I nerf help

[ImScrewed]

I disabled it to do something you asked me to. I forgot to re enable it, but I did so now.

Fix result of Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by Tara (2015-12-15 16:32:33) Run:1
Running from C:\Users\Tara\Desktop
Loaded Profiles: Tara (Available Profiles: Tara)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
FF Extension: No Name - C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\extensions\firefox@helper [not found]
2015-12-13 18:12 - 2015-12-13 18:18 - 00000000 ____D C:\73753140cd2130d14cd73474
2015-12-13 17:38 - 2015-12-13 17:38 - 00000000 ____D C:\Program Files (x86)\GUM3580.tmp
2015-11-19 18:59 - 2015-11-19 18:59 - 00000000 ____D C:\33043e753a51ea6e54a63886
2015-12-14 16:04 - 2015-10-25 18:12 - 00003434 _____ C:\windows\System32\Tasks\Uevanbao
Task: {32757443-0167-4CAF-AAC7-049A627C040A} - System32\Tasks\Audio Service Task => C:\Program Files (x86)\Audio Service\AudioService.exe [2015-04-14] (Secure Updater) <==== ATTENTION
Task: {903319BA-52A0-4C6E-9552-F831CD45C69D} - System32\Tasks\Microsoft\Internet Explorer\IE9 Install DelayedReboot_OnLogon => /task DelayedReboot_OnLogon
Task: {91B60D69-EAAC-40CE-B5B3-0F913114F64F} - System32\Tasks\Uevanbao => C:\ProgramData\Uevanbao\1.0.7.1\uleuusat.exe
Task: {94A943E9-795C-4209-952E-48114B7D639B} - System32\Tasks\{6DB5939A-78A7-41A3-8AA4-5763BA3FE30C} => pcalua.exe -a C:\Users\Tara\Downloads\HijackThis.exe -d C:\Users\Tara\Downloads
C:\ProgramData\Uevanbao
Task: {EFE9CFA3-5B04-4E19-81BF-E3FE97910209} - \Jelbruss Secure Web Task -> No File <==== ATTENTION
Task: {F2BFA458-08B4-43EE-9F0B-E2BB61D56427} - System32\Tasks\Microsoft\Internet Explorer\IE9 Install DelayedReboot_OnReboot => /task DelayedReboot_OnReboot
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default\extensions\firefox@helper => path removed successfully
C:\73753140cd2130d14cd73474 => moved successfully
C:\Program Files (x86)\GUM3580.tmp => moved successfully
C:\33043e753a51ea6e54a63886 => moved successfully
C:\windows\System32\Tasks\Uevanbao => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32757443-0167-4CAF-AAC7-049A627C040A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32757443-0167-4CAF-AAC7-049A627C040A}" => key removed successfully
C:\windows\System32\Tasks\Audio Service Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Audio Service Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{903319BA-52A0-4C6E-9552-F831CD45C69D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{903319BA-52A0-4C6E-9552-F831CD45C69D}" => key removed successfully
C:\windows\System32\Tasks\Microsoft\Internet Explorer\IE9 Install DelayedReboot_OnLogon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Internet Explorer\IE9 Install DelayedReboot_OnLogon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{91B60D69-EAAC-40CE-B5B3-0F913114F64F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91B60D69-EAAC-40CE-B5B3-0F913114F64F}" => key removed successfully
C:\windows\System32\Tasks\Uevanbao => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uevanbao" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94A943E9-795C-4209-952E-48114B7D639B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94A943E9-795C-4209-952E-48114B7D639B}" => key removed successfully
C:\windows\System32\Tasks\{6DB5939A-78A7-41A3-8AA4-5763BA3FE30C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6DB5939A-78A7-41A3-8AA4-5763BA3FE30C}" => key removed successfully
"C:\ProgramData\Uevanbao" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE9CFA3-5B04-4E19-81BF-E3FE97910209}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE9CFA3-5B04-4E19-81BF-E3FE97910209}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbruss Secure Web Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F2BFA458-08B4-43EE-9F0B-E2BB61D56427}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2BFA458-08B4-43EE-9F0B-E2BB61D56427}" => key removed successfully
C:\windows\System32\Tasks\Microsoft\Internet Explorer\IE9 Install DelayedReboot_OnReboot => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Internet Explorer\IE9 Install DelayedReboot_OnReboot" => key removed successfully
EmptyTemp: => 283 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:35:21 ====

[Corrine]

How is your computer now?  Everything seem to be working ok?

[ImScrewed]

It's a little slow booting up, but other than that, so far so good!

[ImScrewed]

Cant figure out how to modify my previous post.... I've been using it an hour or so and the internet does seem a little laggy. When I go to a new page or something with heavy loading it seems to stop responding for a few.

[Corrine]

Unless you have a very fast Internet connection (which I don't), websites with "heavy loading", will be slow.  Have you considered Adblock Plus?  You may also  want to disable unnecessary startup items which slow down your computer (e.g., Toshiba Bulletinboard, TosNcCore.exe).  This can safely be done with WinPatrol.  The download link is below the horizontal line on this page:  https://www.winpatrol.com/mydownloads/

See WinPatrol Features: Startup Programs, Start Up Programs: Remove, Add, Disable, and Reviewing Start-Up Programs.

[winchester73]

Are both Internet Explorer and Firefox slow?  Same level of slowness?  What about wireless vs hard wired Ethernet cable?

It's also possible that all of the holiday shopping is choking the ISP.

A few ideas ...

Do you have a lot of tabs open?  If so, close a few and see if that makes a difference. Even if you aren't looking at them, many web pages automatically refresh themselves at intervals (to keep you updated), and they can eat up your bandwidth.

If you are on a wireless connection, changing the channel of the router may help.  Try something like WifiInfoView to see the commonly used channels in your area:  http://www.nirsoft.net/utils/wifi_information_view.html .  You'll want to pick one that isn't selected by all of your neighbors (ideally you'll be the only one on that channel).

[ImScrewed]

When my computer is running good I don't have the problem. My internet is 75 megs.

As far as disabling starting programs, how do I k ow which ones are safe to do so?

[ImScrewed]

Are both Internet Explorer and Firefox slow?  Same level of slowness?  What about wireless vs hard wired Ethernet cable?

It's also possible that all of the holiday shopping is choking the ISP.

A few ideas ...

Do you have a lot of tabs open?  If so, close a few and see if that makes a difference. Even if you aren't looking at them, many web pages automatically refresh themselves at intervals (to keep you updated), and they can eat up your bandwidth.

If you are on a wireless connection, changing the channel of the router may help.  Try something like WifiInfoView to see the commonly used channels in your area:  http://www.nirsoft.net/utils/wifi_information_view.html .  You'll want to pick one that isn't selected by all of your neighbors (ideally you'll be the only one on that channel).

Its all browsers

[Corrine]

Is it still slow when you don't use a proxy or use a Google proxy?

[ImScrewed]

I don't understand

[Corrine]

When Jelbrus was first removed from your computer some time ago, you reinstalled it because you couldn't connect to the Internet.  Various aspects of it have been removed again and again.  However, until you uninstall it completely and return to connecting to the Internet via the IP Address provided by your ISP, the problems will continue.  Jelbrus is described at various sites as adware and by TrendMicro as a trojan.  Uninstall C:\Program Files (x86)\Jelbruss Secure Web and follow the instructions for your ISP. 

If you provide me with the name of your ISP (which I believe from the IP shown in your first posts here is Charter), I will be happy to see what I can locate and then use FRST to remove Jelbrus again.

Please let me know you you wish to proceed.

[ImScrewed]

I'm sorry, I just saw this... I've been super busy.... So I've been doing this to myself? How do I go about doing the first option? Uninstalling from the program files and then using my isp to connect to the internet. I thought I was using my isp to begin with?

[Corrine]

For information first:

From the logs, it shows you were using a proxy:

ProxyEnable: [S-1-5-21-1541615685-2464090894-2300236971-1000] => Proxy is enabled.

This is information provided by your ISP:  How do I configure my IP address?.

See the "Firefox connection settings" on this page:  Firefox can't load websites but other browsers can | Firefox Help



The above it provided for information purposes because Farber has another tool that we can use to check the settings and then reset if needed.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Report FF Proxy Settings
  
• List IP configuration
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

[ImScrewed]

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Tara (administrator) on 16-01-2016 at 17:49:11
Running from "C:\Users\Tara\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Satellite L755 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 5)
========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled mtu=1500 nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled mtu=1500 nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Tara-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : E8-9A-8F-79-58-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : D0-DF-9A-5A-54-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : D0-DF-9A-5A-54-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : D0-DF-9A-5A-54-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : D0-DF-9A-5A-54-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::71ce:ff97:1c2:8048%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, January 16, 2016 2:32:16 PM
   Lease Expires . . . . . . . . . . : Sunday, January 17, 2016 3:20:47 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248569754
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-A7-93-31-D0-DF-9A-5A-54-0C
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{D1415600-D1C6-4200-A49E-1AE36876E9E1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:18e7:def:9fd8:49b2(Preferred)
   Link-local IPv6 Address . . . . . : fe80::18e7:def:9fd8:49b2%7(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 671088640
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-A7-93-31-D0-DF-9A-5A-54-0C
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  173.194.219.139
     173.194.219.102
     173.194.219.100
     173.194.219.138
     173.194.219.113
     173.194.219.101


Pinging google.com [173.194.219.138] with 32 bytes of data:
Reply from 173.194.219.138: bytes=32 time=87ms TTL=38
Reply from 173.194.219.138: bytes=32 time=85ms TTL=38

Ping statistics for 173.194.219.138:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 85ms, Maximum = 87ms, Average = 86ms
Server:  UnKnown
Address:  192.168.1.1

DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
     2001:4998:c:a06::2:4008
     2001:4998:58:c02::a9


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=88ms TTL=47
Reply from 98.139.183.24: bytes=32 time=88ms TTL=47

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 88ms, Maximum = 88ms, Average = 88ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...e8 9a 8f 79 58 34 ......Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
15...d0 df 9a 5a 54 0c ......Microsoft Wi-Fi Direct Virtual Adapter
  6...d0 df 9a 5a 54 0c ......Microsoft Hosted Network Virtual Adapter
35...d0 df 9a 5a 54 0c ......Microsoft Wi-Fi Direct Virtual Adapter #2
14...d0 df 9a 5a 54 0c ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    281
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:5ef5:79fd:18e7:def:9fd8:49b2/128
                                    On-link
14    281 fe80::/64                On-link
  7    306 fe80::/64                On-link
  7    306 fe80::18e7:def:9fd8:49b2/128
                                    On-link
14    281 fe80::71ce:ff97:1c2:8048/128
                                    On-link
  1    306 ff00::/8                 On-link
14    281 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

**** End of log ****

[Corrine]

Please run MiniToolBox again.  This time, checkmark the following check boxes:

• Flush DNS
  
• Reset FF Proxy Settings
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.