Jump to content

mikekash

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanx for the help, I was messing around with my shut-down issue and got backtracked. I think my mailware issue has been resolved once again, thank you for the help, you can close out.
  2. Sorry about that...forgot to post it. System is running much better...i still have problems shutting down or rebooting but I added a monitor recently and think it may be driver issues...although my bitdefender has not been giving me the syswow errors anymore, that's a huge releif! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01 Ran by Michael at 2014-12-15 21:47:47 Run:1Running from C:\Users\Michael\DesktopLoaded Profile: Michael (Available profiles: Michael & Guest)Boot Mode: Normal============================================== Content of fixlist:*****************startHKU\S-1-5-21-2694382076-4287016745-4230404944-1001\...\MountPoints2: {0daba574-50b2-11e3-9d84-00266c1702e2} - E:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-2694382076-4287016745-4230404944-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONC:\Users\Michael\Opera_1100_en_Setup.exeC:\Users\Michael\swissknife.exeC:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnpahoi.dllCustomCLSID: HKU\S-1-5-21-2694382076-4287016745-4230404944-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?Task: {297A4407-C031-40CF-8213-C6B7A9A7C516} - \bench-S-1-5-21-2694382076-4287016745-4230404944-1001 No Task File <==== ATTENTIONTask: {4ADD3AA8-53BD-4988-BC6F-E61490EA8A87} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exeTask: {5F0982D2-DFD3-453C-B54D-FDC3EA5D6044} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exeC:\Program Files (x86)\Pro PC CleanerTask: {A8264B7F-C98B-44DB-899C-979F5DB0C144} - \Microsoft\Windows\Maintenance\IC Update Procedure No Task File <==== ATTENTIONTask: {CEEDA3AB-9323-49FF-933F-622EFA9B0ED9} - \IC Runner Procedure No Task File <==== ATTENTIONAlternateDataStreams: C:\windows\SysWOW64\GPhotos.scr:AGCAlternateDataStreams: C:\Users\Michael\Desktop\FRST64 (1).exe:BDUAlternateDataStreams: C:\Users\Michael\Downloads\DropboxInstaller.exe:BDUAlternateDataStreams: C:\Users\Michael\Downloads\DUCSetup_v4_1_0.exe:BDUAlternateDataStreams: C:\Users\Michael\Downloads\FRST64.exe:BDUAlternateDataStreams: C:\Users\Michael\Downloads\mbam-setup-2.0.4.1028.exe:BDUAlternateDataStreams: C:\Users\Michael\Downloads\mbar-1.08.2.1001.exe:BDUAlternateDataStreams: C:\Users\Michael\Downloads\Setup.exe:BDUAlternateDataStreams: C:\Users\Michael\Downloads\Unconfirmed 704474.crdownload:BDUAlternateDataStreams: C:\Users\Michael\Downloads\WebComponents.exe:BDUHosts:EmptyTemp:end ***************** "HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0daba574-50b2-11e3-9d84-00266c1702e2}" => Key deleted successfully."HKCR\CLSID\{0daba574-50b2-11e3-9d84-00266c1702e2}" => Key not found."HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully."HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.C:\windows\system32\GroupPolicy\Machine => Moved successfully.C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.C:\Users\Michael\Opera_1100_en_Setup.exe => Moved successfully.C:\Users\Michael\swissknife.exe => Moved successfully.C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnpahoi.dll => Moved successfully."HKU\S-1-5-21-2694382076-4287016745-4230404944-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{297A4407-C031-40CF-8213-C6B7A9A7C516}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{297A4407-C031-40CF-8213-C6B7A9A7C516}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-2694382076-4287016745-4230404944-1001" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4ADD3AA8-53BD-4988-BC6F-E61490EA8A87}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ADD3AA8-53BD-4988-BC6F-E61490EA8A87}" => Key deleted successfully.C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F0982D2-DFD3-453C-B54D-FDC3EA5D6044}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F0982D2-DFD3-453C-B54D-FDC3EA5D6044}" => Key deleted successfully.C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully."C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8264B7F-C98B-44DB-899C-979F5DB0C144}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8264B7F-C98B-44DB-899C-979F5DB0C144}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\IC Update Procedure" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEEDA3AB-9323-49FF-933F-622EFA9B0ED9}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEEDA3AB-9323-49FF-933F-622EFA9B0ED9}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IC Runner Procedure" => Key deleted successfully.C:\windows\SysWOW64\GPhotos.scr => ":AGC" ADS removed successfully.C:\Users\Michael\Desktop\FRST64 (1).exe => ":BDU" ADS removed successfully.C:\Users\Michael\Downloads\DropboxInstaller.exe => ":BDU" ADS removed successfully.C:\Users\Michael\Downloads\DUCSetup_v4_1_0.exe => ":BDU" ADS removed successfully.C:\Users\Michael\Downloads\FRST64.exe => ":BDU" ADS removed successfully.C:\Users\Michael\Downloads\mbam-setup-2.0.4.1028.exe => ":BDU" ADS removed successfully.C:\Users\Michael\Downloads\mbar-1.08.2.1001.exe => ":BDU" ADS removed successfully.C:\Users\Michael\Downloads\Setup.exe => ":BDU" ADS removed successfully.C:\Users\Michael\Downloads\Unconfirmed 704474.crdownload => ":BDU" ADS removed successfully.C:\Users\Michael\Downloads\WebComponents.exe => ":BDU" ADS removed successfully.C:\Windows\System32\Drivers\etc\hosts => Moved successfully.Hosts was reset successfully.EmptyTemp: => Removed 323.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  3. Junkware log, and I also attached Norton log, system seems to be working alot better, let me know if there is anything else I need to do. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.0 (11.29.2014:1)OS: Windows 7 Home Premium x64Ran by Michael on Tue 12/16/2014 at 21:10:32.00~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Michael\appdata\local\cre"Successfully deleted: [Folder] "C:\Users\Michael\appdata\local\pro_pc_cleaner"Successfully deleted: [Folder] "C:\Users\Michael\documents\propccleaner" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 12/16/2014 at 21:17:45.69End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Info20141216214046.xml
  4. ADW cleaner log # AdwCleaner v4.105 - Report created 16/12/2014 at 20:54:22# Updated 08/12/2014 by Xplode# Database : 2014-12-16.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Michael - MIKES-LAPTOP# Running from : C:\Users\Michael\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\predmFolder Deleted : C:\Users\Michael\AppData\LocalLow\HPAppData ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}Key Deleted : HKLM\SOFTWARE\TutorialsKey Deleted : HKLM\SOFTWARE\ORBTR ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Google Chrome v39.0.2171.95 [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [11426 octets] - [09/11/2014 12:39:33]AdwCleaner[R1].txt - [2486 octets] - [16/12/2014 20:50:43]AdwCleaner[s0].txt - [10710 octets] - [09/11/2014 12:47:30]AdwCleaner[s1].txt - [2425 octets] - [16/12/2014 20:54:22] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2485 octets] ##########
  5. here is the application log...im am currently working on other steps Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 12/16/2014Scan Time: 8:23:19 PMLogfile: Administrator: Yes Version: 2.00.4.1028Malware Database: v2014.12.16.05Rootkit Database: v2014.12.14.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Michael Scan Type: Threat ScanResult: CompletedObjects Scanned: 371946Time Elapsed: 22 min, 11 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  6. Thanx for the reply. I tried to paste first.txt but received an error that it was too long, so I attached both Addition.txt FRST.txt
  7. Been running bitdefender, also tried ccleaner, along with malwarebytes...but I still get messages from bitdefender that it is blocking syswow64. Any ideas or suggestions would be appreciated?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.