Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Running Very Slowly [Solved]


  • This topic is locked This topic is locked

#1
Conrad 678

Conrad 678

    Member

  • Member
  • PipPipPip
  • 103 posts

My computer is running very slowly.  Here are the logs. 

 

Thanks!

 

Conrad

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
Ran by Kapustaman (administrator) on KAPUSTALINI (19-06-2016 20:26:58)
Running from C:\Users\Kapustaman\Downloads
Loaded Profiles: Kapustaman (Available Profiles: Kapustaman)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(Rational Intellectual Holdings Ltd.) C:\Program Files (x86)\PokerStars.NET\PokerStars.exe
(Rational Intellectual Holdings Ltd.) C:\Program Files (x86)\PokerStars.NET\gameutil1.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179040 2013-10-15] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-18] (AVAST Software)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1626598932-1590900815-3097174469-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-1626598932-1590900815-3097174469-1001\...\RunOnce: [Uninstall C:\Users\Kapustaman\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kapustaman\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1626598932-1590900815-3097174469-1001\...\RunOnce: [Uninstall C:\Users\Kapustaman\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kapustaman\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1626598932-1590900815-3097174469-1001\...\RunOnce: [Uninstall C:\Users\Kapustaman\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kapustaman\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-18] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1955a765-bc71-451d-aa21-b9373da2c805}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ed18c73c-e5f2-4cab-aa1a-2b64e0f4ed85}: [DhcpNameServer] 192.168.6.1 64.134.255.2 64.134.255.10
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.toshiba.com?cid=J13
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-1626598932-1590900815-3097174469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://my.yahoo.com/
HKU\S-1-5-21-1626598932-1590900815-3097174469-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-1626598932-1590900815-3097174469-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {1CF9CF3A-900B-4865-AEB7-06F2E7A52E66} URL = 
SearchScopes: HKU\.DEFAULT -> {1CF9CF3A-900B-4865-AEB7-06F2E7A52E66} URL = 
SearchScopes: HKU\S-1-5-21-1626598932-1590900815-3097174469-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1626598932-1590900815-3097174469-1001 -> {1CF9CF3A-900B-4865-AEB7-06F2E7A52E66} URL = 
SearchScopes: HKU\S-1-5-21-1626598932-1590900815-3097174469-1001 -> {D07EBD7D-4714-49B0-BC86-6E5A8569445A} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1626598932-1590900815-3097174469-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1626598932-1590900815-3097174469-1001 -> hxxp://myyahoo.com/
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-18]
 
Chrome: 
=======
CHR Profile: C:\Users\Kapustaman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kapustaman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-07]
CHR Extension: (Google Docs) - C:\Users\Kapustaman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-07]
CHR Extension: (Google Drive) - C:\Users\Kapustaman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-07]
CHR Extension: (YouTube) - C:\Users\Kapustaman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-07]
CHR Extension: (Google Sheets) - C:\Users\Kapustaman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-07]
CHR Extension: (Avast Online Security) - C:\Users\Kapustaman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kapustaman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-07]
CHR Extension: (Gmail) - C:\Users\Kapustaman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-07]
CHR HKU\S-1-5-21-1626598932-1590900815-3097174469-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-18] (AVAST Software)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-11-06] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330144 2015-09-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-18] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-18] (AVAST Software)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-24] (Malwarebytes)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-19 20:22 - 2016-06-19 20:22 - 00000000 ____D C:\Users\Kapustaman\Downloads\FRST-OlderVersion
2016-06-19 20:18 - 2016-06-19 20:18 - 00000000 ___HD C:\OneDriveTemp
2016-06-18 21:27 - 2016-06-18 21:27 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-06-18 21:26 - 2016-06-18 21:26 - 00000000 ____D C:\Users\Kapustaman\Tracing
2016-06-18 21:25 - 2016-06-18 21:24 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-06-18 21:24 - 2016-06-18 21:24 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-06-07 12:58 - 2016-06-07 13:49 - 00000000 ____D C:\Users\Kapustaman\AppData\Roaming\Blackboard
2016-06-07 12:58 - 2016-06-07 12:58 - 00009743 _____ C:\Users\Kapustaman\Downloads\meeting (1).collab
2016-06-07 12:58 - 2016-06-07 12:58 - 00001781 _____ C:\Users\Kapustaman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackboard Collaborate Launcher.lnk
2016-06-07 12:58 - 2016-06-07 12:58 - 00000000 ____D C:\Users\Kapustaman\AppData\Local\Blackboard
2016-06-07 12:55 - 2016-06-07 12:56 - 44587008 _____ C:\Users\Kapustaman\Downloads\BlackboardCollaborateLauncher-Win.msi
2016-06-07 12:55 - 2016-06-07 12:55 - 00009743 _____ C:\Users\Kapustaman\Downloads\meeting.collab
2016-06-07 12:52 - 2016-06-07 12:52 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-07 12:52 - 2016-06-07 12:52 - 00002347 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-07 12:49 - 2016-06-07 12:51 - 00987728 _____ (Google Inc.) C:\Users\Kapustaman\Downloads\ChromeSetup.exe
2016-06-03 19:15 - 2016-06-03 19:15 - 00000006 _____ C:\Users\Kapustaman\Downloads\pixel (4).js
2016-06-03 19:14 - 2016-06-03 19:14 - 00000006 _____ C:\Users\Kapustaman\Downloads\pixel (3).js
2016-06-03 19:13 - 2016-06-03 19:13 - 00000006 _____ C:\Users\Kapustaman\Downloads\pixel (2).js
2016-06-03 19:12 - 2016-06-03 19:12 - 00000006 _____ C:\Users\Kapustaman\Downloads\pixel.js
2016-06-03 19:12 - 2016-06-03 19:12 - 00000006 _____ C:\Users\Kapustaman\Downloads\pixel (1).js
2016-06-02 06:52 - 2016-06-02 06:53 - 00000000 ____D C:\Users\Kapustaman\Documents\DONNA DIANA OVERUTRE
2016-06-01 19:48 - 2016-06-01 19:48 - 00072972 _____ C:\Users\Kapustaman\Downloads\Invoice _77464 - Freezer Circuit.pdf
2016-05-31 08:55 - 2016-05-31 08:55 - 00048392 _____ C:\Users\Kapustaman\Downloads\919 5-28-16.pdf
2016-05-31 08:55 - 2016-05-31 08:55 - 00031193 _____ C:\Users\Kapustaman\Downloads\919 5-28-16 (1).pdf
2016-05-27 18:56 - 2016-05-27 18:56 - 00270017 _____ C:\Users\Kapustaman\Downloads\[email protected]_20160527_124010.pdf
2016-05-27 18:54 - 2016-05-27 18:57 - 00035553 _____ C:\Users\Kapustaman\Downloads\Addition.txt
2016-05-27 18:50 - 2016-06-19 20:26 - 00016068 _____ C:\Users\Kapustaman\Downloads\FRST.txt
2016-05-27 18:49 - 2016-06-19 20:26 - 00000000 ____D C:\FRST
2016-05-27 18:48 - 2016-05-27 18:50 - 00001082 _____ C:\Users\Kapustaman\Desktop\FRST64 - Shortcut.lnk
2016-05-27 18:48 - 2016-05-27 18:48 - 00001102 _____ C:\Users\Kapustaman\Desktop\FRST (1) - Shortcut.lnk
2016-05-27 18:48 - 2016-05-27 18:48 - 00001062 _____ C:\Users\Kapustaman\Desktop\FRST - Shortcut.lnk
2016-05-27 18:47 - 2016-06-19 20:22 - 02387456 _____ (Farbar) C:\Users\Kapustaman\Downloads\FRST64.exe
2016-05-26 19:04 - 2016-05-26 19:04 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-05-26 19:04 - 2016-05-26 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-26 19:02 - 2016-05-26 19:04 - 00000000 ____D C:\Program Files\iTunes
2016-05-26 19:02 - 2016-05-26 19:02 - 00000000 ____D C:\Program Files\iPod
2016-05-26 19:02 - 2016-05-26 19:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-24 14:55 - 2016-05-24 14:56 - 22851472 _____ (Malwarebytes ) C:\Users\Kapustaman\Downloads\mbam-setup-2.2.1.1043 (2).exe
2016-05-23 19:16 - 2016-05-23 19:16 - 00160363 _____ C:\Users\Kapustaman\Downloads\2016-05-23 163705.pdf
2016-05-23 19:16 - 2016-05-23 19:16 - 00160363 _____ C:\Users\Kapustaman\Downloads\2016-05-23 163705 (1).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-19 20:26 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-19 20:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-19 20:23 - 2014-05-11 19:51 - 00000000 ____D C:\Users\Kapustaman\AppData\Local\PokerStars.NET
2016-06-19 20:19 - 2016-03-07 20:29 - 00000000 ___RD C:\Users\Kapustaman\Google Drive
2016-06-19 20:18 - 2014-05-16 20:24 - 00000000 __RDO C:\Users\Kapustaman\OneDrive
2016-06-19 20:17 - 2016-04-10 07:43 - 00000000 __SHD C:\Users\Kapustaman\IntelGraphicsProfiles
2016-06-19 05:37 - 2016-04-09 23:38 - 00000000 ____D C:\Users\Kapustaman
2016-06-19 05:31 - 2016-04-10 00:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-19 04:22 - 2016-03-23 04:50 - 00004012 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458726606
2016-06-19 04:22 - 2016-03-23 04:50 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-19 00:56 - 2016-03-07 20:25 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-19 00:55 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-18 21:30 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 21:26 - 2014-09-14 18:24 - 00000000 ____D C:\Users\Kapustaman\AppData\Roaming\Skype
2016-06-18 21:26 - 2014-05-04 17:38 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-06-18 21:25 - 2016-05-15 20:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-18 21:25 - 2014-09-14 18:24 - 00000000 ____D C:\ProgramData\Skype
2016-06-18 21:24 - 2014-05-04 17:35 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-06-18 21:24 - 2014-05-04 17:35 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-06-18 21:24 - 2014-05-04 17:35 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-06-18 21:24 - 2014-05-04 17:35 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-06-18 21:24 - 2014-05-04 17:35 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-06-18 21:24 - 2014-05-04 17:35 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-06-18 21:24 - 2014-05-04 17:35 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-06-18 21:23 - 2016-03-23 04:49 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-06-18 21:23 - 2014-05-04 17:35 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-06-08 07:00 - 2015-10-31 19:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-07 21:08 - 2016-05-10 16:43 - 00000000 ____D C:\Users\Kapustaman\Documents\Lamentation and Apotheosis
2016-06-07 13:45 - 2014-05-04 15:22 - 00000000 ____D C:\Users\Kapustaman\AppData\Local\Google
2016-06-07 13:38 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-07 12:52 - 2014-03-05 07:01 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-02 21:33 - 2016-04-10 02:16 - 00000000 ____D C:\Windows.old
2016-06-02 16:42 - 2014-05-11 19:18 - 00000000 ____D C:\Users\Kapustaman\Documents\CONCERTO GROSSO OPUS 11, NO.3 VIVALDI
2016-06-02 06:50 - 2014-05-23 19:34 - 00000000 ____D C:\Users\Kapustaman\Documents\Dona Nobis Pacem
2016-06-01 04:43 - 2016-03-07 20:26 - 00002126 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-06-01 04:43 - 2016-03-07 20:26 - 00002124 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-06-01 04:43 - 2016-03-07 20:26 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-06-01 04:43 - 2016-03-07 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-30 21:51 - 2014-05-22 06:45 - 00000000 ____D C:\Users\Kapustaman\Documents\Ham and Cheese Polka (Orchestrated)
2016-05-27 18:44 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-26 19:02 - 2015-07-31 10:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-25 18:35 - 2014-05-11 19:51 - 00000000 ____D C:\Program Files (x86)\PokerStars.NET
2016-05-24 16:00 - 2016-05-17 14:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-23 19:15 - 2016-04-10 09:53 - 00002435 _____ C:\Users\Kapustaman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-21 22:11 - 2014-05-11 19:19 - 00000000 ____D C:\Users\Kapustaman\Documents\Fanrasia and Fugue on the Name of BACH
 
==================== Files in the root of some directories =======
 
2016-04-09 23:31 - 2016-04-09 23:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-26 20:40
 
==================== End of FRST.txt ============================

Attached Files


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:

Hello, sorry for the delay in getting to your topic, we do get quite busy around here sometimes.

I'm not seeing much in the logs, but let's remove what I do see and run some further scans.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.


Step 1: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\Kapustaman\Downloads to the Desktop or the fix will not work. All tools must be run from the Desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {1CF9CF3A-900B-4865-AEB7-06F2E7A52E66} URL =
SearchScopes: HKU\.DEFAULT -> {1CF9CF3A-900B-4865-AEB7-06F2E7A52E66} URL =
SearchScopes: HKU\S-1-5-21-1626598932-1590900815-3097174469-1001 -> {1CF9CF3A-900B-4865-AEB7-06F2E7A52E66} URL =
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1626598932-1590900815-3097174469-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Task: {1FEDAE8F-3A91-4318-8921-D13F04804CA2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2680F25A-21C1-4D4F-B652-EF3D895F5991} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {29A92B7B-B39A-4F2A-A997-C11939D17B01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {30023B39-12B4-4FB1-B025-B7E66EC0FDBD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {329266A6-13FC-4B13-85DC-9DBB2F923A12} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3302B10F-03B4-496C-ABCC-4CC227D04EB2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {54E76B62-2F3D-412D-B111-ABBFA0F32EF0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5D4D215E-9981-42CE-8BBA-C272FA81A8BE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7DC15678-4A86-4101-A0F5-E009DCBB9592} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CE74B84C-C36E-4A30-99C4-32AA489942D0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E12D2752-0C67-432F-B59C-0375803D7485} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F0053D78-1DFA-4D6B-B823-0204F0BA884D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F3F4E2B6-12A2-4A51-9E79-87C113329A3A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 4: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0

#3
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

Here are the logs.

 

Thanks!

 

 

Attached Files


  • 0

#4
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

I think I screwed this up-I am resending files.

Attached Files


  • 0

#5
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

Trying this again-sorry.

Attached Files


  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

No worries, the logs are looking good. :thumbsup: Let's scan for remnants and orphans. How is the machine running?

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the program and select Update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.




Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: Security Analysis

Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#7
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

Here are the logs, I thought I saw you were missing the Addition Log, so I have attached that also.  The Rocket Granny program froze up, and now all I have there is a blank screen and I can't seem to get out of it.

 

Thanks!

 

Conrad

Attached Files


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Here are the logs, I thought I saw you were missing the Addition Log, so I have attached that also.  The Rocket Granny program froze up, and now all I have there is a blank screen and I can't seem to get out of it.
 
Thanks!
 
Conrad


Hello :)

No worries on the Security Check program. The log shows everything looks good in that area, so you can use Task Master if necessary to terminate the program? How is the machine performing? Let me know, and we'll have some cleanup procedures to go through. :thumbsup:
  • 0

#9
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

Seems to be running much better.

 

Thanks!

 

C


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Seems to be running much better.
 
Thanks!
 
C


Excellent! :) Let's remove my tools and create a new clean restore point on the machine. I've also included optional instructions for a program called Unchecky that will automatically uncheck any boxes when installing a new program. This will help prevent adware from being installed without your consent.


Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
  • You can uninstall ESET Online Scanner at this time.
  • I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.
Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

I also recommend reading Miekiemoes Protection Tips


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.
  • Click here to be taken to Unchecky.com
  • Click the very large Download button.
  • Click Save
  • Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
  • Once open, click the Install button.
unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:

Things I need to see in your next post

Delfix Log

  • 0

#11
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts

Here is the log.

 

Thanks!

 

C

 

Where do I find the ESET program to uninstall?

Attached Files


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hello :)

You can find the ESET program in the list of installed programs on your machine.

 

To do this, go to Start > All apps and find the app or program you want to uninstall. Right-click on the app or program and click Uninstall from the drop-down menu that appears.

 

Please let me know if it uinstalled properly. :thumbsup:

 

 


  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP