[demozast]

ok.  I slowly re enabled all the programs and now it seems to be fine?  Everything is enabled and the web pages load more like normal now.  Is there any other steps to take or stuff to check?

 

Thank you

 

Kirk

[Advertisements]

Hello demozast,

 

Yes we still do have some steps to complete here.  Thank you for working through the Clean Boot Troubleshooting steps - I realize it is time-consuming and your time is limited.  I am advised that this can indeed happen sometimes with Windows 8. 

 

Just to be clear, with all of the Services and Startup items re-enabled, your "Normal startup" box should be checked like this:

 

 

Please confirm that this is the case and the computer is still running well.

 

If it is not selected, please do so, reboot, and confirm the computer is still working well.

 

Now

Run a FRST Fix
 

• Download the attached fixlist.txt file and save it to the Desktop =>  fixlist.txt   1.96KB   251 downloads
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
  
  Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

 

[DanoNH]

Hello demozast,

 

Yes we still do have some steps to complete here.  Thank you for working through the Clean Boot Troubleshooting steps - I realize it is time-consuming and your time is limited.  I am advised that this can indeed happen sometimes with Windows 8. 

 

Just to be clear, with all of the Services and Startup items re-enabled, your "Normal startup" box should be checked like this:

 

 

Please confirm that this is the case and the computer is still running well.

 

If it is not selected, please do so, reboot, and confirm the computer is still working well.

 

Now

Run a FRST Fix
 

• Download the attached fixlist.txt file and save it to the Desktop =>  fixlist.txt   1.96KB   251 downloads
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
  
  Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

 

[demozast]

ok.  Normal startup was checked and seems to still run ok.

 

Here are the frst logs

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015

Ran by Larry at 2015-06-05 21:47:40 Run:1

Running from C:\Users\Larry\Desktop

Loaded Profiles: Larry (Available Profiles: Larry & Guest)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]

URLSearchHook: [S-1-5-21-2690978493-790239216-3970457346-501] ATTENTION ==> Default URLSearchHook is missing

SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF

SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}

SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF

SearchScopes: HKU\S-1-5-21-2690978493-790239216-3970457346-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF

SearchScopes: HKU\S-1-5-21-2690978493-790239216-3970457346-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF

SearchScopes: HKU\S-1-5-21-2690978493-790239216-3970457346-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}

SearchScopes: HKU\S-1-5-21-2690978493-790239216-3970457346-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

RemoveProxy:

EmptyTemp:

CMD: bitsadmin /reset /allusers

end

*****************

 

Restore point was successfully created.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

Could not restore Default URLSearchHook.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully

HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully

HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully

HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully

HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully

HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 

"HKU\S-1-5-21-2690978493-790239216-3970457346-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully

HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 

"HKU\S-1-5-21-2690978493-790239216-3970457346-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully

HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 

"HKU\S-1-5-21-2690978493-790239216-3970457346-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully

HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 

HKU\S-1-5-21-2690978493-790239216-3970457346-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.

"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully

 

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state ON =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-2690978493-790239216-3970457346-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-2690978493-790239216-3970457346-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

 

========= End of RemoveProxy: =========

 

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

0 out of 0 jobs canceled.

 

========= End of CMD: =========

 

EmptyTemp: => 986.6 MB temporary data Removed.

 

 

The system needed a reboot.. 

 

==== End of Fixlog 21:49:18 ====

[DanoNH]

Hello demozast,

 

Looking good so far...

 

Here are our next steps:

 

First

Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

• Shut down your protection software now to avoid potential conflicts.  See here for more information.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

Second

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
• Do not click the Cleaning button.
• Click the Logfile button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

 

Finally
In your next reply, please copy/paste the contents of the following logs:

• JRT log
• AdwCleaner scan log

And tell me how the system is running.

 

[demozast]

# AdwCleaner v4.206 - Logfile created 06/06/2015 at 15:17:50

# Updated 01/06/2015 by Xplode

# Database : 2015-06-05.1 [Server]

# Operating system : Windows 8.1  (x64)

# Username : Larry - LARRYSCOMPUTER

# Running from : C:\Users\Larry\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found : C:\ProgramData\Yahoo! Companion

Folder Found : C:\Users\Larry\AppData\LocalLow\Yahoo! Companion

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.8.8 (06.03.2015:1)

OS: Windows 8.1 x64

Ran by Larry on Sat 06/06/2015 at 13:04:34.61

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [Service] yahooauservice

Successfully deleted: [Service] yahooauservice

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\users\public\desktop\ebay.lnk

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\Users\Larry\appdata\locallow\visi_coupon

Successfully deleted: [Folder] C:\Users\Larry\appdata\locallow\yahoocouponaddon

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\Larry\appdata\local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

 

[C:\Users\Larry\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\Larry\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

mkfokfffehpeedafpekjeddnmnjhmcmk

 

[C:\Users\Larry\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\Larry\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[

  mkfokfffehpeedafpekjeddnmnjhmcmk

]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/06/2015 at 13:14:42.45

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

-\\ Google Chrome v43.0.2357.81

 

 

*************************

 

AdwCleaner[R0].txt - [2679 bytes] - [06/06/2015 14:12:41]

AdwCleaner[R1].txt - [2170 bytes] - [06/06/2015 15:17:50]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2229 bytes] ##########

[DanoNH]

Hi Kirk,

 

Great!  And getting better... we have a little more work here still. 

 

First
Run AdwCleaner
 

• Close all open windows and browsers.
• Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
• Click the Scan button and wait for the scan to complete.
• When the Scan has finished the Scan button will be grayed out and the Cleaning button will be activated.
• Click the Cleaning button.
  
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Second

 

Run Malwarebytes' Anti-Malware (already installed):
 

• Open it, select the Dashboard tab, and click on "Update Now":
  
• If a scan update is available, it will install it. Install any program updates it offers.
• Please reboot if you are asked to.
• Start Malwarebytes' Anti-Malware
• Now select the Settings tab, and check the box next to Scan for rootkits:
  
• Go back to the Dashboard tab, and click the Scan Now button:
  
• The scan may take some time to finish,so please be patient.
  
   
• When the scan is complete, it will show you the results:
  
   
• Make sure that everything is checked, and click Remove Selected (or similar).
• When disinfection is completed, a log may open in Notepad and you may be prompted to Restart.  (See Extra Note below)
• The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
• Choose the latest Scan Log:
  
   
• In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.
  
   
• Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

 

Finally
In your next reply, please copy/paste the contents of the following logs:

• AdwCleaner Cleaning log
• MBAM log

And tell me how the system is running.

 

[demozast]

# AdwCleaner v4.206 - Logfile created 08/06/2015 at 07:28:50

# Updated 01/06/2015 by Xplode

# Database : 2015-06-05.1 [Server]

# Operating system : Windows 8.1  (x64)

# Username : Larry - LARRYSCOMPUTER

# Running from : C:\Users\Larry\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Yahoo! Companion

Folder Deleted : C:\Users\Larry\AppData\LocalLow\Yahoo! Companion

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Google Chrome v43.0.2357.81

 

[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [2679 bytes] - [06/06/2015 14:12:41]

AdwCleaner[R1].txt - [2308 bytes] - [06/06/2015 15:17:50]

AdwCleaner[R2].txt - [2797 bytes] - [07/06/2015 22:56:06]

AdwCleaner[S0].txt - [2760 bytes] - [08/06/2015 07:28:50]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2819  bytes] ##########

 

 

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/8/2015

Scan Time: 7:37:49 AM

Logfile: mbamtxt.txt

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.06.08.02

Rootkit Database: v2015.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Larry

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 435029

Time Elapsed: 46 min, 26 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 4

PUP.Optional.APNToolBar.A, C:\Users\Larry\Downloads\pal_install_u39883528_a729_r109812_p159 (1).exe, Quarantined, [c47ec2f643476dc988c993d10bf7bb45], 

PUP.Optional.APNToolBar.A, C:\Users\Larry\Downloads\pal_install_u39883528_a729_r109812_p159.exe, Quarantined, [78cad3e55832ea4c87ca352f17eb2ed2], 

PUP.Optional.APNToolBar.A, C:\Users\Larry\AppData\Local\Downloaded Installations\{3A689B30-F482-4D55-9B4D-E5638B4F55E1}\The Weather Channel App.msi, Quarantined, [f052a4144941f54183cebda751b17b85], 

PUP.Optional.APNToolBar.A, C:\Windows\Installer\2c0955e2.msi, Quarantined, [75cdeeca0c7e65d1fc55333131d15ba5], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[DanoNH]

Hello Kirk,
 
Everything looks good in your logs here, so I'm happy to tell you:

Congratulations, your log is clean!

Now, let's cover some additional steps to clean up your computer and help you avoid getting infected again...

Tools Cleanup and Housekeeping
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Tool Removal
We need to remove the tools we've used during cleaning your machine

• Download DelFix from here
• Ensure Remove disinfection tools is ticked
• Also check these options:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset System Settings
  
• Click Run
• The program will run for a few moments and then notepad will open with a log.

Please paste the log in your next reply, and delete any logs that you have left over on your desktop.

Now let's take a few preventative measures to reduce the risk of further infections.


Automatic Updates for Windows 8
Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 8


Keep Java Updated

 

Note:  FYI only.  You don't have this installed right now.

 
Warning: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser).

If you do need to keep Java then download JavaRa.
Run the program and select Remove Java Runtime.  Uninstall all versions of Java present.
Once done then run it again and select Update Java runtime > Download and install Latest version.



Web Browser security
Most malware is exploiting Internet Explorer's vulnerabilities, with Firefox you will likely be more secure.

• Get Mozilla Firefox, or
• Get the latest version of Internet Explorer

Note: If you are going to use Firefox, I would suggest the use of these add-ons:

• NoScript - for blocking ads and other potential website attacks.
• AdBlock Plus - block annoying ads that cost you expensive bandwith, with the added benefit of faster page loading.
• McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

Other Program updates

 

Note:  FYI only.  You don't have any of these installed right now.

 
If you use any Adobe software make sure to keep them updated.  Best of all, they are FREE.
Note: Make sure to uncheck the check box labelled "Yes, install McAfee Security Scan Plus - optional", or any other optional "features".

• Get Adobe Reader
• Get Adobe Flash Player
• Get Adobe Shockwave Player

Anti Virus Programs
On to personal Anti Virus programs. One AV is a must have, but never more than one, as this can and will cause conflicts, system slow-downs, and false readings.

If you wish to keep using your current program (Norton Internet Security), always make sure it is up to date and enabled.

These FREE ones are as good as any paid subscription AV, as long as you allow them to update themselves:

• Avast! Home Edition - a very good free AntiVirus.
• AVG Free Anti-virus - yet another good free AntiVirus
• Microsoft Security Essentials

Anti Spyware Programs
You already have an excellent preventative program that will help to keep the nasties away - Malwarebytes Anti-Malware.  I would advise running this at least once a month.  If you need to download it again, you can get it from here:  
Malwarebytes Anti-Malware


Instant Messengers
Almost done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, malware-free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

• Trillian or,
• Miranda-IM

File/System Cleaners
Finally, it is a good idea to clear out all your temp files every now and again. This will help keep your computer running optimally. It can detect registry errors, missing shortcuts, invalid files, etc. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

• TFC by OldTimer is a free temporary file cleaner.

CryptoLocker Warning
CryptoLocker is a particularly nasty infection which is becoming more prevalent...
 
Go here for information about CryptoLocker Ransomware. Learning about what is out there may help you prevent infection. The best protection against this infection is to backup your files often. If you're using an external drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever have the frustrating experience of contracting it.
 
It is suggested to Download CryptoPrevent, which is free for home use. It will help prevent CryptoLocker infection.


Further Reading
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this excellent article, originally written by Tony Klein, and updated by SpySentinel.

I will keep this log open for the next couple of days, so if you have any further problems, you can post another reply here.

OK, happy computing, and stay safe!

Please reply again to this thread to acknowledge you have read my last post.  If you have no further questions, this thread will be closed to prevent others from posting here.

Thanks!

[demozast]

Heres the last logs you requested.  On my computer I dont have Noton, but my dad swears he has to have it.  Is that part of his computer issues possibly?

 

Thank you immensely for your help!

 

 

 

# DelFix v1.010 - Logfile created 09/06/2015 at 23:39:45

# Updated 26/04/2015 by Xplode

# Username : Larry - LARRYSCOMPUTER

# Operating System : Windows 8.1  (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\RegBackup

Deleted : C:\Users\Larry\Desktop\AdwCleaner.exe

Deleted : C:\Users\Larry\Desktop\Fixlog.txt

Deleted : C:\Users\Larry\Desktop\frst64.exe

Deleted : C:\Users\Larry\Desktop\JRT.exe

Deleted : C:\Users\Larry\Desktop\JRT.txt

Deleted : C:\Users\Larry\Desktop\securitycheck.exe

Deleted : C:\Users\Larry\Downloads\Addition.txt

Deleted : C:\Users\Larry\Downloads\FRST.txt

Deleted : C:\Users\Larry\Downloads\FRST64.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #61 [Scheduled Checkpoint | 05/21/2015 22:07:09]

Deleted : RP #62 [Scheduled Checkpoint | 05/30/2015 00:27:31]

Deleted : RP #64 [Restore Point Created by FRST | 06/06/2015 02:47:43]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

[DanoNH]

You are immensely welcome! 

 

Seriously, Norton is probably fine, and the system really wasn't badly infected at all.  I believe in this case it was more of a a software conflict which seems to have resolved itself by your clean boot troubleshooting steps.

 

How is the computer running now?  All good?

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.