Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Aartemisia on March 24, 2014, 08:19:54 AM
-
Hello, I'm Alli. I apologize for putting this in the wrong thread initially, and thank you for redirecting me here. I have a Asus Laptop Model number U46E-RAL5, which is running Windows 7 Home Premium. Yesterday, I started having trouble loading Windows 7 on my computer. Windows 7 loads up normally, albeit slowly, but then once I try to click on any programs, it freezes and goes to "not responding." Thinking it had something to do with the windows update, I simply did a system restore in safe mode and that seemed to do the trick. However, when I shut down my computer and booted it back up this morning, I found that the problem was still persisting. This time I ran MalwareBytes and it came up with Trojan virus, which I quickly deleted. However, when I restarted my computer again, the problem didn't go away, so I did an earlier System Restore, and after that I did another MalwareBytes scan, which showed a few errors, but not Trojan, so I deleted them. This was around the time I posted in the Windows 7 thread (very sorry), and after seeing the reply, I went through and acquired the logs requested. During this process, I noticed that I was able get on to the internet using Firefox in Normal mode, but my computer froze up again when I went to open MalwareBytes. I had to go back to Safe mode, but it was encouraging to see I could get onto the internet, no matter how briefly.
The logs requested:
AdwCleaner:
AdwCleaner v3.022 - Report created 24/03/2014 at 22:11:55
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alli - ALLI-PC
# Running from : C:\Users\Alli\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Alli\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Alli\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Alli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Alli\AppData\Roaming\Mozilla\Firefox\Profiles\ltqzc4oc.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Users\Alli\AppData\Roaming\Mozilla\Firefox\Profiles\ltqzc4oc.default\browsermngr_prefs.js
File Deleted : C:\Users\Alli\AppData\Roaming\Mozilla\Firefox\Profiles\ltqzc4oc.default\searchplugins\bingp.xml
File Deleted : C:\Users\Alli\AppData\Roaming\Mozilla\Firefox\Profiles\ltqzc4oc.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Alli\AppData\Roaming\Mozilla\Firefox\Profiles\ltqzc4oc.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1:9421;<local>;*.local
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16843
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [NOOO]
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Alli\AppData\Roaming\Mozilla\Firefox\Profiles\ltqzc4oc.default\prefs.js ]
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110796&tt=3612_3&babsrc=HP_ss&mntrId=be5d5a9d000000000000bc7737a98658");
Line Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110796&tt=3612_3");
Line Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");
Line Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "9");
Line Deleted : user_pref("extensions.BabylonToolbar.bbdpng", 9);
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "5F2AA2542DB3EB0F9115064DC3592C5D");
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hrdid", "be5d5a9d000000000000bc7737a98658");
Line Deleted : user_pref("extensions.BabylonToolbar.id", "be5d5a9d000000000000bc7737a98658");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15591");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.instlday", "15591");
Line Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.keywordurl", "");
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1212:41:19");
Line Deleted : user_pref("extensions.BabylonToolbar.lastdp", 9);
Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.newtab", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.newtaburl", "");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.srch", "");
Line Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=be5d5a9d000000000000bc7737a98658&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=be5d5a9d000000000000bc7737a98658&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1212:41:19");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1212:41:19");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110796&tt=3612_3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1212:41:19");
Line Deleted : user_pref("extensions.crossrider.bic", "139a6fa6bd7c44291275404b9c1c8f4f");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search .defaultenginename", "Search the web (Babylon)");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=110796&tt=3612_3&babsrc=HP_ss&mntrId=be5d5a9d000000000000bc7737a98658");
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\Alli\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [18181 octets] - [24/03/2014 22:08:49]
AdwCleaner[S0].txt - [18148 octets] - [24/03/2014 22:11:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18209 octets] ##########
Malware
This is the most recent one, done after I found the right thread. I can also post the one I did after my most recent system restore as well if necessary.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.24.02
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16844
Alli :: ALLI-PC [administrator]
3/24/2014 10:43:23 PM
mbam-log-2014-03-24 (22-43-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219747
Time elapsed: 6 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Security Check
Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
McAfee VirusScan Enterprise
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 12.0.0.77
Mozilla Firefox 27.0.1 Firefox out of Date!
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````[/u]
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````[/u]
Thank you so Much!
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Did you make any changes to your computer prior to this problem occurring such as installing new hardware or software?
The Security log shows you have two AV's active on your computer; AVG AntiVirus Free Edition 2014 and McAfee VirusScan Enterprise This could very well be one cause of the problems you're having. One will need to be de-activated/uninstalled. Having more that one AV and one Firewall active on your computer could cause conflicts.
You really should update your IE.
Update your Adobe Reader. get.adobe.com/reader (http://get.adobe.com/reader/).
Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
*********************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
**********************************************
Malwarebytes' Anti-Rootkit
Please download Malwarebytes' Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
- Be sure to print out and follow the instructions provided on that same page for performing a scan.
- Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
- When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
- Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
- Copy and paste the contents of these two log files in your next reply.
-
Hi Dave, thank you for your help.
You asked: Did you make any changes to your computer prior to this problem occurring such as installing new hardware or software?
I did not. The day before the problem started, the only thing I did was download an album off of iTunes and had a a windows update.
initially I thought the update was causing the problem, so I did a system recovery. However, the problem persisted.
I have unistalled McAfee Virus Scan
When I tried to update my adobe reader, it failed because it said "Windows Installer service could not be accessed." Is this because I was running in safe mode?
I just Downloaded IE 11. When it finished, it asked to restart my computer, which I allowed. This is when things got weird. My computer started doing a Chkdsk on the c: drive. I remember reading about this in a forum, so I thought maybe it was a good thing. I let it run its course and then my computer started up in Normal mode again, acting just like it had before the problem started. I was thrilled. However, as I was typing this message, my computer went to a BLUE screen and said Windows had encountered a problem and it was going to shut down and restart to prevent further damage. I'm a bit scared now. I don't know what to do. It seems to have reconfigured the updates that I got rid of during the system restore, could they be it?
here are the logs you requested. I did these before I installed window 11, so I will probably do them again to make sure, but here are the current logs for now, in case something happens.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alli on Tue 03/25/2014 at 13:13:11.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-826472085-932608800-1280656658-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Value Name Type Value Data
========================================================================================
isapu REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Alli\AppData\Roaming\isapu.dll",MemberDescr_Type
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS
~~~ Files
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{14B52EA5-CBAC-439B-A3B9-610A91E45FCA}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{35F37D67-32E3-46A1-9F01-EF8824DD7EE9}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{380A549D-6D84-42A2-A8B5-FCA891BA873C}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{3BA8C18B-F3DD-4B5F-9254-51D9EA5043F0}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{4E238FD7-3E02-4465-BB08-C5CC1739DF79}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{85114018-702B-4AF6-954C-0B5C6AA57CF1}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{A8E9A3DD-7F27-40C4-9E64-76F4FC7C2481}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{B440FE58-8F68-4DCF-9C8B-9C65DF71E4FB}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{B9223385-9B6B-4E3C-8F13-0FD7C0DD5793}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{C6D39DC5-B878-433E-907D-7F294EC1321A}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{D632B495-125C-4837-86EA-34D137B54053}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{D6BE2BDA-DED9-4451-B268-1D15DBE8A3AA}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{D6FBE90E-39C5-4E44-9B7F-7B60455BEA39}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{E94C6228-8F00-4F7F-87D9-6EC1D0B8D316}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{EE1DB21F-7D8A-4CE9-85DB-AAAC7294C198}
Successfully deleted: [Empty Folder] C:\Users\Alli\appdata\local\{FD70F259-CEDD-4737-B1B8-F1E60C497FF1}
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Alli\AppData\Roaming\mozilla\firefox\profiles\ltqzc4oc.default\minidumps [472 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/25/2014 at 13:15:56.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
About the antiroot kit, I had it scan my computer twice and it said there was no malware, so it didn't do a cleanup or give me a log of any kind. Did I do something wrong?
-
Hi Dave, Here is the second JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alli on Tue 03/25/2014 at 16:55:16.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Value Name Type Value Data
========================================================================================
isapu REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Alli\AppData\Roaming\isapu.dll",MemberDescr_Type
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/25/2014 at 16:57:52.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Looks like Trojan Virus. Once again the Antiroot scan came up clean.
-
When I tried to update my adobe reader, it failed because it said "Windows Installer service could not be accessed." Is this because I was running in safe mode?
That's possible. Did you try it in Normal Mode?
About the antiroot kit, I had it scan my computer twice and it said there was no malware, so it didn't do a cleanup or give me a log of any kind. Did I do something wrong?
No, that's ok.
1. Click Start, click Run, type chkdsk /f /r, and then click OK.
2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
3. Restart the computer.
4. Chkdsk will run.
*************************************
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.
Look through the list and let me know if anything was found infected.
******************************************
Please download and run MicroSoft Safety Scanner. (http://www.microsoft.com/security/scanner/en-us/default.aspx) This will take about 20 minutes to run and will produce a log if your computer was infected. Please post the log. This scanner only has a shelf life of 10 days so you will need to download a new one if you want to run a scan after the trial period has expired.
-
When I ran the chkdsk, I only got a small amount of text that said something about being clean I think. I will try and run it again if you'd like. I apologize for not remembering, I saw your message at 3 am here and thought I'd get the ball rolling. haha, prolly not the best idea. I can run it again if you'd like, but I'll show you about the other stuff first.
When I performed the mrt.exe, it was able to find an infection in JS/Medfos and delete it. I clicked in it to learn more and came back with this:
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aJS%2fMedfos.A
It says it's called Trojan:JS/Medfos.A
I do primarily use Firefox, so it makes sense.
I also downloaded and ran Microsoft safety scanner after mrt.exe. I wasn't sure which one to choose, but I chose Quick Scan. I hope that's ok? If not, I can do a full scan. It came back saying my computer was clean, though. It didn't produce a log.
-
When I ran the chkdsk, I only got a small amount of text that said something about being clean I think.
That's ok. It was just to find and repair bad sectors on your harddrive.
Malwarebytes' Anti-Rootkit
Please download Malwarebytes' Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
- Be sure to print out and follow the instructions provided on that same page for performing a scan.
- Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
- When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
- Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
- Copy and paste the contents of these two log files in your next reply.
-
Hi. MalwareBytes AntiRootkit came back clean.
I'm still not able to use Normal mode however. I can get it to start up, maybe open Firefox or IE, but pretty soon it does freeze. Right now, I have it so steam starts up when I am booting up as well, and since this problem started, it seems be the first thing to freeze. I was wondering if I should disable it at start up? I don't really know how to do this, so if you think it could be a problem, could you help me disable it at startup?
Also, I was wondering, since the Trojan virus came from a firefox add on, and I have no idea which one it is, should I uninstall and reinstall firefox?
A couple things I noticed. My computer is asking me to Turn on Windows Security Center, and To Solve a Problem with Windows Server 2008 R2. Am I able to do those things in Safe mode with Networking, as that is the only way I can get my computer to not freeze. Also, when I was in Normal mode before it froze, I noticed that it wanted me to do a Windows Update by shutting down. I haven't tried it yet, since it froze on me before I got the chance, but do you think I should.
I apologize for my large amount of questions. My computer knowledge leaves much to be desired.
-
Also, I was wondering, since the Trojan virus came from a firefox add on, and I have no idea which one it is, should I uninstall and reinstall firefox?
If FF is working correctly, that won't solve much.
My computer is asking me to Turn on Windows Security Center, and To Solve a Problem with Windows Server 2008 R2. Am I able to do those things in Safe mode with Networking, as that is the only way I can get my computer to not freeze
Yes, you should turn on the Security Center. You may be able to find more information about the problem with Windows Server 2009 R2 here. (http://windows.microsoft.com/en-gb/windows7/troubleshoot-problems-installing-service-pack)
StartupLite
Download StartupLite by MalwareBytes (http://www.malwarebytes.org/StartUpLite.exe) to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
************************************
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
Hi Dave.
I noticed the Turn on Windows Security Center message only appears in Safe mode. In Normal mode, this message does not appear. When I went to try and download the program you linked to regarding the Window Server 2008 R2, it said it could not run in Safe mode. I tried to go into Normal mode, but unfortunately Firefox froze when I tried to click on the link you provided. I also tried to click on the message directly, but the action center also froze. I then tried to shut down the computer to see if it would update at shutdown, like usual, but the log off process also froze. I'm now in Safe mode and clicked on the action center and it brought me to this. http://support.microsoft.com/kb/2632149
Should I do what it says on the page? Will it work in Safe mode?
I ran Startuplite in Safe mode with Networking and restarted my computer. It didn't have any visible effects. Is it because I ran it in Safe mode? I can't run it in Normal mode as the computer freezes if I try to open any programs, including internet explorer.
I ran Process Explorer in Safe mode. I have attached the txt document.
[recovering disk space, attachment deleted by admin]
-
We can't pinpoint the problem while running in Safe Mode. The only thing I can suggest is to open the Task manager in Normal mode and stop the highest usage processes until you find the one that causing the freezing. You can stop any process except explorer.exe
-
Oh dear, I'm afraid I've been doing all of the scans you advised me in Safe Mode with Networking. I can try and go back and redo them all if you'd like, although I'm not sure how many of them I will be able to do.
I was able to run Process explorer in Normal mode. I have attached the file.
I was able to open Task Manager. but I was a bit confused on your directions. There were about 129 processes going on on my computer. Can I really stop any and all of them except window Explorer? Even Java and the Windows Desktop manager? I stopped Skype, Steam, the Side Bar, and something called Pando Media something. I was not able to run Startuplite. I will try again shortly, but here is the process file for now.
[recovering disk space, attachment deleted by admin]
-
Oh dear, I'm afraid I've been doing all of the scans you advised me in Safe Mode with Networking. I can try and go back and redo them all if you'd like, although I'm not sure how many of them I will be able to do.
No problem. It's just the last two scanners, StartupLite and Process Explorer that need to be run in Normal mode to see what's actually running.
Have you noticed what the CPU usage is when the computer freezes? You will need the Task Manger open to see this.
We can try test the RAM.
That could be a problem with bad RAM. Please run this check just to eliminate that possibility.
Test your RAM here. (http://www.memtest86.com/)
-
Hi.
That's good to hear. I thought I had done something terribly wrong. I ran in Normal mode and opened IE to see if I could do the Memtest in Normal mode. IE was the first thing to freeze and at the time the CPU peaked at 50% but average was around 36%. I tried to go close IE in the task manager but despite going through, the window didn't disappear, and it was still running, but the CPU had dropped to lowest 9% and averaging 26-9%. I then tried to go into Start and that's when the whole computer went into not responding. Unfortunately, I had minimized the Task Manager window so I didn't see what it was when the whole computer froze.
About the ram tester, Can I run it in Safe mode? I have downloaded it and extracted the files, but I wanted to make sure I wasn't supposed to put it in Normal mode first. Ah, and it says I need a usb flashdrive, I currently only have my terabyte external harddrive. I will run and get a USB Flashdrive, as the program mentioned it would delete everything on the flashdrive? Or did I misunderstand it?
-
Sorry for the second reply in a row, I was able to perform the ram test in Safe mode with networking, but am still working on getting it to work in Normal mode. I ended up using the CD method instead of the USB. I have attached the log.
While trying it in Normal mode, my computer stopped responding (I could still move my mouse, but couldn't click on any programs) when I was trying to install my new USB. This time, the CPU percentage was as low as 9% and at the highest around 15%.
[recovering disk space, attachment deleted by admin]
-
Somehow, you will have to run MBAM and AdCleaner in Normal mode. Please try to do them one at a time and don't have anything else opened while running them.
-
About the ram tester, Can I run it in Safe mode?
You can download it to your computer in Safe mode and run it either in Safe or Normal mode.
-
Somehow, you will have to run MBAM and AdCleaner in Normal mode. Please try to do them one at a time and don't have anything else opened while running them.
I've been trying all day and sadly I can't get them to run. :( The first time I ran Adware, the scan part worked, but when it tried to clean it out, the program stopped responding when it got to "cleansing browsers." Every time after that, I can't even get it to complete its scan. In fact, the last two times I tried, AsusVibe itself stopped responding and my desktop went black, but I could still bring up the start bar. The computer did another chkdsk on its own again, and found a few things and deleted them, but it didn't provide a log of any kind, or if it did my computer couldn't bring them.
I don't have anything else open, and I even went into Task Manager and stopped any processes that were taking up more than 10,000 kb. Is there any other way I can direct more power to the program I want to run?
-
I don't have anything else open, and I even went into Task Manager and stopped any processes that were taking up more than 10,000 kb. Is there any other way I can direct more power to the program I want to run?
That's exactly what you were doing be stopping processes. Let's try a clean boot.
Please try clean boot. (http://support.microsoft.com/kb/929135/en-us)
-
I'm able to run a clean boot, but then when I try to run Mawarebytes or Adwcleaner, it freezes again. I'm sorry.
I actually have an external hardrive with some back ups from 2012. would this be helpful at all? I don't mind losing an data from after that, as I was able to put any important documents/pictures on there as well. I am also willing to factory reset if necessary.
-
You should go into Safe Mode, save your important data and consider doing a factory restoration.
-
Ok, I will do that. Is there anything I should be careful of? ( never done a factory reset before). Like any files that I shouldn't download because of the virus? Ah, and once I've done the restart, will I need any software CDs like windows 7? (Currently studying abroad so will have to go buy those things if necessary).
-
Ok, I will do that. Is there anything I should be careful of? ( never done a factory reset before). Like any files that I shouldn't download because of the virus? Ah, and once I've done the restart, will I need any software CDs like windows 7? (Currently studying abroad so will have to go buy those things if necessary).
You should only save important data such as documents, pictures, videos and music to an external drive, USB memory sticks or DVD's. If you don't have the Windows 8 disk(s) look on your computer for a Recovery Console. You can find more information about that here. (http://www.proposedsolution.com/solutions/windows-7-or-vista-recovery-console/)
-
You should only save important data such as documents, pictures, videos and music to an external drive, USB memory sticks or DVD's. If you don't have the Windows 8 disk(s) look on your computer for a Recovery Console. You can find more information about that here. (http://www.proposedsolution.com/solutions/windows-7-or-vista-recovery-console/)
I'm a bit confused about this. This is something I do before I do a factory reset, correct? Also, when I got into the Recovery Console, I wasn't sure which option to click. The article said Command Prompt, but when I opened it, I realized I had no idea what to type. >.< I tried googling recovery console codes, but none of them looked like what I was looking for. Is the command prompt where I initiate the factory reset?
I apologize for so many questions, and thank you SOOOOOO much for your help so far. I really do appreciate it.
-
Also, when I got into the Recovery Console, I wasn't sure which option to click. The article said Command Prompt, but when I opened it, I realized I had no idea what to type. >.< I tried googling recovery console codes, but none of them looked like what I was looking for. Is the command prompt where I initiate the factory reset?
You should look at option 3 and create a repair disk.
-
Ah, ok, that makes sense. Ok, just to make sure I have this right: I make a repair disk, do the factory reboot, and then use the repair cd I made to reinstall windows 7?
-
Ah, ok, that makes sense. Ok, just to make sure I have this right: I make a repair disk, do the factory reboot, and then use the repair cd I made to reinstall windows 7?
Correct.
-
I apologize for yet another question, but I REALLY want to make sure I do this right and don't screw up my computer.
I have downloaded a windows IOS from http://neosmart.net/EasyRE/. I hope this is correct. I burned it onto a CD. One of my questions is if this is correct, and if it can be used multiple times, should I mess up? >.<
My second question regards performing the factory reset itself. I've googled how to reset my Asus laptop and this is what I found this: http://smallbusiness.chron.com/restore-asus-laptop-factory-settings-53444.html
My question is, regarding step three, which option should I choose?
"Recover Windows to First Partition Only,"
"Recover Windows to Entire HD" or
"Recover Windows to Entire HD With Two Partitions."
Thank you again.
-
Ah, and about the iOS I bought. I bought the 20 dollar one (The home version?) if this is incorrect, let me know.
-
One of my questions is if this is correct, and if it can be used multiple times, should I mess up?
This is the first I've heard of this product but,once the disk is made, can be used multiple times.
My question is, regarding step three, which option should I choose?
You should choose Recover Windows to First Partition Only,"
Ah, and about the iOS I bought. I bought the 20 dollar one (The home version?) if this is incorrect, let me know.
You really didn't need to buy that program. I believe that you have the Recovery Console on a separate partition of your computer.
-
Ok, I did the factory reset to the first parition. Right now asus kinda going through this cycle where it starts up windows after saying preparing system for first use, opens windows and then says factory installation in progress, and says "configuring the system please wait" before it restarts again. Is this normal?
Replying via my iPod haha
-
Ah, nevermind. Everything booted up perfectly. You were right, I did not end up needing the disk. Now that my computer is normal again, what steps should I take to prevent what has transpired from happening again? Do you have any recommended programs? Should I do more scans now?
-
Just make sure you have a good up-to-date AV. If you don't want to buy one, you can download one of these free ones.This is your first priority.
Remember to only install one antivirus!
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) MicroSoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions) All versions and all languages.
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*************************************************
Download and install MBAM and AdwCleaner. Keep them up to date and run them on a regular basis to keep the bugs out.
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**********************************************
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner)by Xplode onto your Desktop.
Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
(http://i424.photobucket.com/albums/pp322/digistar/AdwCleaner-icon.jpg)[/URL]
If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.
(http://i424.photobucket.com/albums/pp322/digistar/untitled.png)[/URL]
AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.
(http://i424.photobucket.com/albums/pp322/digistar/3.png)[/URL]
AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
********************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Thank you!
I have installed AVG Free
MalwareBytes log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/1/2014
Scan Time: 4:37:12 PM
Logfile: MWAMlog.txt
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.04.01.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7
CPU: x64
File System: NTFS
User: Alli
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 234954
Time Elapsed: 14 min, 41 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
adwarecleaner Log
# AdwCleaner v3.022 - Report created 01/04/2014 at 16:46:07
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Alli - ALLI-PC
# Running from : C:\Users\Alli\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
- Service Deleted : Partner Service
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\Partner
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16671
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\Alli\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2001 octets] - [01/04/2014 16:44:47]
AdwCleaner[S0].txt - [1956 octets] - [01/04/2014 16:46:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2016 octets] ##########
I have downloaded the WOT add-on for firefox and I have also installed any important windows updates. :)
Thank you sooo much for all your help. I really appreciate it and was wondering if I could send you something? I'm currently studying abroad in Japan, so I'd love to send you some tea or candies in thanks for your help. Of course, if you would rather I not send anything, I totally understand.
-
I really appreciate it and was wondering if I could send you something? I'm currently studying abroad in Japan, so I'd love to send you some tea or candies in thanks for your help. Of course, if you would rather I not send anything, I totally understand.
You're welcome and it's not necessary to compensate me in any manner. All I ask is that you something similiar for someone else.
-
You're welcome and it's not necessary to compensate me in any manner. All I ask is that you something similiar for someone else.
Thank you! I will be sure to help using the things I learned here. I learned a lot. Thank you :)
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.