Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2 3  All   Go Down

Author Topic: Slow startup because of some virus on my computer  (Read 16396 times)

0 Members and 1 Guest are viewing this topic.

bombaykid

    Topic Starter


    Intermediate

    Slow startup because of some virus on my computer
    « on: February 14, 2015, 11:42:32 AM »
    My start up is 5 min. and my computer has few virus as per my free software scaning for problem, Can some one help me in clearing my computer for all virus.
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Slow startup because of some virus on my computer
    « Reply #1 on: February 14, 2015, 12:08:43 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    StartupLite

    Download StartupLite by MalwareBytes to your Desktop.
    Doubleclick StartupLite.exe to launch the program.
    Ensure the Disable box is checked.
    Click Continue.
    A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
    Re-start your computer.
    ************************************************
    Please download AdwCleaner by Xplode onto your Desktop.

    Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
    When the AdwCleaner program will open, click on the Scan button as shown below.



    AdwCleaner will now start to search for malicious files that may be installed on your computer.
    To remove the files that were detected in the previous step, please click on the Clean button.



    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
    Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
    *********************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • It should update automatically if the computer is connected to the internet.
    • Click on Threat Scan and click on Scan Now.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
    • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
    • When disinfection is completed you can click on "Copy to Clipboard".
    • Paste the log in you next reply (CTRL+ V)
    *************************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    ********************************************
    Download Security Check by screen317 from one of the following links and save it to your desktop.

    Link 1
    Link 2

    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    bombaykid

      Topic Starter


      Intermediate

      Re: Slow startup because of some virus on my computer
      « Reply #2 on: February 14, 2015, 12:39:26 PM »
      I down loaded Startuplite.exe on my desktop and tried to run I get following massage:
       "Error Value, superjavaupdatesched. There was error creating msconfig key"
      Logged

      bombaykid

        Topic Starter


        Intermediate

        Re: Slow startup because of some virus on my computer
        « Reply #3 on: February 14, 2015, 01:04:57 PM »
        here is Adwcleaner report

        # AdwCleaner v4.110 - Logfile created 14/02/2015 at 11:54:21
        # Updated 05/02/2015 by Xplode
        # Database : 2015-02-14.2 [Server]
        # Operating system : Windows 7 Professional Service Pack 1 (x64)
        # Username : Mehta - MEHTA-HP
        # Running from : C:\Users\Mehta\Desktop\adwcleaner_4.110.exe
        # Option : Cleaning

        ***** [ Services ] *****

        Service Deleted : YahooAUService

        ***** [ Files / Folders ] *****

        Folder Deleted : C:\ProgramData\apn
        Folder Deleted : C:\ProgramData\Babylon
        • Folder Deleted : C:\ProgramData\BitGuard
        • Folder Deleted : C:\ProgramData\Browser Manager
        • Folder Deleted : C:\ProgramData\BrowserProtect

        Folder Deleted : C:\ProgramData\ParetoLogic
        Folder Deleted : C:\ProgramData\PC Optimizer Pro
        Folder Deleted : C:\ProgramData\SearchModule
        Folder Deleted : C:\ProgramData\SpeedMaxPc
        Folder Deleted : C:\ProgramData\Tarma Installer
        Folder Deleted : C:\ProgramData\WPM
        Folder Deleted : C:\ProgramData\Allmyapps
        Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
        Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
        Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rich Media Player
        Folder Deleted : C:\Program Files (x86)\Conduit
        Folder Deleted : C:\Program Files (x86)\FastMediaConverter
        Folder Deleted : C:\Program Files (x86)\Flash Player Pro
        Folder Deleted : C:\Program Files (x86)\globalUpdate
        Folder Deleted : C:\Program Files (x86)\InboxAce_1gEI
        Folder Deleted : C:\Program Files (x86)\JustCloud
        Folder Deleted : C:\Program Files (x86)\Mobogenie
        Folder Deleted : C:\Program Files (x86)\OApps
        Folder Deleted : C:\Program Files (x86)\predm
        Folder Deleted : C:\Program Files (x86)\RegClean Pro
        Folder Deleted : C:\Program Files (x86)\SearchProtect
        Folder Deleted : C:\Program Files (x86)\Software Updater
        Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
        Folder Deleted : C:\Program Files (x86)\t4pc_en_4
        Folder Deleted : C:\Program Files (x86)\VideoConverter
        Folder Deleted : C:\Windows\SysWOW64\SearchProtect
        Folder Deleted : C:\Program Files\FreeFixer
        Folder Deleted : C:\Program Files\Linksicle
        Folder Deleted : C:\Program Files\PC Optimizer Pro
        Folder Deleted : C:\Users\Mehta\AppData\Local\Conduit
        Folder Deleted : C:\Users\Mehta\AppData\Local\FreeFixer
        Folder Deleted : C:\Users\Mehta\AppData\Local\genienext
        Folder Deleted : C:\Users\Mehta\AppData\Local\globalUpdate
        Folder Deleted : C:\Users\Mehta\AppData\Local\Mobogenie
        Folder Deleted : C:\Users\Mehta\AppData\Local\SwvUpdater
        Folder Deleted : C:\Users\Mehta\AppData\Local\t4pc_en_4
        Folder Deleted : C:\Users\Mehta\AppData\Local\torch
        Folder Deleted : C:\Users\Mehta\AppData\Local\CrashRpt
        Folder Deleted : C:\Users\Mehta\AppData\Local\Rich Media Player
        Folder Deleted : C:\Users\Mehta\AppData\LocalLow\Conduit
        Folder Deleted : C:\Users\Mehta\AppData\LocalLow\Delta
        Folder Deleted : C:\Users\Mehta\AppData\LocalLow\iac
        Folder Deleted : C:\Users\Mehta\AppData\LocalLow\InboxAce_1gEI
        Folder Deleted : C:\Users\Mehta\AppData\LocalLow\Mysearchdial
        Folder Deleted : C:\Users\Mehta\AppData\LocalLow\PriceGong
        Folder Deleted : C:\Users\Mehta\AppData\LocalLow\searchresultstb
        Folder Deleted : C:\Users\Mehta\AppData\LocalLow\SweetIM
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\Activeris
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\Babylon
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\DriverCure
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\FastMediaConverter
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\FreeFixer
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\ParetoLogic
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\pdfforge
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\SpeedMaxPc
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\Systweak
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\UpdaterEX
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\Allmyapps
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
        Folder Deleted : C:\Users\Mehta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
        Folder Deleted : C:\Users\Mehta\Documents\Flash Player Pro
        Folder Deleted : C:\Users\Mehta\Documents\Mobogenie
        Folder Deleted : C:\Users\Mehta\Documents\Optimizer Pro
        Folder Deleted : C:\Users\Mehta\Documents\video download converter
        Folder Deleted : C:\Users\Mehta\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni
        File Deleted : C:\END
        File Deleted : C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe
        File Deleted : C:\Windows\Reimage.ini
        File Deleted : C:\Users\Mehta\daemonprocess.txt
        File Deleted : C:\Users\Mehta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Video Converter.lnk
        File Deleted : C:\Users\Mehta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

        ***** [ Scheduled tasks ] *****

        Task Deleted : LaunchApp
        Task Deleted : ShopperPro
        Task Deleted : ShopperProJSUpd
        Task Deleted : SPDriver
        Task Deleted : UpdaterEX
        Task Deleted : PC Optimizer Pro Idle
        Task Deleted : YTDownloaderUpd

        ***** [ Shortcuts ] *****


        ***** [ Registry ] *****

        Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
        Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
        Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
        Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
        Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
        Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
        Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\doagiokpgboiomffjfhaiimafndmmpni
        Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fkcdbkhjcaljlfolhllfneigeepmjfim
        Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
        Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
        Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
        Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
        Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
        Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
        Key Deleted : HKCU\Software\f57d78bb26fed43
        Key Deleted : HKLM\SOFTWARE\f57d78bb26fed43
        Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287375
        Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
        Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
        Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
        Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
        Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FEB703F7-E7B2-4AB0-9566-87658AC70095}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
        Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
        Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA021789-C8CD-4676-BC40-90077A19D5CD}
        Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
        Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
        Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
        Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
        Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
        Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
        Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
        Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
        Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{76DEA721-3FAB-4F98-AC25-E93848E0142A}
        Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}
        Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F59324E0-6FF4-4C7F-ACF9-3A5CE8E12068}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
        Key Deleted : HKCU\Software\Conduit
        Key Deleted : HKCU\Software\GlobalUpdate
        Key Deleted : HKCU\Software\IM
        Key Deleted : HKCU\Software\ImInstaller
        Key Deleted : HKCU\Software\ParetoLogic
        Key Deleted : HKCU\Software\pc optimizer pro
        Key Deleted : HKCU\Software\SoftwareUpdater
        Key Deleted : HKCU\Software\SpeedMaxPC
        Key Deleted : HKCU\Software\torch
        Key Deleted : HKCU\Software\Tutorials
        Key Deleted : HKCU\Software\TutoTag
        Key Deleted : HKCU\Software\UpdaterEX
        Key Deleted : HKCU\Software\Reimage
        Key Deleted : HKCU\Software\DownLite
        Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
        Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
        Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
        Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
        Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
        Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
        Key Deleted : HKLM\SOFTWARE\aartemisSoftware
        Key Deleted : HKLM\SOFTWARE\Babylon
        Key Deleted : HKLM\SOFTWARE\Conduit
        Key Deleted : HKLM\SOFTWARE\GlobalUpdate
        Key Deleted : HKLM\SOFTWARE\InstallCore
        Key Deleted : HKLM\SOFTWARE\ParetoLogic
        Key Deleted : HKLM\SOFTWARE\SpeedMaxPC
        Key Deleted : HKLM\SOFTWARE\supWPM
        Key Deleted : HKLM\SOFTWARE\systweak
        Key Deleted : HKLM\SOFTWARE\torch
        Key Deleted : HKLM\SOFTWARE\Tutorials
        Key Deleted : HKLM\SOFTWARE\Uniblue
        Key Deleted : HKLM\SOFTWARE\Taronja
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\t4pc_en_4_is1
        Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
        Key Deleted : [x64] HKLM\SOFTWARE\Reimage
        Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
        Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
        Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
        Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe

        ***** [ Web browsers ] *****

        -\\ Internet Explorer v11.0.9600.17631

        Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
        Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
        Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

        -\\ Mozilla Firefox v30.0 (en-GB)

        [kizxteyl.default\prefs.js] - Line Deleted : user_pref("extensions.afaf73efed6aa46eb8014e0b47ac 07eada90d6ab4be694e96a9791fd9c1ae6f92co m58488.58488.internaldb.__ICM_DOWNLOADS __blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22ama[...]
        [kizxteyl.default\prefs.js] - Line Deleted : user_pref("extensions.afaf73efed6aa46eb8014e0b47ac 07eada90d6ab4be694e96a9791fd9c1ae6f92co m58488.58488.internaldb.monetization_pl ugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
        [kizxteyl.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "147557d2937a8e9191c61d84c1f3c057");
        [kizxteyl.default\prefs.js] - Line Deleted : user_pref("iminent.enabledAds", "false");

        -\\ Google Chrome v40.0.2214.111


        *************************

        AdwCleaner[R0].txt - [24968 bytes] - [14/02/2015 11:51:16]
        AdwCleaner[S0].txt - [20186 bytes] - [14/02/2015 11:54:21]

        ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20246  bytes] ##########

        [attachment deleted by admin to conserve space]
        « Last Edit: February 14, 2015, 07:02:37 PM by SuperDave »
        Logged

        bombaykid

          Topic Starter


          Intermediate

          Re: Slow startup because of some virus on my computer
          « Reply #4 on: February 14, 2015, 02:26:46 PM »
          ran malware,
          log is attached

          [attachment deleted by admin to conserve space]
          Logged

          bombaykid

            Topic Starter


            Intermediate

            Re: Slow startup because of some virus on my computer
            « Reply #5 on: February 14, 2015, 02:46:04 PM »
            Ran JRT
            Log enclosed
            Junkware Removal Tool (JRT) by Thisisu
            Version: 6.4.2 (02.02.2015:1)
            OS: Windows 7 Professional x64
            Ran by Mehta on 02/14/2015 at 13:39:06.67
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




            ~~~ Services



            ~~~ Registry Values

            Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



            ~~~ Registry Keys

            Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update secretsauce
            Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}
            Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}
            Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF3CB363-38C4-4DA3-B398-DE6184A7819B}
            Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{EF3CB363-38C4-4DA3-B398-DE6184A7819B}
            Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF3CB363-38C4-4DA3-B398-DE6184A7819B}
            Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{EF3CB363-38C4-4DA3-B398-DE6184A7819B}



            ~~~ Files

            Successfully deleted: [File] C:\Windows\Tasks\PC Optimizer Pro64 startups.job
            Successfully deleted: [File] "C:\Windows\wininit.ini"



            ~~~ Folders

            Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
            Successfully deleted: [Folder] "C:\Users\Mehta\AppData\Roaming\sparktrust"
            Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



            ~~~ FireFox

            Emptied folder: C:\Users\Mehta\AppData\Roaming\mozilla\firefox\profiles\kizxteyl.default\minidumps [3 files]



            ~~~ Event Viewer Logs were cleared





            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            Scan was completed on 02/14/2015 at 13:42:45.17
            End of JRT log
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


            [attachment deleted by admin to conserve space]
            Logged

            bombaykid

              Topic Starter


              Intermediate

              Re: Slow startup because of some virus on my computer
              « Reply #6 on: February 14, 2015, 02:51:13 PM »
              Ran security checkhere is the copy of notpad:

               UNSUPPORTED OPERATING SYSTEM! ABORTED!
              Logged

              SuperDave

              • Malware Removal Specialist
              • Moderator


                • Genius
                • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Slow startup because of some virus on my computer
              « Reply #7 on: February 14, 2015, 07:04:12 PM »
              Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

              What AV are you using and is it up to date?

              Malwarebytes' Anti-Rootkit

              Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
              • Be sure to print out and follow the instructions provided on that same page for performing a scan.
              • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
              • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
              • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
              • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
              • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
              • Copy and paste the contents of these two log files in your next reply.
              Logged
              Windows 8 and Windows 10 dual boot with two SSD's

              bombaykid

                Topic Starter


                Intermediate

                Re: Slow startup because of some virus on my computer
                « Reply #8 on: February 15, 2015, 09:08:56 AM »
                I am using AVAST software for virus protection.
                I am afraid to down load  Malwarebytes' Anti-Rootkit and save it to your desktop. because i am technically not that good and if this program is new ,  i might make some mistake create more problems.
                Is it possible to look at the report from all the other reports i have run and sent to you to avoid ruining  Malwarebytes' Anti-Rootkit
                Logged

                SuperDave

                • Malware Removal Specialist
                • Moderator


                  • Genius
                  • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Slow startup because of some virus on my computer
                « Reply #9 on: February 15, 2015, 10:50:59 AM »
                All the programs I ask you to run are safe to use. I need to see the log to make sure your computer is clean.
                Logged
                Windows 8 and Windows 10 dual boot with two SSD's

                bombaykid

                  Topic Starter


                  Intermediate

                  Re: Slow startup because of some virus on my computer
                  « Reply #10 on: February 15, 2015, 11:28:36 AM »
                  Cleanup:
                  Congratulations, no cleanup is required
                  Scan Finished: no malware found!
                  Logged

                  bombaykid

                    Topic Starter


                    Intermediate

                    Re: Slow startup because of some virus on my computer
                    « Reply #11 on: February 15, 2015, 11:30:40 AM »
                    Supper Dave:

                    I ran the program, no malware found.
                    Logged

                    bombaykid

                      Topic Starter


                      Intermediate

                      Re: Slow startup because of some virus on my computer
                      « Reply #12 on: February 16, 2015, 09:26:30 AM »
                      Ran  Malwarebytes' Anti-Rootkit .
                      Result
                      Cleanup:
                      Congratulations, no cleanup is required
                      Scan Finished: no malware found!
                      Logged

                      bombaykid

                        Topic Starter


                        Intermediate

                        Re: Slow startup because of some virus on my computer
                        « Reply #13 on: February 16, 2015, 12:33:17 PM »
                        Hi Sper Dave:
                        What do I do next?
                        How do I uninstall all those software which i down loaded and they are on my desk top?
                        Logged

                        SuperDave

                        • Malware Removal Specialist
                        • Moderator


                          • Genius
                          • Thanked: 1020
                        • Certifications: List
                        • Experience: Expert
                        • OS: Windows 10
                        Re: Slow startup because of some virus on my computer
                        « Reply #14 on: February 16, 2015, 03:31:26 PM »
                        One more scan and then we can do some clean up.

                        I'd like to scan your machine with ESET OnlineScan

                        •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                        ESET OnlineScan

                        •Click the button.
                        •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                        • Click on to download the ESET Smart Installer. Save it to your desktop.
                        • Double click on the icon on your desktop.
                        •Check
                        •Click the button.
                        •Accept any security warnings from your browser.
                        • Leave the check mark next to Remove found threats.
                        •Check
                        •Push the Start button.
                        •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                        •When the scan completes, push
                        •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                        •Push the button.
                        •Push
                        A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                        Logged
                        Windows 8 and Windows 10 dual boot with two SSD's
                        Pages: [1] 2 3  All   Go Up
                        « previous next »