Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Not sure if Malware or struggling comp

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Not sure if Malware or struggling comp

Unread postby T66892 » June 30th, 2015, 5:22 pm

My browsers are VERY slow and freeze, even when visiting offline pages like the settings. Sometimes my computer has episodes where it will turn on but not launch any browsers or programs such as games etc. Everything else like watching a stored video works fine, a video in browser on say, Youtube though is horribly slow.

I have read that this can be a type of virus, and all my other actions to speed up my browsers like deleting stuff, using the Chrome unwanted software removal tool, getting rid of cookies etc made 0 difference.

ADDITION:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by T at 2015-06-30 22:04:32
Running from C:\Users\T\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515130059-2430807289-3433730637-500 - Administrator - Disabled)
Guest (S-1-5-21-515130059-2430807289-3433730637-501 - Limited - Disabled)
T (S-1-5-21-515130059-2430807289-3433730637-1001 - Administrator - Enabled) => C:\Users\T

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-515130059-2430807289-3433730637-1001\...\CopyTrans Suite) (Version: 3.01 - WindSolutions)
Epic Games Launcher (HKLM\...\{325AC861-EDAF-440B-97DD-259906E216D3}) (Version: 1.1.24.0 - Epic Games, Inc.)
FMRTE 14.3.1.37 (HKLM\...\{067E314C-0505-406F-ABF5-AC601646E8B4}_is1) (Version: 14.3.1.37 - FMRTE)
FMRTE 15.3.1.15 (HKLM\...\{6D986DE6-CA9D-4E83-B49C-18C0BFEB6AD6}_is1) (Version: 15.3.1.15 - FMRTE)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version: - Sports Interactive)
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version: - Sports Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-515130059-2430807289-3433730637-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA Update 16.13.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 16.13.69 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version: - Firaxis Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Wajam (HKLM-x32\...\WInterEnhancer) (Version: 2.33.2.44 (i2.6) - WInterEnhancer)
Web Shield (HKLM-x32\...\WebShield) (Version: 2.7.68 - Irrational Number Applications)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-515130059-2430807289-3433730637-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-515130059-2430807289-3433730637-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-515130059-2430807289-3433730637-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\T\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-515130059-2430807289-3433730637-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\T\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-515130059-2430807289-3433730637-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\T\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-515130059-2430807289-3433730637-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\T\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-515130059-2430807289-3433730637-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\T\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll No File

==================== Restore Points =========================

09-06-2015 20:50:10 Windows Update
16-06-2015 21:41:26 Scheduled Checkpoint
23-06-2015 23:24:38 Scheduled Checkpoint
30-06-2015 21:56:57 Software Removal Tool

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-05-31 03:28 - 00000910 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 http://www.hello.com
127.0.0.1 ask.com
127.0.0.1 http://uk.ask.com/?o=312&l=dir


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {427872D3-A1E1-4169-B483-9012656686FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {6C43AAB2-B959-4FF9-8419-0C6EC5CABD62} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {C2BBBF42-2331-4B5E-9E4A-57B104186B8C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-19] (Avast Software s.r.o.)
Task: {C92E9A3C-B7A3-457E-85C6-74E557C0512C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {D5B8C711-2231-4D37-A404-FB4E6FFC19A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
Task: {F66BCE5F-C10D-4626-BC04-BDA738DAB318} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
Task: {FBDDE520-526D-4F67-B0AE-A26242B998BD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_190_pepper.exe [2015-06-23] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_190_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-07 07:51 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-03 21:19 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-29 12:17 - 2015-06-29 12:17 - 01154560 _____ () C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\InternetEnhancerService.exe
2015-03-17 18:48 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-06-29 12:17 - 2015-06-29 12:17 - 00286208 _____ () C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\InternetEnhancer.exe
2015-05-16 04:13 - 2015-05-16 04:13 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-16 04:13 - 2015-05-16 04:13 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-30 21:21 - 2015-06-30 21:21 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15063001\algo.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-29 12:17 - 2015-06-29 12:17 - 00011776 _____ () C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\ApiHandlr.dll
2015-03-30 04:36 - 2015-03-30 04:36 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-30 21:32 - 2015-06-20 06:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-30 21:32 - 2015-06-20 06:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-30 21:32 - 2015-06-20 06:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515130059-2430807289-3433730637-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515130059-2430807289-3433730637-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{328EAC9D-31ED-4AC8-92A0-F82AD46FD61F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EEB0FBAC-B6C3-487B-98E4-B2E2046ED6AC}] => (Allow) C:\Users\T\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{09C545AD-8539-4E86-8B6D-3A858EFF449C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exe
FirewallRules: [{E2E0EDF2-AF75-4E48-B686-C6F044C50EEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exe
FirewallRules: [{D0606B5E-47B7-4E70-B375-B9371A68CBF2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C52AB091-A748-464C-A6F4-BAB420A98091}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{65699BC3-0942-4A79-BD5A-34928416E33F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03E4E11C-D8BD-4144-8C3F-DA49603C2CB9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F6D83283-CB7E-494E-9A04-C35DDE74434B}] => (Allow) C:\Users\T\AppData\Local\Temp\nsz5A9B.tmp\CnetInstaller-75115673.exe
FirewallRules: [{E1A45CE4-5F32-4B4B-906C-D86C4E7B2009}] => (Allow) C:\Users\T\AppData\Local\Temp\nsz5A9B.tmp\CnetInstaller-75115673.exe
FirewallRules: [{F7B6E42F-DC67-4C95-A584-DB544C1BBB32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{CB48E542-5301-4D55-ADD0-FBBBDAA51656}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{3C2A99B7-EDED-4820-8B93-A155787543F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{B7F241AB-BF6C-4D6B-9C8F-561EE662C79A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{BE87FA18-990B-4C06-B19F-8BB2B17D6E76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{D426E8CF-7E88-4C2F-A33A-CB8A351A001F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [TCP Query User{1CDDC533-0FC3-47D7-9F34-40C3A064131D}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{DF32ED0C-0094-4656-A4D1-6298403B4C33}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{8777ADF0-E6CB-4AC4-BA89-F847317A2586}C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{6EDC09FE-374A-43C8-8F39-89BA1D807B82}C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [{6F2B778C-0E31-442F-851F-ACEDF6F1780F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exe
FirewallRules: [{35442D34-B3D1-48C5-A154-CB9DC09EF3BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exe
FirewallRules: [{51CD1065-ED50-4460-9C42-0C2A603AAE7A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{159759B2-D428-4C14-913C-D62AE1B57DE0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{570DF9DC-886B-4E03-8933-E65E92C78C23}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{CA19696B-FFFA-426B-A695-028ADAB91D0F}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{31BE8930-13C6-4D02-8674-516B56D7E93B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2015 09:52:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.5.80.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f04

Start Time: 01d0b311bdf7c62e

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: 5e748d19-1f05-11e5-be94-e0db55aa055a

Faulting package full name:

Faulting package-relative application ID:

Error: (06/30/2015 09:26:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.5.80.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f80

Start Time: 01d0b30bb9dfffe0

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: a94c7fa5-1f01-11e5-be94-e0db55aa055a

Faulting package full name:

Faulting package-relative application ID:

Error: (06/29/2015 03:11:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Inspiron)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/29/2015 03:11:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fc4

Start Time: 01d0b210d0b1ad52

Termination Time: 4294967295

Application Path: UNKNOWN

Report Id: 1a66c8f2-1e04-11e5-be93-e0db55aa055a

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (06/28/2015 08:39:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1978

Start Time: 01d0b1d9c708e6e8

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\wwahost.exe

Report Id: 53ea090c-1dcd-11e5-be93-e0db55aa055a

Faulting package full name: Microsoft.BingSports_3.0.4.298_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexSports

Error: (06/28/2015 08:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Inspiron)
Description: Package Microsoft.BingSports_3.0.4.298_x64__8wekyb3d8bbwe+AppexSports was terminated because it took too long to suspend.

Error: (06/28/2015 07:39:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17415, time stamp: 0x5450367b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007af468
Faulting process ID: 0x1018
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report ID: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (06/28/2015 06:44:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Inspiron)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/28/2015 06:44:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fd8

Start Time: 01d0b1656331532d

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: aae0d2e3-1d58-11e5-be93-e0db55aa055a

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (06/26/2015 09:04:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fm.exe, version: 15.3.2.0, time stamp: 0x551d37bc
Faulting module name: fm.exe, version: 15.3.2.0, time stamp: 0x551d37bc
Exception code: 0xc0000005
Fault offset: 0x00b5fdb6
Faulting process ID: 0xbf4
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report ID: fm.exe3
Faulting package full name: fm.exe4
Faulting package-relative application ID: fm.exe5


System errors:
=============
Error: (06/30/2015 09:27:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RHDISK_AMD64 service failed to start due to the following error:
%%3

Error: (06/30/2015 09:26:37 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.

Error: (06/30/2015 09:26:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:50:15 AM on ‎6/‎30/‎2015 was unexpected.

Error: (06/30/2015 10:03:28 AM) (Source: DCOM) (EventID: 10010) (User: Inspiron)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/30/2015 10:02:58 AM) (Source: DCOM) (EventID: 10010) (User: Inspiron)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/30/2015 08:56:21 AM) (Source: DCOM) (EventID: 10010) (User: Inspiron)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/30/2015 08:55:51 AM) (Source: DCOM) (EventID: 10010) (User: Inspiron)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/30/2015 08:31:17 AM) (Source: DCOM) (EventID: 10010) (User: Inspiron)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/30/2015 08:30:46 AM) (Source: DCOM) (EventID: 10010) (User: Inspiron)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/30/2015 08:10:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RHDISK_AMD64 service failed to start due to the following error:
%%3


Microsoft Office:
=========================
Error: (06/30/2015 09:52:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.5.80.102f0401d0b311bdf7c62e4294967295C:\Program Files (x86)\Skype\Phone\Skype.exe5e748d19-1f05-11e5-be94-e0db55aa055a

Error: (06/30/2015 09:26:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.5.80.102f8001d0b30bb9dfffe04294967295C:\Program Files (x86)\Skype\Phone\Skype.exea94c7fa5-1f01-11e5-be94-e0db55aa055a

Error: (06/29/2015 03:11:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Inspiron)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142

Error: (06/29/2015 03:11:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: UNKNOWN0.0.0.0fc401d0b210d0b1ad524294967295UNKNOWN1a66c8f2-1e04-11e5-be93-e0db55aa055aMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (06/28/2015 08:39:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415197801d0b1d9c708e6e84294967295C:\WINDOWS\system32\wwahost.exe53ea090c-1dcd-11e5-be93-e0db55aa055aMicrosoft.BingSports_3.0.4.298_x64__8wekyb3d8bbweAppexSports

Error: (06/28/2015 08:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Inspiron)
Description: Microsoft.BingSports_3.0.4.298_x64__8wekyb3d8bbwe+AppexSports

Error: (06/28/2015 07:39:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.174155450367bunknown0.0.0.000000000c0000005007af468101801d0b1d1b96ab9c3C:\WINDOWS\SysWOW64\explorer.exeunknownff7b8530-1dc4-11e5-be93-e0db55aa055a

Error: (06/28/2015 06:44:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Inspiron)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142

Error: (06/28/2015 06:44:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415fd801d0b1656331532d4294967295C:\WINDOWS\syswow64\wwahost.exeaae0d2e3-1d58-11e5-be93-e0db55aa055aMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (06/26/2015 09:04:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe15.3.2.0551d37bcfm.exe15.3.2.0551d37bcc000000500b5fdb6bf401d0af79ef6f000cC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exee9229bad-1bd9-11e5-be93-e0db55aa055a


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 27%
Total physical RAM: 8058.5 MB
Available physical RAM: 5871.43 MB
Total Pagefile: 9338.5 MB
Available Pagefile: 7049.77 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.81 GB) (Free:354.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.
Could not read MBR for disk 1.

==================== End of log ============================

Thanks in advance.
You do not have the required permissions to view the files attached to this post.
T66892
Active Member
 
Posts: 7
Joined: June 30th, 2015, 5:11 pm
Advertisement
Register to Remove

Re: Not sure if Malware or struggling comp

Unread postby Gary R » July 1st, 2015, 7:44 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Not sure if Malware or struggling comp

Unread postby Gary R » July 1st, 2015, 7:53 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi T66892

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 8.1, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are clear indications of an infection on your computer, but before we start to clean your machine, I need you to run some additional scans for me, so that we've got a more complete picture of what we're up against.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

I'd like you to run a Search for me using FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;trovi;clientconnect;InternetEnhancer;Irrational Number Applications;hJsHWJnfOTx;WgYeNTMO

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Not sure if Malware or struggling comp

Unread postby T66892 » July 1st, 2015, 8:15 am

hi, thank you!

# AdwCleaner v4.207 - Logfile created 01/07/2015 at 13:10:33
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : T - INSPIRON
# Running from : C:\Users\T\Desktop\adwcleaner_4.207.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\WInterEnhancer
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WInterEnhancer
Folder Found : C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Found : C:\Users\T\AppData\Roaming\OpenCandy
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\StormWatch

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51428;hxxps=127.0.0.1:51428
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\StormWatchApp
Key Found : HKCU\Software\WajIEnhance
Key Found : HKCU\Software\WInterEnhancer
Key Found : [x64] HKCU\Software\StormWatchApp
Key Found : [x64] HKCU\Software\WajIEnhance
Key Found : [x64] HKCU\Software\WInterEnhancer
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\StormWatchApp
Key Found : HKLM\SOFTWARE\WInterEnhancer
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://uk.search.yahoo.com/?type=99451 ... got-yhp-ie

-\\ Google Chrome v43.0.2357.130


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [2824 bytes] - [01/07/2015 13:02:49]
AdwCleaner[R1].txt - [2729 bytes] - [01/07/2015 13:10:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2788 bytes] ##########
You do not have the required permissions to view the files attached to this post.
T66892
Active Member
 
Posts: 7
Joined: June 30th, 2015, 5:11 pm

Re: Not sure if Malware or struggling comp

Unread postby T66892 » July 1st, 2015, 8:27 am

my search results are attached
You do not have the required permissions to view the files attached to this post.
T66892
Active Member
 
Posts: 7
Joined: June 30th, 2015, 5:11 pm

Re: Not sure if Malware or struggling comp

Unread postby Gary R » July 1st, 2015, 8:57 am

OK, let's start clearing away the stuff we've found, and see where that takes us ...

First ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.


Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Program Files (x86)\WInterEnhancer
C:\ProgramData\hJsHWJnfOTx
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:51428;https=127.0.0.1:51428
ProxyServer: [S-1-5-21-515130059-2430807289-3433730637-1001] => http=127.0.0.1:51428;https=127.0.0.1:51428
R2 WgYeNTMO; C:\ProgramData\hJsHWJnfOTx\WgYeNTMO.exe [2732024 2015-06-30] (Irrational Number Applications)
R2 WInterEnhancer Service; C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\InternetEnhancerService.exe [1154560 2015-06-29] () [File not signed]
2015-06-30 21:25 - 2015-06-30 21:25 - 00000000 ____D C:\ProgramData\Mluaailg
2015-06-30 21:21 - 2015-06-30 21:23 - 00000000 ____D C:\Users\T\AppData\Local\Deployment
2015-06-30 21:21 - 2015-06-30 21:21 - 00000000 ____D C:\Users\T\AppData\Local\Apps\2.0
2015-06-30 21:20 - 2015-06-30 22:02 - 00000000 ____D C:\Users\T\AppData\Local\WebShield
2015-06-30 21:20 - 2015-06-30 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WInterEnhancer
2015-06-30 21:20 - 2015-06-30 21:20 - 00000000 ____D C:\ProgramData\hJsHWJnfOTx
2015-06-30 21:20 - 2015-06-30 21:20 - 00000000 ____D C:\Program Files (x86)\WInterEnhancer
2015-06-30 21:19 - 2015-06-30 21:20 - 00000000 ____D C:\ProgramData\WebShield
2015-06-03 07:33 - 2015-06-03 09:51 - 00000000 ____D C:\Users\T\AppData\Roaming\Azureus
2015-06-29 12:17 - 2015-06-29 12:17 - 01154560 _____ () C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\InternetEnhancerService.exe
2015-06-29 12:17 - 2015-06-29 12:17 - 00286208 _____ () C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\InternetEnhancer.exe
2015-06-29 12:17 - 2015-06-29 12:17 - 00011776 _____ () C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\ApiHandlr.dll
FirewallRules: [{F6D83283-CB7E-494E-9A04-C35DDE74434B}] => (Allow) C:\Users\T\AppData\Local\Temp\nsz5A9B.tmp\CnetInstaller-75115673.exe
FirewallRules: [{E1A45CE4-5F32-4B4B-906C-D86C4E7B2009}] => (Allow) C:\Users\T\AppData\Local\Temp\nsz5A9B.tmp\CnetInstaller-75115673.exe
FirewallRules: [{570DF9DC-886B-4E03-8933-E65E92C78C23}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{CA19696B-FFFA-426B-A695-028ADAB91D0F}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetEnhancer_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WgYeNTMO_RASAPI32]

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • Fixlog.txt
  • Please let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Not sure if Malware or struggling comp

Unread postby T66892 » July 1st, 2015, 9:12 am

# AdwCleaner v4.207 - Logfile created 01/07/2015 at 14:05:26
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : T - INSPIRON
# Running from : C:\Users\T\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WInterEnhancer
Folder Deleted : C:\Program Files (x86)\WInterEnhancer
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\StormWatch
Folder Deleted : C:\Users\T\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\T\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\WajIEnhance
Key Deleted : HKCU\Software\WInterEnhancer
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\StormWatchApp
Key Deleted : HKLM\SOFTWARE\WInterEnhancer
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51428;hxxps=127.0.0.1:51428
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v43.0.2357.130


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [2824 bytes] - [01/07/2015 13:02:49]
AdwCleaner[R1].txt - [2853 bytes] - [01/07/2015 13:10:33]
AdwCleaner[R2].txt - [2942 bytes] - [01/07/2015 14:02:44]
AdwCleaner[S0].txt - [2480 bytes] - [01/07/2015 14:05:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2539 bytes] ##########
T66892
Active Member
 
Posts: 7
Joined: June 30th, 2015, 5:11 pm

Re: Not sure if Malware or struggling comp

Unread postby T66892 » July 1st, 2015, 9:26 am

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by T at 2015-07-01 14:17:43 Run:1
Running from C:\Users\T\Desktop
Loaded Profiles: T (Available Profiles: T)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\WInterEnhancer
C:\ProgramData\hJsHWJnfOTx
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:51428;https=127.0.0.1:51428
ProxyServer: [S-1-5-21-515130059-2430807289-3433730637-1001] => http=127.0.0.1:51428;https=127.0.0.1:51428
R2 WgYeNTMO; C:\ProgramData\hJsHWJnfOTx\WgYeNTMO.exe [2732024 2015-06-30] (Irrational Number Applications)
R2 WInterEnhancer Service; C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\InternetEnhancerService.exe [1154560 2015-06-29] () [File not signed]
2015-06-30 21:25 - 2015-06-30 21:25 - 00000000 ____D C:\ProgramData\Mluaailg
2015-06-30 21:21 - 2015-06-30 21:23 - 00000000 ____D C:\Users\T\AppData\Local\Deployment
2015-06-30 21:21 - 2015-06-30 21:21 - 00000000 ____D C:\Users\T\AppData\Local\Apps\2.0
2015-06-30 21:20 - 2015-06-30 22:02 - 00000000 ____D C:\Users\T\AppData\Local\WebShield
2015-06-30 21:20 - 2015-06-30 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WInterEnhancer
2015-06-30 21:20 - 2015-06-30 21:20 - 00000000 ____D C:\ProgramData\hJsHWJnfOTx
2015-06-30 21:20 - 2015-06-30 21:20 - 00000000 ____D C:\Program Files (x86)\WInterEnhancer
2015-06-30 21:19 - 2015-06-30 21:20 - 00000000 ____D C:\ProgramData\WebShield
2015-06-03 07:33 - 2015-06-03 09:51 - 00000000 ____D C:\Users\T\AppData\Roaming\Azureus
2015-06-29 12:17 - 2015-06-29 12:17 - 01154560 _____ () C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\InternetEnhancerService.exe
2015-06-29 12:17 - 2015-06-29 12:17 - 00286208 _____ () C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\InternetEnhancer.exe
2015-06-29 12:17 - 2015-06-29 12:17 - 00011776 _____ () C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\ApiHandlr.dll
FirewallRules: [{F6D83283-CB7E-494E-9A04-C35DDE74434B}] => (Allow) C:\Users\T\AppData\Local\Temp\nsz5A9B.tmp\CnetInstaller-75115673.exe
FirewallRules: [{E1A45CE4-5F32-4B4B-906C-D86C4E7B2009}] => (Allow) C:\Users\T\AppData\Local\Temp\nsz5A9B.tmp\CnetInstaller-75115673.exe
FirewallRules: [{570DF9DC-886B-4E03-8933-E65E92C78C23}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{CA19696B-FFFA-426B-A695-028ADAB91D0F}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetEnhancer_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WgYeNTMO_RASAPI32]
*****************

"C:\Program Files (x86)\WInterEnhancer" => File/Folder not found.
"C:\ProgramData\hJsHWJnfOTx" => File/Folder not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-515130059-2430807289-3433730637-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
WgYeNTMO => Service not found.
WInterEnhancer Service => Service not found.
C:\ProgramData\Mluaailg => moved successfully.
C:\Users\T\AppData\Local\Deployment => moved successfully.
C:\Users\T\AppData\Local\Apps\2.0 => moved successfully.
"C:\Users\T\AppData\Local\WebShield" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WInterEnhancer" => File/Folder not found.
"C:\ProgramData\hJsHWJnfOTx" => File/Folder not found.
"C:\Program Files (x86)\WInterEnhancer" => File/Folder not found.
"C:\ProgramData\WebShield" => File/Folder not found.
C:\Users\T\AppData\Roaming\Azureus => moved successfully.
"C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\InternetEnhancerService.exe" => File/Folder not found.
"C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\InternetEnhancer.exe" => File/Folder not found.
"C:\Program Files (x86)\WInterEnhancer\WInterEnhancer Internet Enhancer\ApiHandlr.dll" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6D83283-CB7E-494E-9A04-C35DDE74434B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1A45CE4-5F32-4B4B-906C-D86C4E7B2009} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{570DF9DC-886B-4E03-8933-E65E92C78C23} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA19696B-FFFA-426B-A695-028ADAB91D0F} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetEnhancer_RASAPI32 => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WgYeNTMO_RASAPI32 => key not found.
EmptyTemp: => 513.5 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 14:18:13 ====
T66892
Active Member
 
Posts: 7
Joined: June 30th, 2015, 5:11 pm

Re: Not sure if Malware or struggling comp

Unread postby Gary R » July 1st, 2015, 10:09 am

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Not sure if Malware or struggling comp

Unread postby T66892 » July 1st, 2015, 3:55 pm

Hi, everything is running fine, although Chrome at times is still loading slowly, and is still notably slow when I type a search into the navigation bar.
T66892
Active Member
 
Posts: 7
Joined: June 30th, 2015, 5:11 pm

Re: Not sure if Malware or struggling comp

Unread postby Gary R » July 1st, 2015, 5:08 pm

OK, I'd like you to run a further scan for me, to see if we've missed anything ....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Not sure if Malware or struggling comp

Unread postby T66892 » July 3rd, 2015, 9:09 pm

Hi, I ran the scan, and it stated no issues found. The slow searching and video playback does seem to be a Chrome specific issue and my laptop is running much better.

Sorry for the delay
T66892
Active Member
 
Posts: 7
Joined: June 30th, 2015, 5:11 pm

Re: Not sure if Malware or struggling comp

Unread postby Gary R » July 4th, 2015, 1:03 am

If it's just Chrome specific, then looking at the extensions you have installed for Chrome, and since no further malware is being flagged on your machine, I would say it's likely to be the Avast add on that is most likely to be the cause of the slow searches.

Try disabling it ... http://www.wikihow.com/Disable-Add-Ons ... and see if your searches speed up at all.

If they do, then you might want to consider removing it.

Other than that, your computer looks clean of infection now, and we need to clear out the programs we've been using to clean it ...

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes ...
    • Activate UAC
    • Remove disinfection tools
    • Purge system restore

    ... then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Not sure if Malware or struggling comp

Unread postby Gary R » July 7th, 2015, 1:06 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 123 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware