Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Not sure whats wrong or where to start [Solved]


  • This topic is locked This topic is locked

#16
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I am unable to remember where I specifically so those files or examples. Not sure if this is related but often when I plug in my head phones or my hdmi cable to my tv, my computer will not respond well. My laptop speakers frequently will continue to play instead of the tv or thru head phones. What software would you recommend to make sure I'm the only one accessing this computer?


  • 0

Advertisements


#17
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I did what you asked concerning RUN PROGRAM. I found that folder doesnt in "%userprofile%\documents" all i see is: two hidden folders 'hp.applications.package.appdata' and 'hp.system.package.metadata', a 'Youcam; folder, and a file 'regback up1.REG


  • 0

#18
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, jeffwj12.

As you keep being afraid of someone accessing your computer, let's try something else.
  • Download MCShield to your desktop. Right-click the file and select Run as Administrator). Leave the default settings during the installation process.
  • MCShield will run a quick scan and then it's window will appear.
  • On the left panel select Scanner and then tick Always unhide items on flash drives. Then click Apply.
    TEbjrna.png
  • Select Logs on the left panel, then click Copy.
  • Paste (CTRL+V) the result of the scan into your next post.

  • 0

#19
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I'll do that right now! My computer is still really jerky at times and i lose control of my finger-pad often. My cursor will be wigging out with no see-able cause, just hopping all over


Edited by jeffwj12, 26 February 2015 - 11:17 AM.

  • 0

#20
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
>>> MCShield AllScans.txt <<<
 
-----------------------------
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2015.2.15.1 / Windows 8.1 <<<
 
 
2/26/2015 9:05:51 AM > Drive C: - scan started (Windows ~679 GB, NTFS HDD )...
 
 
 
=> The drive is clean.
 
 
2/26/2015 9:05:52 AM > Drive D: - scan started (RECOVERY ~19 GB, NTFS HDD )...
 
 
 
=> The drive is clean.
 
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2015.2.15.1 / Windows 8.1 <<<
 
 
2/26/2015 9:12:38 AM > Drive C: - scan started (Windows ~679 GB, NTFS HDD )...
 
 
 
=> The drive is clean.
 
 
2/26/2015 9:12:39 AM > Drive D: - scan started (RECOVERY ~19 GB, NTFS HDD )...
 
 
 
=> The drive is clean.

  • 0

#21
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, jeffwj12.

From what I can see in the logs you've provided so far, there are no signs of anyone having access to your computer. The question here is if you believe me or not.

You have two options here:
Option #1: If you want to proceed with the checks, tell me and we will move forward.
Option #2: If you still feel unsafe, I see no other option but a complete reformat of your computer.

Please tell me which way you want to go.
  • 0

#22
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I believe you know what ur talkin about. option 1


  • 0

#23
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, jeffwj12.

Alright then, let's move forward with the checks.

Step #1
Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
AdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click 5W2Ci1o.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • JRT.txt log content
  • AdwCleaner[S0].txt log content

  • 0

#24
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

what would be the consequences of MCSHIELD still being active when I ran JRT.EXE? I couldn't tell if it turned off or was active... I did disable malwarebytes and AVG's firewall, spyware. I left AVG tune up still operating.... 

 

PLZ ADVISE,

JWJ


  • 0

#25
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Oh and a friend o mine told me to run both programs as administrator. It seemed like a good idea but can you confirm?

 

JWJ


  • 0

Advertisements


#26
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Don't worry. The worst thing that can happen is that JRT.exe will be blocked by McShield. In that case turn McShield off and try again.

 

About running as administrator, there's no need to do so as long as I haven't written so.


  • 0

#27
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

aye aye captain. I'll reboot now


  • 0

#28
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

:thumbsup:


  • 0

#29
jeffwj12

jeffwj12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by jeff on Thu 02/26/2015 at 15:51:58.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/26/2015 at 15:58:30.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.111 - Logfile created 26/02/2015 at 17:02:10
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : jeff - JWJ-ROBOT
# Running from : C:\Users\jeff\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.2.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.115
 
 
*************************
 
AdwCleaner[R0].txt - [3408 bytes] - [26/02/2015 16:53:23]
AdwCleaner[R1].txt - [3467 bytes] - [26/02/2015 16:57:46]
AdwCleaner[S0].txt - [3436 bytes] - [26/02/2015 17:02:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3495  bytes] ##########
 

  • 0

#30
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, jeffwj12.

More checks to do. Please, be patient.

Step #1
Malwarebytes Anti-Malware

I can see that you currently have Malwarebytes Anti-Malware installed on your computer. We'll use it.
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click the 4uwHOgV.png button. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
  • Click the HVS7vK4.png button.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click fxn8GTf.jpg
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that:
    • Enable detection of potentially unwanted applications is checked
    • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
    TcWwbLS.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP