Cant get rid of syswow64 on windows 7 toshiba laptop

[mikekash]

Been running bitdefender, also tried ccleaner, along with malwarebytes...but I still get messages from bitdefender that it is blocking syswow64.  Any ideas or suggestions would be appreciated? 

[kevinf80]

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• 
  

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Thanks,

 

Kevin

[mikekash]

Thanx for the reply.  I tried to paste first.txt but received an error that it was too long, so I attached both  

Addition.txt

FRST.txt

[kevinf80]

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• 
  

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• 
  

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

• Download Norton Power Eraser from here: https://security.symantec.com/nbrt/npe.aspx? and save direct to your Desktop.
   
  
• Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1 right click, select "Run as Administrator" accept UAC.
   
   
  
   
   
  
• The EULA will open, accept that to move on...
   
   
  
   
   
  
• The tool will check for updates/latest version
   
   
  
   
   
  
• The GUI will open, select "Scan for Risks"
   
   
  
   
   
  
• Rootkit scan alert will open, select "Restart"
   
   
  
   
   
  
• Rootkit scan preparations will time out and Reboot the system.
   
   
  
   
   
  
• Tool will will restart and check for update, do nothing.
   
   
  
   
   
  
• System scan will start, do nothing.
   
   
  
   
   
  
• If infections are found a list will be produced, make sure to checkmark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool.
   
   
  
   
   
  
• To remove "found entries" the system will need to restart, select that option.
   
   
  
   
   
  
• If applicable select "Locate Log" attach to reply. Select "Done" when complete....
  

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

 

 

 

Fixlist.txt

[mikekash]

here is the application log...im am currently working on other steps  

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 12/16/2014

Scan Time: 8:23:19 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2014.12.16.05

Rootkit Database: v2014.12.14.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Michael

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 371946

Time Elapsed: 22 min, 11 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[mikekash]

ADW cleaner log

 

# AdwCleaner v4.105 - Report created 16/12/2014 at 20:54:22

# Updated 08/12/2014 by Xplode

# Database : 2014-12-16.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Michael - MIKES-LAPTOP

# Running from : C:\Users\Michael\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files (x86)\predm

Folder Deleted : C:\Users\Michael\AppData\LocalLow\HPAppData

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Tutorials

Key Deleted : HKLM\SOFTWARE\ORBTR

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17420

 

 

-\\ Google Chrome v39.0.2171.95

 

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [11426 octets] - [09/11/2014 12:39:33]

AdwCleaner[R1].txt - [2486 octets] - [16/12/2014 20:50:43]

AdwCleaner[s0].txt - [10710 octets] - [09/11/2014 12:47:30]

AdwCleaner[s1].txt - [2425 octets] - [16/12/2014 20:54:22]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2485 octets] ##########

[mikekash]

Junkware log, and I also  attached Norton log, system seems to be working alot better, let me know if there is anything else I need to do.  

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Windows 7 Home Premium x64

Ran by Michael on Tue 12/16/2014 at 21:10:32.00

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Michael\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\Michael\appdata\local\pro_pc_cleaner"

Successfully deleted: [Folder] "C:\Users\Michael\documents\propccleaner"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 12/16/2014 at 21:17:45.69

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Info20141216214046.xml

[kevinf80]

I need to see the log from the first step of the instruction "Fixlog.txt" Also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin..

[mikekash]

Sorry about that...forgot to post it.  System is running much better...i still have problems shutting down or rebooting but I added a monitor recently and think it may be driver issues...although my bitdefender has not been giving me the syswow errors anymore, that's a huge releif! 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01

Ran by Michael at 2014-12-15 21:47:47 Run:1

Running from C:\Users\Michael\Desktop

Loaded Profile: Michael (Available profiles: Michael & Guest)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\...\MountPoints2: {0daba574-50b2-11e3-9d84-00266c1702e2} - E:\VZW_Software_upgrade_assistant.exe

HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

C:\Users\Michael\Opera_1100_en_Setup.exe

C:\Users\Michael\swissknife.exe

C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnpahoi.dll

CustomCLSID: HKU\S-1-5-21-2694382076-4287016745-4230404944-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

Task: {297A4407-C031-40CF-8213-C6B7A9A7C516} - \bench-S-1-5-21-2694382076-4287016745-4230404944-1001 No Task File <==== ATTENTION

Task: {4ADD3AA8-53BD-4988-BC6F-E61490EA8A87} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe

Task: {5F0982D2-DFD3-453C-B54D-FDC3EA5D6044} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe

C:\Program Files (x86)\Pro PC Cleaner

Task: {A8264B7F-C98B-44DB-899C-979F5DB0C144} - \Microsoft\Windows\Maintenance\IC Update Procedure No Task File <==== ATTENTION

Task: {CEEDA3AB-9323-49FF-933F-622EFA9B0ED9} - \IC Runner Procedure No Task File <==== ATTENTION

AlternateDataStreams: C:\windows\SysWOW64\GPhotos.scr:AGC

AlternateDataStreams: C:\Users\Michael\Desktop\FRST64 (1).exe:BDU

AlternateDataStreams: C:\Users\Michael\Downloads\DropboxInstaller.exe:BDU

AlternateDataStreams: C:\Users\Michael\Downloads\DUCSetup_v4_1_0.exe:BDU

AlternateDataStreams: C:\Users\Michael\Downloads\FRST64.exe:BDU

AlternateDataStreams: C:\Users\Michael\Downloads\mbam-setup-2.0.4.1028.exe:BDU

AlternateDataStreams: C:\Users\Michael\Downloads\mbar-1.08.2.1001.exe:BDU

AlternateDataStreams: C:\Users\Michael\Downloads\Setup.exe:BDU

AlternateDataStreams: C:\Users\Michael\Downloads\Unconfirmed 704474.crdownload:BDU

AlternateDataStreams: C:\Users\Michael\Downloads\WebComponents.exe:BDU

Hosts:

EmptyTemp:

end

 

 

 

*****************

 

"HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0daba574-50b2-11e3-9d84-00266c1702e2}" => Key deleted successfully.

"HKCR\CLSID\{0daba574-50b2-11e3-9d84-00266c1702e2}" => Key not found.

"HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.

"HKU\S-1-5-21-2694382076-4287016745-4230404944-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.

C:\windows\system32\GroupPolicy\Machine => Moved successfully.

C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.

C:\Users\Michael\Opera_1100_en_Setup.exe => Moved successfully.

C:\Users\Michael\swissknife.exe => Moved successfully.

C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnpahoi.dll => Moved successfully.

"HKU\S-1-5-21-2694382076-4287016745-4230404944-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{297A4407-C031-40CF-8213-C6B7A9A7C516}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{297A4407-C031-40CF-8213-C6B7A9A7C516}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-2694382076-4287016745-4230404944-1001" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4ADD3AA8-53BD-4988-BC6F-E61490EA8A87}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ADD3AA8-53BD-4988-BC6F-E61490EA8A87}" => Key deleted successfully.

C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F0982D2-DFD3-453C-B54D-FDC3EA5D6044}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F0982D2-DFD3-453C-B54D-FDC3EA5D6044}" => Key deleted successfully.

C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.

"C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8264B7F-C98B-44DB-899C-979F5DB0C144}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8264B7F-C98B-44DB-899C-979F5DB0C144}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\IC Update Procedure" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEEDA3AB-9323-49FF-933F-622EFA9B0ED9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEEDA3AB-9323-49FF-933F-622EFA9B0ED9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IC Runner Procedure" => Key deleted successfully.

C:\windows\SysWOW64\GPhotos.scr => ":AGC" ADS removed successfully.

C:\Users\Michael\Desktop\FRST64 (1).exe => ":BDU" ADS removed successfully.

C:\Users\Michael\Downloads\DropboxInstaller.exe => ":BDU" ADS removed successfully.

C:\Users\Michael\Downloads\DUCSetup_v4_1_0.exe => ":BDU" ADS removed successfully.

C:\Users\Michael\Downloads\FRST64.exe => ":BDU" ADS removed successfully.

C:\Users\Michael\Downloads\mbam-setup-2.0.4.1028.exe => ":BDU" ADS removed successfully.

C:\Users\Michael\Downloads\mbar-1.08.2.1001.exe => ":BDU" ADS removed successfully.

C:\Users\Michael\Downloads\Setup.exe => ":BDU" ADS removed successfully.

C:\Users\Michael\Downloads\Unconfirmed 704474.crdownload => ":BDU" ADS removed successfully.

C:\Users\Michael\Downloads\WebComponents.exe => ":BDU" ADS removed successfully.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 323.9 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

[kevinf80]

Thanks for thos logs, continue you as follows:

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Next,

 

If no remaining issues or concerns run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 

• 
  

    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Thanks,

 

Kevin...

[kevinf80]

Are we ok to close out or do you still need help?

[mikekash]

Thanx for the help, I was messing around with my shut-down issue and got backtracked.  I think my mailware issue has been resolved once again, thank you for the help, you can close out.  

[kevinf80]

Thanks for the update, also thank you for the donation... It was a pleasure to work with you.

 

Take care and surf safe,

 

Kevin...

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!