Jump to content

Windows 8 Running Extremely Slow, suspect infection


Recommended Posts

Hi,

 

I am having trouble with my home computer (HP Pavilion with core i7). It has been acting very very slow for quite some time.

 

I suspect that the laptop is infected because of the following observations:

  • It locks up every time I try to start the task manager.
  • It also does not show me the usual Restart options on the login screen so I can't do a Shfit+Restart. 
  • It locks up when I try to start the msconfig to have a look at the services.
  • There are pop-ups about software I never installed.

I have avg free edition antivirus installed. I wanted to look for issues but I am not even able to restart the computer in safe mode (Missing the old PF8 mashing so much !)

 

I am going to try the MBAM tonight and will keep you posted on how it goes but I am pretty sure I would need your kind help

 

Thanks & Regards,

Adil

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.



Let me see those logs in your next reply...

Thank you,

Kevin...
 

Link to post
Share on other sites

Hello,

 

Thank you for the clear instructions. My computer was so slow that I could not even browse to this forum let alone do anything else. So I finally managed to restart windows in safe mode with networking and did everything you asked above. Here are the logs

 

 

Adwcleaner Log

 
# AdwCleaner v5.030 - Logfile created 23/01/2016 at 14:53:39
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [server]
# Operating system : Windows 8.1  (x64)
# Username : LuciadBovis - LUCIA
# Running from : C:\Users\olivier\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : iSafeKrnlBoot
[-] Service Deleted : iSafeNetFilter
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Elex-tech
[-] Folder Deleted : C:\Program Files (x86)\WinZipper
[-] Folder Deleted : C:\ProgramData\MailUpdate
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[-] Folder Deleted : C:\Users\olivier\AppData\Roaming\Elex-tech
[-] Folder Deleted : C:\Users\olivier\AppData\Roaming\MailUpdate
[-] Folder Deleted : C:\Users\olivier\AppData\Roaming\WinZipper
[!] Folder Not Deleted : C:\Users\olivier\AppData\Roaming\Elex-tech
[!] Folder Not Deleted : C:\Users\olivier\AppData\Roaming\MailUpdate
[!] Folder Not Deleted : C:\Users\olivier\AppData\Roaming\WinZipper
[!] Folder Not Deleted : C:\Users\olivier\AppData\Roaming\Elex-tech
[!] Folder Not Deleted : C:\Users\olivier\AppData\Roaming\MailUpdate
[!] Folder Not Deleted : C:\Users\olivier\AppData\Roaming\WinZipper
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Windows\SysNative\log\iSafeKrnlCall.log
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
[-] Key Deleted : HKCU\Software\SecuredDownload
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKCU\Software\V9
[-] Key Deleted : HKLM\SOFTWARE\Elex-tech
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\V9
[-] Key Deleted : HKLM\SOFTWARE\winzipersvc
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
[-] Key Deleted : HKU\.DEFAULT\Software\Elex-tech
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\delta-homes.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.delta-homes.com
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7849 bytes] ##########
 
 
 
The post was getting too long so I attached MBAM and FRST logs as well instead of copying

 

 

Please let me know what I can do next as things still havent improved much

 

Regards

Adil 

Addition.txt

FRST.txt

MBAM Log.txt

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Boot your system back to normal mode....

 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



Next,

 

grayhitmanpro_16px.png Scan with HitmanPro

In any case don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead od curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!

Please download HitmanPro by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on grayhitmanpro_16px.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button. You must agree with the terms of EULA (if asked).
  • Check the box beside No, I only want to perform a one-time scan to check this computer.
  • Click on the Next button.
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore.
  • If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!
    Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply.
  • Click on the Next button.
  • Click on the Save Log button.
  • Save that file to your desktop.



Please include that logfile in your next reply.

Don't forget to re-enable your security!

Let me see those logs, also give an update on any remaining issues or concerns.....

 

Thank you,

 

Kevin...
 

Fixlist.txt

Link to post
Share on other sites

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)
 

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence


    drwebscan.JPG
     
  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop


This log will be excessive,  Please attach it to your next reply… Can you also post the log from FRST fix..
 

Link to post
Share on other sites

So I completed the scans as instructed. Logs are attached

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/23/2016
Scan Time: 11:04 PM
Logfile: MBAM log-1.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.23.06
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: LuciadBovis
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432342
Time Elapsed: 1 hr, 12 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 12
PUP.Optional.Picexa, HKLM\SOFTWARE\CLASSES\PicexaViewer.bmp, Quarantined, [44cef14c792067cf9062fddf31d157a9], 
PUP.Optional.Picexa, HKLM\SOFTWARE\CLASSES\PicexaViewer.gif, Quarantined, [7b9791ac861340f62fc307d59d65ea16], 
PUP.Optional.Picexa, HKLM\SOFTWARE\CLASSES\PicexaViewer.jpeg, Quarantined, [858df34a1584eb4b7280d70540c2f20e], 
PUP.Optional.Picexa, HKLM\SOFTWARE\CLASSES\PicexaViewer.jpg, Quarantined, [a969f04dd2c775c143affae22fd30bf5], 
PUP.Optional.Picexa, HKLM\SOFTWARE\CLASSES\PicexaViewer.png, Quarantined, [cf4397a641582511ae44cd0f56ac43bd], 
PUP.Optional.Picexa, HKLM\SOFTWARE\CLASSES\PicexaViewer.tif, Quarantined, [b161a19c8c0d5adc737f0bd1a75b09f7], 
PUP.Optional.Picexa, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PicexaViewer.bmp, Quarantined, [080adb62b1e80b2bb63cf4e879897888], 
PUP.Optional.Picexa, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PicexaViewer.gif, Quarantined, [fc16d766debbd75faf43ac30a260a55b], 
PUP.Optional.Picexa, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PicexaViewer.jpeg, Quarantined, [42d0c27b029744f2c82ad30961a1c43c], 
PUP.Optional.Picexa, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PicexaViewer.jpg, Quarantined, [b161e15c4653a98d1fd34597c43e41bf], 
PUP.Optional.Picexa, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PicexaViewer.png, Quarantined, [f51df24b2178bd79f6fc55876999916f], 
PUP.Optional.Picexa, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PicexaViewer.tif, Quarantined, [6ba7e15cb5e437ffd81a2fadb84a0ef2], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Hitman Pro
 
HitmanPro 3.7.12.253www.hitmanpro.com    Computer name . . . . : LUCIA   Windows . . . . . . . : 6.3.0.9600.X64/4   User name . . . . . . : lucia\LuciadBovis   UAC . . . . . . . . . : Enabled   License . . . . . . . : Free    Scan date . . . . . . : 2016-01-24 00:35:24   Scan mode . . . . . . : Normal   Scan duration . . . . : 25m 0s   Disk access mode  . . : Direct disk access (SRB)   Cloud . . . . . . . . : Internet   Reboot  . . . . . . . : No    Threats . . . . . . . : 1   Traces  . . . . . . . : 163    Objects scanned . . . : 2,251,171   Files scanned . . . . : 52,702   Remnants scanned  . . : 424,251 files / 1,774,218 keys Malware _____________________________________________________________________    C:\Windows\Temp\WAXBB6.tmp      Size . . . . . . . : 663,552 bytes      Age  . . . . . . . : 115.6 days (2015-09-30 10:52:30)      Entropy  . . . . . : 1.4      SHA-256  . . . . . : 5DF06CDC994DC49F9FF5301D366CE3504CA92A0CDDB5ABB420163D2E2FE2385F    > Bitdefender  . . . : Gen:Variant.Kazy.792279      Fuzzy  . . . . . . : 110.0  Suspicious files ____________________________________________________________    C:\ProgramData\NVIDIA\Updatus\Packages\00007cf0\CoProc update.19885687.exe      Size . . . . . . . : 518,256 bytes      Age  . . . . . . . : 154.4 days (2015-08-22 14:04:10)      Entropy  . . . . . : 7.9      SHA-256  . . . . . : A99EBF33DA43F85913EA43611CD19FB229FE1949713940B4796B3DFD8B5E8443      RSA Key Size . . . : 2048      Authenticode . . . : Invalid      Fuzzy  . . . . . . : 27.0         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         Authors name is missing in version info. This is not common to most programs.         Version control is missing. This file is probably created by an individual. This is not typical for most programs.         Program contains PE structure anomalies. This is not typical for most programs.         The file appears to be part of an installation package or setup program. This is typical for most programs.    C:\Users\olivier\Desktop\FRST64.exe      Size . . . . . . . : 2,370,560 bytes      Age  . . . . . . . : 0.5 days (2016-01-23 13:11:51)      Entropy  . . . . . : 7.6      SHA-256  . . . . . : DF31FB13657FE69EF6D27FC5E54FB2982E48F1FBB90C373B7541EE4FF5C55276      Needs elevation  . : Yes      Fuzzy  . . . . . . : 24.0         Program has no publisher information but prompts the user for permission elevation.         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         Authors name is missing in version info. This is not common to most programs.         Version control is missing. This file is probably created by an individual. This is not typical for most programs.         Time indicates that the file appeared recently on this computer.      Forensic Cluster          0.0s C:\Users\olivier\Desktop\FRST64.exe          0.1s C:\Users\olivier\Desktop\AdwCleaner.exe  Potential Unwanted Programs _________________________________________________    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper\ (AirZip)   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F622628-7632-4B28-B184-D7BA0CA3273B} (AirZip)   HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\PicexaService\ (Picexa)   HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\winzipersvc\ (AirZip)   HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService\ (Picexa)   HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc\ (AirZip) Cookies _____________________________________________________________________    C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:262855726.log.optimizely.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:cdn.turn.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtry.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-t.rubiconproject.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.mcwtg400.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com   C:\Users\olivier\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\06K6IX8C.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\0J0PRRFY.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\0M1VVX2L.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\0M7N6IOZ.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\0XXUDLB0.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\0ZOBG8KZ.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\15A1E10T.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\1BU7JQ40.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\1D9OJ8J3.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\1IQ6QQBS.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\1KU2PKEL.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\2KK24YU1.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\2UAR6P8Z.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\2UI7KEMY.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\3BVAMK5K.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\48E0N3HQ.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\4T0WYP74.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\53PZ2R1S.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\57CQG850.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\5A8WZ42P.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\5QIOQBRJ.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\60DK9UM8.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\64EMV605.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\64ZG57TR.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\6IFA3J76.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\7Z9AL0BC.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\8IRD335S.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\8JPGSW6L.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\8MEJWGI4.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\91YJF9BA.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\99T1LRUY.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\9G4K296V.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\AGXAUTO2.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\B3HLBGLI.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\B9E529JO.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\C430NFCA.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\CC3I108V.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\F81Z8SH9.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\FQOOKF2H.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\FT0UXOUW.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\GHWF90E9.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\HILNEKSD.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\JDJOYRNH.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\JF1QW6G1.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\JFFAHB1F.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\JXGMQO7M.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\K5WTC1IN.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\KSTEWAZK.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\L4WNIYM0.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\020M90IF.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\291OA8O7.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\3BZ64X0L.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\3GAIA69T.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\42DDUJM0.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\5205XBPX.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\63ZJCU42.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\6NEYPXNA.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\9598LH0L.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\DIVTGJ0G.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\DZ9OWP58.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\G3SFUDHQ.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\GMZ1YMF5.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\GQ3BMKEG.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\HIHVYSF0.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\J0UCKDA2.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\KBTJVC5S.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\KC1O1QN3.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\KU2ALQGP.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\M67T1O6G.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\NJHO5SHW.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\O1Z7F5VN.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\OHLBBT1Y.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\QMSVLE1Y.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\RKMBCDLV.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\ROAQFMDF.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\SXBB1TV3.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\TYH8KGIT.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\UQW3P3BI.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\UTX5Y4HX.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\UXTQ9Q2Z.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\X19DU2G1.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\X7XWKOPH.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\Y29H537V.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\YAEXSWGP.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\Low\YHY2X7O8.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\MVCJBHZK.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\N1SBFICM.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\NASFVF1V.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\O233I8PC.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\OIY3F4CA.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\P5NOHJF6.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\PJ3HQ0GV.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\PYN83R1O.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\RIH0JY7E.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\SGXKYVQ4.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\TCB87HA4.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\TDS5WONW.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\TMYFD1OK.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\UILH6T1E.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\UQSHFQAH.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\URBXO722.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\V7KLUWW7.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\VBM9AQU9.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\VLIWVL6P.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\VS5PEESP.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\VXZOOL1S.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\W6POFBLS.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\WB2OFDV9.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\YERC8VAA.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\YUBB1571.txt   C:\Users\olivier\AppData\Local\Microsoft\Windows\INetCookies\ZBX9XBA4.txt  
 
 
Apart from this I am still seeing some general slowness. Could be due to failing drive so did a chkdsk and windows fixed some errors. Planning to do a disk defrag next. Let me know if that is okay
 
Cheers
Adil
Link to post
Share on other sites

I revrted back to normal boot and did the scans again which ram for longer time. Here are the logs:

 

MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/24/2016
Scan Time: 10:02 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.24.02
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: LuciadBovis
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432757
Time Elapsed: 1 hr, 35 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Hitman Pro: Attached
 
 

HitmanPro_20160124_1201.log

Link to post
Share on other sites

Continue please:

 

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

@echo offdel /f /s /q "C:\Windows\Temp\WAXBB6.tmp"del %0

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: batfileicon.gif<--XP vista_bat_icon.png <--vista or windows 7/8
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download and Save McAfee Stinger to your Desktop from here:

http://downloadcenter.mcafee.com/products/mcafee-avert/Stinger/stinger32.exe

Read the Terms and Conditions, the download tab is at the bottom of the page.
Close all browsers before starting. Disable your antivirus program and anti-malware, if any.
To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs read here:

http://www.bleepingcomputer.com/forums/topic114351.html

On Windows 7, 8, 10 & Vista systems, Right Click on Stinger stinger.jpg and select Run as Administrator.
On XP, double-click to start it.
Click on “I Accept” tab at McAfee end user licence agreement.

Stinger%20a.png

In the new Window select “Advanced” then “Settings”

Stinger%20b.png

The settings window will open, make sure the settings are exactly as shown in the following image, then select “Save” <<------Very Important

Stinger%20c.png

In the new window Click the “Customize my Scan” under the “Scan” button.

Stinger%20f.png

In the new Window select C:\ drive and any other listed Hard Drive, then select “Scan”

Stinger%20g.png

When the scan completes select the “View log” to do that, select “Notepad” if offered in list of choices.

If the log opens in your browser, copy and save to  a file....

I will need a copy of that log.

 

Let me see those logs..

 

Kevin

Link to post
Share on other sites

Hello

 

Here is the log from Stinger. No detection but for some reason it is not scanning the rootkit. Even when I selected the option.

 

<HTML><HEAD> <TITLE>
McAfee Stinger Scan Results</TITLE></HEAD><BODY BGCOLOR=#ffffff><H1 ALIGN=CENTER>
McAfee Stinger Scan Results</H1><H2 ALIGN=CENTER><HR></H2><meta http-equiv="Content-Type"  content="text/html;charset=UTF-8"/><PRE>
McAfee® Labs Stinger™ Version 12.1.0.1866 built on Jan 21 2016 at 18:29:40
Copyright© 2015, McAfee, Inc. All Rights Reserved.
 
AV Engine version v5800.7501 for Windows.
Virus data file v1000.0 created on Jan 21, 2016
Ready to scan for 9716 viruses, trojans and variants.
 
Custom scan initiated on Monday, January 25, 2016 01:31:06
 
 
Rootkit scan result : Not Scanned.
 
 
 
Summary Report on C:
File(s)
TotalFiles:............ 519089
Clean:................. 260978
Not Scanned:........... 258111
Possibly Infected:..... 0
 
Time: 08:26:11
 
Scan completed on Monday, January 25, 2016 09:57:17
Link to post
Share on other sites

Oh yes it did remove the file. The batch file ran perfectly Here is the log from JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x64 
Ran by LuciadBovis (Administrator) on Sun 01/24/2016 at 12:57:04.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{E3A2FD1F-8A54-4E7A-8A79-49286A38E9D3} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/24/2016 at 12:58:33.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Actually there is drastic improvement to my system. It is working quite smooth. I am yet to install a good media player (Media Player Classic or VLC) but that should not be a big impact on the performance. I also got my free upgrade to Windows 10 and from what I have read it is quite good. Going to upgrade as soon as I get a thumbs up from you.

 

Many many thanks for all the support. 

 

 

Cheers

Adil

Link to post
Share on other sites

Thanks for the update Adil,

 

The latest logs were good, if you have no remaining issues or concerns we can clean up... Regarding Windows 10, yep is very worthwhile upgrading, I use it on all of my computers...

 

To clean up do the following:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

So all the clean-up is done. I am upgrading to windows 10 but it ran into some problem with my audio driver. Fixed it and now upgrade is in progress. I am going to install Adblock Plus and use windows defender as the primary antivirus. I pledge to remain more secure in the future.

 

Once again, kudos to the level of professionalism shown by you Kevin. Thank you very much

 

Keep Rocking !!

 

Adil. 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.