Solved Help please C:\PROGRA~2\SEARCH~\SEARCH~\bin\VCLO~1.DLL error

August 22, 2015 at 02:38:43
Specs: Windows 7
Its my friends computer but shes not tech savvy and neither am I.

Keep getting this message each time she clicks on a link on desktop.

Can anyone please help solve this issue. Tried using anti malware and this is what happened. Help please!

ps. Earlier in the day I downloaded google chrome as her normal browser e explorer was slow so I could download and run ccleaner and spyware blaster.

It kind of went ok until I tried to delete software I thought she wouldnt need and thats when I came across Palmall and some other stuff.

I googled it and found it was spyware and to get rid of it Id need anti malware or spyhunter. Soo I downloaded and ran both. After that the error message popped up.

So I googled how to fix and cam across this website. I sincerely hope someone can help and greatly appreciate it.

on a side note she's had this laptop for 5 years and I dont think its ever been cleaned.
using windows 7

message edited by Ngaire


See More: Help please C:\PROGRA~2\SEARCH~\SEARCH~\bin\VCLO~1.DLL error

Report •


✔ Best Answer
August 22, 2015 at 18:15:10
"Here you go"
All good, now to tackle normal boot.

Disable your antivirus program before running Windows Repair.
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...

Run Tweaking.com - Windows Repair

http://www.softpedia.com/get/Tweak/...
http://i.imgur.com/UbaXHuV.gif
http://www.tweaking.com/
http://www.tweaking.com/content/pag...

Do Step 1, this is very important > Do a Proper Power Reset First!
Right click on the exe & click on > Run as administrator.
http://i.imgur.com/NWSHEUy.gif

Then go straight to Repairs & check all the boxes. Reboot when finished.
http://i.imgur.com/LTVThqF.gif
http://i.imgur.com/tdlbsVH.gif

The logs are large, upload them using Zippy.



#1
August 22, 2015 at 04:06:47
Here are the first 2 steps, there will be more steps needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Malwarebytes Acquires Junkware Removal Tool
https://blog.malwarebytes.org/news/...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#2
August 22, 2015 at 04:11:26
Thanks John for the quick reply. Will do them now

Cheers Kiri


Report •

#3
August 22, 2015 at 04:31:28
Hi Johnw just rebooted system after cleaning with Adwcleaner but SpyHunter is initializing files at startup which is taking awhile.

Sorry for taking up your time, please bear with me, wish I never downloaded it in the first place

message edited by Ngaire


Report •

Related Solutions

#4
August 22, 2015 at 05:04:41
I am still with you Ngaire.

Report •

#5
August 22, 2015 at 05:14:13
Johnw Im using another laptop as Spyhunter wouldnt stop looping at the boot.

I rebooted in safemode and tried to delete it but when I sign back in it starts up but then nothing.. just a black page with arrow.

Im in safe mode on the infected pc but my question is, can adwcleaner be run in this mode and if so, how do I start it up so I get the logfile in safemode as I dont think computer will reboot again in normal mode?


message edited by Ngaire


Report •

#6
August 22, 2015 at 05:28:07
Let me absorb your problems, back in 10 mins.

Report •

#7
August 22, 2015 at 05:38:43
"can adwcleaner be run in this mode"
I have no idea at this stage if it will run, but it is worth a try, before I move the heavy artillery in.

"so I get the logfile in safemode"
If it does run, immediately it finishes, you may see a log.
If it reboots, make sure you direct it to safe mode. The log normally will be visible. You are not in a normal situation, so lets see what happens.

message edited by Johnw


Report •

#8
August 22, 2015 at 05:52:27
Just trying it now, thanks for your patience

Report •

#9
August 22, 2015 at 06:02:26
Here's the first log John

# AdwCleaner v5.003 - Logfile created 22/08/2015 at 23:13:08
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : star17 - SNOOPY
# Running from : C:\Users\star17\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : PCKeeper2Service
Service Found : PCKeeperOcfService
Service Found : ReimageRealTimeProtector
Service Found : webTinstMKTN
Service Found : SafeGuard Update Service
Service Found : SGUpdater
Service Found : fileHiders
Service Found : AccountService
Service Found : 5936b827

***** [ Folders ] *****

Folder Found : C:\rei
Folder Found : C:\Program Files\Reimage
Folder Found : C:\Program Files\Kromtech
Folder Found : C:\Program Files\slimcleaner plus
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\iMesh Applications
Folder Found : C:\Program Files (x86)\MyWebSearch
Folder Found : C:\Program Files (x86)\Search Results Toolbar
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\SafeGuard
Folder Found : C:\Program Files (x86)\WinZip Driver Updater
Folder Found : C:\Program Files (x86)\driverupdate
Folder Found : C:\Program Files (x86)\LuuckyCCOupon
Folder Found : C:\Program Files (x86)\QUEEenCoupon
Folder Found : C:\Program Files (x86)\SAlesCheecaker
Folder Found : C:\Program Files (x86)\SAleSeChecker
Folder Found : C:\Program Files (x86)\EasyHomeDecorating_73
Folder Found : C:\Program Files (x86)\MyWebSearch
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\speedypc software
Folder Found : C:\ProgramData\Reimage Protector
Folder Found : C:\ProgramData\Kromtech
Folder Found : C:\ProgramData\slimware utilities inc
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kromtech
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Driver Updater
Folder Found : C:\Users\star17\AppData\Local\globalUpdate
Folder Found : C:\Users\star17\AppData\Local\SearchProtect
Folder Found : C:\Users\star17\AppData\Local\torch
Folder Found : C:\Users\star17\AppData\Local\Kromtech
Folder Found : C:\Users\star17\AppData\Local\459B8A2A-1426339893-E011-B496-B870F4DC939F
Folder Found : C:\Users\star17\AppData\LocalLow\iac
Folder Found : C:\Users\star17\AppData\Roaming\DriverCure
Folder Found : C:\Users\star17\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\star17\AppData\Roaming\speedypc software
Folder Found : C:\Users\star17\AppData\Roaming\Systweak
Folder Found : C:\Users\star17\Documents\video download converter
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SafeGuard

***** [ Files ] *****

File Found : C:\Users\star17\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_okkmdjgiocljmajcolbkhkfpkddapfhf_0.localstorage
File Found : C:\Windows\apppatch\apppatch64\vcldr64.dll
File Found : C:\Windows\AppPatch\nbin\VC32Loader.dll
File Found : C:\Windows\Reimage.ini
File Found : C:\Windows\Sysnative\roboot64.exe
File Found : C:\Windows\Sysnative\drivers\fileHiders.sys
File Found : C:\Windows\SysWOW64\RegistryHelperLM.ocx

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : LaunchSignup
Task Found : Reimage Reminder
Task Found : ReimageUpdater
Task Found : WinZipDriverUpdater_UPDATES
Task Found : WinZipDriverUpdaterRunAtStartup
Task Found : PCKeeper updater

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Found : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Found : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
Key Found : HKLM\System\CurrentControlSet\Services\Eventlog\Application\registry helper service
Key Found : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Key Found : HKLM\SOFTWARE\48238595-f30b-2102-7f17-938bd218341c
Key Found : HKLM\SOFTWARE\4bd0d940-5547-4dd9-9c05-9feaa3c69dc2
Key Found : HKLM\SOFTWARE\7a721c10-40d2-441c-8489-6cc75083003a
Key Found : HKLM\SOFTWARE\baec835b-8168-4291-a6d7-add51c01a1d8
Key Found : HKLM\SOFTWARE\cf96cfac-16df-44dd-b71b-e503c7b5bcc8
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\FunWebProducts
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\MyWebSearch
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\simplytech
Key Found : HKCU\Software\speedypc software
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\CoinisRS
Key Found : HKCU\Software\reimagerepair
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\Kromtech
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Fun Web Products
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\MyWebSearch
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\speedypc software
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\torch
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKLM\SOFTWARE\SafeGuard
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\MyWebSearch
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\A82C2610-95AC-35FB-861A-70B552E6CFD5
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\A82C2610-95AC-35FB-861A-70B552E6CFD5
Key Found : [x64] HKCU\Software\FunWebProducts
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\MyWebSearch
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\simplytech
Key Found : [x64] HKCU\Software\speedypc software
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\CoinisRS
Key Found : [x64] HKCU\Software\reimagerepair
Key Found : [x64] HKCU\Software\Avg Secure Update
Key Found : [x64] HKCU\Software\Kromtech
Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
Key Found : [x64] HKCU\Software\MyWebSearch
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Reimage
Key Found : [x64] HKLM\SOFTWARE\Kromtech
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC64LO~1.DLL

***** [ Web browsers ] *****

[C:\Users\star17\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.search
[C:\Users\star17\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : istartsurf
[C:\Users\star17\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.istartsurf.com/?type=hppp&ts=1426577611&from=face&uid=ST9500325AS_6VEWWB1BXXXX6VEWWB1B

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [17451 bytes] ##########


Report •

#10
August 22, 2015 at 06:05:40
Whew, nice work Ngaire, we are on the right track.

Try step 2 in normal mode or safe mode if necessary.


Report •

#11
August 22, 2015 at 06:08:46
Opp's, just noticed that was the scan log, not the cleaning log.

Did you hit Clean after the Scan?


Report •

#12
August 22, 2015 at 06:10:26
Okay, I'm trying in safe mode as normal mode doesn't load.

Report •

#13
August 22, 2015 at 06:25:22
It says 413 Request entity too large

Report •

#14
August 22, 2015 at 06:27:47
Try right clicking on it & select > Run as administrator.


Report •

#15
August 22, 2015 at 06:33:20
Hope this works

http://www63.zippyshare.com/v/Z5x2k...


Report •

#16
August 22, 2015 at 06:40:25
"Hope this works"
Perfect.

Refer my post #11 please.


Report •

#17
August 22, 2015 at 06:44:55
Probably didn't, will do it again.

Thank you so much for wanting to help


Report •

#18
August 22, 2015 at 06:52:37
Is this right?

# AdwCleaner v5.003 - Logfile created 23/08/2015 at 01:45:42
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : star17 - SNOOPY
# Running from : C:\Users\star17\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC64LO~1.DLL

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [658 bytes] ##########


Report •

#19
August 22, 2015 at 06:55:17
7th line down, says Scan.

The log I need to see, says Clean.


Report •

#20
August 22, 2015 at 06:56:52
This one?


# AdwCleaner v5.003 - Logfile created 23/08/2015 at 01:46:55
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : star17 - SNOOPY
# Running from : C:\Users\star17\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Web browsers ] *****


*************************

:: Proxy settings cleared
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [707 bytes] ##########


Report •

#21
August 22, 2015 at 07:00:43
"This one?"
Perfect.

Next step.

I shall stay online until you let me know the scan is working.

Also, after each tool we run, let me know if you can get into normal mode, eventually, it will happen.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
Make sure these options are checked/ticked in Advanced settings.
Remove found threats, Scan archives, Scan for potentially unsafe applications, Enable Anti-Stealth technology.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://support.eset.com/kb2103/
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://support.eset.com/kb2612/
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
3: Which web browsers are compatible with ESET Online Scanner?
http://support.eset.com/kb405/?loca...
Online Scanner not working
http://support.eset.com/kb403/?loca...
My ESET product detected a threat—what should I do?
http://support.eset.com/kb117/
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
http://support.eset.com/kb405/?view...
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://support.eset.com/kb405/?view...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#22
August 22, 2015 at 07:14:40
Scanning as we speak. I can't thank you enough!!

I was only meant to revert the lappy back to windows 7, maybe speed it up a lil and delete some unwanted software. I went abit too far and gung ho. Lesson learnt.

Also Iv'e read you are from Auz. If you want to head to bed Id totally understand. Id be there to if Id stuck to the original plan


Report •

#23
August 22, 2015 at 07:15:58
I'm here, are you? I know an Ngaire.
http://www.timeanddate.com/worldclo...

Report •

#24
August 22, 2015 at 07:21:27
I'm in NZ, Taranaki to be exact.

I've been working on my friends laptop since I got home from work at 3pm yesterday (Saturday) I can't go to sleep until I know her Laptop is in Ok condition and not worse than when she gave it.


Report •

#25
August 22, 2015 at 07:28:21
"Taranaki"
Beautiful country, love it.

"I can't go to sleep until I know her Laptop is in Ok condition"
Ditto for me, have had some very late nights.
Even after running ESET, there will be a fair bit of work to be done, as long as you don't mind me being very thorough.

Once ESET is finished, here is the next step, bed for me now, nite.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#26
August 22, 2015 at 07:32:31
Be as thorough as you need to be please! Im here for the duration. Following step by step.

50% of step 3

By the way my friend (workmate) who owns the laptop is 60 yrs old and has never done any sort of cleaning apart from depending on Trend anti virus.

Thought Id help her out. Ha!


Report •

#27
August 22, 2015 at 07:34:39
Will do and will post results. Thanks a million Johnw and have a goodnite

Report •

#28
August 22, 2015 at 14:32:11
Here's the ESET Log

# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bbdde73dae98f74f975f862152986501
# end=init
# utc_time=2015-08-22 02:10:30
# local_time=2015-08-23 02:10:30 (+1200, New Zealand Standard Time)
# country="New Zealand"
# osver=6.1.7601 NT Service Pack 1
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bbdde73dae98f74f975f862152986501
# end=init
# utc_time=2015-08-22 02:13:15
# local_time=2015-08-23 02:13:15 (+1200, New Zealand Standard Time)
# country="New Zealand"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25400
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bbdde73dae98f74f975f862152986501
# end=updated
# utc_time=2015-08-22 02:27:59
# local_time=2015-08-23 02:27:59 (+1200, New Zealand Standard Time)
# country="New Zealand"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=bbdde73dae98f74f975f862152986501
# engine=25400
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-22 04:31:53
# local_time=2015-08-23 04:31:53 (+1200, New Zealand Standard Time)
# country="New Zealand"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Trend Micro Internet Security'
# compatibility_mode=528 16777213 100 100 4050814 33517618 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 191894563 0 0
# scanned=201093
# found=11
# cleaned=11
# scan_time=7434
sh=EE0A76C8452881E24D61D01E1CE2516EF8C722B6 ft=1 fh=b640ccd54e6782c3 vn="a variant of Win32/ReImageRepair.B potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\LanguageSelect.exe.vir"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageRepair.exe.vir"
sh=352D94006557FFE56D0B3D4A3D53A33E1EDAA13B ft=1 fh=9c2deb251acdf724 vn="a variant of Win32/Systweak.R potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Driver Updater\winzipdu.exe.vir"
sh=08A5CE348D319335A92076C65C1091277AFED1B9 ft=1 fh=158b9db86261fb7d vn="a variant of Win64/Systweak.A potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\Sysnative\roboot64.exe.vir"
sh=84FDCBC1014DA79C50D8B0E13EBD1727BCBD245C ft=1 fh=24fb3a6bd4b8866c vn="a variant of Win64/Toolbar.Crossrider.P potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\26ff93a2-3ea1-4ada-b859-74b019e0b55b\e5b2bd5e-d11e-4b94-8cd2-b74e0c423cb5.dll"
sh=166139351220A0084FF6AC62AC646ABA191B8C64 ft=1 fh=110b0630d4295641 vn="a variant of Win64/Toolbar.Crossrider.P potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\98080e6e-e0ab-472e-8596-144fcc6dc53c\98080e6e-e0ab-472e-8596-144fcc6dc53c.dll"
sh=166139351220A0084FF6AC62AC646ABA191B8C64 ft=1 fh=110b0630d4295641 vn="a variant of Win64/Toolbar.Crossrider.P potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\98080e6e-e0ab-472e-8596-144fcc6dc53c\9c368d5c-ce17-4fc6-86df-516842938bdd.dll"
sh=84FDCBC1014DA79C50D8B0E13EBD1727BCBD245C ft=1 fh=24fb3a6bd4b8866c vn="a variant of Win64/Toolbar.Crossrider.P potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\AMD APP\26ff93a2-3ea1-4ada-b859-74b019e0b55b.dll"
sh=355FB6247F0A750188370367F87AAE8E3B27EA94 ft=1 fh=b7b8c96c17c22525 vn="Win32/Patched.NFQ trojan (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll"
sh=078B17E585ECD51323119F83A11ABA6080903775 ft=1 fh=a8474e626567f22f vn="Win32/Adware.ConvertAd.RX application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\star17\AppData\Roaming\459B8A2A-1426292956-E011-B496-B870F4DC939F\Uninstall.exe"
sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\star17\Downloads\ccsetup508.exe"


Report •

#29
August 22, 2015 at 14:41:15
Good Morning Johnw, still getting blank screen after windows welcome. Not sure if shes just loading up? (doesn't seem to be)

Going back to safe mode and and download FARBAR Recovery to scan.


Report •

#30
August 22, 2015 at 14:59:03
Here are the Farbar logs Johnw

http://www87.zippyshare.com/v/Hd5vP...
http://www87.zippyshare.com/v/NJZ7H...


Report •

#31
August 22, 2015 at 16:57:49
Afternoon Ngaire.

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
AppInit_DLLs: C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC64LO~1.DLL => C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC64LO~1.DLL File not found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKLM-x32 -> {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-2059396423-3206171497-1592950792-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2059396423-3206171497-1592950792-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - <no Path/update_url>
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 -ad -bt=0 [X]
S4 beluhofe; [X]
S4 dylevowi; [X]
S4 gipojuqy; [X]
S4 qogolefo; [X]
S4 vutyweki; [X]
S3 cpuz134; \??\C:\Users\star17\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
AccountService (Version: 1.1.66 - Kromtech) Hidden <==== ATTENTION
PCKeeper (Version: 2.2.1206 - Kromtech) Hidden <==== ATTENTION
Quick Ref 1.10.0.9 (HKLM-x32\...\QuickRef_1.10.0.9) (Version: 1.10.0.9 - Quick Ref) <==== ATTENTION
Task: {024D4DDA-9349-4A13-A2E7-8994EC8A8201} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: {10B63E40-96C6-4B3E-B9F8-BAAA3BFD46A7} - \BlockAndSurf Update -> No File <==== ATTENTION
Task: {1D568C55-F275-48DA-95FE-3E40A8718FE7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {29ED76B6-EA53-4097-BE50-6B32D82ABD50} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {369FB513-698F-4104-9EE5-E5EB3CA212C8} - \avayvaxxvae -> No File <==== ATTENTION
Task: {63FCF47A-2463-484A-B29A-9F091CE2248C} - System32\Tasks\SpeedyPC Pro_sch_BE38E702-29ED-11E5-8CDC-F43F565C37C2 => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: {92D9875D-CD5A-43A8-ACAE-8117FC3918EE} - \bvxvbvef -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AE6B5384-636E-4A3A-A623-3EF6087B72DC} - \SlimCleaner Plus (Scheduled Scan - star17) -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E6C81EB2-C340-457A-BDCC-7A4C6171C8EA} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {EEDEC84B-0588-4758-B03C-1401B8423B59} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FF963E3B-F6BF-43C0-993E-016079EFE380} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro_sch_BE38E702-29ED-11E5-8CDC-F43F565C37C2.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\star17\Documents\Jivahna Lyrickel's photo album.nws:OECustomProperty
AlternateDataStreams: C:\Users\star17\Documents\Jivahna's baby photo's.nws:OECustomProperty

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

message edited by Johnw


Report •

#32
August 22, 2015 at 17:21:54
Still in safe mode John, still getting black screen. Here's the fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:21-08-2015 03
Ran by star17 (2015-08-23 12:13:27) Run:1
Running from C:\Users\star17\Desktop
Loaded Profiles: star17 (Available Profiles: star17)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
AppInit_DLLs: C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC64LO~1.DLL => C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC64LO~1.DLL File not found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKLM-x32 -> {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-2059396423-3206171497-1592950792-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2059396423-3206171497-1592950792-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - <no Path/update_url>
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 -ad -bt=0 [X]
S4 beluhofe; [X]
S4 dylevowi; [X]
S4 gipojuqy; [X]
S4 qogolefo; [X]
S4 vutyweki; [X]
S3 cpuz134; \??\C:\Users\star17\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
AccountService (Version: 1.1.66 - Kromtech) Hidden <==== ATTENTION
PCKeeper (Version: 2.2.1206 - Kromtech) Hidden <==== ATTENTION
Quick Ref 1.10.0.9 (HKLM-x32\...\QuickRef_1.10.0.9) (Version: 1.10.0.9 - Quick Ref) <==== ATTENTION
Task: {024D4DDA-9349-4A13-A2E7-8994EC8A8201} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: {10B63E40-96C6-4B3E-B9F8-BAAA3BFD46A7} - \BlockAndSurf Update -> No File <==== ATTENTION
Task: {1D568C55-F275-48DA-95FE-3E40A8718FE7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {29ED76B6-EA53-4097-BE50-6B32D82ABD50} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {369FB513-698F-4104-9EE5-E5EB3CA212C8} - \avayvaxxvae -> No File <==== ATTENTION
Task: {63FCF47A-2463-484A-B29A-9F091CE2248C} - System32\Tasks\SpeedyPC Pro_sch_BE38E702-29ED-11E5-8CDC-F43F565C37C2 => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
Task: {92D9875D-CD5A-43A8-ACAE-8117FC3918EE} - \bvxvbvef -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AE6B5384-636E-4A3A-A623-3EF6087B72DC} - \SlimCleaner Plus (Scheduled Scan - star17) -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E6C81EB2-C340-457A-BDCC-7A4C6171C8EA} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {EEDEC84B-0588-4758-B03C-1401B8423B59} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FF963E3B-F6BF-43C0-993E-016079EFE380} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro_sch_BE38E702-29ED-11E5-8CDC-F43F565C37C2.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\star17\Documents\Jivahna Lyrickel's photo album.nws:OECustomProperty
AlternateDataStreams: C:\Users\star17\Documents\Jivahna's baby photo's.nws:OECustomProperty
*****************

Processes closed successfully.
"C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC64LO~1.DLL" => Value data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}" => key removed successfully
HKCR\Wow6432Node\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
HKU\S-1-5-21-2059396423-3206171497-1592950792-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2059396423-3206171497-1592950792-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj" => key removed successfully
Amsp => service removed successfully
beluhofe => service removed successfully
dylevowi => service removed successfully
gipojuqy => service removed successfully
qogolefo => service removed successfully
vutyweki => service removed successfully
cpuz134 => service removed successfully
L1C => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D759D18-9594-430B-BA12-1C3C7975DBD5}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F2E2FA8E-E6C1-44E3-BCAF-A339B3281AC1}\\SystemComponent => value removed successfully
Quick Ref 1.10.0.9 (HKLM-x32\...\QuickRef_1.10.0.9) (Version: 1.10.0.9 - Quick Ref) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{024D4DDA-9349-4A13-A2E7-8994EC8A8201}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{024D4DDA-9349-4A13-A2E7-8994EC8A8201}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10B63E40-96C6-4B3E-B9F8-BAAA3BFD46A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10B63E40-96C6-4B3E-B9F8-BAAA3BFD46A7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D568C55-F275-48DA-95FE-3E40A8718FE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D568C55-F275-48DA-95FE-3E40A8718FE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29ED76B6-EA53-4097-BE50-6B32D82ABD50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29ED76B6-EA53-4097-BE50-6B32D82ABD50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{369FB513-698F-4104-9EE5-E5EB3CA212C8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{369FB513-698F-4104-9EE5-E5EB3CA212C8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvaxxvae => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63FCF47A-2463-484A-B29A-9F091CE2248C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63FCF47A-2463-484A-B29A-9F091CE2248C}" => key removed successfully
C:\Windows\System32\Tasks\SpeedyPC Pro_sch_BE38E702-29ED-11E5-8CDC-F43F565C37C2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyPC Pro_sch_BE38E702-29ED-11E5-8CDC-F43F565C37C2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92D9875D-CD5A-43A8-ACAE-8117FC3918EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D9875D-CD5A-43A8-ACAE-8117FC3918EE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbvef => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE6B5384-636E-4A3A-A623-3EF6087B72DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE6B5384-636E-4A3A-A623-3EF6087B72DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - star17)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6C81EB2-C340-457A-BDCC-7A4C6171C8EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6C81EB2-C340-457A-BDCC-7A4C6171C8EA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEDEC84B-0588-4758-B03C-1401B8423B59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEDEC84B-0588-4758-B03C-1401B8423B59}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF963E3B-F6BF-43C0-993E-016079EFE380}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF963E3B-F6BF-43C0-993E-016079EFE380}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => key not found.
C:\Windows\Tasks\SpeedyPC Pro_sch_BE38E702-29ED-11E5-8CDC-F43F565C37C2.job => moved successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\Users\star17\Documents\Jivahna Lyrickel's photo album.nws => ":OECustomProperty" ADS removed successfully.
C:\Users\star17\Documents\Jivahna's baby photo's.nws => ":OECustomProperty" ADS removed successfully.
EmptyTemp: => 151 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 12:13:45 ====


Report •

#33
August 22, 2015 at 17:27:03
Next step Ngaire. Log as usual please.

Open Malwarebytes.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Under Non-Malware Protection sub tab, make sure PUP and PUM entries to Treat detections as Malware are checked.
http://i.imgur.com/MKxr2K1.gif
Click on the Scan tab, then click on Scan Now >>. If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.


Report •

#34
August 22, 2015 at 18:11:01
Here you go

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/08/2015
Scan Time: 12:32 p.m.
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.22.04
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: star17

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354209
Time Elapsed: 34 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#35
August 22, 2015 at 18:15:10
✔ Best Answer
"Here you go"
All good, now to tackle normal boot.

Disable your antivirus program before running Windows Repair.
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...

Run Tweaking.com - Windows Repair

http://www.softpedia.com/get/Tweak/...
http://i.imgur.com/UbaXHuV.gif
http://www.tweaking.com/
http://www.tweaking.com/content/pag...

Do Step 1, this is very important > Do a Proper Power Reset First!
Right click on the exe & click on > Run as administrator.
http://i.imgur.com/NWSHEUy.gif

Then go straight to Repairs & check all the boxes. Reboot when finished.
http://i.imgur.com/LTVThqF.gif
http://i.imgur.com/tdlbsVH.gif

The logs are large, upload them using Zippy.


Report •

#36
August 22, 2015 at 19:36:09
Johnw just an update so you know Im still at this. Windows repair is still running and is on job 5/44. Looks like its going to be awhile

I'll post back when logs are up. Cheers


Report •

#37
August 22, 2015 at 19:45:35
Thanks Ngaire, thought it may take a while, gives me a chance to get my jobs done.

Report •

#38
Report •

#39
August 22, 2015 at 20:31:24
"Johnw I'm working in normal mode now I think the problem has been fixed? "
Yep, now to do a double check.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#40
August 22, 2015 at 21:10:12
Here you go Johnw

http://www91.zippyshare.com/v/Dy6MA...


Report •

#41
August 22, 2015 at 21:24:21
Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)

Report •

#42
August 22, 2015 at 21:33:44
Here you go Johnw

# DelFix v1.011 - Logfile created 23/08/2015 at 16:29:55
# Updated 18/08/2015 by Xplode
# Username : star17 - SNOOPY
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\ComboFix.txt
Deleted : C:\log.txt
Deleted : C:\Users\star17\Desktop\Addition.txt
Deleted : C:\Users\star17\Desktop\ComboFix.exe
Deleted : C:\Users\star17\Desktop\Fixlog.txt
Deleted : C:\Users\star17\Desktop\FRST.exe
Deleted : C:\Users\star17\Desktop\FRST.txt
Deleted : C:\Users\star17\Desktop\FRST64.exe
Deleted : C:\Users\star17\Desktop\JRT.exe - Shortcut.lnk
Deleted : C:\Users\star17\Desktop\JRT.txt
Deleted : C:\Users\star17\Downloads\Addition.txt
Deleted : C:\Users\star17\Downloads\AdwCleaner.exe
Deleted : C:\Users\star17\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\star17\Downloads\FRST.txt
Deleted : C:\Users\star17\Downloads\JRT.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #406 [Windows Update | 08/22/2015 04:56:52]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


Report •

#43
August 22, 2015 at 21:53:45
Back to watching the football for me.

Delfix log.
"New restore point created !"
Perfect, now all the previous restore points have gone, together with the nasties.

"shes not tech savvy and neither am I"
You did very well.
"so I could download and run ccleaner and spyware blaster"
Both good programs, neither would have helped in the situation you had. They will now, because you are infection free.

ESET I keep in my toolkit on a thumb drive, all you need to do, is update it when you run it.

Run CCleaner Registry clean.
Follow these SS (screenshot) steps.
http://i.imgur.com/UUecMp3.gif
http://i.imgur.com/715LOZY.gif
http://i.imgur.com/oWJFPUA.gif
http://i.imgur.com/CFRA6GW.gif
http://i.imgur.com/r0c6HFr.gif
http://i.imgur.com/Htjr1Mj.gif

SpywareBlaster needs to be updated manually about once a month.

"spyhunter"
spyhunter vs malwarebytes vs iobit
http://www.bleepingcomputer.com/for...
http://www.bleepingcomputer.com/for...

Don't worry about the mistakes you have made, everybody makes mistakes, that's how we learn. You are having a go to help a friend, that's all that matters.

Here is how a USER got into this mess, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

message edited by Johnw


Report •

#44
August 22, 2015 at 21:59:05
Thank you very much for all your time and patience Johnw, you are definitely one of the good sort and I wish you all the best.

Cheers from NZ and enjoy your footy :)


Report •

#45
August 22, 2015 at 22:50:20
Thanks Ngaire, great footy game, my team lost, but they are in the November finals.

Any uninstalls you want to do, I use this 2 step program.

Wise Program Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-P...
http://www.freewarefiles.com/screen...
http://wisecleaner.com/wiseuninstal...


message edited by Johnw


Report •

#46
August 22, 2015 at 23:03:06
Hardluck on the footy Johnw!

Hey thanks for all the tips, its good for my own laptops that I have. I try to keep mine up to date and like to think Im a lil safer than alot of computer users but you never know. Can do with all the help I can get :)

Ive downloaded MSE for my friend and just updating and scanning again before I give it back. I also scanned with CCleaner and Spyware blaster just to safe.

Thanks again and Blessings to you and your family :)


Report •

#47
August 22, 2015 at 23:24:56
"Ive downloaded MSE"
You can only have one AV installed, otherwise they fight each other.
I use MSE.

Both have their own special uninstallers.

Uninstalling Trend Micro program using the Trend Micro Diagnostic Toolkit
http://esupport.trendmicro.com.au/P...
Uninstalling the Trend Micro program from your Windows computer
http://esupport.trendmicro.com.au/s...

Microsoft Security Essentials Removal Tool ( MSE )
http://www.majorgeeks.com/files/det...
https://support.microsoft.com/en-us...


Report •

#48
August 22, 2015 at 23:29:46
I know you do from another post that had almost the same problem as I did ;) which is why Im downloading it for my friend. I figure if you do then it must be better than Trend :)

Uninstalling Trend now


Report •

#49
August 22, 2015 at 23:38:21
"Uninstalling Trend now"
Got it.

Report •


Ask Question