Author Topic: [In Progress] Avira suspicious files warning, slow internet  (Read 6602 times)

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 445
Re: Avira suspicious files warning, slow internet
« Reply #30 on: January 02, 2017, 09:20:23 AM »


  Apologies, outdated instructions given.Thank you for stopping & asking.

 Please run AdwCleaner again

  If you no longer have a copy:-

Please download & run as Administrator AdwCleaner & save to your desktop
How to
Run As Administrator

  If you have a copy:-
  • Close all open programs & internet browsers.
  • Double click the AdwCleaner icon on your desktop.
  • Click on the Scan in the Actions box
       
  • Please wait for the scan to finish..
  • When "Waiting for action...." shows in top line..
  • If you see a program itemised below, that you want to keep, Uncheck it & it will not be removed
       
  • Next click on the Clean box.
       
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
       
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply....
  • If you lose track of the log, it is saved in this folder C:\AdwCleaner\

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
Close your browser and double click the AdwCleaner icon on your desktop.
Platypuss

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #31 on: January 02, 2017, 01:09:57 PM »
The first scan said AdwCleaner didn't find anything. But what about the files that were found in RogueKiller. The website said the files are unnecessary for home computers and can cause malware and slow internet connections. Should they be removed? Also, one thing I forgot is while RogueKiller was scanning I think I saw the name Azureus in the folder "appdata" I'm not sure if it matters, though. Here is the log from AdwCleaner


# AdwCleaner v6.041 - Logfile created 02/01/2017 at 10:59:33
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-02.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Katrina - TRINA-PC
# Running from : C:\Users\Katrina\Desktop\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2034 Bytes] - [17/06/2016 08:33:46]
C:\AdwCleaner\AdwCleaner[C2].txt - [3933 Bytes] - [17/06/2016 20:27:33]
C:\AdwCleaner\AdwCleaner[C3].txt - [3562 Bytes] - [17/06/2016 23:37:14]
C:\AdwCleaner\AdwCleaner[C4].txt - [9814 Bytes] - [20/12/2016 10:59:26]
C:\AdwCleaner\AdwCleaner[C5].txt - [1877 Bytes] - [23/12/2016 18:19:06]
C:\AdwCleaner\AdwCleaner[C6].txt - [1119 Bytes] - [02/01/2017 10:59:33]
C:\AdwCleaner\AdwCleaner[S10].txt - [2170 Bytes] - [27/12/2016 02:52:30]
C:\AdwCleaner\AdwCleaner[S11].txt - [2244 Bytes] - [31/12/2016 15:10:54]
C:\AdwCleaner\AdwCleaner[S12].txt - [2318 Bytes] - [02/01/2017 10:55:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [2451 Bytes] - [17/06/2016 07:53:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [1522 Bytes] - [17/06/2016 08:05:20]
C:\AdwCleaner\AdwCleaner[S3].txt - [1991 Bytes] - [17/06/2016 08:10:05]
C:\AdwCleaner\AdwCleaner[S4].txt - [2064 Bytes] - [17/06/2016 08:16:24]
C:\AdwCleaner\AdwCleaner[S5].txt - [4091 Bytes] - [17/06/2016 20:24:23]
C:\AdwCleaner\AdwCleaner[S6].txt - [3150 Bytes] - [17/06/2016 23:36:00]
C:\AdwCleaner\AdwCleaner[S7].txt - [9386 Bytes] - [20/12/2016 10:52:46]
C:\AdwCleaner\AdwCleaner[S8].txt - [1948 Bytes] - [20/12/2016 11:06:49]
C:\AdwCleaner\AdwCleaner[S9].txt - [2013 Bytes] - [23/12/2016 18:18:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [2071 Bytes] ##########




# AdwCleaner v6.041 - Logfile created 02/01/2017 at 10:55:00
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-02.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Katrina - TRINA-PC
# Running from : C:\Users\Katrina\Desktop\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2034 Bytes] - [17/06/2016 08:33:46]
C:\AdwCleaner\AdwCleaner[C2].txt - [3933 Bytes] - [17/06/2016 20:27:33]
C:\AdwCleaner\AdwCleaner[C3].txt - [3562 Bytes] - [17/06/2016 23:37:14]
C:\AdwCleaner\AdwCleaner[C4].txt - [9814 Bytes] - [20/12/2016 10:59:26]
C:\AdwCleaner\AdwCleaner[C5].txt - [1877 Bytes] - [23/12/2016 18:19:06]
C:\AdwCleaner\AdwCleaner[S10].txt - [2170 Bytes] - [27/12/2016 02:52:30]
C:\AdwCleaner\AdwCleaner[S11].txt - [2244 Bytes] - [31/12/2016 15:10:54]
C:\AdwCleaner\AdwCleaner[S12].txt - [1507 Bytes] - [02/01/2017 10:55:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [2451 Bytes] - [17/06/2016 07:53:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [1522 Bytes] - [17/06/2016 08:05:20]
C:\AdwCleaner\AdwCleaner[S3].txt - [1991 Bytes] - [17/06/2016 08:10:05]
C:\AdwCleaner\AdwCleaner[S4].txt - [2064 Bytes] - [17/06/2016 08:16:24]
C:\AdwCleaner\AdwCleaner[S5].txt - [4091 Bytes] - [17/06/2016 20:24:23]
C:\AdwCleaner\AdwCleaner[S6].txt - [3150 Bytes] - [17/06/2016 23:36:00]
C:\AdwCleaner\AdwCleaner[S7].txt - [9386 Bytes] - [20/12/2016 10:52:46]
C:\AdwCleaner\AdwCleaner[S8].txt - [1948 Bytes] - [20/12/2016 11:06:49]
C:\AdwCleaner\AdwCleaner[S9].txt - [2013 Bytes] - [23/12/2016 18:18:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S12].txt - [2238 Bytes] ##########

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 445
Re: Avira suspicious files warning, slow internet
« Reply #32 on: January 03, 2017, 09:22:00 AM »


 
 
Quote
I didn't remove the files RogueKiller found because I wanted to check and make sure it was ok too.
   
  Scanners can produce false positives. This is why I did not ask you to delete anything on that first run.
  I have now finished researching it. So please run it again & delete all that it finds
  Please post the resultant log here.
 
  Regarding Azureus, if you believe you saw it in your appdata folder when RogueKiller was running, I suggest that you
  do a manual search as described HERE
  Good luck if you ask Cortana !
  Platypuss
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #33 on: January 03, 2017, 03:15:59 PM »
I ran RogueKiller and deleted those files. As for Vuze it seems to be still installed. I typed Azureus in and Vuze came up. I accidentally clicked it and the app came up with an upgrade window. I clicked the x to close it and the program window. Should I try rerunning Revo Uninstaller? Here is the RogueKiller log. Thank you

RogueKiller V12.9.1.0 (x64) [Jan  2 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Katrina [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 01/03/2017 10:42:22 (Duration : 00:15:58)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3486530618-2175211192-3325098576-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3486530618-2175211192-3325098576-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {18EED226-758E-4552-8263-FFBD4B547CE1} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [-] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D2A0D8E0-6D12-41F9-B7C6-21D254082CBF} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\NexonUS\NGM\NGM.exe|Name=Nexon Game Manager| [-] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Firefox:Config] guklx149.default-1466234566196 : user_pref("browser.startup.homepage", "https://habitica.com/#/tasks"); -> Replaced (about:home)
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [yahoo.com Search] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON RBU-SNS8100S3256GD +++++
--- User ---
[MBR] 459598a81f06d68b9177237d5fa6f1e7
[BSP] b7f7530a614f6d83c0f57779c109bbee : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1230848 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1845248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2107392 | Size: 226612 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 466208768 | Size: 16557 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10JPVX-22JC3T0 +++++
--- User ---
[MBR] 04055154c02fb730d97a1b29484f7041
[BSP] a6e32471d2321eadd36c1ef8622764ce : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 953868 MB
User = LL1 ... OK
User = LL2 ... OK




Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 445
Re: Avira suspicious files warning, slow internet
« Reply #34 on: January 04, 2017, 11:50:54 AM »
 

 
Azureus (Renamed Vuze) is very difficult to totally remove.
I believe that the program has probably been uninstalled
I am unsure why SystemLook did not find anything on your first run
so please uninstall/delete your existing copy & download another:-


  ---------------------------------------------
Run A Scan With SystemLook
Please download SystemLook from the download mirror and save it to your Desktop.
Download Mirror HERE
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

    Double-click SystemLook.exe to run it. OK the User Account Control.
    Copy the content of the following codebox into the main textfield:
   
Code: [Select]
    :filefind
    *Vuze*
    *Azureus*
    :folderfind
    *Vuze*
    *Azureus
     :regfind
    *Vuze*
    *Azureus*

    Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The results log can also be found on your Desktop, entitled SystemLook.txt


If it fails again, navigate into your Appdata folder & manually delete any filepath with Azureus in it.

Platypuss.


Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #35 on: January 04, 2017, 02:24:04 PM »
The problem seemed to be the spaces. I tried deleting the spaces after pasting it in the search box and it worked. Not sure why it seems to be back, though. I had tried to uninstall it awhile ago, so I was a bit surprised when you mentioned it earlier.

SystemLook 30.07.11 by jpshortstuff
Log created at 12:17 on 04/01/2017 by Katrina
Administrator - Elevation successful

========== filefind ==========

Searching for "*Vuze*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk   --a---- 873 bytes   [17:01 27/10/2016]   [17:01 27/10/2016] F340B071151B9B4FC2B2C9C3255552F7
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Vuze.lnk   --a---- 873 bytes   [17:01 27/10/2016]   [17:01 27/10/2016] F340B071151B9B4FC2B2C9C3255552F7
C:\Users\Katrina\AppData\Local\Microsoft\Internet Explorer\DOMStore\5B1YI3AV\client.vuze[1].xml   --a---- 13 bytes   [06:19 13/06/2016]   [06:19 13/06/2016] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Katrina\AppData\Local\Microsoft\Internet Explorer\DOMStore\NRVU9L07\client.vuze[1].xml   --a---- 13 bytes   [17:40 01/11/2016]   [17:40 01/11/2016] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Katrina\AppData\Local\Temp\Vuze_5.7.4.0a_win32.zip   --a---- 12175996 bytes   [17:54 03/01/2017]   [17:54 03/01/2017] EA18521D9BCB1BABE1EF118116D00C99
C:\Users\Katrina\AppData\Roaming\Azureus\VuzeActivities.config   --a---- 951 bytes   [06:19 13/06/2016]   [18:41 03/01/2017] 7BD98CA155A336980B411CE9A7BD0F1D
C:\Users\Katrina\AppData\Roaming\Azureus\VuzeActivities.config.bak   --a---- 951 bytes   [18:41 03/01/2017]   [18:41 03/01/2017] 7BD98CA155A336980B411CE9A7BD0F1D
C:\Users\Katrina\AppData\Roaming\Azureus\subs\DD288CFFEB6107B4AAD0.vuze   --a---- 1337 bytes   [17:54 03/01/2017]   [17:54 03/01/2017] 13D26C4EBE42205E33556DA0F86830C3
C:\Users\Katrina\AppData\Roaming\Azureus\tmp\AZU860153784949550015.tmp\Vuze_5.7.4.0a_win32.exe   --a---- 13367984 bytes   [17:54 03/01/2017]   [17:54 03/01/2017] 1BC3C7A7F63E738DF240880CFC5D6EBE
C:\Users\Katrina\Downloads\VuzeBittorrentClientInstaller.exe   --a---- 91808 bytes   [06:18 13/06/2016]   [16:48 27/10/2016] 037D91C5C06601B3D6EAB400EF72157E

Searching for "*Azureus*"
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.config   --a---- 9425 bytes   [06:19 13/06/2016]   [18:41 03/01/2017] 8AD751FFAB14A5586B0D0078677C8B42
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.config.bak   --a---- 9430 bytes   [16:57 01/11/2016]   [18:41 03/01/2017] FA1D30D1218E5279A1C0E515EAB2979E
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.statistics   --a---- 269 bytes   [06:29 13/06/2016]   [18:41 03/01/2017] B3E13E37EB958D7F0E1E93D5E8275046
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.statistics.bak   --a---- 269 bytes   [17:07 01/11/2016]   [18:41 03/01/2017] 913E0A7BC358B486415286F938D0A263
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aefeatman_v\azureus.sig   --a---- 160 bytes   [17:01 27/10/2016]   [05:15 19/11/2014] 261A5C47A183C000C25828FFAB5774AC
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azitunes\azureus.sig   --a---- 160 bytes   [17:01 27/10/2016]   [22:12 24/06/2014] 4C0259EAF91BBD188A47CA29E3D00B60
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aznettor\azureus.sig   --a---- 160 bytes   [17:01 27/10/2016]   [17:46 11/12/2015] 9DBA6198AD27043DEEF7D935A05DBC4A
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aznettor\AzureusTor.exe   --a---- 1523528 bytes   [17:01 27/10/2016]   [17:46 11/12/2015] 40880B567204ABDB8CEE97A1494BD344
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azpromo\azureus.sig   --a---- 160 bytes   [17:01 27/10/2016]   [18:26 12/05/2016] C497AB5C926C43D0932ECDD391489861
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azutp\azureus.sig   --a---- 160 bytes   [17:01 27/10/2016]   [21:51 14/03/2016] E0E0C4228F2926B67BB4622AA955E408
C:\Windows\Prefetch\AZUREUS.EXE-E591400B.pf   --a---- 29903 bytes   [17:54 03/01/2017]   [17:54 03/01/2017] 36A095A431D27725195BB654647278BB

========== folderfind ==========

Searching for "*Vuze*"
C:\Users\Katrina\Documents\Vuze Downloads   d------   [06:19 13/06/2016]

Searching for "*Azureus"
C:\Users\Katrina\AppData\Roaming\Azureus   d------   [06:19 13/06/2016]

========== regfind ==========

Searching for "*Vuze*"
No data found.

Searching for "*Azureus*"
No data found.

-= EOF =-

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 445
Re: Avira suspicious files warning, slow internet
« Reply #36 on: January 05, 2017, 10:41:34 AM »


   Let us see if FRST can find them now.
   
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are on the Desktop or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




Code: [Select]
Start:
CloseProcesses:
CreateRestorePoint:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk   
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Vuze.lnk   
C:\Users\Katrina\AppData\Local\Microsoft\Internet Explorer\DOMStore\5B1YI3AV\client.vuze[1].xml   
C:\Users\Katrina\AppData\Local\Microsoft\Internet Explorer\DOMStore\NRVU9L07\client.vuze[1].xml   
C:\Users\Katrina\AppData\Local\Temp\Vuze_5.7.4.0a_win32.zip   
C:\Users\Katrina\AppData\Roaming\Azureus\VuzeActivities.config   
C:\Users\Katrina\AppData\Roaming\Azureus\VuzeActivities.config.bak   
C:\Users\Katrina\AppData\Roaming\Azureus\subs\DD288CFFEB6107B4AAD0.vuze   
C:\Users\Katrina\AppData\Roaming\Azureus\tmp\AZU860153784949550015.tmp\Vuze
C:\Users\Katrina\Downloads\VuzeBittorrentClientInstaller.exe   

C:\Users\Katrina\AppData\Roaming\Azureus\azureus.config   
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.config.bak   
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.statistics   
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.statistics.bak   
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aefeatman_v\azureus.sig   
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azitunes\azureus.sig 
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aznettor\azureus.sig   
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aznettor\AzureusTor.exe   
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azpromo\azureus.sig   
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azutp\azureus.sig   
C:\Windows\Prefetch\AZUREUS.EXE-E591400B.pf   
C:\Users\Katrina\Documents\Vuze Downloads   
C:\Users\Katrina\AppData\Roaming\Azureus
EmptyTemp:
CMD: ipconfig /flushdns

Platypuss


Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #37 on: January 05, 2017, 11:44:08 AM »
It worked, thank you! For the internet connection issue should I post about it in the networking section? Also, we didn't add the other program "Tomighty" to the list. Is there a way I can uninstall it without you having to go through any trouble? Thank you for all your help.

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Katrina (05-01-2017 09:31:35) Run:3
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start:
CloseProcesses:
CreateRestorePoint:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk   
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Vuze.lnk   
C:\Users\Katrina\AppData\Local\Microsoft\Internet Explorer\DOMStore\5B1YI3AV\client.vuze[1].xml   
C:\Users\Katrina\AppData\Local\Microsoft\Internet Explorer\DOMStore\NRVU9L07\client.vuze[1].xml   
C:\Users\Katrina\AppData\Local\Temp\Vuze_5.7.4.0a_win32.zip   
C:\Users\Katrina\AppData\Roaming\Azureus\VuzeActivities.config   
C:\Users\Katrina\AppData\Roaming\Azureus\VuzeActivities.config.bak   
C:\Users\Katrina\AppData\Roaming\Azureus\subs\DD288CFFEB6107B4AAD0.vuze   
C:\Users\Katrina\AppData\Roaming\Azureus\tmp\AZU860153784949550015.tmp\Vuze
C:\Users\Katrina\Downloads\VuzeBittorrentClientInstaller.exe   

C:\Users\Katrina\AppData\Roaming\Azureus\azureus.config   
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.config.bak   
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.statistics   
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.statistics.bak   
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aefeatman_v\azureus.sig   
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azitunes\azureus.sig
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aznettor\azureus.sig   
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aznettor\AzureusTor.exe   
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azpromo\azureus.sig   
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azutp\azureus.sig   
C:\Windows\Prefetch\AZUREUS.EXE-E591400B.pf   
C:\Users\Katrina\Documents\Vuze Downloads   
C:\Users\Katrina\AppData\Roaming\Azureus
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Start: => Error: No automatic fix found for this entry.
Processes closed successfully.
Restore point was successfully created.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk => moved successfully
"C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Vuze.lnk" => not found.
C:\Users\Katrina\AppData\Local\Microsoft\Internet Explorer\DOMStore\5B1YI3AV\client.vuze[1].xml => moved successfully
C:\Users\Katrina\AppData\Local\Microsoft\Internet Explorer\DOMStore\NRVU9L07\client.vuze[1].xml => moved successfully
C:\Users\Katrina\AppData\Local\Temp\Vuze_5.7.4.0a_win32.zip => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\VuzeActivities.config => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\VuzeActivities.config.bak => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\subs\DD288CFFEB6107B4AAD0.vuze => moved successfully
"C:\Users\Katrina\AppData\Roaming\Azureus\tmp\AZU860153784949550015.tmp\Vuze" => not found.
C:\Users\Katrina\Downloads\VuzeBittorrentClientInstaller.exe => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.config => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.config.bak => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.statistics => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\azureus.statistics.bak => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aefeatman_v\azureus.sig => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azitunes\azureus.sig => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aznettor\azureus.sig => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\aznettor\AzureusTor.exe => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azpromo\azureus.sig => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus\plugins\azutp\azureus.sig => moved successfully
C:\Windows\Prefetch\AZUREUS.EXE-E591400B.pf => moved successfully
C:\Users\Katrina\Documents\Vuze Downloads => moved successfully
C:\Users\Katrina\AppData\Roaming\Azureus => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14215510 B
Java, Flash, Steam htmlcache => 225909105 B
Windows/system/drivers => 85932 B
Edge => 0 B
Chrome => 0 B
Firefox => 377266550 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4868 B
NetworkService => 3328 B
Katrina => 269879065 B

RecycleBin => 0 B
EmptyTemp: => 846.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:31:54 ====

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 445
Re: Avira suspicious files warning, slow internet
« Reply #38 on: January 06, 2017, 11:18:05 AM »


 
 More to do, we have not finished cleaning yet:-


 Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
>>>>>>>>>>>>>>>>>>>>>>>


Download & run the Sophos Virus Removal Tool
   
Download Sophos Free Virus Removal Tooland save it to your desktop. http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx
Right click on Sophos Virus Removal Tool.exe and select Run as administrator
If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
 
  • Double click the icon and select Run
       
  • Click Next
       
  • Select I accept the terms in this license agreement, then click Next twice
       
  • Click Install
       
  • Click Finish to launch the program
       
  • Once the virus database has been updated click Start Scanning
       
  • At completion if any threats are found then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Next close the Notepad document, close the Threat Details screen, then click Start cleanup
       
  • Click Exit to close the program
  • If no threats were found please let me know
I need the following:-
   
   1. JRT.txt
   2.Sophos log
   3.Details of how the computer is running please
Platypuss

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #39 on: January 07, 2017, 01:15:26 PM »
I ran Junkware Removal Tool and Sophos Virus Removal Tool. Sophos didn't find anything, but Junkware Removal Tool did. The computer seems to be running better than before, but it's still having some problems with the browser. Sometimes the pages take awhile to load or the browser just hangs. I'm not sure if it's supposed to do this, but when if my computer has been in sleep mode and I wake it up, it seems to usually be disconnected and sometimes takes about a minute to reconnect.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Katrina (Administrator) on Fri 01/06/2017 at 19:34:59.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\guklx149.default-1466234566196\Invalidprefs.js (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/06/2017 at 19:38:16.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 445
Re: Avira suspicious files warning, slow internet
« Reply #40 on: January 08, 2017, 10:12:24 AM »


 

   Your computer is considered to be clean. :)1

  So just one final scanner to run which removes my tools & conducts necessary maintenance:-

  Please download Delfix by Xplode and save it to your desktop.
 
   Or use the following if first link is down: Delfix

   Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

  • Remove disinfection tools <----- this will remove tools we have used.
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points,
                                                                                 a new point relative to system status at present will be created.
       
  • Reset system settings  <----this will reset any system settings back to default that were changed either by us
                                                                               during cleansing or malware/infection
Now click on Run and wait patiently until the tool has completed.


   The tool will create a log when it has completed. I don't need you to post this.
   Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:C:\Windows\ERUNT.

>>>>>>>>>>>>>>>>>>

 
Quote
still having some problems with the browser. Sometimes the pages take awhile to load or the browser just hangs. I'm not sure if it's supposed to do this, but when if my computer has been in sleep mode and I wake it up, it seems to usually be disconnected and sometimes takes about a minute to reconnect.

Try this Fix from a reputable source HERE
Please read it through carefully first.

Which of your browsers is slow/hangs ?

Platypuss


   

Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #41 on: January 10, 2017, 08:18:15 AM »
Ok, I ran Delfix, but a few programs were left over. Sophos Virus removal and ESET virus scanner. Can I just delete them or do I uninstall them from somewhere? Thank you again for all of your help. The browser that is slow/hangs is Firefox.

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 445
Re: Avira suspicious files warning, slow internet
« Reply #42 on: January 11, 2017, 11:39:56 AM »


 
Quote
Sophos Virus removal and ESET virus scanner. Can I just delete them or do I uninstall them from somewhere?

Yes, they need to be uninstalled manually. Sophos & AdwCleaner HERE

Uninstall Eset online Scanne

 It can be done via the graphic user interface(GUI) by clicking the appropriate checkbox and hitting the “uninstall on close” button.

You can also run the Online Scanner Uninstaller (filename: OnlineScannerUninstaller.exe) program, located in the: C:\WINDOWS\SYSTEM32\ directory on computers running 32-bit (x86) editions of Microsoft Windows and in the C:\WINDOWS\SYSWOW64\ directory on computers running 64-bit (x64) editions of Microsoft Windows.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 We need to uninstall your current copy of Firefox & install a fresh copy. This is complex, I suggest that you print my instructions out & read through them first.

  Make a "Clean" install Firefox:
Use the following link HERE
 for instructions how to back up your bookmarks, the same link can be used to import saved Bookmarks:

Next,
Go  HERE & download /save the latest version of Firefox.. Do not run it yet, we will install this later...

Next,
Now lets totally remove Firefox and start the re-installation:-

Go HERE and follow the instructions to uninstall Firefox.

 When the uninstall completes, ensure that you navigate to and delete the Firefox installation folder (if present).
Cortana search HERE or:-

(32-bit Windows) C:\Program Files\Mozilla Firefox
(64-bit Windows) C:\Program Files (x86)\Mozilla Firefox


It is essential the installation folder is removed. Re-boot your system when that is completed....

Next,
To remove all remaining data and profile information...
  • Press "Windows key + R" to open the Run box
  • In the Run box, type in or copy and paste %APPDATA%
  • Click OK. A Windows Explorer window will appear.
  • In this window, choose/open in succession Mozilla > Firefox > Profiles.
  • Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete.Profiles
Re-boot your system when complete!

Next,
Use the Mozilla Firefox installer to reinstall your Browser....

When Firefox is installed and open, select these keys together :- Ctrl - Shift - A which will access Addons manager,
this gives access to finding & control of addons/extensions,

Now ensure that you use search facility  to find and install the addons you normally use.... Now try surfing, see what happens...

Thank you
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

I haven`t forgotten Tomighty. Now that your computer is "clean" :-

Run A Scan With SystemLook
Please download SystemLook from the download mirror and save it to your Desktop.
Download Mirror HERE
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

    Double-click SystemLook.exe to run it. OK the User Account Control.
    Copy the content of the following codebox into the main textfield:
   
Code: [Select]
    :filefind
    *Tomighty*
    :folderfind
    *Tomighty*
    :regfind
    *Tomighty*
   

    Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The results log can also be found on your Desktop, entitled SystemLook.txt
Platypuss.







   


Offline Kat540

  • Bronze Member
  • Posts: 54
Re: Avira suspicious files warning, slow internet
« Reply #43 on: January 14, 2017, 08:36:03 PM »
I ran into two problems 1st ESET Scanner doesn't show up in the Apps and Features list. Also when trying to uninstall Firefox it doesn't do anything. When clicking "uninstall" in the Apps and Features section, the "helper" window pops up, but when I click yes it doesn't do anything. I tried running the Helper.exe file manually as described in the link you sent and it also doesn't do anything. It's like I'm clicking a dead link, it doesn't do anything.

Heres the log from SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 18:32 on 14/01/2017 by Katrina
Administrator - Elevation successful

========== filefind ==========

Searching for "*Tomighty*"
C:\Program Files\Tomighty\tomighty-0.7.1.exe   --a---- 389545 bytes   [00:24 18/07/2011]   [00:24 18/07/2011] C7E6DF94C95F6A71D8BFB2807C611B67
C:\Program Files\Tomighty\tomighty_uninstall.exe   --a---- 62194 bytes   [23:53 16/07/2016]   [23:54 16/07/2016] CBE3E9ED521AF0FBCF84C48D767A64C0
C:\Users\Katrina\.tomighty\tomighty.conf   --a---- 306 bytes   [23:54 16/07/2016]   [03:08 21/07/2016] D8C4A87C82B7A4105FFBC62B5DD64059
C:\Users\Katrina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tomighty.lnk   --a---- 1789 bytes   [23:54 16/07/2016]   [23:54 16/07/2016] 626A2B36E3EE80E47AB5C0BC09EF4B7C
C:\Users\Katrina\Downloads\tomighty-0.7.1-install.exe   --a---- 386088 bytes   [23:53 16/07/2016]   [23:53 16/07/2016] 6A8A2EFAAA49103F66F430FC92CF6DB0
C:\Users\Public\Desktop\Tomighty.lnk   --a---- 1765 bytes   [23:54 16/07/2016]   [23:54 16/07/2016] 3837C202010A2B7E0C405545389F9FEA
C:\Windows\Prefetch\TOMIGHTY-0.7.1-INSTALL.EXE-FC351DD5.pf   --a---- 9347 bytes   [18:27 11/01/2017]   [18:27 11/01/2017] ED45D239182A96AA5542728620CB2E61

========== folderfind ==========

Searching for "*Tomighty*"
C:\Program Files\Tomighty   d------   [23:53 16/07/2016]
C:\Users\Katrina\.tomighty   d------   [23:54 16/07/2016]

========== regfind ==========

Searching for "*Tomighty*"
No data found.

-= EOF =-

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 445
Re: Avira suspicious files warning, slow internet
« Reply #44 on: January 15, 2017, 11:34:06 AM »


   
Uninstall Eset Online Scanner using Revo

  • Double click Revo Uninstaller (on your Desktop)to run it.
         
  • From the  next window portraying the list of your installed programs, select Eset Online Scanner
         
  • When prompted if you want to uninstall this program, click Yes.
         
  • Ensure the Moderate option is selected in the"select an Uninstall Mode"window  then click Next.
         
  • The program will then run, If prompted again regarding removal click Yes
       
  • When the original  built-in uninstaller is finished click on Next.
       
  • Once the Revo program has searched for leftovers....(be patient here ! ) click Next.
       
  • Check / tick the Eset bolded items Only, then click DELETE
       
  • When prompted click on Yes and then on next.
       
  • Next put a check on any Eset folders that are found and select delete
       
  • When prompted select yes then on next
       
  • Once done click Finish
       
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 
Quote
when trying to uninstall Firefox it doesn't do anything. When clicking "uninstall" in the Apps and Features section, the "helper" window pops up, but when I click yes it doesn't do anything. I tried running the Helper.exe file manually as described in the link you sent and it also doesn't do anything. It's like I'm clicking a dead link, it doesn't do anything.

That would appear to be compromised so please do this:-

Save your Bookmarks.

Please follow the advice here:-https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer.

When completed

  • Please close all Firefox windows
  • Next, delete the Firefox installation folder,
    which is located in one of these locations:-

    C:\Program Files\Mozilla Firefox
    C:\Program Files (x86)\Mozilla Firefox


      Now, go ahead and Reinstall Firefox:

  • Double-click the downloaded installation file (On your desktop) and follow  the steps of the installation wizard.
  • When installation wizard  complete click Finish button.
  • Next open Firefox immediately, then:-
Import bookmarks from an HTML file

Please follow the advice given here:- https://support.mozilla.org/en-US/kb/import-bookmarks-html-file.
NOTE Your bookmarks have already been saved above.
Please advise your results.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

  Carry out a Fix in FRST64
  • Open notepad. Please copy the contents of the code box below.
  • To do this highlight the contents of the box and right click on it.
  • Then paste it into the open notepad.
  • Save it on the Desktop as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
CloseProcesses:
CreateRestorePoint


C:\Program Files\Tomighty\tomighty-0.7.1.exe
C:\Program Files\Tomighty\tomighty_uninstall.exe   
C:\Users\Katrina\.tomighty\tomighty.conf   
C:\Users\Katrina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tomighty.lnk   
C:\Users\Katrina\Downloads\tomighty-0.7.1-install.exe   
C:\Users\Public\Desktop\Tomighty.lnk   
C:\Windows\Prefetch\TOMIGHTY-0.7.1-INSTALL.EXE-FC351DD5.pf   
C:\Program Files\Tomighty   
C:\Users\Katrina\.tomighty 
EmptTemp:
Reboot:
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work

    • Run FRST64(On your Desktop) and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally.
    • The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    Please post the contents in your reply.

    Platypuss