Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91804 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

unresponsive windows and constantly crashing [Solved]

Started by lisafunkypants , May 21 2014 02:06 PM

  • This topic is locked This topic is locked
42 replies to this topic

#1 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 21 May 2014 - 02:06 PM

hi i am back with this laptop had it sent to pc repair shop, came back unresponsive and worse than when it left me. when i open a window it takes way to long, and just freezes constantly.my mouse key disappears and it then constantly says windows not responding, shockwave flash plug in stopped. ive tried downloading the dds from this site to get a report but avg says its infected, not even sure if the avg is genuine as it came back from the pc shop with it on, any help is greatly appreciated.


Edited by lisafunkypants, 21 May 2014 - 02:07 PM.

    Advertisements

Register to Remove

#2 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 22 May 2014 - 07:23 AM

Hello lisafunkypants, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
======================================================
 
Important: I have laid out some "ground rules" I would very much appreciate you follow. Please read through the points below, to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Ensure you are subscribed to this topic to receive instant email notifications of my responses.
    • ​Scroll to the top of this page and ensure you see the following: 6hgDYJ6.png
    • If you are not set to follow this topic, click the Follow this topic button and follow the prompts.
  • Please attempt to backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.

======================================================

 

Please be advised that I am currently in training. My responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. I will return as soon as possible. 

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#3 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 22 May 2014 - 08:03 PM

Hello lisafunkypants,
 
I am sorry to hear you've had trouble with your PC repair shop. If you are unsatisfied with the work they've done, you are well within your rights to return and request a refund. 
 

ive tried downloading the dds from this site to get a report but avg says its infected

This is a false-positive, and not something to be concerned with. We will however use a different scan. If you receive any warnings from AVG whilst carrying out the instructions below, I would like you to temporarily disable AVG. For instructions, please refer to the following link.

 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your desktop.
  • Note: Run the version compatible with your system. Run both if you do not know your system's bit-type. One will run.  
  • Windows XP: Double-click FRST.exe / FRST64.exe to run the programme.
    Windows 8/7/Vista: Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
aA7bkRO.png aswMBR

  • Please download aswMBR and save the file to your desktop
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click aswMBR.exe to run the programme.
  • Right-Click aswMBR.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan
  • Upon completion, you will see Scan finished successfully. Click Save log
  • Copy the contents of the log and paste in your next reply.

Note: Do NOT attempt to click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.
 
 ======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • aswMBR log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#4 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 25 May 2014 - 11:33 AM

Hi Adam, thank you for your help. if i delay in responding please do not think i am not doing as you ask it just takes so long for the pc to perform tasks i request and seems to stop responding and then restarts again. i have completed the scan after a long wai. may i also say i noticed my pc is on windows 6.1.7601 service pack 1. its a shame as when i first acquired the laptop it was vista!!! then windows 7 (after a hard drive replacement) ....i may also add it constantly tells me windows is using to much memory and should be restarted...If you think it maybe worth me getting a more modern laptop please give me your honest opinion.

 

thanks Lisa

 

==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Farbar) C:\Users\Admin\Downloads\FRST (2).exe
(Farbar) C:\Users\Admin\Downloads\FRST (4).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-27] (Microsoft Corporation)
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Admin\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c5995cdd0b5647d381aba113f09d87db-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID 0913b
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\MountPoints2: {4cf15741-2482-11e3-b1a6-705ab6796e28} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\MountPoints2: {f58b096e-657a-11e3-9d8c-705ab6796e28} - E:\iLinker.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x062B25518FB8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://go.microsoft....k/?LinkId=69157
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://www.shockwave...h2.1.0.0.67.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-19]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
 
========================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-05-04] (AVG Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-25 15:15 - 2014-05-25 15:16 - 01056256 _____ (Farbar) C:\Users\Admin\Downloads\FRST (4).exe
2014-05-25 15:15 - 2014-05-25 15:15 - 01056256 _____ (Farbar) C:\Users\Admin\Downloads\FRST (2).exe
2014-05-21 21:13 - 2014-05-21 21:13 - 00000000 ____D () C:\Program Files\ESET
2014-05-21 21:12 - 2014-05-21 21:12 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-05-18 12:15 - 2014-05-18 12:17 - 00010155 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-05-18 12:14 - 2014-05-25 15:20 - 00009193 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-05-18 12:13 - 2014-05-25 15:20 - 00000000 ____D () C:\FRST
2014-05-18 12:13 - 2014-05-18 12:13 - 01056768 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2014-05-18 12:12 - 2014-05-18 12:13 - 01056768 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-05-18 11:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-18 11:54 - 2014-05-18 11:56 - 00000000 ____D () C:\AdwCleaner
2014-05-18 11:54 - 2014-05-18 11:54 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT (2).exe
2014-05-18 11:53 - 2014-05-18 11:53 - 01325827 _____ () C:\Users\Admin\Downloads\AdwCleaner.exe
2014-05-18 11:49 - 2014-05-18 11:49 - 00004212 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-05-18 11:45 - 2014-05-18 11:45 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 11:44 - 2014-05-18 11:44 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT (1).exe
2014-05-18 11:43 - 2014-05-18 11:43 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-05-18 11:42 - 2014-05-18 11:42 - 00000791 _____ () C:\Users\Admin\Desktop\shexview.cfg
2014-05-18 11:40 - 2013-09-05 08:25 - 00054368 _____ (NirSoft) C:\Users\Admin\Desktop\shexview.exe
2014-05-18 11:39 - 2014-05-18 11:39 - 00065973 _____ () C:\Users\Admin\Downloads\shexview.zip
2014-05-05 00:30 - 2014-05-05 00:31 - 00000000 ____D () C:\a71e1a1af861537a1469285b4380cc88
2014-05-04 18:23 - 2014-05-18 11:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG SafeGuard toolbar
2014-05-04 18:22 - 2014-05-04 18:21 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-25 15:20 - 2014-05-18 12:14 - 00009193 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-05-25 15:20 - 2014-05-18 12:13 - 00000000 ____D () C:\FRST
2014-05-25 15:18 - 2014-01-19 01:05 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-25 15:16 - 2014-05-25 15:15 - 01056256 _____ (Farbar) C:\Users\Admin\Downloads\FRST (4).exe
2014-05-25 15:15 - 2014-05-25 15:15 - 01056256 _____ (Farbar) C:\Users\Admin\Downloads\FRST (2).exe
2014-05-25 15:10 - 2013-09-04 10:48 - 01340659 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 15:05 - 2013-09-04 11:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-25 14:58 - 2014-01-19 01:05 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-25 14:58 - 2013-09-04 11:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 21:13 - 2014-05-21 21:13 - 00000000 ____D () C:\Program Files\ESET
2014-05-21 21:12 - 2014-05-21 21:12 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-05-21 20:55 - 2009-07-14 05:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-21 20:55 - 2009-07-14 05:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-21 20:49 - 2014-04-09 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-21 20:49 - 2013-10-27 22:51 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-21 20:32 - 2013-10-30 12:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-21 20:31 - 2013-10-30 12:07 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-21 20:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-21 20:27 - 2009-07-14 05:39 - 00039829 _____ () C:\Windows\setupact.log
2014-05-18 12:58 - 2013-09-04 11:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-18 12:58 - 2013-09-04 11:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-18 12:27 - 2014-01-19 01:06 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-18 12:17 - 2014-05-18 12:15 - 00010155 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-05-18 12:13 - 2014-05-18 12:13 - 01056768 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2014-05-18 12:13 - 2014-05-18 12:12 - 01056768 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-05-18 11:59 - 2014-05-04 18:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG SafeGuard toolbar
2014-05-18 11:59 - 2013-09-04 13:19 - 00024004 _____ () C:\Windows\PFRO.log
2014-05-18 11:56 - 2014-05-18 11:54 - 00000000 ____D () C:\AdwCleaner
2014-05-18 11:54 - 2014-05-18 11:54 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT (2).exe
2014-05-18 11:53 - 2014-05-18 11:53 - 01325827 _____ () C:\Users\Admin\Downloads\AdwCleaner.exe
2014-05-18 11:49 - 2014-05-18 11:49 - 00004212 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-05-18 11:45 - 2014-05-18 11:45 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 11:44 - 2014-05-18 11:44 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT (1).exe
2014-05-18 11:43 - 2014-05-18 11:43 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-05-18 11:42 - 2014-05-18 11:42 - 00000791 _____ () C:\Users\Admin\Desktop\shexview.cfg
2014-05-18 11:39 - 2014-05-18 11:39 - 00065973 _____ () C:\Users\Admin\Downloads\shexview.zip
2014-05-18 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-05-05 11:10 - 2014-01-26 01:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-05 00:31 - 2014-05-05 00:30 - 00000000 ____D () C:\a71e1a1af861537a1469285b4380cc88
2014-05-05 00:31 - 2014-01-26 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-04 18:21 - 2014-05-04 18:22 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Admin\AppData\Local\Temp\install_reader11_uk_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Admin\AppData\Local\Temp\oi_{51698E80-6A86-43A8-81AB-C055EEAAFB4F}.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\SDShelEx-win32.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 08:53
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 01
Ran by Admin at 2014-05-25 15:21:14
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{F38DC282-11BE-45D8-8754-D3D40F3D7FBE}) (Version: 1.0.15.69 - Google)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
08-04-2014 19:35:34 Scheduled Checkpoint
04-05-2014 23:29:41 Windows Update
18-05-2014 12:26:41 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {335A2312-D436-47EE-8797-B4DE147BB04F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {8D7410B3-E4E2-48C3-94BE-ECF2CE246603} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9F91BC4A-7A4D-4979-904B-6D709C39F94D} - System32\Tasks\Toolbox.exe_{F42CDB25-909A-49A0-A162-27C1928C697C} => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\Toolbox.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {A5795E95-C1E8-4576-8532-97BC0164B09B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)
Task: {C5BDA18F-4220-4181-BDC8-DA84CE65990A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E03F0631-CAEF-487E-9CA4-DBD7FB0ADD83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:C6AA1BF2
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/25/2014 03:14:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 804
 
Start Time: 01cf752ac9cfb21a
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (05/25/2014 03:13:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program avgui.exe version 14.0.0.4567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7f0
 
Start Time: 01cf752e995cb23c
 
Termination Time: 1854
 
Application Path: C:\Program Files\AVG\AVG2014\avgui.exe
 
Report Id: 92a5e253-e416-11e3-9b38-705ab6796e28
 
Error: (05/22/2014 05:47:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10795
 
Error: (05/22/2014 05:47:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10795
 
Error: (05/22/2014 05:47:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/22/2014 05:47:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9781
 
Error: (05/22/2014 05:47:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9781
 
Error: (05/22/2014 05:47:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/22/2014 05:47:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8752
 
Error: (05/22/2014 05:47:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8752
 
 
System errors:
=============
Error: (05/25/2014 03:07:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (05/25/2014 03:07:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (05/25/2014 02:58:02 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (05/22/2014 05:46:20 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (05/21/2014 10:32:05 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (05/21/2014 10:31:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (05/21/2014 08:51:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (05/21/2014 08:51:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (05/21/2014 08:51:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (05/21/2014 08:51:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
 
Microsoft Office Sessions:
=========================
Error: (05/25/2014 03:14:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1642880401cf752ac9cfb21a0C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (05/25/2014 03:13:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avgui.exe14.0.0.45677f001cf752e995cb23c1854C:\Program Files\AVG\AVG2014\avgui.exe92a5e253-e416-11e3-9b38-705ab6796e28
 
Error: (05/22/2014 05:47:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10795
 
Error: (05/22/2014 05:47:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10795
 
Error: (05/22/2014 05:47:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/22/2014 05:47:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9781
 
Error: (05/22/2014 05:47:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9781
 
Error: (05/22/2014 05:47:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/22/2014 05:47:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8752
 
Error: (05/22/2014 05:47:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8752
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 84%
Total physical RAM: 766.42 MB
Available physical RAM: 120.61 MB
Total Pagefile: 2512.07 MB
Available Pagefile: 1287.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.59 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:45.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 2A345A43)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-25 15:29:03
-----------------------------
15:29:03.180    OS Version: Windows 6.1.7601 Service Pack 1
15:29:03.180    Number of processors: 1 586 0x301
15:29:03.182    ComputerName: ADMIN-PC  UserName: Admin
15:29:03.893    Initialize success
15:32:23.730    AVAST engine defs: 14052500
15:32:34.417    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
15:32:34.441    Disk 0 Vendor: WDC_WD800BEVS-22RST0 04.01G04 Size: 76319MB BusType: 11
15:32:34.970    Disk 0 MBR read successfully
15:32:35.141    Disk 0 MBR scan
15:32:35.882    Disk 0 Windows 7 default MBR code
15:32:35.901    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:32:36.644    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76217 MB offset 206848
15:32:36.905    Disk 0 scanning sectors +156299264
15:32:38.587    Disk 0 scanning C:\Windows\system32\drivers
15:33:25.402    Service scanning
15:34:15.891    Modules scanning
15:34:37.230    Disk 0 trace - called modules:
15:34:37.300    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
15:34:37.465    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84d61ac8]
15:34:37.507    3 CLASSPNP.SYS[86f9659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x84c85340]
15:34:41.958    AVAST engine scan C:\
18:15:33.274    Scan finished successfully
18:20:12.461    Disk 0 MBR has been saved successfully to "C:\Users\Admin\Downloads\MBR.dat"
18:20:13.425    The log file has been saved successfully to "C:\Users\Admin\Downloads\aswMBR.txt"
 
 
 

#5 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 26 May 2014 - 07:03 AM

Hello Lisa,
 
Your logs are clean (albeit, incomplete). Have you cut the top off? 
 
This is the source of your issues: 

Percentage of memory in use: 84%
Total physical RAM: 766.42 MB

Ideally, you should have at least 1GB of RAM to run Windows 7 32-bit without issue. 
Please refer to this article. You may wish to upgrade your RAM
 

i may also add it constantly tells me windows is using to much memory and should be restarted...If you think it maybe worth me getting a more modern laptop please give me your honest opinion.

The message from Windows regarding memory usage is due to the issue mentioned above. I suggest you read the two articles linked. You will be better equipped to make a decision. Take note of the following statement, "Adding RAM is often the most cost-effective upgrade you can make to speed up a sluggish computer". 
 
------------------------------------
 
In the meantime, I would like you to uninstall AVG.

  • AVG is considered a 'resource hog', which requires numerous running processes and other components. 
  • In 2010, AVG partnered with LimeWire and promoted the use of peer-to-peer (P2P) file sharing.
  • Since the release of AVG 2011, there have been numerous complaints about conflict issues with other security programmes. 
  • AVG promotes the use of registry cleaners/optimization tools by bundling PC Tuneup.
     

To uninstall AVG:

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • AVG 2014
    • Any programmes with 'AVG'
  • ​Having uninstalled AVG, please install Microsoft Security Essentials (MSE), which is very light on resources. 
     

------------------------------------
 
I can also see you are running FRST from your downloads folder (C:\Users\Admin\Downloads). After completing the steps above, please delete each copy of FRST, download a fresh one and save the file to your desktop. This is important!
 
Please run a new FRST scan and post the two logs. 
 
 
======================================================

In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Thoughts on your RAM issue?
  • Did AVG uninstall successfully? Did MSE install successfully?
  • FRST.txt
  • Addition.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#6 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 27 May 2014 - 04:12 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by Admin at 2014-05-27 23:05:55
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{F38DC282-11BE-45D8-8754-D3D40F3D7FBE}) (Version: 1.0.15.69 - Google)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
04-05-2014 23:29:41 Windows Update
18-05-2014 12:26:41 Scheduled Checkpoint
27-05-2014 21:26:47 Removed AVG 2014
27-05-2014 21:30:05 Removed AVG 2014
27-05-2014 21:37:38 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {335A2312-D436-47EE-8797-B4DE147BB04F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {8D7410B3-E4E2-48C3-94BE-ECF2CE246603} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9F91BC4A-7A4D-4979-904B-6D709C39F94D} - System32\Tasks\Toolbox.exe_{F42CDB25-909A-49A0-A162-27C1928C697C} => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\Toolbox.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {A5795E95-C1E8-4576-8532-97BC0164B09B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)
Task: {C5BDA18F-4220-4181-BDC8-DA84CE65990A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E03F0631-CAEF-487E-9CA4-DBD7FB0ADD83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-18 12:27 - 2014-05-08 00:29 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:C6AA1BF2
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/25/2014 10:17:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2014 07:00:45 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (05/25/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4843472
 
Error: (05/25/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4843472
 
Error: (05/25/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/25/2014 05:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4842411
 
Error: (05/25/2014 05:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4842411
 
Error: (05/25/2014 05:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/25/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4841335
 
Error: (05/25/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4841335
 
 
System errors:
=============
Error: (05/27/2014 10:32:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.0 service failed to start due to the following error: 
%%2
 
Error: (05/27/2014 10:32:07 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (05/27/2014 10:32:07 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (05/27/2014 10:18:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.0 service failed to start due to the following error: 
%%2
 
Error: (05/27/2014 10:18:26 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (05/27/2014 10:18:26 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (05/25/2014 07:41:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.0 service failed to start due to the following error: 
%%2
 
Error: (05/25/2014 07:41:40 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (05/25/2014 07:41:40 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (05/25/2014 05:47:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
 
Microsoft Office Sessions:
=========================
Error: (05/25/2014 10:17:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1050 J410 series\DriverStore\Pipeline\amd64\hpinkins8911.exe
 
Error: (05/25/2014 07:00:45 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (05/25/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4843472
 
Error: (05/25/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4843472
 
Error: (05/25/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/25/2014 05:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4842411
 
Error: (05/25/2014 05:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4842411
 
Error: (05/25/2014 05:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/25/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4841335
 
Error: (05/25/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4841335
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 73%
Total physical RAM: 766.42 MB
Available physical RAM: 200.48 MB
Total Pagefile: 1790.42 MB
Available Pagefile: 727.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:47.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 2A345A43)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Admin (administrator) on ADMIN-PC on 27-05-2014 23:05:02
Running from C:\Users\Admin\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-27] (Microsoft Corporation)
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Admin\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c5995cdd0b5647d381aba113f09d87db-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID 0913b
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\MountPoints2: {4cf15741-2482-11e3-b1a6-705ab6796e28} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\MountPoints2: {f58b096e-657a-11e3-9d8c-705ab6796e28} - E:\iLinker.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x062B25518FB8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://go.microsoft....k/?LinkId=69157
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://www.shockwave...h2.1.0.0.67.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-19]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
 
========================== Services (Whitelisted) =================
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-05-04] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKslfd178af2; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA422599-66F2-45CD-AA7F-9B7C692E2583}\MpKslfd178af2.sys [39464 2014-05-27] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-27 23:05 - 2014-05-27 23:05 - 00008077 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-27 23:03 - 2014-05-27 23:03 - 01056256 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-05-27 22:38 - 2014-01-19 08:32 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-05-27 22:36 - 2014-05-27 22:36 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-27 22:36 - 2014-05-27 22:36 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-27 22:35 - 2014-05-27 22:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-27 22:35 - 2014-05-27 22:36 - 00000000 ____D () C:\38b960cec41efa1d4d
2014-05-27 22:35 - 2014-05-27 22:35 - 11241816 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\mseinstall.exe
2014-05-25 18:20 - 2014-05-25 18:20 - 00001651 _____ () C:\Users\Admin\Downloads\aswMBR.txt
2014-05-25 18:20 - 2014-05-25 18:20 - 00000512 _____ () C:\Users\Admin\Downloads\MBR.dat
2014-05-25 15:27 - 2014-05-25 15:27 - 04745728 _____ (AVAST Software) C:\Users\Admin\Downloads\aswMBR.exe
2014-05-21 21:13 - 2014-05-21 21:13 - 00000000 ____D () C:\Program Files\ESET
2014-05-21 21:12 - 2014-05-21 21:12 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-05-18 12:13 - 2014-05-27 23:05 - 00000000 ____D () C:\FRST
2014-05-18 11:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-18 11:54 - 2014-05-18 11:56 - 00000000 ____D () C:\AdwCleaner
2014-05-18 11:54 - 2014-05-18 11:54 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT (2).exe
2014-05-18 11:53 - 2014-05-18 11:53 - 01325827 _____ () C:\Users\Admin\Downloads\AdwCleaner.exe
2014-05-18 11:49 - 2014-05-18 11:49 - 00004212 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-05-18 11:45 - 2014-05-18 11:45 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 11:44 - 2014-05-18 11:44 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT (1).exe
2014-05-18 11:43 - 2014-05-18 11:43 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-05-18 11:42 - 2014-05-18 11:42 - 00000791 _____ () C:\Users\Admin\Desktop\shexview.cfg
2014-05-18 11:40 - 2013-09-05 08:25 - 00054368 _____ (NirSoft) C:\Users\Admin\Desktop\shexview.exe
2014-05-18 11:39 - 2014-05-18 11:39 - 00065973 _____ () C:\Users\Admin\Downloads\shexview.zip
2014-05-05 00:30 - 2014-05-05 00:31 - 00000000 ____D () C:\a71e1a1af861537a1469285b4380cc88
2014-05-04 18:23 - 2014-05-18 11:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG SafeGuard toolbar
2014-05-04 18:22 - 2014-05-04 18:21 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-27 23:05 - 2014-05-27 23:05 - 00008077 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-05-27 23:05 - 2014-05-18 12:13 - 00000000 ____D () C:\FRST
2014-05-27 23:03 - 2014-05-27 23:03 - 01056256 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-05-27 22:58 - 2013-09-04 11:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 22:51 - 2014-01-19 01:05 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 22:50 - 2014-01-19 01:06 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-27 22:41 - 2009-07-14 05:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 22:41 - 2009-07-14 05:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 22:40 - 2013-09-04 10:48 - 01424129 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 22:36 - 2014-05-27 22:36 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-27 22:36 - 2014-05-27 22:36 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-27 22:36 - 2014-05-27 22:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-27 22:36 - 2014-05-27 22:35 - 00000000 ____D () C:\38b960cec41efa1d4d
2014-05-27 22:35 - 2014-05-27 22:35 - 11241816 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\mseinstall.exe
2014-05-27 22:32 - 2014-01-19 01:05 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 22:32 - 2013-09-04 13:19 - 00039212 _____ () C:\Windows\PFRO.log
2014-05-27 22:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 22:32 - 2009-07-14 05:39 - 00039997 _____ () C:\Windows\setupact.log
2014-05-27 22:31 - 2013-09-04 11:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-25 23:05 - 2013-09-25 00:02 - 00000000 ____D () C:\Users\Admin\Documents\finances
2014-05-25 18:20 - 2014-05-25 18:20 - 00001651 _____ () C:\Users\Admin\Downloads\aswMBR.txt
2014-05-25 18:20 - 2014-05-25 18:20 - 00000512 _____ () C:\Users\Admin\Downloads\MBR.dat
2014-05-25 15:27 - 2014-05-25 15:27 - 04745728 _____ (AVAST Software) C:\Users\Admin\Downloads\aswMBR.exe
2014-05-21 21:13 - 2014-05-21 21:13 - 00000000 ____D () C:\Program Files\ESET
2014-05-21 21:12 - 2014-05-21 21:12 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-05-21 20:32 - 2013-10-30 12:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-21 20:31 - 2013-10-30 12:07 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-18 12:58 - 2013-09-04 11:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-18 12:58 - 2013-09-04 11:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-18 11:59 - 2014-05-04 18:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG SafeGuard toolbar
2014-05-18 11:56 - 2014-05-18 11:54 - 00000000 ____D () C:\AdwCleaner
2014-05-18 11:54 - 2014-05-18 11:54 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT (2).exe
2014-05-18 11:53 - 2014-05-18 11:53 - 01325827 _____ () C:\Users\Admin\Downloads\AdwCleaner.exe
2014-05-18 11:49 - 2014-05-18 11:49 - 00004212 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-05-18 11:45 - 2014-05-18 11:45 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 11:44 - 2014-05-18 11:44 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT (1).exe
2014-05-18 11:43 - 2014-05-18 11:43 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-05-18 11:42 - 2014-05-18 11:42 - 00000791 _____ () C:\Users\Admin\Desktop\shexview.cfg
2014-05-18 11:39 - 2014-05-18 11:39 - 00065973 _____ () C:\Users\Admin\Downloads\shexview.zip
2014-05-18 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-05-05 11:10 - 2014-01-26 01:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-05 00:31 - 2014-05-05 00:30 - 00000000 ____D () C:\a71e1a1af861537a1469285b4380cc88
2014-05-05 00:31 - 2014-01-26 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-04 18:21 - 2014-05-04 18:22 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Admin\AppData\Local\Temp\install_reader11_uk_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Admin\AppData\Local\Temp\oi_{51698E80-6A86-43A8-81AB-C055EEAAFB4F}.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\SDShelEx-win32.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 08:53
 
==================== End Of Log ============================
 
 
Hi Adam, 
i did question the ram when i recieved my laptop back from the repair shop. i noticed the ram was significantly low., i shall replace this asap. 
AVG removed successfully as far as i know, and MSE ran ok.  :thumbup:

#7 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 28 May 2014 - 07:14 AM

Hello Lisa,
 
Uninstalling AVG appears to have reduced your memory in use: 
Percentage of memory in use: 73%
 
Excluding a few AVG remnants and other orphans, there is nothing in your log that requires removing. You should see a noticeable difference in performance once you have upgraded your RAM.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Admin\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c5995cdd0b5647d381aba113f09d87db-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID 0913b
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\MountPoints2: {4cf15741-2482-11e3-b1a6-705ab6796e28} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\MountPoints2: {f58b096e-657a-11e3-9d8c-705ab6796e28} - E:\iLinker.exe
SearchScopes: HKLM - DefaultScope value is missing.
S2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-05-04] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx86.sys
2014-05-04 18:23 - 2014-05-18 11:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG SafeGuard toolbar
Folder: C:\38b960cec41efa1d4d
Folder: C:\a71e1a1af861537a1469285b4380cc88
AlternateDataStreams: C:\ProgramData\TEMP:C6AA1BF2
end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Do you have any outstanding issues (excluding slowness caused by low RAM)?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#8 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 28 May 2014 - 03:21 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by Admin at 2014-05-28 22:17:52 Run:1
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Admin\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c5995cdd0b5647d381aba113f09d87db-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID 0913b
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\MountPoints2: {4cf15741-2482-11e3-b1a6-705ab6796e28} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\...\MountPoints2: {f58b096e-657a-11e3-9d8c-705ab6796e28} - E:\iLinker.exe
SearchScopes: HKLM - DefaultScope value is missing.
S2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-05-04] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx86.sys
2014-05-04 18:23 - 2014-05-18 11:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG SafeGuard toolbar
Folder: C:\38b960cec41efa1d4d
Folder: C:\a71e1a1af861537a1469285b4380cc88
AlternateDataStreams: C:\ProgramData\TEMP:C6AA1BF2
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913b => Value deleted successfully.
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cf15741-2482-11e3-b1a6-705ab6796e28} => Key deleted successfully.
HKCR\CLSID\{4cf15741-2482-11e3-b1a6-705ab6796e28} => Key not found.
HKU\S-1-5-21-2347572414-1306700944-569078958-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f58b096e-657a-11e3-9d8c-705ab6796e28} => Key deleted successfully.
HKCR\CLSID\{f58b096e-657a-11e3-9d8c-705ab6796e28} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
vToolbarUpdater18.1.0 => Service deleted successfully.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
C:\Windows\system32\drivers\avgtpx86.sys => Moved successfully.
C:\Users\Admin\AppData\Local\AVG SafeGuard toolbar => Moved successfully.
 
========================= Folder: C:\38b960cec41efa1d4d ========================
 
Directory Not Found
 
========================= Folder: C:\a71e1a1af861537a1469285b4380cc88 ========================
 
2014-05-05 00:30 - 2014-05-05 00:30 - 23813120 _____ () C:\a71e1a1af861537a1469285b4380cc88\Silverlight.msp
 
====== End of Folder: ======
 
C:\ProgramData\TEMP => ":C6AA1BF2" ADS removed successfully.
 
==== End of Fixlog ====
 
thank you for your help adam, avg has no gone from the search bar and things are running as well as can be expected until i add more ram.  :thumbup:

#9 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 29 May 2014 - 10:02 AM

Hi Lisa,
 

thank you for your help adam, avg has no gone from the search bar and things are running as well as can be expected until i add more ram.    :thumbup:

Very good, I'm glad to hear.  :) We have a couple more routine scans to perform in order to ensure nothing is lurking on your computer. 
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your desktop.
  • Note: If you unchecked any items identified by AdwCleaner, please backup the associated folders/files. 
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • JRT.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#10 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 29 May 2014 - 03:36 PM

hi adam before i clean using adw, this is in the log in the registry Key Found : HKCU\Software\AppDataLow\Software just want to check thats ok to delete and that its not virus etc 


    Advertisements

Register to Remove

#11 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 29 May 2014 - 08:32 PM

Hi Lisa, 

Please uncheck that item, and proceed with my instructions.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#12 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 30 May 2014 - 02:34 PM

# AdwCleaner v3.211 - Report created 30/05/2014 at 21:15:42
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner_3.211.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[x] Not Deleted : HKCU\Software\AppDataLow\Software
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2658 octets] - [18/05/2014 11:54:23]
AdwCleaner[R1].txt - [999 octets] - [29/05/2014 22:19:52]
AdwCleaner[R2].txt - [1058 octets] - [30/05/2014 21:14:15]
AdwCleaner[S0].txt - [2619 octets] - [18/05/2014 11:56:21]
AdwCleaner[S1].txt - [989 octets] - [30/05/2014 21:15:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1048 octets] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Admin on 30/05/2014 at 21:28:56.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/05/2014 at 21:32:02.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#13 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 30 May 2014 - 09:14 PM

Hi Lisa,
 
Logs are looking good. Please continue with these last two scans, and you should be all set (but don't forget to wait for my "All Clean" speech)!  :)
 
STEP 1
CXrghb6.png Update/Remove Java

  • Download the latest version of j8JVMVP.jpg Java from here.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for and uninstall the following programmes (if present):
    • Java 7 Update 51
       

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan will take a significant amount of time to complete. Please do not browse the Internet whilst your resident protection is disabled.

  • Please download ESET Online Scan and save the file to your desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then press Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Click Hide advanced settings. Your settings should match that of the image below.
  • Ensure Remove found threats is unchecked.
    3Crnyln.png
  • Allow virus signature database to download and for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did Java update/remove successfully? 
  • MBAM Scan log
  • ESET Online Scan log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#14 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 02 June 2014 - 05:00 PM

Hi Adam, i think the sooner i get more RAM the better, that was a long haul with non responding tasks....Eset found nothing and java installed correctly:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 02/06/2014
Scan Time: 21:23:36
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.02.08
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 239891
Time Elapsed: 13 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.Conduit.A, C:\Users\Admin\AppData\Local\Temp\CT3318857, Quarantined, [c748fa5a5c1f7abc7dc8ed90bb47ea16], 
PUP.Optional.Conduit.A, C:\Users\Admin\AppData\Local\Temp\CT3319613, Quarantined, [6fa044106d0e3cfa67de5825c0420cf4], 
 
Files: 2
PUP.Optional.Conduit.A, C:\Users\Admin\AppData\Local\Temp\CT3318857\ddt.csf, Quarantined, [c748fa5a5c1f7abc7dc8ed90bb47ea16], 
PUP.Optional.Conduit.A, C:\Users\Admin\AppData\Local\Temp\CT3319613\ddt.csf, Quarantined, [6fa044106d0e3cfa67de5825c0420cf4], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

#15 LiquidTension

LiquidTension

    SuperMember

  • Classroom Teacher
  • 2,566 posts

Posted 03 June 2014 - 07:19 AM

Hi Lisa,
 
ESET finding nothing is very good. MBAM only found a few remnants in your Temp folder, which we would have cleared in any case. Once you've completed these steps, I will be ready to remove our tools and issue the "All Clean". 
 
STEP 1
CXrghb6.png Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

  • u9DsAVv.png Follow these instructions to check for download the latest Windows Updates.
     

STEP 2
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the followingarticle (point #7).

  • Click the Windows Start Button 29Fou9c.jpg and type Java Control Panel (or javacpl) in the search bar. 
  • Press the Windows Key pdKOQKY.png on your keyboard at the same time. Type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) AVOiBNU.jpg appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 3
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Confirmation you had no issues with the instructions. 
  • checkup.txt
  • Comments on how your computer is performing. 

Note: There are important steps to follow. Please ensure you continue following this topic until I give you the "All Clean".


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·