Jump to content

not responding win 7

darkgohan
 Share

Recommended Posts

Maniac

Maniac

Posted
Posted

Hello darkgohan and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites
darkgohan

darkgohan

Posted
  • Author
Posted

Thank you,hope I have this right. Before I go any further I have found that if I uncheck in settings area :Scan additional items against Heuristics" that Malwarebytes has no problem completeing the scan.Checked the scan stops responding when this part of the scan is engaged??

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.17.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

User :: INT2C [administrator]

3/17/2013 7:22:00 AM

mbam-log-2013-03-17 (07-22-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Heuristics/Extra | P2P

Objects scanned: 28596

Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470

Run by User at 10:39:02 on 2013-03-17

.

============== Running Processes ================

.

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\User\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mStart Page = about:blank

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\Google\googletoolbar.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files (x86)\Google\googletoolbar.dll

TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\googletoolbar.dll

uRun: [ROC_ROC_JAN2013_AV] C:\Users\User\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe /PROMPT --mid c38f04c2785f47d0bba2d15e779fb497-9fd5f2798094145225fda42bbc1b7c8abd34c791

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: DisableStartupSound = dword:1

IE: &Google Search - C:\Program Files (x86)\Google\googletoolbar.dll/cmsearch.html

IE: Backward &Links - C:\Program Files (x86)\Google\googletoolbar.dll/cmbacklinks.html

IE: Cac&hed Snapshot of Page - C:\Program Files (x86)\Google\googletoolbar.dll/cmcache.html

IE: Si&milar Pages - C:\Program Files (x86)\Google\googletoolbar.dll/cmsimilar.html

IE: Translate into English - C:\Program Files (x86)\Google\googletoolbar.dll/cmtrans.html

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

TCP: NameServer = 75.153.176.9 75.153.176.1

TCP: Interfaces\{3F63B198-A645-4C94-89D4-BEF7794B691C} : DHCPNameServer = 75.153.176.9 75.153.176.1

TCP: Interfaces\{63D2500B-1A5D-4D70-860B-E5CD46B45638} : DHCPNameServer = 75.153.176.9 75.153.176.1

SSODL: WebCheck - <orphaned>

x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - LocalServer32 - <no file>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - LocalServer32 - <no file>

x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - LocalServer32 - <no file>

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - LocalServer32 - <no file>

x64-Notify: klogon - C:\Windows\System32\klogon.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\i80z0cl7.default\

FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/eng/

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\i80z0cl7.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - ExtSQL: 2013-02-13 20:06; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\i80z0cl7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

.

============= SERVICES / DRIVERS ===============

.

R? ATE_PROCMON;ATE_PROCMON

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? PSI;PSI

R? RdpVideoMiniport;Remote Desktop Video Miniport Driver

R? Revoflt;Revoflt

R? RTL8167;Realtek 8167 NT Driver

R? TsUsbFlt;TsUsbFlt

R? WatAdminSvc;Windows Activation Technologies Service

S? !SASCORE;SAS Core Service

S? AMD External Events Utility;AMD External Events Utility

S? AVGIDSAgent;AVGIDSAgent

S? AVGIDSDriver;AVGIDSDriver

S? AVGIDSHA;AVGIDSHA

S? Avgldx64;AVG AVI Loader Driver

S? Avgloga;AVG Logging Driver

S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield

S? Avgrkx64;AVG Anti-Rootkit Driver

S? Avgtdia;AVG TDI Driver

S? avgwd;AVG WatchDog

S? eamonm;eamonm

S? epfwwfpr;epfwwfpr

S? kl2;kl2

S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter

S? klmouflt;Kaspersky Lab KLMOUFLT

S? MBAMProtector;MBAMProtector

S? MBAMScheduler;MBAMScheduler

S? MBAMService;MBAMService

S? SASDIFSV;SASDIFSV

S? SASKUTIL;SASKUTIL

S? TuneUp.UtilitiesSvc;TuneUp Utilities Service

S? TuneUpUtilitiesDrv;TuneUpUtilitiesDrv

S? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller

.

=============== Created Last 30 ================

.

2013-03-17 17:01:15 -------- d-----w- C:\Windows\ERUNT

2013-03-17 17:01:05 -------- d-----w- C:\JRT

2013-03-16 23:56:00 -------- d-----w- C:\Users\User\AppData\Roaming\Runscanner.net

2013-03-16 23:13:12 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-16 23:13:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-16 18:46:02 -------- d-----w- C:\Windows\System32\catroot2

2013-03-16 18:40:35 -------- d-----w- C:\Windows\SysWow64\wbem\Performance

2013-03-16 18:32:29 -------- d-----w- C:\RegBackup

2013-03-16 17:33:22 -------- d-----w- C:\Program Files (x86)\Tweaking.com

2013-03-16 17:21:01 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2013-03-16 17:13:54 -------- d-----w- C:\ProgramData\HitmanPro

2013-03-16 16:39:15 -------- d-----w- C:\TDSSKiller_Quarantine

2013-03-16 02:14:16 -------- d-----w- C:\ProgramData\XoftSpySE

2013-03-16 01:52:29 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes

2013-03-16 01:52:21 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-27 03:46:16 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-02-21 18:16:27 -------- d-----w- C:\Users\User\dwhelper

2013-02-21 18:05:57 -------- d-----w- C:\Program Files (x86)\ConvertHelper

2013-02-21 04:33:36 -------- d-----w- C:\Program Files (x86)\Portable

2013-02-18 19:46:20 -------- d-----w- C:\ProgramData\SUPERSetup

2013-02-18 19:36:27 -------- d-----w- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com

2013-02-18 19:36:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-02-18 19:36:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-02-17 22:50:11 -------- d-sh--w- C:\$RECYCLE.BIN

2013-02-17 22:02:38 208896 ----a-w- C:\Windows\MBR.exe

2013-02-17 22:02:37 98816 ----a-w- C:\Windows\sed.exe

2013-02-17 22:02:37 256000 ----a-w- C:\Windows\PEV.exe

.

==================== Find3M ====================

.

2013-03-13 04:51:45 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 04:51:45 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

============= FINISH: 10:39:53.41 ===============

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.7.2 (03.15.2013:1)

OS: Windows 7 Home Premium x64

Ran by User on Sun 03/17/2013 at 10:01:20.41

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1333527355-3119002286-728865581-1000\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1333527355-3119002286-728865581-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\datamngr_toolbar

Successfully deleted: [Registry Key] hkey_current_user\software\ilivid

Successfully deleted: [Registry Key] hkey_current_user\software\softonic

Successfully deleted: [Registry Key] hkey_current_user\software\systweak

Successfully deleted: [Registry Key] hkey_local_machine\software\systweak

Successfully deleted: [Registry Key] hkey_current_user\software\torch

Successfully deleted: [Registry Key] hkey_local_machine\software\torch

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividmediabar_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividmediabar_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividsetup_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividsetup_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\ilividsrtb

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\systweak"

Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\goforfiles"

Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\systweak"

Successfully deleted: [Folder] "C:\Users\User\appdata\local\torch"

Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\datamngr"

Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"

Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\i80z0cl7.default\user.js

Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\i80z0cl7.default\searchplugins\search_results.xml

Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\i80z0cl7.default\prefs.js

user_pref("browser.search.defaultengine", "Search-Results");

user_pref("browser.search.defaultenginename", "Search Results");

user_pref("browser.search.order.1", "Search Results");

user_pref("browser.search.selectedEngine", "Search Results");

user_pref("extensions.asktb.cbid", "2R");

user_pref("extensions.asktb.crumb", "2011.07.16+21.26.06-toolbar003iad-CA-VmljdG9yaWEsQ2FuYWRh");

user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.search-results.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");

user_pref("extensions.asktb.dtid", "get001YYCA");

user_pref("extensions.asktb.first-launch-url", "hxxp://www.boards2go.com/boards/board.cgi?&user=streamsurferz");

user_pref("extensions.asktb.fresh-install", false);

user_pref("extensions.asktb.l", "dis");

user_pref("extensions.asktb.last-config-req", "1313464945353");

user_pref("extensions.asktb.locale", "en_US");

user_pref("extensions.asktb.o", "16705");

user_pref("extensions.asktb.options-lang", "en");

user_pref("extensions.asktb.options-locale", "ZZ");

user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

user_pref("extensions.asktb.qsrc", "2871");

user_pref("extensions.asktb.r", "4");

user_pref("extensions.asktb.search-history-queries", "sprite||asics gel fortitude");

user_pref("extensions.asktb.search-suggestions-enabled", false);

user_pref("extensions.asktb.v", "3.9.1.100005");

user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3200405623244240&o=APN10645&q=");

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\i80z0cl7.default\minidumps [102 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 03/17/2013 at 10:17:00.68

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-03-17 10:37:27

-----------------------------

10:37:27.450 OS Version: Windows x64 6.1.7601 Service Pack 1

10:37:27.450 Number of processors: 2 586 0xF06

10:37:27.450 ComputerName: INT2C UserName: User

10:37:30.153 Initialize success

10:38:00.287 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

10:38:00.287 Disk 0 Vendor: WDC_WD2500JS-60NCB1 10.02E02 Size: 238475MB BusType: 3

10:38:00.302 Disk 0 MBR read successfully

10:38:00.302 Disk 0 MBR scan

10:38:00.302 Disk 0 Windows 7 default MBR code

10:38:00.302 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

10:38:00.318 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848

10:38:00.349 Disk 0 scanning C:\Windows\system32\drivers

10:38:07.068 Service scanning

10:38:20.037 Modules scanning

10:38:20.037 Disk 0 trace - called modules:

10:38:20.052 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys

10:38:20.068 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003424060]

10:38:20.068 3 CLASSPNP.SYS[fffff880020df43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8002ea4060]

10:38:20.084 Scan finished successfully

10:38:38.896 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"

10:38:38.896 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Link to post
Share on other sites
darkgohan

darkgohan

Posted
  • Author
Posted

Well I tried but either this is over my head or something is wrong in the instructions. There are too many instructions to be clear,could not find tools as directed but found exceptions,but no add list.Also it said add exception,with 3 choices file-folder or url.Got no idea whats up !!

Link to post
Share on other sites
darkgohan

darkgohan

Posted
  • Author
Posted

I appreciate your continued offer to help,but this stuff[the exclusion stuff] was just not in my level of expertise,could not get to where they wanted me to go. Instructions were very difficult to interpret. Not able to follow,so I deleted both MB and Avg. Not interested in stressing out over these,programs should be designed to compliment each other. MB used to work flawlessly,now it is not. Thank you

Link to post
Share on other sites
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.