pop-ups on new computer

Started by marykatepenczkowski, September 23, 2014, 09:00:13 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

marykatepenczkowski

September 23, 2014, 09:00:13 PM
okay, im having another problem on my new computer. I just got it in august, and my dad asked me to plug in his gps to get the update for him. and ever since then when i go on the internet, i get advertisements and it just seems slow. whenever you can get back to me that would be great. thank you.

Corrine

#1
September 25, 2014, 01:31:14 PM
Sorry for the delay in responding.  I got caught up with some other things and forgot to provide instructions to you. 

I wouldn't have expected your Dad's GPS to include advertisements.  Do you remember where you had to go to get the update? 

To see what was included, please download Adware Cleaner by Xplode.    Please save it to your desktop!

  • Close all open programs and internet browsers.
  • Double-click AdwCleaner.exe to run the tool. 
    Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin.  Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Report button.  A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

marykatepenczkowski

#2
September 25, 2014, 08:47:33 PM
# AdwCleaner v3.310 - Report created 25/09/2014 at 16:43:43
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joe - JOE-PC
# Running from : C:\Users\Joe\Downloads\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BackupStack
Service Deleted : CltMngSvc
Service Deleted : SPPD
  • Service Deleted : Update neurowise
  • Service Deleted : Util neurowise
    Service Deleted : {fe651286-52a1-461b-a17a-f258b4b81968}w64

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\SearchProtect
    [!] Folder Deleted : C:\Program Files (x86)\neurowise
    Folder Deleted : C:\Users\Joe\AppData\Local\SearchProtect
    Folder Deleted : C:\Users\Joe\AppData\Local\Temp\neurowise
    Folder Deleted : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
    Folder Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    [!] Folder Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    File Deleted : C:\windows\System32\drivers\{fe651286-52a1-461b-a17a-f258b4b81968}w64.sys
    File Deleted : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    File Deleted : C:\Users\Joe\Desktop\Sync Folder.lnk
    File Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage
    File Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****

    Task Deleted : LaunchSignup

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateneurowise_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateneurowise_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilneurowise_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilneurowise_RASMANCS
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update neurowise
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util neurowise
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d08ab008-0647-4784-8e2c-5769cd4a7c3a}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E693A372-A8D4-4CBD-B011-66358BEA2F48}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{724dd777-5654-4d06-b3bc-c2ff56615998}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d08ab008-0647-4784-8e2c-5769cd4a7c3a}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E693A372-A8D4-4CBD-B011-66358BEA2F48}
    Key Deleted : HKCU\Software\neurowise
    Key Deleted : HKLM\SOFTWARE\SearchProtect
    Key Deleted : HKLM\SOFTWARE\neurowise
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\neurowise
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

    -\\ Google Chrome v37.0.2062.120

    [ File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M2DD9A26F-BF6B-486D-BF10-2D82835ADE03&SearchSource=58&CUI=&UM=6&UP=SP5CCFAECC-4402-46FC-8BA8-B2AA09853BB9&q={searchTerms}&SSPV=
    Deleted [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M2DD9A26F-BF6B-486D-BF10-2D82835ADE03&SearchSource=55&CUI=&UM=6&UP=SP5CCFAECC-4402-46FC-8BA8-B2AA09853BB9&SSPV=
    Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3324775&octid=EB_ORIGINAL_CTID&ISID=M2DD9A26F-BF6B-486D-BF10-2D82835ADE03&SearchSource=55&CUI=&UM=6&UP=SP5CCFAECC-4402-46FC-8BA8-B2AA09853BB9&SSPV=

    *************************

    AdwCleaner[R0].txt - [6587 octets] - [25/09/2014 16:42:48]
    AdwCleaner[S0].txt - [6561 octets] - [25/09/2014 16:43:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6621 octets] ##########

Corrine

#3
September 25, 2014, 09:00:17 PM
This is some of the same adware back again with some new ones as well.  Were are you downloading programs from -- what website?

Since you already ran the Clean option for AdwCleaner, let's move on to JRT and MBAM.

1.  Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
2.  You should still have Malwarebytes installed on your computer.  Please launch it and check for updates.  Then make sure you are using the following settings:

-- On the Scanner tab, check Perform quick scan.
-- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
-- Also on the Settings tab, under "Action for potentially unwanted programs (PUP)", change the option to Show in results list and check for removal.[/li]
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

marykatepenczkowski

#4
September 28, 2014, 04:32:15 PM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Home Premium x64
Ran by Joe on Sun 09/28/2014 at 12:26:07.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Joe\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Joe\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/28/2014 at 12:29:30.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


this is the log from JRT, but this isnt the same computer that had the problems before. so i dont have the software on this computer.

Corrine

#5
September 28, 2014, 05:12:53 PM
To avoid confusion (mine), I split this from your earlier topic (pop-ups). 

Since this is a different computer, I need some additional information.  Please provide the requested logs in Log Posting Instructions.

Thank you.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

marykatepenczkowski

#6
September 29, 2014, 11:21:17 PM
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Joe at 19:19:37 on 2014-09-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6031.4672 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\Power Saver\TBatmgrTrayicon.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe
C:\Program Files\Toshiba\TECO\TecoHook.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer provided by TOSHIBA
mWindow Title = Internet Explorer provided by TOSHIBA
mWinlogon: Userinit = userinit.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F97807D8-17EA-4102-A1A7-C03CFA318212} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [BatteryManager] C:\Program Files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-11-21 632168]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-11-21 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-9-17 20464]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2013-9-12 356192]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2014-6-6 20592]
R3 ETD;ELAN PS/2_SMBus Port Input Device;C:\windows\System32\drivers\ETD.sys [2014-3-4 404296]
R3 ETDSMBus;ETDSMBus;C:\windows\System32\drivers\ETDSMBus.sys [2014-6-6 24904]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-6-6 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-10-28 449496]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-9-17 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-9-17 795632]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\drivers\RtsP2Stor.sys [2014-6-6 291032]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-6-6 888536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-6-6 131544]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-6-6 169432]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-2-25 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-6-6 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2013-8-21 138624]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-7-22 1255736]
.
=============== Created Last 30 ================
.
2014-09-26 22:00:15   11578928   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C35223E8-8DB3-4D07-BFDA-4A9E75B69A63}\mpengine.dll
2014-09-25 21:26:45   --------   d-----w-   C:\windows\ERUNT
2014-09-25 20:43:26   536576   ----a-w-   C:\windows\SysWow64\sqlite3.dll
2014-09-25 20:42:46   --------   d-----w-   C:\AdwCleaner
2014-09-23 19:46:10   2048   ----a-w-   C:\windows\SysWow64\tzres.dll
2014-09-23 19:46:10   2048   ----a-w-   C:\windows\System32\tzres.dll
2014-09-23 11:58:24   --------   d-----w-   C:\Program Files (x86)\neurowise
2014-09-10 16:29:09   2777088   ----a-w-   C:\windows\System32\msmpeg2vdec.dll
2014-09-10 16:29:09   2285056   ----a-w-   C:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 11:59:39   793600   ----a-w-   C:\windows\SysWow64\TSWorkspace.dll
2014-09-10 11:59:39   1031168   ----a-w-   C:\windows\System32\TSWorkspace.dll
2014-09-10 11:59:05   2565120   ----a-w-   C:\windows\System32\d3d10warp.dll
2014-09-10 11:59:05   1987584   ----a-w-   C:\windows\SysWow64\d3d10warp.dll
2014-09-10 11:58:56   96768   ----a-w-   C:\windows\SysWow64\sspicli.dll
2014-09-10 11:58:56   728064   ----a-w-   C:\windows\System32\kerberos.dll
2014-09-10 11:58:56   550912   ----a-w-   C:\windows\SysWow64\kerberos.dll
2014-09-10 11:58:56   22016   ----a-w-   C:\windows\SysWow64\secur32.dll
2014-09-10 11:58:56   1460736   ----a-w-   C:\windows\System32\lsasrv.dll
2014-09-10 11:58:52   578048   ----a-w-   C:\windows\System32\aepdu.dll
2014-09-10 11:58:52   424448   ----a-w-   C:\windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-09-15 13:06:02   278152   ------w-   C:\windows\System32\MpSigStub.exe
2014-09-02 09:08:14   224728   ----a-w-   C:\windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-08-23 02:07:00   404480   ----a-w-   C:\windows\System32\gdi32.dll
2014-08-23 01:45:55   311808   ----a-w-   C:\windows\SysWow64\gdi32.dll
2014-08-23 00:59:01   3163648   ----a-w-   C:\windows\System32\win32k.sys
2014-08-18 22:29:49   2724864   ----a-w-   C:\windows\System32\mshtml.tlb
2014-08-18 22:29:35   4096   ----a-w-   C:\windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53   5833728   ----a-w-   C:\windows\System32\jscript9.dll
2014-08-18 22:15:34   547328   ----a-w-   C:\windows\System32\vbscript.dll
2014-08-18 22:15:09   66048   ----a-w-   C:\windows\System32\iesetup.dll
2014-08-18 22:14:38   48640   ----a-w-   C:\windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10   83968   ----a-w-   C:\windows\System32\MshtmlDac.dll
2014-08-18 22:08:55   4232704   ----a-w-   C:\windows\SysWow64\jscript9.dll
2014-08-18 22:03:47   139264   ----a-w-   C:\windows\System32\ieUnatt.exe
2014-08-18 22:03:37   111616   ----a-w-   C:\windows\System32\ieetwcollector.exe
2014-08-18 22:03:01   758272   ----a-w-   C:\windows\System32\jscript9diag.dll
2014-08-18 21:57:44   2724864   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17   940032   ----a-w-   C:\windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26   454656   ----a-w-   C:\windows\SysWow64\vbscript.dll
2014-08-18 21:45:23   61952   ----a-w-   C:\windows\SysWow64\iesetup.dll
2014-08-18 21:45:12   72704   ----a-w-   C:\windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44   51200   ----a-w-   C:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09   61952   ----a-w-   C:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07   112128   ----a-w-   C:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24   597504   ----a-w-   C:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17   2104832   ----a-w-   C:\windows\System32\inetcpl.cpl
2014-08-18 21:23:16   1249280   ----a-w-   C:\windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48   60416   ----a-w-   C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13   2310656   ----a-w-   C:\windows\System32\wininet.dll
2014-08-18 21:08:54   2014208   ----a-w-   C:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44   1068032   ----a-w-   C:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48   1812992   ----a-w-   C:\windows\SysWow64\wininet.dll
2014-07-25 06:35:46   875688   ----a-w-   C:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06   869544   ----a-w-   C:\windows\System32\msvcr120_clr0400.dll
2014-07-14 02:02:45   1216000   ----a-w-   C:\windows\System32\rpcrt4.dll
2014-07-14 01:40:58   664064   ----a-w-   C:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23   7168   ----a-w-   C:\windows\System32\KBDYAK.DLL
2014-07-09 02:03:22   7168   ----a-w-   C:\windows\System32\KBDBASH.DLL
2014-07-09 01:31:42   7168   ----a-w-   C:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41   6656   ----a-w-   C:\windows\SysWow64\KBDBASH.DLL
.
============= FINISH: 19:20:22.29 ===============

marykatepenczkowski

#7
September 29, 2014, 11:22:00 PM
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2014 3:47:10 PM
System Uptime: 9/29/2014 7:18:29 PM (0 hours ago)
.
Motherboard: TOSHIBA |  | ZFWAA
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz | SOCKET 0 | 756/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 688 GiB total, 645.322 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP14: 8/22/2014 8:32:38 AM - Windows Update
RP15: 8/26/2014 7:29:40 AM - Windows Update
RP16: 8/27/2014 7:38:13 PM - Windows Update
RP17: 9/2/2014 8:26:30 AM - Windows Update
RP18: 9/9/2014 7:40:12 AM - Windows Update
RP19: 9/10/2014 12:28:37 PM - Windows Update
RP20: 9/16/2014 7:42:26 AM - Windows Update
RP21: 9/19/2014 7:54:03 AM - Windows Update
RP22: 9/23/2014 3:46:06 PM - Windows Update
RP23: 9/23/2014 5:59:43 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader XI (11.0.03)  MUI
Atheros Driver Installation Program
Bejeweled 3
Cut the Rope
ETDWare PS/2-X64 11.8.20.3_WHQL
Google Chrome
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
IntelĀ® Trusted Connect Service Client
Jack of All Tribes
King Oddball
Luxor Evolved
Microsoft .NET Framework 4.5.1
Microsoft Office
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Audio Enhancement
TOSHIBA Battery Manager
Toshiba Book Place
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Flash Cards
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA System Driver
TOSHIBARegistration
Update Installer for WildTangent Games App
Utility Common Driver
WildTangent Games
WildTangent Games App (Toshiba Games)
.
==== End Of File ===========================

marykatepenczkowski

#8
September 29, 2014, 11:24:25 PM
Results of screen317's Security Check version 0.99.87 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Adobe Reader XI 
Google Chrome 37.0.2062.120 
Google Chrome 37.0.2062.124 
````````Process Check: objlist.exe by Laurent````````[/u] 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````[/u]

Corrine

#9
September 30, 2014, 02:16:07 AM
First things first -- I've looked through your logs three times and either it is because it has been a long day and I'm not seeing it but where is your antivirus software?  Before doing anything else, I strongly encourage you to install an A/V program.  Personally, I have found Microsoft Security Essentials (MSE) works fine for my purposes.  However, you may want a different solution.  The following antivirus software programs are free for personal use:

avast!
Avira Free Antivirus
Microsoft Security Essentials

Note:  If you install MSE, it will disable Windows Defender because it is incorporated in MSE.

After you've done that, lets go back to MBAM.  Please download Malwarebytes Anti-Malware FREE Version from here: http://downloads.malwarebytes.org/file/mbam and save it to your Desktop.

Note::  MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click to execute the installation. Accept the terms, and allow MBAM to install to the default location in your Program Files.
  • Please update the database by clicking on the Update Now button as shown below.


  • Following the update, click on the large green Scan Now button to begin the Threat Scan.
    Note: Optionally, you could have simply clicked Fix Now if it is displayed. That will automatically download updates and run a Threat Scan.
     If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.

    • After viewing the results, please click on the Copy to Clipboard button > OK.

    • Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.




Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

marykatepenczkowski

#10
October 06, 2014, 12:08:27 AM
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/5/2014
Scan Time: 7:49:27 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.05.08
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295163
Time Elapsed: 10 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [1309f31e1b6184b283e7d1adc0446f91],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [9d7fca47a3d9b284b7b2730bf60e7d83],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\WOW6432NODE\neurowise, Quarantined, [62baaa67215b60d6712a2eea5ba8639d],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Extutil.A, C:\Users\Joe\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [c45820f114687eb880bbee0c8181dc24],
PUP.Optional.Managera.A, C:\Users\Joe\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [9a829d746a12ab8b0e2e08f27d85956b],

Files: 10
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, Quarantined, [1efe09086c106cca889a2c73dc25e11f],
PUP.Optional.MindSpark.A, C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mapsgalaxy.dl.tb.ask.com_0.localstorage, Quarantined, [0a12828ff587231314409cda7f85bf41],
PUP.Optional.MindSpark.A, C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal, Quarantined, [85973bd63646e551d4800c6ae222bf41],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [1a022be6aad20c2a35380d71ed177888],
PUP.Optional.Extutil.A, C:\Users\Joe\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [c45820f114687eb880bbee0c8181dc24],
PUP.Optional.Extutil.A, C:\Users\Joe\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [c45820f114687eb880bbee0c8181dc24],
PUP.Optional.Extutil.A, C:\Users\Joe\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [c45820f114687eb880bbee0c8181dc24],
PUP.Optional.Managera.A, C:\Users\Joe\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [9a829d746a12ab8b0e2e08f27d85956b],
PUP.Optional.Managera.A, C:\Users\Joe\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [9a829d746a12ab8b0e2e08f27d85956b],
PUP.Optional.Conduit, C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "suggest_url": "http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}",), Replaced,[d844df32c0bcbd79326d0e388f7610f0]

Physical Sectors: 0
(No malicious items detected)


(end)

Corrine

#11
October 06, 2014, 01:47:55 AM
What did you decide bout the antivirus software?

Are you still getting pop-ups?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

marykatepenczkowski

#12
October 08, 2014, 12:15:21 AM
im using avast, and yes there's barely any change

DonnaB

#13
October 08, 2014, 01:38:58 AM
Hi Mary Kate,

Avast is a good choice. What do you mean by barely any change?

Are you still experiencing slowness? Could you explain in detail what seems to be slow, such as booting the computer, opening programs, accessing sites, etc...

How about the ads that are popping up? When do they pop up?  When you are on specific sites or do they pop up no matter what you do? What types of ads are they?

Do these ads pop up in both Chrome and IE both?

"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins
Print
Go Up Pages1
User actions