hp envy

[bomatt]

So I just bought an hp envy. I'm getting mad pop ups on the internet and new windows opening on some websites I'm visiting. It is really slowing the computer down. There is so much pre installed software Im not sure what anti virus software I should use and/or what's the best free one?

pop up blocker on firefox is activated with no exceptions...still getting pop ups.

This is what I'm runnning.
-hp envy pentium i5
-windows 8
-750gb hd
-Mozilla firefox

Any suggestions would really help my situatiion i would really appreciate it...thanks.

 

[voyagerfan99]

Moved to the security section.

Please do the following:


1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL

 

[bomatt]

here's the first two...working on the other 2. what do you thinK?

# AdwCleaner v3.308 - Report created 28/08/2014 at 16:33:12
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Matthew - MATT
# Running from : C:\Users\Matthew\Downloads\adwcleaner_3.308.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c
Service Found : BackupStack
Service Found : CltMngSvc
Service Found : Update ToggleMark
Service Found : Util ToggleMark
Service Found : Update ToggleMark
Service Found : Util ToggleMark
Service Found : {9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
File Found : C:\Users\Matthew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
File Found : C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\402h9jxa.default\searchplugins\astromenda.xml
File Found : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\402h9jxa.default\user.js
File Found : C:\Users\Matthew\Desktop\MyPC Backup.lnk
File Found : C:\Users\Matthew\Desktop\Sync Folder.lnk
File Found : C:\Users\Public\Desktop\advanced-System Protector.lnk
File Found : C:\Users\Public\Desktop\RegClean Pro.lnk
File Found : C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\sasnative64.exe
Folder Found : C:\Program Files (x86)\ASP
Folder Found : C:\Program Files (x86)\File Type Helper
Folder Found : C:\Program Files (x86)\Groovorio
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Software Updater
Folder Found : C:\Program Files (x86)\System Optimizer Pro
Folder Found : C:\Program Files (x86)\ToggleMark
Folder Found : C:\Program Files (x86)\ToggleMark
Folder Found : C:\Program Files (x86)\wse_astromenda
Folder Found : C:\Program Files\PC Optimizer Pro
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Optimizer Pro
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\ProgramData\SafeWeb
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\Users\Matthew\AppData\Local\SafeWeb
Folder Found : C:\Users\Matthew\AppData\Local\SearchProtect
Folder Found : C:\Users\Matthew\AppData\Roaming\GroovorioUpdater
Folder Found : C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\402h9jxa.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}
Folder Found : C:\Users\Matthew\AppData\Roaming\Systweak

***** [ Scheduled Tasks ] *****

Task Found : advanced-System Protector_startup
Task Found : ASP
Task Found : Groovorio Updater
Task Found : LaunchSignup
Task Found : PC Optimizer Pro Updates
Task Found : RegClean Pro
Task Found : RegClean Pro_DEFAULT
Task Found : RegClean Pro_UPDATES

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\AppDataLow\ToggleMark
Key Found : HKCU\Software\AppDataLow\ToggleMark
Key Found : HKCU\Software\Astromenda
Key Found : HKCU\Software\Groovorio
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{dc59a866-959c-4638-a191-c13177d0bd68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DC59A866-959C-4638-A191-C13177D0BD68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\SoftwareUpdater
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\ToggleMark
Key Found : HKCU\Software\ToggleMark
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\WSE_Astromenda
Key Found : [x64] HKCU\Software\Astromenda
Key Found : [x64] HKCU\Software\Groovorio
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\pc optimizer pro
Key Found : [x64] HKCU\Software\SoftwareUpdater
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\ToggleMark
Key Found : [x64] HKCU\Software\ToggleMark
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\WSE_Astromenda
Key Found : HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateToggleMark.exe
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{dc59a866-959c-4638-a191-c13177d0bd68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DC59A866-959C-4638-A191-C13177D0BD68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B79DF26-5A4A-4A88-BFF4-FE188A4F223E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{c3715f93-4241-49f6-ba85-1d8151b277af}
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ToggleMark_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ToggleMark_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateToggleMark_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateToggleMark_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilToggleMark_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilToggleMark_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC59A866-959C-4638-A191-C13177D0BD68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc59a866-959c-4638-a191-c13177d0bd68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Groovorio
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafeWeb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafeWeb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Astromenda
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\ToggleMark
Key Found : HKLM\SOFTWARE\ToggleMark
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update ToggleMark
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util ToggleMark
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5B79DF26-5A4A-4A88-BFF4-FE188A4F223E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleMark
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleMark
Key Found : [x64] HKLM\SOFTWARE\pc optimizer pro
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BRS]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\402h9jxa.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Astromenda");
Line Found : user_pref("browser.search.selectedEngine", "Astromenda");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.astromenda.com?f=1&a=ast_app_14_35_ff&cd=2XzuyEtN2Y1L1QzuzytDyEzzzy0A0D0E0C0F0BzzyE0D0F0DtN0D0Tzu0SzyyBtCtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzytDyD1[...]
Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_app_14_35_ff&cd=2XzuyEtN2Y1L1QzuzytDyEzzzy0A0D0E0C0F0BzzyE0D0F0DtN0D0Tzu0SzyyBtCtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzytDy[...]
Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_app_14_35_ff&cd=2XzuyEtN2Y1L1QzuzytDyEzzzy0A0D0E0C0F0BzzyE0D0F0DtN0D0Tzu0SzyyBtCtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBzyt[...]
Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_app_14_35_ff&cd=2XzuyEtN2Y1L1QzuzytDyEzzzy0A0D0E0C0F0BzzyE0D0F0DtN0D0Tzu0SzyyBtCtN1L2XzutAtFtDtFtCyCtFyCtN1L1CzutCyEtBz[...]

*************************

AdwCleaner[R0].txt - [13710 octets] - [28/08/2014 16:33:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13771 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Matthew on Thu 08/28/2014 at 16:40:25.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] 70e6ca8c
Failed to delete: [Service] 70e6ca8c
Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack
Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\optimizer pro
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\regclean pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\pc optimizer pro scan.job"
Successfully deleted: [File] "C:\Windows\Tasks\pc optimizer pro startups.job"
Successfully deleted: [File] "C:\Windows\Tasks\pc optimizer pro updates.job"
Successfully deleted: [File] "C:\Windows\Tasks\RegClean Pro_DEFAULT.job"
Successfully deleted: [File] "C:\Windows\Tasks\RegClean Pro_UPDATES.job"
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\Matthew\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Program Files (x86)\file type helper"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\regclean pro"
Successfully deleted: [Folder] "C:\Users\Matthew\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\402h9jxa.default\user.js
Emptied folder: C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\402h9jxa.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/28/2014 at 16:50:25.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[bomatt]

malwarebytes is 122kb which is over the limit so could you check those for me then ill post the other ones.

 

[bomatt]

well, otl and malwarebytes files are too big...mwb is 122kb and otl is 155kb. so what should i do?

 

[johnb35]

No need to attach your logs, just copy and paste them into your reply. Thanks. I'll copy and paste them into your reply so its easier to read.

When you ran adwcleaner, you didn't press the clean button to physically delete what it found.

 

[spirit]

I'm not intending to derail this thread at all, just merely commenting on something that was found.

It's very interesting that this is an HP laptop and RegClean Pro was found. A friend of mine bought an HP laptop recently and he got me to have a look at it yesterday because this 'RegClean Pro' thing kept popping up. I removed it with AdwCleaner and JRT and MWB, but is this being pre-installed on HP machines? He had downloaded a screensaver and I wondered if that had installed it.

 

[johnb35]

No, it is not preinstalled on any laptop. It is malware that is installed along side of many garbage programs.

 

[bomatt]

im deleting all the threats...

why the hell is this happening...

it's a brand new computer.

what programs should i be getting rid of

 

[bomatt]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/28/2014
Scan Time: 8:02:35 PM
Logfile: malbyt.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.28.06
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Matthew

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297468
Time Elapsed: 13 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 6
PUP.Optional.SafeWeb.A, C:\ProgramData\sEtVCMaBoL\GyQwVRZ.exe, 2432, Delete-on-Reboot, [35c1606b04774ceac11f474d3ac72ed2]
Adware.EoRezo, C:\Users\Matthew\AppData\Local\ospd_us_47\upospd_us_47.exe, 4632, Delete-on-Reboot, [00f6606b4c2fe84e2f2e98cacd378d73]
PUP.Optional.SmarterPower.A, C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe, 2068, Delete-on-Reboot, [2acc6a61adce201614a18329837e56aa]
PUP.Optional.ToggleMark.A, C:\Program Files (x86)\ToggleMark\updateToggleMark.exe, 3600, Delete-on-Reboot, [678f527983f842f4f58f3a3e91703cc4]
PUP.Optional.ToggleMark.A, C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe, 7748, Delete-on-Reboot, [7c7a85461e5db87e4b39a3d5c33e4fb1]
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Client.exe, 4432, Delete-on-Reboot, [08eedeed7a0144f2a5ca7f47a959b24e]

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.ToggleMark.A, HKLM\SOFTWARE\WOW6432NODE\ToggleMark, Quarantined, [e313a7242d4ebf77a47da7671ee53ac6],

Registry Values: 1
Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|upospd_us_47.exe, C:\Users\Matthew\AppData\Local\ospd_us_47\upospd_us_47.exe -runonce, Quarantined, [00f6606b4c2fe84e2f2e98cacd378d73]

Registry Data: 0
(No malicious items detected)

Folders: 9
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\databases, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\GPUCache, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\IndexedDB, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\Local Storage, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab, Delete-on-Reboot, [08eedeed7a0144f2a5ca7f47a959b24e],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, Delete-on-Reboot, [a74f02c9ee8dd36322556681c53d1ee2],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS, Delete-on-Reboot, [a74f02c9ee8dd36322556681c53d1ee2],

Files: 28
PUP.Optional.SafeWeb.A, C:\ProgramData\sEtVCMaBoL\GyQwVRZ.exe, Delete-on-Reboot, [35c1606b04774ceac11f474d3ac72ed2],
Adware.EoRezo, C:\Users\Matthew\AppData\Local\ospd_us_47\upospd_us_47.exe, Delete-on-Reboot, [00f6606b4c2fe84e2f2e98cacd378d73],
PUP.Optional.SmarterPower.A, C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe, Delete-on-Reboot, [2acc6a61adce201614a18329837e56aa],
PUP.Optional.ToggleMark.A, C:\Program Files (x86)\ToggleMark\updateToggleMark.exe, Delete-on-Reboot, [678f527983f842f4f58f3a3e91703cc4],
PUP.Optional.ToggleMark.A, C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe, Delete-on-Reboot, [7c7a85461e5db87e4b39a3d5c33e4fb1],
PUP.Optional.SafeWeb.A, C:\ProgramData\sEtVCMaBoL\dat\PdGOBKEaII.exe, Delete-on-Reboot, [ca2c6f5ccead072f5987e1b3956ca55b],
PUP.Optional.SafeWeb.A, C:\ProgramData\sEtVCMaBoL\dat\svQeUHHsr.exe, Delete-on-Reboot, [c630b01bb0cbdd5970702b690ef303fd],
PUP.Optional.SafeWeb.A, C:\ProgramData\sEtVCMaBoL\dat\wTqDsU.dll, Delete-on-Reboot, [0bebdaf1e89345f1fe9ab71fdf2519e7],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\QuotaManager-journal, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\cookies, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\cookies-journal, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\lockfile, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\QuotaManager, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\databases\Databases.db, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\databases\Databases.db-journal, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, c:\Users\Matthew\AppData\Local\Gameo\GPUCache\data_0, Quarantined, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, c:\Users\Matthew\AppData\Local\Gameo\GPUCache\data_1, Quarantined, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, c:\Users\Matthew\AppData\Local\Gameo\GPUCache\data_2, Quarantined, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, c:\Users\Matthew\AppData\Local\Gameo\GPUCache\data_3, Quarantined, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, c:\Users\Matthew\AppData\Local\Gameo\GPUCache\index, Quarantined, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\LOG, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000002, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\Local Storage\file__0.localstorage, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.Gameo.A, C:\Users\Matthew\AppData\Local\Gameo\Local Storage\file__0.localstorage-journal, Delete-on-Reboot, [589ec308b7c441f510091637f0146997],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Client.exe, Delete-on-Reboot, [08eedeed7a0144f2a5ca7f47a959b24e],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, Delete-on-Reboot, [a74f02c9ee8dd36322556681c53d1ee2],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[bomatt]

Im running otl right now but after taking care of the threats the mwb found it seems like the pop up problem really cleared up. I was getting 3 pop ups per page on this website now im getting none, havent checked other sites yet but i can tell its a little better.

still a little slow though. it's still performing a little weak for a new computer.

i want to go ahead and pretty much take all these pre installed programs and get them out of here. Im gonna keep all 4 of these tools though. seem to work okay.

im probably go ahead and uninstall all the anti virus software that came with the computer and go ahead and download avast!

i have heard it works pretty well

if yuou guys can point out my main problem i would appreciate it....any advice will be appreciated also.

thanks

 

[johnb35]

I had to run out for awhile so I'm back. Please run OTL and post the log. I will probably have you run a different program and post 2 logs from it so we can get your computer clean. In fact go ahead and do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:

• The ComboFix log
• An update on how your computer is running

After combofix has ran, I also need you to post a log that combofix produces but doesn't automatically show you. PLease navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.

 

[bomatt]

Wll...I was running malware bytes....i deleted everything that was quarantined and now firefox and ie cant connect to the internet. it's saying that it can't find the proxy server. wtf did i do? this is complete bullshit that this computer had all this shit on it right out of the box. I'm nottoo happy about this. if you could help me connect back to the internet i can get the information you need to help me clean my pc. thanks.

 

[johnb35]

Go into control panel click on internet options, click on connections tab, click on lan settings button and uncheck the box for proxy settings, click ok. Malware will usually enable the proxy setting. You should have internet back after unchecking the box.

 

[bomatt]

Go into control panel click on internet options, click on connections tab, click on lan settings button and uncheck the box for proxy settings, click ok. Malware will usually enable the proxy setting. You should have internet back after unchecking the box.

Thanks, I'm in class right now on school computers. When I get home I'll change the internet settings and get back to you about cleaning this piece of shit up. Thanks for the help everyone.

 

[bomatt]

Aight fella's

Let me give you guys an update really quick....working on Old Timer scan. Will post it shortly.

BTW, thanks john for helping me restore my internet, lol. sheesh, i feel like an idiot, it was that easy. anyhoo, thanks.

And....my computer is running a lot smoooother now!! No popups, no ads running in the background. Quick response to clicking links..it feels, about 80% better than what is was before i started posting here.

 

[bomatt]

Should I be running that software every couple weeks or something just to keep it clean?

And, is there any anti-virus software you guys recommend?

 

[voyagerfan99]

Avast! free will be a fine antivirus. You can run CCleaner every few weeks to clear out temp files.

 

[johnb35]

You can run adwcleaner, junkware removal and malwarebytes whenever you want. OTL won't delete anything without running a special fix so it won't do any good to run that.

 

[bomatt]

You can run adwcleaner, junkware removal and malwarebytes whenever you want. OTL won't delete anything without running a special fix so it won't do any good to run that.

Well I already have all of those except avast. So looks like I'm in good shape guys! Thanks again!