Solved Chrome/Torch sluggish and hanging all the time

November 1, 2015 at 23:34:15
Specs: Windows 7
I stopped using Chrome because it made problems slowing the computer down and it hangs the whole time. I have now installed Torch browser and after 3 days it started the same. How can I know if it's an incompatibility issue or it's just a bad browser? It's not running smoothly at all. I tried other browsers but they're all bad. (Mozilla crashes, IE I don't like, Opera was perfect until it started with issues too)

See More: Chrome/Torch sluggish and hanging all the time

Report •

✔ Best Answer
November 2, 2015 at 15:52:17
"but would love to make my computer clean"
No problem, lets continue after you have read my post #17

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif



#1
November 2, 2015 at 08:51:41
I think you should at least do some basic malware checks before you investigate this problem because that is a likely reason for your issues. Run these three freebies in the order given:

AdwCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
https://www.malwarebytes.org/
Download the free version.
Install and Run the program but before doing its Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

Please copy/paste the logs on here.

Always pop back and let us know the outcome - thanks


Report •

#2
November 2, 2015 at 08:56:36
Thanks! Can I clean it all safely?

Report •

#3
November 2, 2015 at 09:14:17
All these programs are widely used on Security websites and I've not hit any problems with them if downloaded from the links given.

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
November 2, 2015 at 09:39:53
Ok and I post the (cleaned) log here? (sorry for my many questions)

Report •

#5
November 2, 2015 at 10:55:43
ADW cleaner log (WTH it deleted my torch browser???)

# AdwCleaner v5.016 - Logfile created 02/11/2015 at 18:53:57
# Updated 01/11/2015 by Xplode
# Database : 2015-11-01.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Antwerp - ANTWERP-PC
# Running from : C:\Users\Antwerp\Downloads\Programs\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[x] Service Not Deleted : torchcrashhandler

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\ProgramData\torchcrashhandler
[-] Folder Deleted : C:\Users\Antwerp\AppData\Local\torch
[-] Folder Deleted : C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab
[-] Folder Deleted : C:\Users\Antwerp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch

***** [ Files ] *****

[-] File Deleted : C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mclkkofklkfljcocdinagocijmpgbhab_0.localstorage
[-] File Deleted : C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mclkkofklkfljcocdinagocijmpgbhab_0.localstorage-journal
[-] File Deleted : C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lp.imesh.com_0.localstorage
[-] File Deleted : C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lp.imesh.com_0.localstorage-journal
[-] File Deleted : C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mmotraffic.com_0.localstorage
[-] File Deleted : C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mmotraffic.com_0.localstorage-journal
[-] File Deleted : C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_vshare.eu_0.localstorage
[-] File Deleted : C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_vshare.eu_0.localstorage-journal
[-] File Deleted : C:\Users\Antwerp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[-] File Deleted : C:\Users\Antwerp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
[-] File Deleted : C:\Users\Antwerp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
[-] Key Deleted : HKCU\Software\MozillaPlugins\TorchVLC
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKCU\Software\torch
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKLM\SOFTWARE\torch
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch

***** [ Web browsers ] *****

[-] [C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mp3dragon.com
[-] [C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : format-factory.en.softonic.com
[-] [C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mclkkofklkfljcocdinagocijmpgbhab

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4060 bytes] ##########


Report •

#6
November 2, 2015 at 11:09:15
JRT LOG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Antwerp on ma 02/11/2015 at 19:58:42,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

Successfully deleted: [Service] torchcrashhandler [Reboot required]

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch.5TTBDXVBS7VUWSN6PEPULBDYLY

~~~ Files

Successfully deleted: [File] C:\Users\Antwerp\AppData\Roaming\sp_data.sys

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Antwerp\AppData\Roaming\mozilla\firefox\profiles\fqsh540f.default\minidumps [1 files]

~~~ Chrome


[C:\Users\Antwerp\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Antwerp\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Antwerp\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Antwerp\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]


Report •

#7
November 2, 2015 at 11:36:36
I think Torch Browser is controversial so that may have a bearing on why ADW removed it:
http://botcrawl.com/how-to-remove-t...
I believe Torrents is in some way linked to it and if so that is another possible reason because Torrents are generally seen as a risk. I see JRT mentioned Torch too.

I'll await the MWB log and when you come back let us know if there has been any improvement with the browsers you originally had trouble with.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#8
November 2, 2015 at 11:43:04
Thanks, I don't like that it removed safe stuff.
The next scan is working. I need my Torrent programs so I hope it didn't remove them. I used Opera but started trouble too so I installed Torch. I don't think I wanna go back to Chrome. Way too many problems. Question is should I re-install Torch? Or will this create problems again? I'm more than happy to go back to Opera if it becomes stable.

Report •

#9
November 2, 2015 at 11:50:04
Ok just read all about Torch. Wow... but it's definitely connected to Google as I got all my old Chrome bookmarks back on there. Opera is stable for now.. but it was unstable before torch was installed.

Report •

#10
November 2, 2015 at 11:57:46
It would be interesting to know whether Firefox is any better (even if you have to temporarily install it again).

I can't really comment on Torch browser but I guess there is some risk that it is implicated in your problems. I'm just trying to see if there has been any noticeable improvement generally and if there are any obvious issues still outstanding.

I'd better add that those three programs alone do not necessarily mean that your computer is virus/malware free.

Always pop back and let us know the outcome - thanks


Report •

#11
November 2, 2015 at 12:10:34
Ah no? How can you be sure? I do have many programs on and a tech once told me this will make my laptop slow, true? I need all of them...
Firefox was bad too and I just didn't like it.
I'll post the results soon. So far, all looks clear.

Report •

#12
November 2, 2015 at 12:16:43
"How can you be sure"
If you mean whether the computer is clean, then that could require a number of further programs. We have a helper in Australia called Johnw who, if available, can take you through a full cleaning process. The steps needed vary with what the various logs show.
I can alert him if you want to go that way.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#13
November 2, 2015 at 12:23:45
I might be asleep by then (am in Europe) but would love to make my computer clean. Thanks in advance for your time!

Report •

#14
November 2, 2015 at 12:54:55
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/11/2015
Scan Time: 20:25
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.02.05
Rootkit Database: v2015.10.28.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Antwerp

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 459151
Time Elapsed: 1 hr, 16 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#15
November 2, 2015 at 12:58:21
MWB was nice and clean but it looks like the other two improved matters.

I'll alert Johnw but I doubt he'll be around for a couple of hours. He is used to working across timescales, on a "do this, do that" basis.

Always pop back and let us know the outcome - thanks


Report •

#16
November 2, 2015 at 13:04:08
NP, I'm going to sleep anyway now so it doesn't matter whenever he is ready :)

Report •

#17
November 2, 2015 at 15:39:01
Thanks Derek, morning hel22.

"Thanks, I don't like that it removed safe stuff"
Everything that has been removed, is because it is corrupted.

Here is how a USER got the problems, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample page of what Torch Browser installs, if you let it.
http://i.imgur.com/00L8H6I.gif

"Ok just read all about Torch. Wow... but it's definitely connected to Google"
There are many browsers using the Chromium engine. They include the ones you have mentioned.

Chromium
http://www.softpedia.com/get/PORTAB...
http://www.chromium.org/Home
http://free-chrome.net/

http://www.softpedia.com/dyn-search...
http://www.softpedia.com/dyn-search...

message edited by Johnw


Report •

#18
November 2, 2015 at 15:52:17
✔ Best Answer
"but would love to make my computer clean"
No problem, lets continue after you have read my post #17

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#19
November 13, 2015 at 02:13:44
Sorry it took so long, I was away!

http://www1.zippyshare.com/v/DUxh0s...

http://www1.zippyshare.com/v/9uxZT6...

Thanks!

(multiple problems here, suddenly I can't type on Opera, need to restart computer, everything slow)


Report •

#20
November 13, 2015 at 03:12:17
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
Task: {5ABA722A-E4CA-4028-AB25-1A2E920ECEEC} - System32\Tasks\{8F6BD723-3BC5-4737-813B-50B4C63F6E6B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.2.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1618
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-08-10] ()
HKU\S-1-5-21-309751335-345351341-2133874925-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-309751335-345351341-2133874925-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-309751335-345351341-2133874925-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-309751335-345351341-2133874925-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-309751335-345351341-2133874925-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxps://www.google.com/search?q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: No Name - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02] [not signed]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://home.torchbrowser.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR HKU\S-1-5-21-309751335-345351341-2133874925-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S4 LMIRfsClientNP; no ImagePath
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#21
November 13, 2015 at 03:40:19
and what means run FRST64? (I need to press scan first? Or open and press fix?)

Report •

#22
November 13, 2015 at 03:46:45
I cannot explain it any better than the instructions, are you using the scroll bar on the side of the post?

Report •

#23
November 13, 2015 at 04:04:48
"Or open and press fix?"
Yes.

Report •

#24
November 13, 2015 at 04:23:31
THANKS!

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Antwerp (2015-11-13 13:06:42) Run:1
Running from C:\Users\Antwerp\Desktop
Loaded Profiles: UpdatusUser & Antwerp (Available Profiles: UpdatusUser & Antwerp & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
Task: {5ABA722A-E4CA-4028-AB25-1A2E920ECEEC} - System32\Tasks\{8F6BD723-3BC5-4737-813B-50B4C63F6E6B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.2.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1618
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-08-10] ()
HKU\S-1-5-21-309751335-345351341-2133874925-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-309751335-345351341-2133874925-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-309751335-345351341-2133874925-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-309751335-345351341-2133874925-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-309751335-345351341-2133874925-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxps://www.google.com/search?q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: No Name - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02] [not signed]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://home.torchbrowser.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR HKU\S-1-5-21-309751335-345351341-2133874925-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S4 LMIRfsClientNP; no ImagePath
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5ABA722A-E4CA-4028-AB25-1A2E920ECEEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ABA722A-E4CA-4028-AB25-1A2E920ECEEC}" => key removed successfully
C:\Windows\System32\Tasks\{8F6BD723-3BC5-4737-813B-50B4C63F6E6B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F6BD723-3BC5-4737-813B-50B4C63F6E6B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled => moved successfully
HKU\S-1-5-21-309751335-345351341-2133874925-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-309751335-345351341-2133874925-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-309751335-345351341-2133874925-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-309751335-345351341-2133874925-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-309751335-345351341-2133874925-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => moved successfully
C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => path removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => not found.
C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll => not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll => not found.
"HKU\S-1-5-21-309751335-345351341-2133874925-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
LMIRfsClientNP => service removed successfully
cpuz136 => Service stopped successfully.
cpuz136 => service removed successfully
HWHandSet => service removed successfully
LMIInfo => service removed successfully
EmptyTemp: => 863.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:08:57 ====


Report •

#25
November 13, 2015 at 04:25:12
Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.

Report •

#26
November 13, 2015 at 04:26:06
One thing I see is that all my log ins are gone.. (I like to be automatically logged in everywhere as I can't remember all my passwords lol)

Report •

#27
November 13, 2015 at 04:33:13
John, the computer has just been restarted after the fix so I'm just confirming if I have to restart again now?

Report •

#28
November 13, 2015 at 04:37:36
"I'm just confirming if I have to restart again now?"
Yes please.

Report •

#29
November 13, 2015 at 05:04:18
Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 [color=red][b](UAC is disabled!)[/b][/color]
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
[color=red][b]Java version 32-bit out of Date![/b][/color]
Adobe Flash Player 19.0.0.245
Mozilla Firefox (40.0.3)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 6%
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#30
November 13, 2015 at 05:06:26
I have to go offline now, will be back in about 8 hrs. This will keep you busy for a while, let me know how it is running, when you are finished.

Your AV's are fighting each other, Norton is giving you the most trouble, uninstall it. I use MSE ( Microsoft Security Essentials )

How can I fully remove Norton Antivirus from my system?
https://support.norton.com/sp/en/us...
http://www.askdavetaylor.com/how_to...
http://www.askdavetaylor.com/how_ca...
http://www.pchell.com/virus/uninsta...
http://www.softpedia.com/get/Tweak/...

///////////////////////////////////////////////////////////////////////////////////////////////////

For the future, your auto log in cookies can be saved this way.
How to remove unwanted cookies & save cookies that are still wanted.
http://i.imgur.com/WLOVTTT.gif
http://i.imgur.com/CqBAGIO.gif
http://i.imgur.com/dkrZUhn.gif
Run CCleaner this way, immediatley after you have saved your cookies.
Follow these SS (screenshot) steps.
http://i.imgur.com/UUecMp3.gif
http://i.imgur.com/715LOZY.gif
http://i.imgur.com/oWJFPUA.gif
http://i.imgur.com/CFRA6GW.gif
http://i.imgur.com/r0c6HFr.gif
http://i.imgur.com/Htjr1Mj.gif

//////////////////////////////////////////////////////////////////////////////////////

Extract from the fixlog.
"EmptyTemp: => 863.7 MB temporary data Removed"
Way, way too big, even for a gamer.
Here are temp file settings for a normal user, adjust to suit your requirements.
Set Java to 100mb
All browsers, set to 50mb ( that's MB, not GB ) for temp.
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.


Report •

#31
November 13, 2015 at 05:12:19
Wow omg thanks!! I have to offline soon too so I'll be back on sunday prob. I can't thank you enough!!

BTW the WiFi keeps going off at random, could you see why from the above logs?


Report •

#32
November 13, 2015 at 06:39:58
The computer is noticeably faster! Thanks! A few questions: I don't understand the last paragraph? How and where do I change these settings?

I need a filter for my computer. I had K9 but wasn't too happy. I had Norton family installed which worked well but you said I should remove it which I did. But now I'm filterless. Which one works best with no compatibility issues?

And why would my WiFi turn off randomly?

Thanks for your help!


Report •

#33
November 13, 2015 at 14:21:11
"I don't understand the last paragraph? How and where do I change these settings?"
I have used those instructions hundreds of times, if you have someone who is good with comps to help you, that may be the way to go, or do as I do, Google everything.

"And why would my WiFi turn off randomly?"
What country are you in?

" I had Norton family installed which worked well"
If you have run CCleaner, you can now reinstall.
If any of the previous problems occur, you know this is the cause.


Report •

#34
November 14, 2015 at 11:30:31
Thanks! I'm in Belgium.

And I'll install Norton again. Thanks!


Report •

#35
November 14, 2015 at 13:46:09
"I'm in Belgium"
I'm here.
http://www.timeanddate.com/worldclo...

BTW the WiFi keeps going off at random, could you see why from the above logs?
1: lets make sure your region settings are right.
Extract from your FRST log.
"Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)"
Change or Add Another Language or Region to suit your situation, here are mine for Australia.
http://i.imgur.com/QZnXZTA.gif
http://i.imgur.com/MWki04y.gif
http://i.imgur.com/Xas9F3d.gif
http://i.imgur.com/nNa2KLI.gif
http://i.imgur.com/4isl3Yk.gif
http://i.imgur.com/A0feSoa.gif

2: Upload SS ( screenshots ) of everything SlimDrivers finds.
SlimDrivers
http://www.softpedia.com/get/System...
http://slimdrivers.com/


Report •

#36
November 14, 2015 at 13:50:54
Do I HAVE to install the SlimCleaner it forces me to install??

message edited by hel22


Report •

#37
November 14, 2015 at 13:53:56
I declined, I thought it would stop the install. (tried to delete previous post, didn't see how)

Report •

#38
November 14, 2015 at 14:08:38
Wondered if you would still be up.

"I declined, I thought it would stop the install"
No, Custom installs are common practice now, you have to be vigilant, you are.


Report •

#39
November 14, 2015 at 14:23:31
Ok I can screenshot (FN+PRNT SCRN) but how do I upload here?

Report •

#40
November 14, 2015 at 14:27:18
"Ok I can screenshot (FN+PRNT SCRN) but how do I upload here?"
Use Zippy again.

Report •

#41
November 14, 2015 at 14:36:48
OK, it was CTRL...
1. http://imgur.com/FmVKnHp
2. http://imgur.com/SIxF4J5

Ok 3 and 4 have stopped working in imgur. trying something else.

3. http://www32.zippyshare.com/v/MvDnK...
4. http://www32.zippyshare.com/v/yWfa0...

Hope that's good!

message edited by hel22


Report •

#42
November 14, 2015 at 14:52:12
"Hope that's good!"
All good, you could edit the post & put a space after 3. & 4.

Update the Network Adapter & test for a day.


Report •

#43
November 14, 2015 at 14:54:04
Should I update all drivers? Or not necessary?

Report •

#44
November 14, 2015 at 15:02:30
"Should I update all drivers? Or not necessary?"
Down the track once we know that all your current issues are fixed, I would. I have used SlimDrivers on 5 or 6 comps in the last week.

Do them one at a time starting at the top, I do them all, you may prefer to do them in smaller steps. In other words, do one & test for a period of time.


Report •

#45
November 14, 2015 at 15:04:40
I got an error (it's in Dutch but setails are in English I think)

(Though it did say afterwards that it installed...

http://www32.zippyshare.com/v/70d7g...
http://www32.zippyshare.com/v/hht4E...


Report •

#46
November 14, 2015 at 15:10:39
Run SlimDrivers & see if it shows again.

message edited by Johnw


Report •

#47
November 14, 2015 at 15:16:23
No, it doesn't show, thanks! And my Wi-Fi sign is back and strong.
Going to sleep, thanks so so much!

Last question, can an update (from a driver) screw up a computer? Or generally safe?


Report •

#48
November 14, 2015 at 15:21:34
"Last question, can an update (from a driver) screw up a computer?"
Yes it can, but as long as you know how to do a System Restore or have the tools for fixing problems on a thumb drive or other, you are Ok.

message edited by Johnw


Report •

#49
November 14, 2015 at 15:26:02
I would remove these, Poper Blocker & Adblock plus, they are resource hungry.

This will do ALL your browsers.

MPC AdCleaner
http://www.softpedia.com/get/Intern...
http://www.mpc.solutions/support/ad...

message edited by Johnw


Report •

#50
November 15, 2015 at 23:37:48
John, Since installing the above and removing adblocker, I have had non stop ads and pop ups (porn even)
Removing and re-installing adblocker. (Or do you have any other suggestion for an ad block that WORKS 100%??)

Report •

#51
November 16, 2015 at 00:34:04
"Since installing the above"
That's what I use.

Go back to what you had, whilst I look for something else that is going on.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The log can be large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#52
January 13, 2016 at 09:21:00
John, I had forgotten all about it but my computer went all slow again and it had found a virus which I removed. Here is the combofix log:

http://www86.zippyshare.com/v/pzJEi...


Report •

#53
January 13, 2016 at 13:29:28
Hi again hel22.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)


Report •

#54
January 13, 2016 at 23:29:45
# DelFix v1.011 - Logfile created 14/01/2016 at 08:10:02
# Updated 18/08/2015 by Xplode
# Username : Antwerp - ANTWERP-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\RSIT
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #423 [Windows Update | 01/07/2016 07:18:16]
Deleted : RP #424 [Windows Update | 01/11/2016 07:17:02]
Deleted : RP #425 [ComboFix created restore point | 01/13/2016 16:17:47]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Should everything be ok now?


Report •

#55
January 14, 2016 at 00:10:10
"Should everything be ok now?"
I've cleared the decks, shall now see how things look.

"went all slow again and it had found a virus which I removed"
Can I see the log please, so I know what it found.

Download the latest version of Farbar, make sure you run it from your Desktop, you did last time, but you forgot for Combofix. No need to run Combofix again.
"Gestart vanuit: c:\users\Antwerp\Downloads\Programs\ComboFix.exe"

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#56
January 14, 2016 at 09:40:59
http://www72.zippyshare.com/v/uJtJF...

http://www72.zippyshare.com/v/im3St...

It's still a bit laggy (Opera)


Report •

#57
January 14, 2016 at 13:07:23
A quick one to say that since now, my Ipad won't charge through the computer. I restarted computer and iPad and still not charging. I wonder if the above cleaning did something? My iPod is charging though. Only the iPad not...

Report •

#58
January 14, 2016 at 15:22:26
"Only the iPad not..."
Try it in a different comp.

Report •

#59
January 14, 2016 at 15:31:48
I only have one :)
No option right now to try somewhere else. Hope tomorrow it will work. For the rest, how does it look?

Report •

#60
January 14, 2016 at 16:11:39
"went all slow again and it had found a virus which I removed"
Can I see the log please, so I know what it found.

Report •

#61
January 15, 2016 at 02:41:01
It's from Microsoft security essentials, I can't find it. Where is it located?

Report •

#62
January 15, 2016 at 03:09:56
Open MSE > History > Quarantine > View

Report •

#63
January 15, 2016 at 06:22:23
Category: Software Bundler

Description: This program may install other potentially unwanted software.

Recommended action: Remove this software immediately.
----------------------------------------------------
Quarantined items was empty, I might have removed them.


Report •

#64
January 15, 2016 at 14:06:40
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-309751335-345351341-2133874925-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-309751335-345351341-2133874925-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#65
January 16, 2016 at 15:27:27
Oh, I see it erased my whole Opera history (saved passwords and so on) :(

LOG:
Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Antwerp (2016-01-17 00:08:05) Run:1
Running from C:\Users\Antwerp\Desktop
Loaded Profiles: Antwerp (Available Profiles: Antwerp & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-309751335-345351341-2133874925-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-309751335-345351341-2133874925-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-309751335-345351341-2133874925-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-309751335-345351341-2133874925-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => not found.
C:\Users\Antwerp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll => not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll => not found.
cpuz136 => Service stopped successfully.
cpuz136 => service removed successfully
EmptyTemp: => 845.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:13:06 ====


Report •

#66
January 16, 2016 at 15:43:45
"Oh, I see it erased my whole Opera history (saved passwords and so on"
Show me, I don't see anything on the log to support that.

Did you run CCleaner? That will do that.

Extract from the fixlog.
"EmptyTemp: => 845.5 MB temporary data Removed"

Check your settings & adjust.

Set Java to 100mb
https://steveshank.com/cgi-bin/arti...
All browsers, set to 50mb ( that's MB, not GB ) for temp.
Chrome/Opera is not so straight forward.
How to set Google Chrome/Opera cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome/Opera shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

message edited by Johnw


Report •

#67
January 16, 2016 at 15:48:08
What is that supposed to do? (I'll do it tomorrow as I'm off to bed)

Thanks for all your help!


Report •

#68
January 19, 2016 at 06:32:28
I'm sorry I keep coming back :)

My computer has gone crazy! Many sites won't open ( including this one, it says: Opera's connection attempt to......was rejected. The website may be down, or your network may not be properly configured.
Everything went slow. Should I just run the antivirus and malware bytes?


Report •

#69
January 19, 2016 at 13:10:36
""went all slow again and it had found a virus which I removed"
"My computer has gone crazy!"
"Should I just run the antivirus and malware bytes?"
Yes, don't forget to give me the logs.

Next we have to get a second opinion to make sure you are clean, before we address your Opera connection problems.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
Make sure these options are checked/ticked in Advanced settings.
Remove found threats, Scan archives, Scan for potentially unsafe applications, Enable Anti-Stealth technology.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://support.eset.com/kb2103/
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://support.eset.com/kb2612/
Configure ESET this way & disable your AV.
http://i.imgur.com/wZF1Ppi.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
3: Which web browsers are compatible with ESET Online Scanner?
http://support.eset.com/kb405/?loca...
Online Scanner not working
http://support.eset.com/kb403/?loca...
My ESET product detected a threat—what should I do?
http://support.eset.com/kb117/
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
http://support.eset.com/kb405/?view...
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://support.eset.com/kb405/?view...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


message edited by Johnw


Report •

#70
January 19, 2016 at 15:00:10
Ok websites are working again after the scans. All scans were ok, nothing found.
Should I still run the ESET mentioned above?

Report •

#71
January 19, 2016 at 15:08:13
If you want to be sure that your computer is properly clean then stay with Johnw and run ESET.

Always pop back and let us know the outcome - thanks


Report •

#72
January 19, 2016 at 15:16:44
Correct Derek, thanks.

"went all slow again and it had found a virus which I removed"
"My computer has gone crazy!"
"Should I just run the antivirus and malware bytes?"

Yes, don't forget to give me the logs

message edited by Johnw


Report •

#73
January 19, 2016 at 23:49:28
Malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19/01/2016
Scan Time: 15:35
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.19.03
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Antwerp

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 451651
Time Elapsed: 5 hr, 49 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

message edited by hel22


Report •

#74
January 20, 2016 at 07:41:20
John, where can I find the log of the ESET? It found 28 threats, oh my!

I did copy the threats: is that it?

C:\Users\Antwerp\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Antwerp\AppData\Roaming\uTorrent\updates\3.3.1_30017.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
C:\Users\Antwerp\AppData\Roaming\uTorrent\updates\3.4.2_31633.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
C:\Users\Antwerp\Desktop\Downloads\APK android\boboball v2.0.apk a variant of Android/AdDisplay.Wooboo.C potentially unwanted application deleted
C:\Users\Antwerp\Desktop\Downloads\APK android\genius scan v1.0.5.apk a variant of Android/Leadbolt.B potentially unwanted application deleted
C:\Users\Antwerp\Desktop\Downloads\APK android\montezuma 2 v1.5.31.apk a variant of Android/SMSKey.Q potentially unsafe application deleted
C:\Users\Antwerp\Desktop\Downloads\APK android\reckless getaway v2.0.4.apk a variant of Android/AdDisplay.Viser.A potentially unwanted application deleted
C:\Users\Antwerp\Desktop\Downloads\APK android\App_Backup_Restore\com.blogspot.brionicdev.gosmstheme.ultimatepinkicsfreegosmstheme-15-v2.4.apk a variant of Android/Leadbolt.B potentially unwanted application deleted
C:\Users\Antwerp\Desktop\Downloads\APK android\App_Backup_Restore\com.flatter.android.highwayrider-5-v1.0.apk a variant of Android/Leadbolt.B potentially unwanted application deleted
C:\Users\Antwerp\Desktop\Downloads\APK android\App_Backup_Restore\com.herocraft.game.montezuma2-10531-v1.5.31.apk a variant of Android/SMSKey.Q potentially unsafe application deleted
C:\Users\Antwerp\Desktop\Downloads\APK android\February 2013 Best Android APK Games and Apps\[feirox.com] com.trenddna.pyramid2-1.apk a variant of Android/AdDisplay.Ganlet.A potentially unwanted application deleted
C:\Users\Antwerp\Desktop\Downloads\APK android\February 2013 Best Android APK Games and Apps\[feirox.com]com.dragon.SpeedNight-1.apk a variant of Android/AdDisplay.Ganlet.A potentially unwanted application deleted
C:\Users\Antwerp\Desktop\Downloads\APK android\February 2013 Best Android APK Games and Apps\[feirox.com]com.outfit7.talkingangelafree-10.apk a variant of Android/Domob.D potentially unwanted application deleted
C:\Users\Antwerp\Downloads\Compressed\VRoot_1.7.0.3882_Setup.rar a variant of Android/Spy.Agent.BK trojan deleted
C:\Users\Antwerp\Downloads\Programs\BitTorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Antwerp\Downloads\Programs\cbsidlm-cbsi5_3_0_96-Virtual_Router_Plus-BP-75863814.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting
C:\Users\Antwerp\Downloads\Programs\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Antwerp\Downloads\Programs\ccsetup507.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Antwerp\Downloads\Programs\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Antwerp\Downloads\Programs\ccsetup511.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Antwerp\Downloads\Programs\ccsetup512.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Antwerp\Downloads\Programs\ccsetup513.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Antwerp\Downloads\Programs\FFSetup3.3.5.0.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted
C:\Users\Antwerp\Downloads\Programs\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Antwerp\Downloads\Programs\TorchSetup-r0-n-bc.exe Win32/Toolbar.SearchSuite.W potentially unwanted application deleted
C:\Users\Antwerp\Downloads\Programs\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
C:\Users\Antwerp\Downloads\Programs\uTorrent_2.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Antwerp\Downloads\Programs\VRoot_1.7.0.3882_Setup.exe a variant of Android/Spy.Agent.BK trojan cleaned by deleting


Report •

#75
January 20, 2016 at 10:09:04
Lets see if it behaves itself now hel22.

Your settings in Malwarebytes need adjusting.

Under Non-Malware Protection sub tab, make sure PUP and PUM entries to Treat detections as Malware are checked.
http://i.imgur.com/MKxr2K1.gif

Back to bed for me.


Report •

#76
January 20, 2016 at 10:16:23
Good night! Thanks so so much! Opera is still slow. I have to wait a few seconds before things move and sites are slow to load. Hope a restart will fix it.

Report •

#77
January 20, 2016 at 10:33:20
Just a random question: I have Microsoft security essentials. Is Avast better as an antivirus?

Report •

#78
January 20, 2016 at 15:00:37
"Opera is still slow. Hope a restart will fix it"
If it doesn't, uninstall it completely, including the profile, reboot & then reinstall.

Use this to uninstall.

Wise Program Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-P...
http://www.freewarefiles.com/screen...
http://wisecleaner.com/wiseuninstal...

Do this next.
How to show hidden files in Windows 7
http://www.bleepingcomputer.com/tut...

Now manually check everything is gone, just to be really sure.
Use search to look for any Opera files or folders.

Next run CCleaner this way.

Registry clean.
Follow these SS (screenshot) steps.
http://i.imgur.com/UUecMp3.gif
http://i.imgur.com/715LOZY.gif
http://i.imgur.com/oWJFPUA.gif
http://i.imgur.com/CFRA6GW.gif
http://i.imgur.com/r0c6HFr.gif
http://i.imgur.com/Htjr1Mj.gif

Now reboot & test any other browsers you have installed.

If they are Ok, reinstall Opera.


Report •

#79
January 20, 2016 at 15:39:06
"Just a random question: I have Microsoft security essentials. Is Avast better as an antivirus?"
Nothing is perfect, it is up to the USER to be vigilant.

Stick with Microsoft.


Report •

Ask Question