****
    21 May 2015 17:21:18 [0a84] - Loading Spyware Signatures from new External Database [Name: C:\Users\Brewster\AppData\Local\Temp\spydb.avs, Size: 464724]...
    21 May 2015 17:21:18 [0a84] - Indexed Spyware Databases Successfully Created...
    21 May 2015 17:21:45 [0a84] - Offending file found: C:\Users\Brewster\Documents\Auslogics\Auslogics Duplicate File Finder\Helper.dll
    21 May 2015 17:21:45 [0a84] - System found infected with Banker.d Worm (Helper.dll)! Action taken: File Deleted.
    21 May 2015 17:21:45 [0a84] - Object "Banker.d Worm" found in File System! Action Taken: File Deleted.

    21 May 2015 17:21:51 [0a84] - Unable to Open [HKLM\SOFTWARE\Microsoft\Direct3D]! Reason: Access is denied. (0x5)
    21 May 2015 17:21:51 [0a84] - Unable to Open [HKLM\SOFTWARE\Microsoft\Direct3D]! Reason: Access is denied. (0x5)
    21 May 2015 17:21:51 [0a84] - Unable to Open [HKLM\SOFTWARE\Microsoft\Direct3D]! Reason: Access is denied. (0x5)
    21 May 2015 17:21:51 [0a84] - Unable to Open [HKLM\SOFTWARE\Microsoft\Direct3D]! Reason: Access is denied. (0x5)
    21 May 2015 17:21:51 [0a84] - Unable to Open [HKLM\SOFTWARE\Microsoft\Direct3D]! Reason: Access is denied. (0x5)
    21 May 2015 17:21:51 [0a84] - Unable to Open [HKLM\SOFTWARE\Microsoft\Direct3D]! Reason: Access is denied. (0x5)
    21 May 2015 17:21:51 [0a84] - Unable to Open [HKLM\SOFTWARE\Microsoft\Direct3D]! Reason: Access is denied. (0x5)
    21 May 2015 17:21:58 [0a84] - ***** Scanning Registry Files *****
    21 May 2015 17:21:59 [0a84] - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
    21 May 2015 17:21:59 [0a84] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    21 May 2015 17:21:59 [0a84] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = https://www.google.com/?trackid=sp-006
    21 May 2015 17:21:59 [0a84] - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.google.com
    21 May 2015 17:21:59 [0a84] - ***** Scanning System32 Folders *****
    21 May 2015 17:24:36 [0a84] - ***** Scanning Drive C:\ *****
    21 May 2015 17:24:41 [0280] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\9rsysppe.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins\177.js.vir
    21 May 2015 17:24:41 [0280] - File C:\AdwCleaner\Quarantine\C\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\9rsysppe.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins\177.js.vir infected by "Adware.JS.Agent.AM (DB)" Virus! Action Taken: File Renamed.

    21 May 2015 17:24:42 [082c] - Scanning File C:\AdwCleaner\Quarantine\C\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\9rsysppe.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins\21.js.vir
    21 May 2015 17:24:42 [082c] - File C:\AdwCleaner\Quarantine\C\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\9rsysppe.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins\21.js.vir infected by "Adware.JS.Agent.AN (DB)" Virus! Action Taken: File Renamed.

    21 May 2015 17:24:48 [0280] - ScanFile (C:\Boot\BCD) took 5828 ms
    21 May 2015 17:25:19 [082c] - ScanFile (C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\libcef.dll) took 5204 ms
    21 May 2015 17:27:42 [082c] - ScanFile (C:\Program Files\AVAST Software\Avast\setup\ais_cmp_webrep-7ed.vpx) took 11609 ms
    21 May 2015 17:48:30 [09b0] - ScanFile (C:\System Volume Information\_restore{4B107EF5-63C6-4875-B82A-55A69654DF95}\RP217\A0079250.vpx) took 7218 ms
    21 May 2015 18:22:21 [09b0] - ScanFile (C:\Users\Brewster\Downloads\Silverlight_Developer.exe) took 6938 ms
    21 May 2015 18:22:45 [0d24] - ScanFile (C:\Users\Brewster\Downloads\Waterloo - Bernard Cornwell\Waterloo_ The History of Four Days, Three Armies and Three Battles - Bernard Cornwell.epub) took 6360 ms
    21 May 2015 18:22:55 [0280] - ScanFile (C:\Users\Brewster\Downloads\Windows7UpgradeAdvisorSetup.exe) took 7829 ms
    21 May 2015 18:32:11 [0280] - ScanFile (C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Design.dll) took 6297 ms
    21 May 2015 18:33:58 [0d24] - ScanFile (C:\Windows\SoftwareDistribution\Download\5ad80a0c733af83dede19924ce3f7c8f808fb6a5) took 5531 ms
    21 May 2015 18:34:18 [0280] - ScanFile (C:\Windows\SoftwareDistribution\Download\88504fb3cabaec6e994635c095bb4adb92835694) took 7906 ms
    21 May 2015 19:17:28 [09b0] - Scanning File C:\zoek_backup\C_Users_Margies_AppData_Roaming_Mozilla_Firefox_Profiles_9nn3l12p.default_extensions_staged\{e48eb377-9675-4f2b-be40-b8ba3e0d933c}\bootstrap.js
    21 May 2015 19:17:28 [09b0] - File C:\zoek_backup\C_Users_Margies_AppData_Roaming_Mozilla_Firefox_Profiles_9nn3l12p.default_extensions_staged\{e48eb377-9675-4f2b-be40-b8ba3e0d933c}\bootstrap.js infected by "Trojan.JS.Agent.JMG (DB)" Virus! Action Taken: File Renamed.

    21 May 2015 19:17:28 [0a84] - ***** Checking for specific ITW Viruses *****
    21 May 2015 19:17:28 [0d24] - Scanning File C:\_OTL\MovedFiles\03012015_105051\C_Users\Brewster\AppData\Roaming\58775628-1424271261-11B2-8000-64456E4E6973\nsj3278.tmpfs
    21 May 2015 19:17:28 [0d24] - File C:\_OTL\MovedFiles\03012015_105051\C_Users\Brewster\AppData\Roaming\58775628-1424271261-11B2-8000-64456E4E6973\nsj3278.tmpfs infected by "Gen:Variant.Adware.Mikey.8245 (DB)" Virus! Action Taken: File Renamed.

    21 May 2015 19:17:28 [0a84] - ***** Scanning complete. *****
    21 May 2015 19:17:28 [0a84] - Total Objects Scanned: 259482
    21 May 2015 19:17:29 [0a84] - Total Critical Objects: 5
    21 May 2015 19:17:29 [0a84] - Total Disinfected Objects: 0
    21 May 2015 19:17:29 [0a84] - Total Objects Renamed: 4
    21 May 2015 19:17:29 [0a84] - Total Deleted Objects: 1
    21 May 2015 19:17:29 [0a84] - Total Errors: 5
    21 May 2015 19:17:29 [0a84] - Time Elapsed: 02:02:25
    21 May 2015 19:17:29 [0a84] - Virus Database Date: 21 May 2015
    21 May 2015 19:17:29 [0a84] - Virus Database Count: 5534362
    21 May 2015 19:17:29 [0a84] - Sign Version: 7.60686 [519438]
    21 May 2015 19:17:29 [0a84] - Scan Completed.

    ============================================================================================================================================================

    Zemana AntiMalware 2.14.2.667 (Installed)
    -------------------------------------------------------
    Scan Result : Completed
    Scan Date : 2015/5/21
    Operating System : Windows 7 32-bit
    Processor : 2X Intel(R) Pentium(R) 4 CPU 3.06GHz
    BIOS Mode : Legacy
    CUID : 00E586584593DE4DFEB0E0
    Scan Type : Deep Scan
    Duration : 16m 14s
    Scanned Objects : 32413
    Detected Objects : 8
    Excluded Objects : 0
    Read Level : SCSI
    Auto Upload : Yes
    Show All Extensions : No
    Scan Documents : Yes
    Domain Info : WORKGROUP,1,2


    Detected Objects
    -------------------------------------------------------
    Tabs Hijack (System)
    Status : Scanned
    Object : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Setting
    Cleaning Action : Repair
    Traces :
    Registry - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs

    Chrome Search
    Status : Scanned
    Object : Binkiland - http://binkiland.com
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Repair
    Traces :
    Browser Setting - Chrome Search

    Chrome Startup Url
    Status : Scanned
    Object : http://binkiland.com/?f=7&a=bnk_cmi...G0CyCzyzztByE0Fzzzy0FyBtB2Q&cr=1153712314&ir=
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Repair
    Traces :
    Browser Setting - Chrome Startup Url

    lpleipinonnoibneeejgjnoeekmbopbc
    Status : Scanned
    Object : %localappdata%\google\chrome\user data\default\extensions\lpleipinonnoibneeejgjnoeekmbopbc\10330.7396.5987_0\background.js
    MD5 : 966863B2D9632EC971E0C98EC0AF6D4F
    Publisher : -
    Size : 2082
    Version : -
    Detection : Adware:Win32/BrowserHijack.Gen
    Cleaning Action : Repair
    Traces :
    File - %localappdata%\google\chrome\user data\default\extensions\lpleipinonnoibneeejgjnoeekmbopbc\10330.7396.5987_0\background.js
    Extension - lpleipinonnoibneeejgjnoeekmbopbc

    WINZIPSSRegistryOptimizer.exe
    Status : Scanned
    Object : %programfiles%\winzip\utils\wzsysscan\winzipssregistryoptimizer.exe
    MD5 : 976D40622F283CA543385FB8CDEADE69
    Publisher : WinZip Computing
    Size : 241480
    Version : 1.0.648.10762
    Detection : Scareware:Win32/FakeOptimizer
    Cleaning Action : Quarantine
    Traces :
    File - %programfiles%\winzip\utils\wzsysscan\winzipssregistryoptimizer.exe

    WINZIPSSHelper.dll
    Status : Scanned
    Object : %programfiles%\winzip\utils\wzsysscan\winzipsshelper.dll
    MD5 : 29471EFC62E40020408FA033531A6795
    Publisher : WinZip Computing
    Size : 685384
    Version : 1.0.648.10781
    Detection : Scareware:Win32/FakeOptimizer
    Cleaning Action : Quarantine
    Traces :
    File - %programfiles%\winzip\utils\wzsysscan\winzipsshelper.dll

    ninja-setup-3.0.6.exe
    Status : Scanned
    Object : %userprofile%\downloads\ninja-setup-3.0.6.exe
    MD5 : 24FE0BB7A85A866B487D15C0EB6E3A74
    Publisher : -
    Size : 2507200
    Version : 0.0.0.0
    Detection : Adware:Win32/OpenCandy
    Cleaning Action : Quarantine
    Traces :
    File - %userprofile%\downloads\ninja-setup-3.0.6.exe

    JavaUpdate_Rapport.exe
    Status : Scanned
    Object : %userprofile%\downloads\javaupdate_rapport.exe
    MD5 : 2C1A57069523D230E90CF76757A3795C
    Publisher : -
    Size : 856523
    Version : 1.0.0.3
    Detection : Malware:Win32/Edizz.A!Ekke
    Cleaning Action : Quarantine
    Traces :
    File - %userprofile%\downloads\javaupdate_rapport.exe


    Cleaning Result
    -------------------------------------------------------
    Cleaned : 8
    Reported as safe : 0
    Failed : 0

    ============================================================================================================================================================

    All yours Mal.. :)
     
    Malnutrition likes this.
  8. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Adware Removal Tool.

    Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

    Source: http://www.techsupportall.com/adware-removal-tool/

    [​IMG]

    Hit Ok.

    [​IMG]

    Hit next make sure to leave all items checked, for removal.

    [​IMG]


    The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, then OK again to finish up. Post log generated by tool.



    Step 2: ZHP Cleaner.



    Download and save ZHP Cleaner to your desktop.

    http://www.nicolascoolman.fr/download/zhpcleaner-2/

    Right Click and run as administrator.

    Click on the Repair button.

    At the end of the process you will be asked to reboot your machine.

    After you reboot a report will open on your desktop.

    Copy and paste the report here in your next reply.



    Step 3: Security Check.



    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document




    Step 4: Minitoolbox.


    Please download MINITOOLBOX and run it.



    Checkmark following boxes:


    Flush DNS
    Reset FF proxy Settings
    Reset Ie Proxy Settings
    Report IE Proxy Settings
    Report FF Proxy Settings
    List content of Hosts
    List IP configuration
    List Winsock Entries
    List last 10 Event Viewer log
    List Installed Programs
    List Users, Partitions and Memory size
    List Devices (problems only)



    Click Go and post the result.



    Eset Scan

    http://www.eset.com/us/online-scanner/

    Disable your antivirus prior to this scan.

    http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/



    [​IMG]

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    • NOTE:Sometimes if ESET finds no infections it will not create a log.
     
    driver_ian and Lord Chance like this.
  9. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    O.K. as requested

    Screen317 SecurityCheckUp.txt

    Results of screen317's Security Check version 1.002
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Zemana AntiMalware
    CCleaner
    Java 7 Update 65
    Java 7 Update 80
    Java 8 Update 31
    Java 8 Update 45
    Adobe Flash Player 17.0.0.188
    Adobe Reader XI
    Mozilla Firefox (38.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Zemana AntiMalware ZAM.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast ng vbox\AvastVBoxSVC.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````


    ESET Scan.txt

    C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll.vir Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\9rsysppe.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins\1.js.vir JS/Toolbar.Crossrider.F potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\9rsysppe.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins\103.js.vir JS/Toolbar.Crossrider.F potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\9rsysppe.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins\190.js.vir JS/Toolbar.Crossrider.F potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\9rsysppe.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins\21.js.vir.mwt JS/Toolbar.Crossrider.F potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\9rsysppe.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins\28.js.vir JS/Toolbar.Crossrider.F potentially unwanted application deleted - quarantined
    C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
    C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
    C:\Users\Brewster\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    C:\Users\Brewster\Downloads\DriverDownloader.exe a variant of Win32/Adware.SpeedingUpMyPC.AH application cleaned by deleting - quarantined
    C:\Windows\Installer\dbb0e.msi a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
    C:\_OTL\MovedFiles\03012015_105051\C_Users\Brewster\AppData\Roaming\58775628-1424271261-11B2-8000-64456E4E6973\nsj3278.tmpfs.mwt a variant of Win32/Adware.ICLoader.JA application cleaned by deleting - quarantined

    Adware Repair Logs

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    Adware Removal Tool v3.9
    Time: 2015_05_23_11_17_59
    OS: Windows 7 - 32 Bit
    Account Name: Brewster
    U0L0S53

    \\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

    Deleted - Folder - C:\ProgramData\Wondershare
    Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:tcp query user{8c36fe09-6462-404a-864e-998611817c60}c:\users\brewster\appdata\roaming\torntv.com\torntv downloader.exe
    Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:udp query user{c24c194b-46d0-47f4-84d2-1a55d4a1ecc6}c:\users\brewster\appdata\roaming\torntv.com\torntv downloader.exe
    Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
    Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
    Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
    Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
    Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
    Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
    Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966:2180bd1e06d2bd34ea90c607729db382
    Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\2180BD1E06D2BD34EA90C607729DB382:file
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:tcp query user{8c36fe09-6462-404a-864e-998611817c60}c:\users\brewster\appdata\roaming\torntv.com\torntv downloader.exe
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:udp query user{c24c194b-46d0-47f4-84d2-1a55d4a1ecc6}c:\users\brewster\appdata\roaming\torntv.com\torntv downloader.exe
    Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION:smartbar.exe
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\common\icons\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\common\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\common\iconswide\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\distributionfiles\profiles\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\distributionfiles\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\amfclgbdpgndipgoegfpkkgobahigbcl\js\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\amfclgbdpgndipgoegfpkkgobahigbcl\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\helperbar@helperbar.com\chrome\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\helperbar@helperbar.com\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\amfclgbdpgndipgoegfpkkgobahigbcl\css\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\amfclgbdpgndipgoegfpkkgobahigbcl\images\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\amfclgbdpgndipgoegfpkkgobahigbcl\publisherimages\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\helperbar@helperbar.com\chrome\images\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\distributionfiles\configs\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\helperbar@helperbar.com\components\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\configs\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\helperbar@helperbar.com\chrome\publisherimages\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\common\servicesplugins\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\es\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\pt\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\nl\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\fr\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\it\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\ar\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\he\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\ru\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\tr\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\application\de\
    Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\brewster\appdata\local\smartbar\common\configs\
    Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE:Wondershare
    Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE:Wondershare
    Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application:Torntv
    Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
    Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
    Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
    Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

    \\ Finished

    MiniToolBox

    MiniToolBox by Farbar Version: 23-01-2014
    Ran by Brewster (administrator) on 23-05-2015 at 13:03:53
    Running from "C:\Users\Brewster\Downloads"
    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    ========================= FF Proxy Settings: ==============================


    "Reset FF Proxy Settings": Firefox Proxy settings were reset.

    Hosts file not detected in the default directory
    ========================= IP Configuration: ================================

    TP-LINK 300Mbps Wireless N Adapter = Wireless Network Connection (Connected)
    Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
    VIA Rhine III Fast Ethernet Adapter = Local Area Connection (Media disconnected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Brewster-Puter
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : home

    Wireless LAN adapter Wireless Network Connection 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
    Physical Address. . . . . . . . . : 96-F6-52-0D-14-A7
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : home
    Description . . . . . . . . . . . : VIA Rhine III Fast Ethernet Adapter
    Physical Address. . . . . . . . . : 00-0C-76-84-77-97
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . : home
    Description . . . . . . . . . . . : TP-LINK 300Mbps Wireless N Adapter
    Physical Address. . . . . . . . . : 90-F6-52-0D-14-A7
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::49ef:e8ae:455a:efd7%13(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : 23 May 2015 12:40:42
    Lease Expires . . . . . . . . . . : 24 May 2015 12:40:46
    Default Gateway . . . . . . . . . : 192.168.1.254
    DHCP Server . . . . . . . . . . . : 192.168.1.254
    DHCPv6 IAID . . . . . . . . . . . : 328267346
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-12-37-6F-90-F6-52-0D-14-A7
    DNS Servers . . . . . . . . . . . : 192.168.1.254
    192.168.1.254
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Server: BTHomeHub.home
    Address: 192.168.1.254

    Name: google.com
    Address: 216.58.208.46


    Pinging google.com [216.58.208.46] with 32 bytes of data:
    Reply from 216.58.208.46: bytes=32 time=12ms TTL=55
    Reply from 216.58.208.46: bytes=32 time=11ms TTL=55

    Ping statistics for 216.58.208.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 12ms, Average = 11ms
    Server: BTHomeHub.home
    Address: 192.168.1.254

    Name: yahoo.com
    Addresses: 206.190.36.45
    98.139.183.24
    98.138.253.109


    Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
    Reply from 206.190.36.45: bytes=32 time=157ms TTL=47
    Reply from 206.190.36.45: bytes=32 time=157ms TTL=47

    Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 157ms, Maximum = 157ms, Average = 157ms

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    15...96 f6 52 0d 14 a7 ......Microsoft Virtual WiFi Miniport Adapter
    14...00 0c 76 84 77 97 ......VIA Rhine III Fast Ethernet Adapter
    13...90 f6 52 0d 14 a7 ......TP-LINK 300Mbps Wireless N Adapter
    1...........................Software Loopback Interface 1
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 25
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.1.0 255.255.255.0 On-link 192.168.1.69 281
    192.168.1.69 255.255.255.255 On-link 192.168.1.69 281
    192.168.1.255 255.255.255.255 On-link 192.168.1.69 281
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.69 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.69 281
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    13 281 fe80::/64 On-link
    13 281 fe80::49ef:e8ae:455a:efd7/128
    On-link
    1 306 ff00::/8 On-link
    13 281 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (05/23/2015 01:03:57 PM) (Source: Application Error) (User: )
    Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
    Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
    Exception code: 0x80000003
    Fault offset: 0x00001aa1
    Faulting process id: 0x91c
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (05/23/2015 00:40:44 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/23/2015 11:42:33 AM) (Source: Application Error) (User: )
    Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
    Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
    Exception code: 0x80000003
    Fault offset: 0x00001aa1
    Faulting process id: 0xe3c
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (05/23/2015 10:51:55 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/22/2015 01:08:18 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/22/2015 11:33:52 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/22/2015 11:23:37 AM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {62e8d79f-da94-4099-a839-a08092f19864}

    Error: (05/22/2015 11:15:52 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/21/2015 08:03:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (05/21/2015 08:03:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdate) since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .


    System errors:
    =============
    Error: (05/23/2015 00:40:57 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (05/23/2015 00:40:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\athExt.dll
    Error Code: 126

    Error: (05/23/2015 00:40:23 PM) (Source: volsnap) (User: )
    Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

    Error: (05/23/2015 00:37:26 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (05/23/2015 11:42:36 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (05/23/2015 11:42:31 AM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (05/23/2015 10:51:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\athExt.dll
    Error Code: 126

    Error: (05/23/2015 10:51:29 AM) (Source: volsnap) (User: )
    Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

    Error: (05/22/2015 01:08:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\athExt.dll
    Error Code: 126

    Error: (05/22/2015 01:08:00 PM) (Source: volsnap) (User: )
    Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.


    Microsoft Office Sessions:
    =========================
    Error: (05/23/2015 01:03:57 PM) (Source: Application Error)(User: )
    Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa191c01d0954de1383dbaC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllc9df8ff2-0143-11e5-935d-000c76847797

    Error: (05/23/2015 00:40:44 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/23/2015 11:42:33 AM) (Source: Application Error)(User: )
    Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa1e3c01d0953fd7d3ce96C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll6a80c766-0138-11e5-8dc3-000c76847797

    Error: (05/23/2015 10:51:55 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/22/2015 01:08:18 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/22/2015 11:33:52 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/22/2015 11:23:37 AM) (Source: VSS)(User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {62e8d79f-da94-4099-a839-a08092f19864}

    Error: (05/22/2015 11:15:52 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/21/2015 08:03:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
    Description:
    Details:
    AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.

    Error: (05/21/2015 08:03:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
    Description:
    Details:
    AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdate) since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.


    =========================== Installed Programs ============================

    ******** (Version: 3.4.3.40298)
    Adobe Flash Player 17 ActiveX (Version: 17.0.0.188)
    Adobe Flash Player 17 NPAPI (Version: 17.0.0.188)
    Adobe Reader XI (11.0.11) (Version: 11.0.11)
    Adobe Refresh Manager (Version: 1.8.0)
    Amazon Kindle
    Apple Application Support (32-bit) (Version: 3.1.2)
    Apple Mobile Device Support (Version: 8.1.1.3)
    Apple Software Update (Version: 2.1.3.127)
    Audacity 2.0.6 (Version: 2.0.6)
    Auslogics DiskDefrag (Version: 5.4.0.0)
    Avast Free Antivirus (Version: 10.2.2218)
    Bonjour (Version: 3.0.0.10)
    BT Desktop Help
    calibre (Version: 2.28.0)
    CCleaner (Version: 5.05)
    C-Media WDM Audio Driver
    Cole2k Media - Codec Pack (Advanced) 8.0.2 (Version: 8.0.2)
    ConvertXtoDVD 3.3.2.100 (Version: 3.3.2.100)
    Creatix V.9X DSP Data Fax Modem
    DC-Bass Source 1.3.0
    DivX Setup (Version: 2.6.1.8)
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    ffdshow v1.1.4399 [2012-03-22] (Version: 1.1.4399.0)
    Free PDF to JPG Converter (Version: 1.0.0)
    Google Chrome (Version: 41.0.2272.118)
    Google Update Helper (Version: 1.3.25.11)
    GoToAssist Corporate (Version: 10.4.0.896)
    Haali Media Splitter
    HP FWUpdateEDO2 (Version: 1.2.0.0)
    HP Photo Creations (Version: 1.0.0.18142)
    HP Photosmart 5510 series Basic Device Software (Version: 24.0.342.0)
    HP Photosmart 5510 series Help (Version: 140.0.2.2)
    HP Photosmart 5510 series Product Improvement Study (Version: 24.0.342.0)
    HP Update (Version: 5.005.002.002)
    HPDiagnosticAlert (Version: 1.00.0001)
    iTunes (Version: 12.1.1.4)
    Java 7 Update 65 (Version: 7.0.650)
    Java 7 Update 80 (Version: 7.0.800)
    Java 8 Update 31 (Version: 8.0.310)
    Java 8 Update 45 (Version: 8.0.450)
    Java Auto Updater (Version: 2.8.45.14)
    K-Lite Codec Pack 9.4.0 (Basic) (Version: 9.4.0)
    Lagarith Lossless Codec (1.3.27)
    LAME v3.99.3 (for Windows)
    Leawo Video Converter version 6.0.0.0 (Version: 6.0.0.0)
    Malwarebytes Anti-Malware version 2.1.6.1022 (Version: 2.1.6.1022)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
    Microsoft Office 2000 Premium (Version: 9.00.2720)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Mozilla Firefox 38.0.1 (x86 en-US) (Version: 38.0.1)
    Mozilla Maintenance Service (Version: 34.0.5)
    Nero 6 Ultra Edition
    QuickTime 7 (Version: 7.76.80.95)
    Recuva (Version: 1.51)
    Revo Uninstaller 1.95 (Version: 1.95)
    RocketDock 1.3.5
    Sigil 0.7.4
    Speccy (Version: 1.26)
    SUPERAntiSpyware (Version: 5.7.1026)
    System Ninja version 3.0.6 (Version: 3.0.6)
    Toolwiz Smart Defrag 2011 (Version: 1.3.0.0)
    TP-LINK Wireless Client Utility (Version: 7.0)
    TreeSize Free V2.4 (Version: 2.4)
    Unchecky v0.3.7.5 (Version: 0.3.7.5)
    Unknown Device Identifier 8.01 (Version: 8.01)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
    VIA Rhine Family Fast Ethernet Adapter
    VSO ConvertXToDVD (Version: 5.2.0.42)
    WinRAR 5.21 (32-bit) (Version: 5.21.0)
    WinX HD Video Converter Deluxe 5.5.2
    WinZip 19.0 (Version: 19.0.11294)
    WinZip 19.5 (Version: 19.5.11475)
    Wipe (Version: 2015.05)
    Xvid Video Codec (Version: 1.3.2)
    Zemana AntiMalware (Version: 2.14.667)

    ========================= Devices: ================================

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    **** End of log ****

    ZHPCleaner


    ~ ZHPCleaner v2015.5.22.248 by Nicolas Coolman (2015\05\22)
    ~ Run by Brewster (Administrator) (23/05/2015 12:32:11)
    ~ Forum : http://forum.nicolascoolman.fr
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : No network file
    ~ Type : Repair
    ~ Report : C:\Users\Brewster\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\Brewster\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
    ~ UAC : Activate
    ~ Boot Mode : Normal (Normal boot)
    ~ Windows 7, 32-bit Service Pack 1 (Build 7601)


    ---\\ Services (0)
    ~ No malicious items found.


    ---\\ Browser internet (0)
    ~ No malicious items found.


    ---\\ Hosts file (0)
    ~ No malicious items found.


    ---\\ Scheduled automatic tasks. (0)
    ~ No malicious items found.


    ---\\ Explorer ( File, Folder) (22)
    MOVED file: C:\Users\Brewster\AppData\Roaming\inst.exe (Adware.Pirrit)
    MOVED folder*: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter (PUP.InstallConverter)
    MOVED folder*: C:\Windows\Installer\MSI2608.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSI32CA.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSI3B28.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSI44AE.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSI5514.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSI55A7.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSI89CA.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSI9AB1.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSIA3C0.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSIA455.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSIB65F.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSIC05A.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSIC12E.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSIC9F9.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSICE39.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSID0D5.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSIDD72.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSIDF4D.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSIF167.tmp- (Empty)
    MOVED folder*: C:\Windows\Installer\MSIFA39.tmp- (Empty)


    ---\\ Registry ( Key, Value, Data) (11)
    REPLACED data: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} (Hijacker.SearchScopes)
    DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD007F4F-4AED-4B81-80D4-7B9FC772457C}\\NameServer [Bad : 208.67.222.222,208.67.220.220] (Hijacker.Browser)
    DELETED key*: HKEY_USERS\S-1-5-21-3299126282-3657997626-4182433575-1000\Software\Classes\TornTvDownloader.File [TornTvDownloader.torrent File] (Hijacker.TornTV)
    DELETED key*: HKLM\SOFTWARE\Classes\TornTvDownloader.File [] (Hijacker.TornTV)
    DELETED key*: HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A} [IESmartBar.MSG] (Hijacker.SmartBar)
    DELETED key*: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6} [IESmartBar.BandObjectStyle] (Hijacker.SmartBar)
    DELETED key*: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E} [IESmartBar.POINT] (Hijacker.SmartBar)
    DELETED key*: HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95} [IESmartBar.DBIM] (Hijacker.SmartBar)
    DELETED key*: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} [IESmartBar.DESKBANDINFO] (Hijacker.SmartBar)
    DELETED key*: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} [IESmartBar.DBIMF] (Hijacker.SmartBar)
    DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3299126282-3657997626-4182433575-1000\Products\363FB0CBBA367FF4E81FEAD0F717B142 [LPT System Updater Service] (Adware.IncrediBar)


    ---\\ Result of repair
    ~ Repair carried out successfully
    ~ Browser not found (Opera Software)


    ---\\ Statistics
    ~ Items scanned : 1528
    ~ Items found : 0
    ~ Items cancelled : 0
    ~ Items repaired : 33


    End of clean at 12:32:48
    ===================
    ZHPCleaner-[R]-23052015-12_32_48.txt
    ZHPCleaner--23052015-12_31_59.txt
     
    Last edited by a moderator: May 26, 2015
    Lord Chance likes this.
  10. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Step 1: Combofix

    Download Combofix from HERE, and save it to your desktop.

    **Note: It is important that it is saved directly to your desktop**


    IMPORTANT!! - Disable your AntiVirus and AntiSpyware applications.


    Double click on ComboFix.exe & follow the prompts.

    • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
    • When finished, it will produce a report for you.
    .
    Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

    Step 2:Malwarebytes AntiRootkit


    DownloadMalwarebytes AntiRootkit to your desktop.

    • Double-click the icon to start the tool.
    • It will ask you where to extract make sure it is on the desktop.
    • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
    • Click next to continue.
    • Then Click Update
    • Once the update is Finished select Next then Scan.
    • If no malware has been found, at the end of scan select Exit
    • If an infection was found, make sure to select all items and click Cleanup.
    • Reboot your machine.
    • Open the MBAR folder and paste the content of the following into your next reply:
    • mbar-log-{date} (xx-xx-xx).txt
    • system-log.txt

    Step 3: Hitman Pro Scan



    Download Zemana Cloud AntiMalware from one of the links below.

    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

    http://dl9.zemana.com/download/Products/AntiMalware/Build192/ZemanaAntiMalware.exe 32 bit
    http://dl9.zemana.com/download/Products/AntiMalware/Build192/ZemanaAntiMalware_x64.exe 64 bit

    Note: If you have used Hitman Pro in the past you will not be able to activate a free license for this product.

    Save the file to your desktop.
    Right Click and run as administrator.
    Click Next to scan for malicious software.
    Tick the box that reads. " No I only want to perform a one time scan to check this computer"
    [​IMG]

    Hit Next.

    [​IMG]

    Upon scan completion. Now click on on save log and save to your desktop. Hit next to activate.

    [​IMG]

    After you activate, remove malware and post the log created in your next reply.
     
    driver_ian likes this.
  11. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    Greetings and salutations!
    I have followed the instructions to the letter, so find attached the combo fix log - there was no thing found on the root kit scan so no log was generated.
    As far as the Zemana cloud antimalware is concerned, I downloaded it to my desktop and it came up with an error msge
    "windows cannot verify the the digital signature for this file", so I tried to get it by going direct to the internet - the only zemana programme I could get was the original antimalware that you asked me to run earlier, so at the moment that one is a none starter, the computer is now back to normal if I stay within the computer itself i.e. watching a film or typing on word, but as soon as I try and join the big bad world (for instance there is a 5 or 6 second delay on my typing this and it appearing on the monitor) and if I try and browse the internet and use the scroll up or down function I am chasing the picture for a pastime. I am on a wireless connection to my hub and have even tried using cable to no effect.
    So apart from throwing the whole thing into a skip (dumpster) is there anything else..............
    Yours in desperation
    Brewster
     

    Attached Files:

  12. driver_ian

    driver_ian In at the Deep End... Administrator iHF Legend Security Advisor

    Joined:
    May 2, 2014
    Messages:
    2,387
    Likes Received:
    523
    Trophy Points:
    123
    What connection speed are you getting?... If you can, run the test at speedtest.net and post the result.. it may offer a clue..
     
  13. Lord Chance

    Lord Chance iHelpForum Jester & Door Greeter iHF Veteran Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    2,630
    Likes Received:
    2,164
    Trophy Points:
    273
    Hello Brewster,

    The message you got from Zemana only means that Windows could not verify the digital signature and that can be common with third party software not associated with Microsoft. As I trust Malnutrition it should be safe to ignore the warning and continue on.

    I am in agreement with Driver_Ian. Your problem may be with your service provider. If you are having issues with both wired and wireless then you may need to reinitialize your modem. If you have one of the following device configurations follow the order given.

    If your configuration is Modem\Computer without router or hub
    1. Turn off modem and computer
    2. Wait 10 seconds then switch modem back on
    3. Wait for modem to initialize and settle (all lights green and steady)
    4. Reboot computer
    If your configuration is Modem\Router\Computer
    1. Turn off the modem, router and computer
    2. Wait 10 seconds then switch modem back on
    3. Wait for the modem to initialize and settle
    4. Turn on router
    5. Let router initialize and settle
    6. Reboot computer
    If you are still experiencing a slow connection then hardware or service issues may be indicated. Sometime a modem may need to be reinitialized to clear the nvram. Hope this helps. :)
     
    Malnutrition likes this.
  14. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    Greetings and salutations!
    O.K. OOKLA speed test is as follows: Ping 26ms; Download Speed 29.82 Mbps; Upload Speed 9.33 Mbps; My trust in malnutrition is absolute but the programme will not run after telling me about the error, And reinitializiation of the modem was the first thing I did!
    Thanks for the input.............
    Brewster
     
  15. Lord Chance

    Lord Chance iHelpForum Jester & Door Greeter iHF Veteran Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    2,630
    Likes Received:
    2,164
    Trophy Points:
    273
    Ah! Very good Brewster. Security setting is the most likely reason the program would not run but that is Mal's expertise. Your speed test looks good to me. I wish I had just half your Upload/Download speeds. I live in a rural area so I have to contend with a snails pace of 1 up and 6 down. Bloody AT&T won't do better. :caution:
     
  16. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    Disable your antivirus prior to this scan.
    Download Zoek
    Save the file to your desktop.
    Right click Zoek.exe and run as administrator. (Xp Users double click)
    Copy and paste the items below and paste them into Zoek.

    createsrpoint;
    emptyfolderscheck;delete
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns;b
    ResetHosts;
    iedefaults;
    shortcutfix;
    symlinksfix;
    autoclean;


    Now hit the run script button.
    The log will appear after a reboot, also you can find it on the C: drive.
    Post the log in your next reply.



    Please download and save FRST 64bit or FRST 32 bit to your Desktop.


    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  17. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    So, lord chance helped you to get things in order. :)
     
  18. Lord Chance

    Lord Chance iHelpForum Jester & Door Greeter iHF Veteran Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    2,630
    Likes Received:
    2,164
    Trophy Points:
    273
    Not me Mate. You are the White Knight of the hour. ;)
     
    Cameldung, Malnutrition and DCiAdmin like this.
  19. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,499
    Likes Received:
    444
    Trophy Points:
    93
    I was referring to the internet issue, I just opened the door you showed the guest to their seat........ Teamwork!
     
    Lord Chance likes this.
  20. Lord Chance

    Lord Chance iHelpForum Jester & Door Greeter iHF Veteran Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    2,630
    Likes Received:
    2,164
    Trophy Points:
    273
    You still have the lead Mate. I will always follow a good man into a fight. ;)
     
    veeg, Cameldung and Malnutrition like this.
Loading...

Share This Page