Jump to content

Cant get rid of syswow64 on windows 7 toshiba laptop


mikekash
 Share

Recommended Posts

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Thanks,

 

Kevin

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

  • Download Norton Power Eraser from here: https://security.symantec.com/nbrt/npe.aspx? and save direct to your Desktop.
     
  • Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1 right click, select "Run as Administrator" accept UAC.
     
     
    NPE1.png
     
     
  • The EULA will open, accept that to move on...
     
     
    NPE2.png
     
     
  • The tool will check for updates/latest version
     
     
    NPE3.png
     
     
  • The GUI will open, select "Scan for Risks"
     
     
    NPE4.png
     
     
  • Rootkit scan alert will open, select "Restart"
     
     
    NPE5.png
     
     
  • Rootkit scan preparations will time out and Reboot the system.
     
     
    NPE6.png
     
     
  • Tool will will restart and check for update, do nothing.
     
     
    NPE7.png
     
     
  • System scan will start, do nothing.
     
     
    NPE8.png
     
     
  • If infections are found a list will be produced, make sure to checkmark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool.
     
     
    NPE9.png
     
     
  • To remove "found entries" the system will need to restart, select that option.
     
     
    NPE10.png
     
     
  • If applicable select "Locate Log" attach to reply. Select "Done" when complete....

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

 

 

 

Fixlist.txt

Link to post
Share on other sites

here is the application log...im am currently working on other steps  

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/16/2014
Scan Time: 8:23:19 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.16.05
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371946
Time Elapsed: 22 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

ADW cleaner log

 

# AdwCleaner v4.105 - Report created 16/12/2014 at 20:54:22
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Michael - MIKES-LAPTOP
# Running from : C:\Users\Michael\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\Michael\AppData\LocalLow\HPAppData
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\ORBTR
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [11426 octets] - [09/11/2014 12:39:33]
AdwCleaner[R1].txt - [2486 octets] - [16/12/2014 20:50:43]
AdwCleaner[s0].txt - [10710 octets] - [09/11/2014 12:47:30]
AdwCleaner[s1].txt - [2425 octets] - [16/12/2014 20:54:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2485 octets] ##########
Link to post
Share on other sites

Junkware log, and I also  attached Norton log, system seems to be working alot better, let me know if there is anything else I need to do.  

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Michael on Tue 12/16/2014 at 21:10:32.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Michael\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Michael\appdata\local\pro_pc_cleaner"
Successfully deleted: [Folder] "C:\Users\Michael\documents\propccleaner"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/16/2014 at 21:17:45.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Info20141216214046.xml

Link to post
Share on other sites

Sorry about that...forgot to post it.  System is running much better...i still have problems shutting down or rebooting but I added a monitor recently and think it may be driver issues...although my bitdefender has not been giving me the syswow errors anymore, that's a huge releif! 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01

Ran by Michael at 2014-12-15 21:47:47 Run:1
Running from C:\Users\Michael\Desktop
Loaded Profile: Michael (Available profiles: Michael & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\...\MountPoints2: {0daba574-50b2-11e3-9d84-00266c1702e2} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\Users\Michael\Opera_1100_en_Setup.exe
C:\Users\Michael\swissknife.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnpahoi.dll
CustomCLSID: HKU\S-1-5-21-2694382076-4287016745-4230404944-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
Task: {297A4407-C031-40CF-8213-C6B7A9A7C516} - \bench-S-1-5-21-2694382076-4287016745-4230404944-1001 No Task File <==== ATTENTION
Task: {4ADD3AA8-53BD-4988-BC6F-E61490EA8A87} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {5F0982D2-DFD3-453C-B54D-FDC3EA5D6044} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
C:\Program Files (x86)\Pro PC Cleaner
Task: {A8264B7F-C98B-44DB-899C-979F5DB0C144} - \Microsoft\Windows\Maintenance\IC Update Procedure No Task File <==== ATTENTION
Task: {CEEDA3AB-9323-49FF-933F-622EFA9B0ED9} - \IC Runner Procedure No Task File <==== ATTENTION
AlternateDataStreams: C:\windows\SysWOW64\GPhotos.scr:AGC
AlternateDataStreams: C:\Users\Michael\Desktop\FRST64 (1).exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\DUCSetup_v4_1_0.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\mbam-setup-2.0.4.1028.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\mbar-1.08.2.1001.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\Setup.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\Unconfirmed 704474.crdownload:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\WebComponents.exe:BDU
Hosts:
EmptyTemp:
end
 
 
 
*****************
 
"HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0daba574-50b2-11e3-9d84-00266c1702e2}" => Key deleted successfully.
"HKCR\CLSID\{0daba574-50b2-11e3-9d84-00266c1702e2}" => Key not found.
"HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\Michael\Opera_1100_en_Setup.exe => Moved successfully.
C:\Users\Michael\swissknife.exe => Moved successfully.
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnpahoi.dll => Moved successfully.
"HKU\S-1-5-21-2694382076-4287016745-4230404944-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{297A4407-C031-40CF-8213-C6B7A9A7C516}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{297A4407-C031-40CF-8213-C6B7A9A7C516}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-2694382076-4287016745-4230404944-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4ADD3AA8-53BD-4988-BC6F-E61490EA8A87}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ADD3AA8-53BD-4988-BC6F-E61490EA8A87}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F0982D2-DFD3-453C-B54D-FDC3EA5D6044}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F0982D2-DFD3-453C-B54D-FDC3EA5D6044}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.
"C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8264B7F-C98B-44DB-899C-979F5DB0C144}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8264B7F-C98B-44DB-899C-979F5DB0C144}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\IC Update Procedure" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEEDA3AB-9323-49FF-933F-622EFA9B0ED9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEEDA3AB-9323-49FF-933F-622EFA9B0ED9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IC Runner Procedure" => Key deleted successfully.
C:\windows\SysWOW64\GPhotos.scr => ":AGC" ADS removed successfully.
C:\Users\Michael\Desktop\FRST64 (1).exe => ":BDU" ADS removed successfully.
C:\Users\Michael\Downloads\DropboxInstaller.exe => ":BDU" ADS removed successfully.
C:\Users\Michael\Downloads\DUCSetup_v4_1_0.exe => ":BDU" ADS removed successfully.
C:\Users\Michael\Downloads\FRST64.exe => ":BDU" ADS removed successfully.
C:\Users\Michael\Downloads\mbam-setup-2.0.4.1028.exe => ":BDU" ADS removed successfully.
C:\Users\Michael\Downloads\mbar-1.08.2.1001.exe => ":BDU" ADS removed successfully.
C:\Users\Michael\Downloads\Setup.exe => ":BDU" ADS removed successfully.
C:\Users\Michael\Downloads\Unconfirmed 704474.crdownload => ":BDU" ADS removed successfully.
C:\Users\Michael\Downloads\WebComponents.exe => ":BDU" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 323.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites

Thanks for thos logs, continue you as follows:

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Next,

 

If no remaining issues or concerns run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Thanks,

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.