[butterrice]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015

Ran by Bea at 2015-04-14 21:59:51 Run:2

Running from C:\Users\Bea\Desktop

Loaded Profiles: Bea (Available profiles: Bea & reba jo)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

CreateRestorePoint:

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

Emptytemp:

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

EmptyTemp: => Removed 45.3 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 22:03:45 ====

[Advertisements]

Ok, that looks good. Please run this next step and let me know if any issues remain afterwards.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Please download zoek.exe to your Desktop:

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator

Give it a few seconds to appear

Click the Options button and place a checkmark only on the following options:

AutoClean

Now...

Close any open programs.

Click the Run script button, and wait.

It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.

The log is also found on the systemdrive, normally C:\

If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.

[pystryker]

Ok, that looks good. Please run this next step and let me know if any issues remain afterwards.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Please download zoek.exe to your Desktop:

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator

Give it a few seconds to appear

Click the Options button and place a checkmark only on the following options:

AutoClean

Now...

Close any open programs.

Click the Run script button, and wait.

It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.

The log is also found on the systemdrive, normally C:\

If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.

[butterrice]

 

Zoek.exe v5.0.0.0 Updated 08-April-2015

Tool run by Bea on Thu 04/16/2015 at  0:10:06.74.

Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Bea\Desktop\zoek.exe [Scan all users]  [Checkboxes used]

 

==== System Restore Info ======================

 

4/16/2015 12:12:49 AM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\GRETECH deleted successfully

C:\PROGRA~2\iMobie deleted successfully

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully

C:\PROGRA~2\Samsung deleted successfully

C:\PROGRA~2\VideoLAN deleted successfully

C:\Users\Bea\AppData\Roaming\Malwarebytes deleted successfully

C:\Users\Bea\AppData\Roaming\TP deleted successfully

C:\Users\Bea\AppData\Roaming\Windows Live Writer deleted successfully

C:\Users\reba jo\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-1939556421-1720677683-651779200-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B6A4AD4-D6EE-47dd-B308-0E0930A43853} deleted successfully

HKEY_USERS\S-1-5-21-1939556421-1720677683-651779200-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9d7b25eb-a156-456e-baf1-1801f1751a52} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== FireFox Fix ======================

 

ProfilePath: C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default

 

user.js not found

---- Lines {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} removed from prefs.js ----

user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_status", "active");

user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_upn2", "717");

user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_installer_name", "hsbing_717_active_2013-05-13-23-47-09");

user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_version", "2.0.0.566");

user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_temp_installer_name", "");

user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_toolbarID", "899c075155ae43c58b3662c46bffc157");

---- Lines isearch removed from prefs.js ----

user_pref("weboftrust.search.avg.url", "^http(s)?\\:\\/\\/isearch\\.avg\\.com\\/search\\?");

---- Lines ask.com removed from prefs.js ----

user_pref("weboftrust.search.ask.display", "Ask.com Web Search");

---- Lines vfdownload removed from prefs.js ----

user_pref("extensions.vfdownload.installDate", "2013-5-13");

user_pref("extensions.vfdownload.installedProduct", "selectionlinks");

user_pref("extensions.vfdownload.installerVersion", "3.2");

user_pref("extensions.vfdownload.installID", "{9D891339-48D3-4CF4-BB34-4F38FE74E65A}");

user_pref("extensions.vfdownload.installpartner", "apl");

user_pref("extensions.vfdownload.testgroup", "");

---- Lines SpeedAnalysis removed from prefs.js ----

user_pref("[email protected]", "\"fefea8f5-afb0-5d61-2423-6f162f532aac\"");

user_pref("[email protected]", "75");

user_pref("[email protected]", "\"554429b2-aa9e-11e2-a597-0025900b3c98\"");

---- Lines mysearch removed from prefs.js ----

user_pref("avg.install.userHPSettings", "http://mysearch.avg....fcdf377aee-0c5a

---- Lines offers removed from prefs.js ----

user_pref("weboftrust.category.301", "{\"name\":\"301\",\"group\":\"4\",\"text\":\"Online tracking\",\"description\":\"Based on your experience the si

---- FireFox user.js and prefs.js backups ---- 

 

prefs_20150416_0104_.backup

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\GRETECH not found

C:\PROGRA~2\iMobie not found

C:\PROGRA~2\Samsung not found

C:\PROGRA~2\VideoLAN not found

"C:\Windows\Installer\2b8fdd6c.msi" not found

C:\PROGRA~2\GUT48AA.tmp deleted

C:\PROGRA~2\GUM48A9.tmp deleted

C:\Users\reba jo\AppData\Local\installer.log deleted

C:\Windows\Syswow64\InstallUtil.InstallLog deleted

C:\Users\Default\AppData\Roaming\gacutil.exe deleted

C:\Users\Default\AppData\Roaming\PnPutil.exe deleted

C:\Users\reba jo\AppData\Roaming\gacutil.exe deleted

C:\Users\reba jo\AppData\Roaming\PnPutil.exe deleted

 

==== Firefox Start and Search pages ======================

 

ProfilePath: C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default

user_pref("browser.search.defaultenginename", "");

user_pref("browser.search.selectedEngine", "");

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default

- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

- Bitdefender QuickScan - %ProfilePath%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

 

==== Firefox Plugins ======================

 

 

==== Chromium Look ======================

 

Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db]

 

 

Chrome Hotword Shared Module - Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/?...UP72&dt=061813"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/?...UP72&dt=061813"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IESR02"

{1A739775-86FE-43E3-9677-CF6304FE9E07} Bing  Url="http://www.bing.com/...c=IE-SearchBox"

{65C1092E-30AE-4B30-91E1-B14004FDF9B9} Google  Url="http://www.google.co...tputEncoding?}"

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843 deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amazon Cloud Player deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks.daemon deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKStatusMonitor deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fitbit Service Monitor deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop deleted successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Bea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Cache found

 

==== Empty Chrome Cache ======================

 

C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\reba jo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=80 folders=1 13382004 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Bea\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\reba jo\AppData\Local\temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Bea\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Thu 04/16/2015 at  1:37:06.03 ======================

[pystryker]

How is the machine running? Any improvement?

[butterrice]

Unfortunately, still a bit sluggish.

[pystryker]

Unfortunately, still a bit sluggish.

A slow computer does not mean there is malware present. I don't see anything in your FRST log to indicate that your problem is malware related.
I will post the following info to get you started in the right direction running some hardware maintenance.

If this doesn't help, then we'll clean up my tools and get you over to the Hardware Forum so they can test your machine.


Disk Cleanup Utility

Please follow the link below and you will find instructions on running the Disk Cleanup Utility to clean up unneeded files.

http://www.theelderg...nup_utility.htm


Defragging Your Hard Drive

Please click the link below to find instructions on defragging your hard drive.

http://artsweb.bham....rag-win2kxp.htm

If you are still having issues when completing these 2 tasks, please let me know.

[butterrice]

seems alot better now!

[pystryker]

seems alot better now!

Excellent! Let's tidy up and update some programs and I think you'll be all set.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Tool Removal with Delfix and Creation of a clean restore point

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Program Updates


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.

• Click on this link Java Website and click Do I Have Java?
• Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Update Adobe flash Player

• Your current version of Adobe Flash is out of date. Please update it by clicking the link below.
• Also, make sure you Uncheck the box to install the McAfee Security Scan Plus software.

http://get.adobe.com/flashplayer/


Step 3: Tips, Information, and Optional Installation of Unchecky


Tips to help reduce infection chances

• Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
• Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
• Be careful of the websites you visit.
• When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.





Then click Finish




Unchecky is now installed and will help you keep unwanted check boxes unchecked.


Things I need to see in your next post

Delfix Log

[butterrice]

# DelFix v10.9 - Logfile created 18/04/2015 at 23:11:17

# Updated 27/02/2015 by Xplode

# Username : Bea - BEA-PC

# Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\zoek_backup

Deleted : C:\AdwCleaner

Deleted : C:\Users\Bea\Desktop\FRST-OlderVersion

Deleted : C:\AdwCleaner[S1].txt

Deleted : C:\AdwCleaner[S2].txt

Deleted : C:\AdwCleaner[S3].txt

Deleted : C:\ComboFix.txt

Deleted : C:\TDSSKiller.3.0.0.44_07.04.2015_22.46.13_log.txt

Deleted : C:\zoek-results.log

Deleted : C:\Users\Bea\Desktop\Addition.txt

Deleted : C:\Users\Bea\Desktop\adwcleaner_4.200.exe

Deleted : C:\Users\Bea\Desktop\Fixlog.txt

Deleted : C:\Users\Bea\Desktop\FRST.txt

Deleted : C:\Users\Bea\Desktop\FRST64.exe

Deleted : C:\Users\Bea\Desktop\JRT.exe

Deleted : C:\Users\Bea\Desktop\JRT.txt

Deleted : C:\Users\Bea\Desktop\SecurityCheck.exe

Deleted : C:\Users\Bea\Desktop\tdsskiller.exe

Deleted : C:\Users\Bea\Desktop\zoek.exe

Deleted : C:\Users\Bea\Downloads\adwcleaner_4.200.exe

Deleted : C:\Users\Bea\Downloads\esetsmartinstaller_enu(1).exe

Deleted : C:\Users\Bea\Downloads\esetsmartinstaller_enu(2).exe

Deleted : C:\Users\Bea\Downloads\esetsmartinstaller_enu(3).exe

Deleted : C:\Users\Bea\Downloads\esetsmartinstaller_enu(4).exe

Deleted : C:\Users\Bea\Downloads\esetsmartinstaller_enu(5).exe

Deleted : C:\Users\Bea\Downloads\esetsmartinstaller_enu(6).exe

Deleted : C:\Users\Bea\Downloads\esetsmartinstaller_enu.exe

Deleted : C:\Users\Bea\Downloads\FRST.exe

Deleted : C:\Users\Bea\Downloads\FRST64.exe

Deleted : C:\Users\Bea\Downloads\JRT.exe

Deleted : C:\Users\Bea\Downloads\RogueKiller(1).exe

Deleted : C:\Users\Bea\Downloads\RogueKiller.exe

Deleted : C:\Users\Bea\Downloads\RogueKillerX64(1).exe

Deleted : C:\Users\Bea\Downloads\RogueKillerX64.exe

Deleted : C:\Users\Bea\Downloads\SecurityCheck.exe

Deleted : C:\Users\Bea\Downloads\tdsskiller.exe

Deleted : C:\Users\Bea\Downloads\zoek.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #190 [Windows Update | 01/04/2015 02:46:17]

Deleted : RP #191 [Windows Update | 01/11/2015 17:15:08]

Deleted : RP #192 [Windows Update | 01/31/2015 19:51:33]

Deleted : RP #193 [Windows Update | 02/24/2015 09:04:19]

Deleted : RP #194 [Windows Update | 03/03/2015 16:20:37]

Deleted : RP #195 [Windows Update | 04/04/2015 03:19:21]

Deleted : RP #196 [Removed KODAK Cloud Software Connector. | 04/04/2015 11:39:50]

Deleted : RP #197 [Removed QuickTime 7 | 04/04/2015 11:43:07]

Deleted : RP #198 [Removed QuickTime 7 | 04/04/2015 11:46:16]

Deleted : RP #200 [Restore Point Created by FRST | 04/06/2015 00:07:34]

Deleted : RP #201 [Windows Update | 04/07/2015 10:42:39]

Deleted : RP #202 [Windows Update | 04/11/2015 04:35:51]

Deleted : RP #204 [Restore Point Created by FRST | 04/15/2015 02:01:15]

Deleted : RP #205 [zoek.exe restore point | 04/16/2015 04:12:06]

Deleted : RP #206 [Windows Update | 04/16/2015 04:39:44]

 

New restore point created !

 

########## - EOF - ##########

[pystryker]

Looks good!

If we can of service to you in the future, please don't hesitate to come back and see us.

Safe surfing,

Pystryker

[butterrice]

Thank you very much!

[pystryker]

Thank you very much!

You're very welcome.

[pystryker]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.