I saw the one about posting the 2 logs from FRST, I did that?
And starting the other computer after this is done?
Greg
I saw the one about posting the 2 logs from FRST, I did that?
And starting the other computer after this is done?
Greg
Let's do this, should be for the first computer.
Running from C:\Users\gregsw\Downloads
It's best we move Farbar's to desktop.
Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
Open FRST/FRST64 and press the > Fix < button just once and wait.start
CreateRestorePoint:
CloseProcesses:
Task: {181D3F9D-7925-4A59-8E49-C4F984C50D70} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1A505D4E-1921-472C-AF0A-C46EBF3C529B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {20F2ABCA-27AF-419A-BC13-53130C398BDA} - System32\Tasks\4836 => Wscript.exe C:\Users\gregsw\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {24068976-E26E-4297-BDDB-72D2A3F7C313} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {2DDB6049-18D7-470D-8D9D-A98319310997} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3BD0503A-3F41-4BF2-9344-9AA94608C18B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3D3D42EE-0A70-46A3-8E18-40172EEBC59C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6684A84D-C736-49D2-8C07-8E2CF2CA9342} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {719F8A72-6D1A-4968-AE3B-E02AACB1C146} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AD5A369C-CB1C-4B98-86ED-EED7728F14D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D332BC4C-7604-454D-8EE3-6F39CCBD2E96} - \{0D7F7E47-0A0B-0A08-0D11-0B090A0A117A} -> No File <==== ATTENTION
Task: {D4BB8FD6-8F64-47A9-8372-4BDA2C39D4E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EE2B6976-B1FC-4424-838F-3878667BC4E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F520E062-2113-464E-ADAF-B4D0CFF29A1E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {FEA5DE20-5E8F-4AEC-B684-B54EDF20131A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [191]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> DefaultScope {546AE48D-C42D-45B9-B67E-99801CFAA413} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US636D20140710&p={searchTerms}
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> {47927663-4FAA-462D-B456-7FFB0F644880} URL =
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> {546AE48D-C42D-45B9-B67E-99801CFAA413} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US636D20140710&p={searchTerms}
Toolbar: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => No File
CHR Plugin: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
EmptyTemp:
End
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
AdwCleaner
- Please download AdwCleaner and save the file to your Desktop.
- Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
- Follow the prompts.
- Click Scan.
- Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
- Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
- Follow the prompts and allow your computer to reboot.
- After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~~~~~~~~
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
i hope I did it right, I put both on the desktop..
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by gregsw (2016-03-07 13:00:13) Run:1
Running from C:\Users\gregsw\Desktop
Loaded Profiles: gregsw (Available Profiles: gregsw & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {181D3F9D-7925-4A59-8E49-C4F984C50D70} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1A505D4E-1921-472C-AF0A-C46EBF3C529B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {20F2ABCA-27AF-419A-BC13-53130C398BDA} - System32\Tasks\4836 => Wscript.exe C:\Users\gregsw\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {24068976-E26E-4297-BDDB-72D2A3F7C313} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {2DDB6049-18D7-470D-8D9D-A98319310997} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3BD0503A-3F41-4BF2-9344-9AA94608C18B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3D3D42EE-0A70-46A3-8E18-40172EEBC59C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6684A84D-C736-49D2-8C07-8E2CF2CA9342} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {719F8A72-6D1A-4968-AE3B-E02AACB1C146} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AD5A369C-CB1C-4B98-86ED-EED7728F14D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D332BC4C-7604-454D-8EE3-6F39CCBD2E96} - \{0D7F7E47-0A0B-0A08-0D11-0B090A0A117A} -> No File <==== ATTENTION
Task: {D4BB8FD6-8F64-47A9-8372-4BDA2C39D4E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EE2B6976-B1FC-4424-838F-3878667BC4E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F520E062-2113-464E-ADAF-B4D0CFF29A1E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {FEA5DE20-5E8F-4AEC-B684-B54EDF20131A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [191]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> DefaultScope {546AE48D-C42D-45B9-B67E-99801CFAA413} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US636D20140710&p={searchTerms}
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> {47927663-4FAA-462D-B456-7FFB0F644880} URL =
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> {546AE48D-C42D-45B9-B67E-99801CFAA413} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US636D20140710&p={searchTerms}
Toolbar: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => No File
CHR Plugin: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{181D3F9D-7925-4A59-8E49-C4F984C50D70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{181D3F9D-7925-4A59-8E49-C4F984C50D70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A505D4E-1921-472C-AF0A-C46EBF3C529B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A505D4E-1921-472C-AF0A-C46EBF3C529B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20F2ABCA-27AF-419A-BC13-53130C398BDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20F2ABCA-27AF-419A-BC13-53130C398BDA}" => key removed successfully
C:\WINDOWS\System32\Tasks\4836 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4836" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24068976-E26E-4297-BDDB-72D2A3F7C313}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24068976-E26E-4297-BDDB-72D2A3F7C313}" => key removed successfully
C:\WINDOWS\System32\Tasks\0 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DDB6049-18D7-470D-8D9D-A98319310997}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DDB6049-18D7-470D-8D9D-A98319310997}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BD0503A-3F41-4BF2-9344-9AA94608C18B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BD0503A-3F41-4BF2-9344-9AA94608C18B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D3D42EE-0A70-46A3-8E18-40172EEBC59C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D3D42EE-0A70-46A3-8E18-40172EEBC59C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6684A84D-C736-49D2-8C07-8E2CF2CA9342}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6684A84D-C736-49D2-8C07-8E2CF2CA9342}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{719F8A72-6D1A-4968-AE3B-E02AACB1C146}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{719F8A72-6D1A-4968-AE3B-E02AACB1C146}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD5A369C-CB1C-4B98-86ED-EED7728F14D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD5A369C-CB1C-4B98-86ED-EED7728F14D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D332BC4C-7604-454D-8EE3-6F39CCBD2E96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D332BC4C-7604-454D-8EE3-6F39CCBD2E96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0D7F7E47-0A0B-0A08-0D11-0B090A0A117A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4BB8FD6-8F64-47A9-8372-4BDA2C39D4E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4BB8FD6-8F64-47A9-8372-4BDA2C39D4E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE2B6976-B1FC-4424-838F-3878667BC4E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE2B6976-B1FC-4424-838F-3878667BC4E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F520E062-2113-464E-ADAF-B4D0CFF29A1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F520E062-2113-464E-ADAF-B4D0CFF29A1E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEA5DE20-5E8F-4AEC-B684-B54EDF20131A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEA5DE20-5E8F-4AEC-B684-B54EDF20131A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-418580636-829134441-2959382271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-418580636-829134441-2959382271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47927663-4FAA-462D-B456-7FFB0F644880}" => key removed successfully
HKCR\CLSID\{47927663-4FAA-462D-B456-7FFB0F644880} => key not found.
"HKU\S-1-5-21-418580636-829134441-2959382271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{546AE48D-C42D-45B9-B67E-99801CFAA413}" => key removed successfully
HKCR\CLSID\{546AE48D-C42D-45B9-B67E-99801CFAA413} => key not found.
HKU\S-1-5-21-418580636-829134441-2959382271-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
Chrome HomePage => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => not found.
C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => not found.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to cancel {A66D8006-0714-4913-B408-685439F46246}.
{DFFE5B05-CB94-48D7-91A8-EE6854B1F000} canceled.
{CA771615-4507-4DC5-91DC-3E31BCEF6B96} canceled.
{7FD5F69D-1725-4D9E-9F15-BF973EBEDE09} canceled.
{B2B5E1A5-E6F9-4B39-ACFA-5CB37FE6FDAB} canceled.
{9D12EC69-F894-4C96-B132-B946B6C70A10} canceled.
{A3D681FA-3417-4375-BE8C-D832A3922A4B} canceled.
6 out of 7 jobs canceled.
========= End of CMD: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
EmptyTemp: => 536.9 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 13:02:19 ====
Good
Waiting for
AdwCleaner[CX].txt
JRT.txt
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
# AdwCleaner v5.101 - Logfile created 07/03/2016 at 13:26:28
# Updated 07/03/2016 by Xplode
# Database : 2016-03-06.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : gregsw - GREG
# Running from : C:\Users\gregsw\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\Program Files (x86)\OneSystemCare
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\61c981ce
Folder Found : C:\ProgramData\7affe628-3891-0
Folder Found : C:\ProgramData\7affe628-7075-1
Folder Found : C:\ProgramData\a4448147-0541-0
Folder Found : C:\ProgramData\a4448147-4337-0
Folder Found : C:\ProgramData\{13c53c4e-012c-0}
Folder Found : C:\ProgramData\{13c53c4e-012c-1}
Folder Found : C:\ProgramData\{1e32524b-412c-0}
***** [ Files ] *****
***** [ DLL ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Web browsers ] *****
*************************
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [1869 bytes] - [07/03/2016 13:26:28]
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [1962 bytes] ##########
I know Twitter is not your issue, but could something with a this virus or malware be causing this issue? Twiter has no help.
I can send tweets fine and watch them go by. But the people I send tweets to do not receive notifications of my tweets. They can see them go by if watching right then. But get no notice.
I tried 3 accounts, starting 1 on a differet computer. It worked fine for a short time. It does leave a notificstion, but only rarely. One account worked for 10 minutes yesterday, another for a few minutes this mornig. Makes no sense to me. Using the Web Twitter, Chrome an IE, and on my Kindle. How can this happen?
Thanks so much.
Please open AdwCleaner
- Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
*****
- Click the Scan button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. At this time please click clean/remove
- Follow the prompts and allow your computer to reboot.
- After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
~~~~~~~~~~~~~~~`
Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
~~~~~~~~~~`
please post
AdwCleaner[CX].txt
JRT.txt
The deal with Twitter
It could be something as simple as changing your password, or the forum is having some kind of glitch.
~~~~~~~~~~~~~~~~~~~~~
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Can you follow through with the last set of instructions?
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Made a file caled AdwCleaner[C1].txt
# AdwCleaner v5.101 - Logfile created 07/03/2016 at 17:28:56
# Updated 07/03/2016 by Xplode
# Database : 2016-03-06.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : gregsw - GREG
# Running from : C:\Users\gregsw\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\OneSystemCare
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\61c981ce
[-] Folder Deleted : C:\ProgramData\7affe628-3891-0
[-] Folder Deleted : C:\ProgramData\7affe628-7075-1
[-] Folder Deleted : C:\ProgramData\a4448147-0541-0
[-] Folder Deleted : C:\ProgramData\a4448147-38c7-0
[-] Folder Deleted : C:\ProgramData\a4448147-4337-0
[-] Folder Deleted : C:\ProgramData\a4448147-7f01-1
[-] Folder Deleted : C:\ProgramData\{13c53c4e-012c-0}
[-] Folder Deleted : C:\ProgramData\{13c53c4e-012c-1}
[-] Folder Deleted : C:\ProgramData\{1e32524b-412c-0}
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2184 bytes] - [07/03/2016 17:28:56]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2073 bytes] - [07/03/2016 13:26:28]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [2260 bytes] - [07/03/2016 17:26:50]
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2463 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64
Ran by gregsw (Administrator) on Mon 03/07/2016 at 17:45:17.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/07/2016 at 17:48:22.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~