[jeffwj12]

I am unable to remember where I specifically so those files or examples. Not sure if this is related but often when I plug in my head phones or my hdmi cable to my tv, my computer will not respond well. My laptop speakers frequently will continue to play instead of the tv or thru head phones. What software would you recommend to make sure I'm the only one accessing this computer?

[Advertisements]

I did what you asked concerning RUN PROGRAM. I found that folder doesnt in "%userprofile%\documents" all i see is: two hidden folders 'hp.applications.package.appdata' and 'hp.system.package.metadata', a 'Youcam; folder, and a file 'regback up1.REG

[jeffwj12]

I did what you asked concerning RUN PROGRAM. I found that folder doesnt in "%userprofile%\documents" all i see is: two hidden folders 'hp.applications.package.appdata' and 'hp.system.package.metadata', a 'Youcam; folder, and a file 'regback up1.REG

[Nevan]

Hello again, jeffwj12.

As you keep being afraid of someone accessing your computer, let's try something else.

• Download MCShield to your desktop. Right-click the file and select Run as Administrator). Leave the default settings during the installation process.
• MCShield will run a quick scan and then it's window will appear.
• On the left panel select Scanner and then tick Always unhide items on flash drives. Then click Apply.
  
• Select Logs on the left panel, then click Copy.
• Paste (CTRL+V) the result of the scan into your next post.

[jeffwj12]

I'll do that right now! My computer is still really jerky at times and i lose control of my finger-pad often. My cursor will be wigging out with no see-able cause, just hopping all over

Edited by jeffwj12, 26 February 2015 - 11:17 AM.

[jeffwj12]

>>> MCShield AllScans.txt <<<

 

-----------------------------

 

 

 

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

 

>>> v 3.0.5.28 / DB: 2015.2.15.1 / Windows 8.1 <<<

 

 

2/26/2015 9:05:51 AM > Drive C: - scan started (Windows ~679 GB, NTFS HDD )...

 

 

 

=> The drive is clean.

 

 

2/26/2015 9:05:52 AM > Drive D: - scan started (RECOVERY ~19 GB, NTFS HDD )...

 

 

 

=> The drive is clean.

 

 

 

 

 

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

 

>>> v 3.0.5.28 / DB: 2015.2.15.1 / Windows 8.1 <<<

 

 

2/26/2015 9:12:38 AM > Drive C: - scan started (Windows ~679 GB, NTFS HDD )...

 

 

 

=> The drive is clean.

 

 

2/26/2015 9:12:39 AM > Drive D: - scan started (RECOVERY ~19 GB, NTFS HDD )...

 

 

 

=> The drive is clean.

[Nevan]

Hello again, jeffwj12.

From what I can see in the logs you've provided so far, there are no signs of anyone having access to your computer. The question here is if you believe me or not.

You have two options here:
Option #1: If you want to proceed with the checks, tell me and we will move forward.
Option #2: If you still feel unsafe, I see no other option but a complete reformat of your computer.

Please tell me which way you want to go.

[jeffwj12]

I believe you know what ur talkin about. option 1

[Nevan]

Hello again, jeffwj12.

Alright then, let's move forward with the checks.

Step #1
Junkware Removal Tool

• Download Junkware Removal Tool to your Desktop
• Close any open windows
• Disable your Antivirus program (click here if you don't know how to do this)
• Double click JRT.exe on your desktop to run it
• Click any button to start the scan
• Wait for Junkware Removal Tool to finish the scan
• When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
• Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

 
Step #2
AdwCleaner

• Download AdwCleaner to your Desktop.
• Close any open windows
• Double click AdwCleaner.exe on your desktop to run it
• Click the button
• Wait for AdwCleaner to finish the scan
• When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click button.
• When the cleaning is finished, the program will ask you to reboot the system. Please do so.
• Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
• Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:

• JRT.txt log content
• AdwCleaner[S0].txt log content

[jeffwj12]

what would be the consequences of MCSHIELD still being active when I ran JRT.EXE? I couldn't tell if it turned off or was active... I did disable malwarebytes and AVG's firewall, spyware. I left AVG tune up still operating.... 

 

PLZ ADVISE,

JWJ

[jeffwj12]

Oh and a friend o mine told me to run both programs as administrator. It seemed like a good idea but can you confirm?

 

JWJ

[Nevan]

Don't worry. The worst thing that can happen is that JRT.exe will be blocked by McShield. In that case turn McShield off and try again.

 

About running as administrator, there's no need to do so as long as I haven't written so.

[jeffwj12]

aye aye captain. I'll reboot now

[Nevan]

[jeffwj12]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 8.1 x64

Ran by jeff on Thu 02/26/2015 at 15:51:58.07

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 02/26/2015 at 15:58:30.43

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.111 - Logfile created 26/02/2015 at 17:02:10

# Updated 18/02/2015 by Xplode

# Database : 2015-02-18.3 [Server]

# Operating system : Windows 8.1  (x64)

# Username : jeff - JWJ-ROBOT

# Running from : C:\Users\jeff\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

Service Deleted : vToolbarUpdater18.2.0

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\AVG Security Toolbar

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Google Chrome v40.0.2214.115

 

 

*************************

 

AdwCleaner[R0].txt - [3408 bytes] - [26/02/2015 16:53:23]

AdwCleaner[R1].txt - [3467 bytes] - [26/02/2015 16:57:46]

AdwCleaner[S0].txt - [3436 bytes] - [26/02/2015 17:02:10]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3495  bytes] ##########

 

[Nevan]

Hello again, jeffwj12.

More checks to do. Please, be patient.

Step #1
Malwarebytes Anti-Malware

I can see that you currently have Malwarebytes Anti-Malware installed on your computer. We'll use it.

• Launch Malwarebytes Anti-Malware
• In Database version section, click Update Now
• Once the update is done, click Settings>Detection and Protection
• Make sure that all three boxes under Detection Options are checked
  
• Go back to Dashboard and click the big, green Scan Now button.
• Wait for Malwarebytes Anti-Malware to finish the scan
• If the program will detect anything, click the button. The program might want to reboot the system. Allow it it wants to.
• Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
• Click the button.
• Paste (CTRL+V) the log into your next reply.

 
Step #2
ESET Online Scanner

• Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox

• Disable your Antivirus program (click here if you don't know how to do this).
• Visit ESET site
• Click
• When using:
  • Internet Explorer:
    • Accept the Terms of Use and click Start
    • Allow the running of add-on
  • Other browsers:
    • Download esetsmartinstaller_enu.exe that you'll be given link to
    • Double click esetsmartinstaller_enu.exe
    • Allow the Terms of Use and click Start
• Make sure that:
  • Enable detection of potentially unwanted applications is checked
  • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
  
• Click Start
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan
• When the scan is done, click Finish
• A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
• Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:

• Malwarebytes Anti-Malware log content
• ESET Online Scanner log content