Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC noticeably 'slower' recently...


  • Please log in to reply
80 replies to this topic

#1 Pardew

Pardew

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 03 January 2013 - 05:21 PM

Hi. Me, yet again. Pardew.

As it was running slower, a slowness which seemed to coincide, though I can't be totally sure, with the latest batch of Microsoft Updates, I decided to run MBAM yesterday and it detected PUP.Funmoods.

Here is the log.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.02.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
popster :: DAVE [administrator]

03/01/2013 02:45:39
mbam-log-2013-01-03 (02-45-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 298094
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0


I thought, Oh! That's shifted them. Running another MBAM quick scan to 'make sure', it froze after about a minute on HKLM\SOFTWARE\Microsoft\Windows\Installer\UserData\S-1-5-18\Components\0000210981009040000000A0FE51DCC7
necessitating a 'naughty' reboot.

SAS and my 'FULL' AVG did not detect anything.

This languor may not be to do with this, but I want to be sure. Thanks for your help, people. :thumbup2:

PS Just wondering would it be possible and/or safe to uninstall the latest MS Sec.Updates first, to see if it's to do with that?

Cheers :crazy:

Edited by bloopie, 03 January 2013 - 05:40 PM.
Moved topic to AII forum ~ bloopie


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:28 AM

Posted 03 January 2013 - 08:14 PM

Hello Pardew and Welcome back -
PUP.Funmoods is a "Potentially Unwanted Program" or PUP as often described. The program can reset your home page and spy on you.
Funmoods is often a "drive by" or email attachment that is "usually" not too serious on your system.

First -
Can you now Update your copy of Malwarebytes Anti-Malware and rescan to see if the item still exists ?
If it stops during the Quick Scan, please tell me as you may need to reinstall the program, but please complete the other listed items.

Now, look in Control Panel > Add / Remove to see if "Funmoods" or "FunMoods Web Search" is listed. You can try to uninstall it from in there.

Next -
Please download AdwCleaner by Xplode onto your desktop.
If you are prompted, please disable your Antivirus, or just click "Allow this program to run" - Information on (temp disable) HERE
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Search.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

<< Just wondering would it be possible and/or safe to uninstall the latest MS Sec.Updates first >>
This can be done, but M/soft Updates are usually fully tested to not produce adverse effects on your system. Funmoods will not be related to any M/soft update.
You can open Windows Updates and review the last few items installed there to be sure that none of them failed.

Finally -
Please download Junkware Removal Tool to your desktop
Junkware Removal Tool by thisisu
•Shut down your protection software now to avoid potential conflicts.
•Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt into your next message.

We can then run further scans if the problems still exist.

If you can, please include these in your next reply -
AdwCleaner log /
JRT log /
Any current Malwarebytes log that may be produced (or program problem)
If the problem is better or worse.

Thank You -
Spelling Edit Only -

Edited by noknojon, 03 January 2013 - 08:15 PM.


#3 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 04 January 2013 - 05:48 AM

Hi, noknojon. Thanks for the prompt response.

Updated MBAM to latest version 2013.01.04.04. Just a quick note before starting. My AVG(paid for) only allows a 15 minute 'hiatus' then turns itself back on and unable to override so if it does prompt me, it might be awkward.

Results to follow.

#4 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 04 January 2013 - 06:32 AM

Hi again.

No Funmoods OR Funmoods Websearch in programs.

Ran MBAM Q Scan and froze again (not responding) after 54 secs on HKCR\CLSID\{00002F-0000-0000-0000-000000000046}

Did naughty reboot again.



I clicked the adwcleaner link to start download and my AVG blocked it with -

C\Users\Popster\Desktop\adwcleaner.exe. Threat name - IDP.Trojan.97AC54E5 so quarrantined and deleted just in case...


The JRT d/l was ok but before I proceed with that, I want to be sure it'll be ok because as stated, my AVG, as far as I know, will only temporarily disable for 15 minute periods max. If this 15 mins max temp disable is the case, would it be viable to just disable the 'Resident Shield' component only during these 'runs'?

Sorry to be so circumspect. :huh:

Thanks again, noknojon.

Edited by Pardew, 04 January 2013 - 01:15 PM.


#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 AM

Posted 04 January 2013 - 04:09 PM

Hi Pardew,

I don't mean to interrupt but please download a new copy of JRT.exe if you are going to run it. Previous version had one issue that was resolved in the newest version.

Thank you

#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:28 AM

Posted 04 January 2013 - 04:53 PM

Thanks thisisu if the link is still the same, I will still use it and hope the result is better
Hi -
We do quite often get a block on those 2 programs, however if you check the Am I Infected or Malware Removal areas, they are very commonly used programs.
This is why we try to include the "Information on A/V control (temp disable) HERE if needed" line with these programs

They are only biocked due to a lack of certification, and for no other reason - I have them installed on both of my computers and leave them there.
Please try again, and see if you can install them with temp blocking or turning off AVG Shield -

Your Malwarebytes pronlem may due to your AVG clashing with certain parts of the program, not unusual, so I will leave more information on that.
I assume that you only use the Free version of Malwarebytes and not the Pro (paid) version. If you use the Pro version, please tell me -

Please visit Malwarebytes Forum (I will leave the link) and see the FAQ Section H Link to FAQ - With the new version there has been a few minor set-up problems with exclusions needing to be set, as per early versions.

For the moment you can use MBAM Chameleon as described in the linked article -

Regards -
EDIT -
Did you look in Control Panel > Add / Remove for "Funmoods" or "FunMoods Web Search"

Edited by noknojon, 04 January 2013 - 04:58 PM.


#7 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 04 January 2013 - 06:21 PM

Hi Nokojon

Before I proceed -

Just to clarify, should I ignore the Trojan threat associated with AdwCleaner, d/l it and allow it to run whilst AVG is in 'Disabled until restart' mode? (Just discovered can disable AVG until a restart(presume that means indefinitely).

As regards JRT and Thisisu's interject, I already have it installed on my desktop via your link and ready to launch. There were no issues with this. Should I use the newer version and if so, is there a link to the latest one?

I've just ran MBAM Chameleon and none of the twelve options clicked individually opened a dos/black screen. A green tick and a 'tested' appeared each time. What does this mean?

Sidenote - The last time I posted a good while back regarding PUP.Funmoods, MBAM froze in the same manner and, if I'm not mistaken, on the same if not very similar registry key value(s).

Sorry to 'fart about' again but need to be sure what I'm doing in regard to AdwCleaner & JRT.

Thanks for your patience.

PS - As stated earlier, there is no Funmoods in C/P>Progs & Features. I use the free version of MBAM.

Edited by Pardew, 04 January 2013 - 06:28 PM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:28 AM

Posted 04 January 2013 - 06:47 PM

Sorry to 'fart about' again but need to be sure what I'm doing in regard to AdwCleaner & JRT.


Hi -
Your concerns are quite normal, as we do get asked this quite often, usually depending on your Active Shields, and infections.
You can also see if they download in Safe Mode with Networking.

Meanwhile can you please download SuperAntiSpyware free and Update and scan with this also -
Note they are trying a "Free Trial period" but in the download be sure to look for sneaky Add-Ons to untick -

Re: JRT.exe, the link will still be the same, only a process in JRT was altered to allow you better access. Thisisu is the program developer.
Re: AdWare, we do not have direct contact with the developer at this time, but as with these tools, often the infection can also cause problems.

I have left Malwarebytes links for Exclusions, which is for you to add if you have problems, (direct from MBAM) and I will check the site for more help.
Next post can you please tell me if you have MBAM Pro or Free versions installed (for help with correct reinstall)

Please excuse me if I need to be missing at any time, as the local temp has been over 40C, and I am just protecting these computers.

#9 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 04 January 2013 - 08:16 PM

Hi - I told you in the last post I run the Free new updated version of MBAM

I also said in my initial post, I ran SAS Free and it found nothing. I can update and run again no prob.

Before running another update and scan with SASFree, should I disable my AVG ticking 'until restart', otherwise I won't be able to run AdwCleaner anyway(Trojan detect)? I have AdwCleaner & JRT ready to launch on my Desktop but AdwCleaner won't work unless I disable AVG.

Is it a false Trojan detection by AVG in AdwCleaner?

After which I will run JRT? Will JRT be ok to run with AVG active?

Don't want to leave PC exposed too long.

Want to be sure before I launch AdwCleaner & JRT to generate some logs at last!!

I'm off to my pit now. Look forward to continuing later. 1.25AM ZZZZZZZ

Edited by Pardew, 04 January 2013 - 08:31 PM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:28 AM

Posted 04 January 2013 - 11:11 PM

Hi again -
I'm off to my pit now. Look forward to continuing later. 1.25AM ZZZZZZZ << Do not blame you as I am 12 hours off your time zone :wacko:
This will give me a bit of time to add a few items for your next visit -

Just to clarify, should I ignore the Trojan threat associated with AdwCleaner << It is a False Positive
This and This and This, are all relate to the experts using the same tool. (Random Examples).
Your best choice is to Right click on the tool once downloaded, and select Run As Admin with Vista or later.

As regards JRT and Thisisu's interject ...... is there a link to the latest one? << Delete the download and use the same link (it gives the updated version)

Don't want to leave PC exposed too long.<< You are not "surfing" just connecting to a secure site here :)

RE: Malwarebytes problems and a Un/Re-install - - - Direct quote and advice from Site Advisors -
mbam-clean.exe is a special tool created by the developers of Malwarebytes Anti-Malware to completely remove all traces of the program from your computer.
This can be useful if your if having trouble with the program, as often a clean uninstall and reinstall of the software will correct many common problems.
To use the utility:
•Download and run mbam-clean.exe from HERE.
•It will ask to restart your computer, please allow it to do so very important
•After the computer restarts, you may need to Temporarily disable your Anti-Virus and Shield and install the latest version of Malwarebytes' Anti-Malware from the BleepingComputer link HERE
Follow the usual setup procedures, and check for Updates when fully installed. Now try a Quick Scan.

I hope that I have covered all questions now, please add more if I have not -

Thank You -

#11 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 05 January 2013 - 10:16 AM

Hi - Firstly, as advised, I d/l latest MBAM and ran QS. As stated in my initial post at the top, a minute and 9s into it, it froze on HKLM\SOFTWARE\Microsoft\CurrentVersion\Installer\UserData\S-1-5-18\Components\0002109511090400000E0239E6F5E85. Had to 'naughty' reboot.

Here are the requested logs -

ADWCleaner

# AdwCleaner v2.104 - Logfile created 01/05/2013 at 14:16:19
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : popster - DAVE
# Boot Mode : Normal
# Running from : C:\Users\popster\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\popster\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\41cbjatn.default\searchplugins\search.xml
File Found : C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\9z0n1cbg.default\searchplugins\search.xml
Folder Found : C:\Program Files\AskSBar
Folder Found : C:\ProgramData\FreeRIP
Folder Found : C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\popster\AppData\LocalLow\AskSBar
Folder Found : C:\Users\popster\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AskSBar Uninstall
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2}
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin
Key Found : HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AskSBar Uninstall
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-4210753331-32940636-3746106261-1002\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1QzutDtDtC0DzytBtByE0CtAtDyByCtByBzytN0D0TzutBtDtCtBtDyCtBtB&cr=1488802776

-\\ Mozilla Firefox v2.0 (en-US)

File : C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\41cbjatn.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutA[...]

File : C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\9z0n1cbg.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutA[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.36] : icon_url = "hxxp://start.funmoods.com/favicon.ico",
Found [l.39] : keyword = "funmoods.com",
Found [l.42] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1QzutDtDtC0DzytBtByE0CtAtDyByCtByBzytN0D0TzutBtDtCtBtDyCtBtB&cr=1488802776",

-\\ Opera v12.12.1707.0

File : C:\Users\popster\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6095 octets] - [05/01/2013 14:16:19]

########## EOF - C:\AdwCleaner[R1].txt - [6155 octets] ##########



JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.3.8 (01.03.2013:2)
OS: Windows Vista ™ Home Premium x86
Ran by popster on 05/01/2013 at 14:18:10.71
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\freecorder
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1060933
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}



~~~ Files

Successfully deleted: [File] "C:\Users\popster\appdata\local\funmoods-speeddial.crx"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\Users\popster\appdata\locallow\asksbar"
Successfully deleted: [Folder] "C:\Program Files\asksbar"



~~~ Chrome

Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\fdloijijlkoblmigdofommgnheckmaki



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/01/2013 at 14:22:40.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



SAS Free

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/05/2013 at 03:00 PM

Application Version : 5.6.1014

Core Rules Database Version : 9829
Trace Rules Database Version: 7641

Scan type : Quick Scan
Total Scan Time : 00:21:02

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 680
Memory threats detected : 0
Registry items scanned : 33625
Registry threats detected : 0
File items scanned : 45950
File threats detected : 8

Adware.Tracking Cookie
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\F648VFJO.txt [ Cookie:popster@statse.webtrendslive.com/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\TZIIGVUH.txt [ Cookie:popster@invitemedia.com/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2HSGY1GS.txt [ Cookie:popster@doubleclick.net/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\TI6IJQ7T.txt [ Cookie:popster@adinterax.com/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZZ433OGP.txt [ Cookie:popster@accounts.google.com/ ]
accounts.google.com [ C:\USERS\POPSTER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\POPSTER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\POPSTER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Once again, thanks for your patience.

#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:28 AM

Posted 05 January 2013 - 04:02 PM

Hi -
Thank you for those logs, and as I thought there are funmoods.com and PriceGong as in your last problem from 6 months ago, still listed.
Can you please list your "normally used" Internet browser (is it still Opera)

Please re-run AdwCleaner, and we will remove those items as below > >
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool - Vista and Win7 users Right click and select Run as Admin
Click on Delete.
Confirm each time with OK.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.


Next -
Download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.


Next -
Please download MiniToolBox, Save it to your desktop and run it.

Checkmark the following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List last 10 Event Viewer log
•List Installed Programs
List devices >>(Problem only)<<
•List Users, Partitions and Memory size.
•List Minidump Files

Click Go and copy / paste the result (Result.txt) in your next reply -

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



After you post those results I would like to run sfc /scannow and chkdsk /r for you to check your sysyem.


Go - Start > Programs > Accessories > Find Command Prompt > Right click on it and select Run as Admin > First type chkdsk /r and press Enter - Note the space between k and / this must be there. Please allow all 5 stages to run uninterupted as this can take (on average) 1 to 2 hours and your computer will reboot to Normal mode once finished.

Please repeat the start procedure as above, only this time type sfc /scannow and press Enter - Note the space between c and / this must be there.
This scan will only take about 10 to 15 minutes usually -


I am still at MBAM forum asking why the problem of a freeze still happens about half way during your scan, and these 2 items above were among their ideas.
I will keep you updated with their further answers and any more ideas -


Thank You -

#13 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 05 January 2013 - 05:59 PM

Hi.

The 3 logs -

AdwCleaner

# AdwCleaner v2.104 - Logfile created 01/05/2013 at 22:31:48
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : popster - DAVE
# Boot Mode : Normal
# Running from : C:\Users\popster\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\41cbjatn.default\searchplugins\search.xml
File Deleted : C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\9z0n1cbg.default\searchplugins\search.xml
Folder Deleted : C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\popster\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AskSBar Uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin
Key Deleted : HKLM\SOFTWARE\Classes\AskSBar.ToolbarPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AskSBar Uninstall

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v2.0 (en-US)

File : C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\41cbjatn.default\prefs.js

C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\41cbjatn.default\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutA[...]

File : C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\9z0n1cbg.default\prefs.js

C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\9z0n1cbg.default\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutA[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.36] : icon_url = "hxxp://start.funmoods.com/favicon.ico",
Deleted [l.39] : keyword = "funmoods.com",
Deleted [l.42] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&[...]

-\\ Opera v12.12.1707.0

File : C:\Users\popster\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6224 octets] - [05/01/2013 14:16:19]
AdwCleaner[R2].txt - [4917 octets] - [05/01/2013 22:31:18]
AdwCleaner[S1].txt - [4893 octets] - [05/01/2013 22:31:48]

########## EOF - C:\AdwCleaner[S1].txt - [4953 octets] ##########




Screen317

Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 9
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 7
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````




MTB

MiniToolBox by Farbar Version: 25-11-2012
Ran by popster (administrator) on 05-01-2013 at 22:50:31
Running from "C:\Users\popster\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 2

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost


========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (01/05/2013 10:45:23 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (01/05/2013 10:37:37 PM) (Source: Service Control Manager) (User: )
Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)

Error: (01/05/2013 10:35:40 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (01/05/2013 10:35:40 PM) (Source: Service Control Manager) (User: )
Description: Intel® Viiv™ Media Server%%2147549183

Error: (01/05/2013 09:04:47 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (01/05/2013 08:06:19 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (01/05/2013 06:47:51 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (01/05/2013 06:03:37 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (01/05/2013 04:53:02 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (01/05/2013 04:06:06 PM) (Source: ipnathlp) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.


Microsoft Office Sessions:
=========================
Error: (12/27/2012 06:55:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3011 seconds with 1440 seconds of active time. This session ended with a crash.

Error: (12/02/2012 07:52:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 527 seconds with 480 seconds of active time. This session ended with a crash.

Error: (11/24/2012 04:13:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1636 seconds with 1620 seconds of active time. This session ended with a crash.

Error: (11/24/2012 03:45:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 816 seconds with 780 seconds of active time. This session ended with a crash.

Error: (11/03/2012 04:48:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 107 seconds with 60 seconds of active time. This session ended with a crash.

Error: (10/14/2012 00:51:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3141 seconds with 840 seconds of active time. This session ended with a crash.

Error: (10/10/2012 09:21:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7820 seconds with 4560 seconds of active time. This session ended with a crash.

Error: (05/13/2011 02:45:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/28/2011 07:39:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2013-01-05 22:35:16.700
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-05 22:35:16.513
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-05 22:35:02.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-05 22:35:01.942
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-05 22:35:01.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-05 22:35:01.490
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-05 14:40:35.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-05 14:40:34.843
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-05 14:40:34.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-05 14:40:34.157
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
AAC Decoder (Version: 7.1.0)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Shockwave Player 11.5 (Version: 11.5.1.601)
Alcatel SpeedTouch USB Software
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
µTorrent (Version: 3.1.3)
Audacity 1.2.6
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2637)
AVG 2012 (Version: 2012.0.2221)
Bonjour (Version: 3.0.0.10)
BT Broadband Desktop Help
BT Yahoo! Applications
BTHomeHub
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
DivX Codec (Version: 6.8.5)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.0.0.19)
DivX Web Player (Version: 1.4.2)
Epson Easy Photo Print 2 (Version: 2.1.0.0)
EPSON Printer Software
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX410 Series Printer Uninstall
Google Chrome (Version: 23.0.1271.97)
Google Desktop (Version: 5.9.0911.03589)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
Google Updater (Version: 2.4.2432.1652)
H.264 Decoder (Version: 1.0.0)
Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146)
iCloud (Version: 2.0.2.187)
Intel® Matrix Storage Manager
Intel® PRO Network Connections 12.2.41.0 (Version: 12.2.41.0)
Intel® Viiv™ Software (Version: 1.7.512.0)
iTunes (Version: 10.7.0.21)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 15.4.3502.0922)
MakeDisc (Version: 3.0.2203)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Map Button (Windows Live Toolbar) (Version: 03.01.0146)
MCE Software Encoder 1.1 (Version: 1.1.0.1918)
MediaShow (Version: 3.0.4325)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher 2007 Trial (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MKV Splitter (Version: 1.0.0)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Premium (Version: 7.02.9753)
neroxml (Version: 1.0.0)
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.12 (Version: 12.12.1707)
PHOTOfunSTUDIO (Version: 3.00.000)
PhotoNow! 1.0 (Version: 3.0.4310)
PIF DESIGNER2.1
PowerDirector (Version: 6.5.2209a)
PowerProducer
QuickTime (Version: 7.72.80.56)
Real Alternative 1.9.0 (Version: 1.9.0)
Realtek High Definition Audio Driver (Version: 6.0.1.5470)
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
ScanToWeb
Segoe UI (Version: 15.4.2271.0615)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
SSC Service Utility v4.30
SUPERAntiSpyware Free Edition (Version: 4.23.0.1006)
TV Enhance (Version: 1.0.4619)
Ulead PhotoImpact 12 (Version: 12.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VCRedistSetup (Version: 1.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
WMPTagSupportExtender (Version: 1.4)
X10 Hardware™

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 2045.45 MB
Available physical RAM: 750.65 MB
Total Pagefile: 4333.91 MB
Available Pagefile: 3057.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.28 MB

========================= Partitions: =====================================

1 Drive c: (BOOT) (Fixed) (Total:445.76 GB) (Free:101.7 GB) NTFS
2 Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:10.38 GB) FAT32

========================= Users: ========================================

User accounts for \\DAVE

Administrator Guest IUSR_NMPR
popster

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini041910-01.dmp
C:\Windows\Minidump\Mini042510-01.dmp
C:\Windows\Minidump\Mini070112-01.dmp
C:\Windows\Minidump\Mini071708-01.dmp

**** End of log ****


I mainly use Opera though of late it's been a bit 'sluggish'

As regards chkdsk in Command Prompt, I'm getting the message - chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)

Anyway, as this takes a fair while and it's got late here again, plus I've got to get up at stupid o'clock!, I'll perform the remaining advices tomorrow evening, if that's ok?

Thanks for your continued help, Noknojon!

Edited by Pardew, 05 January 2013 - 06:20 PM.


#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:28 AM

Posted 05 January 2013 - 08:55 PM

Hi -
There is always help is here for you, even if I miss a few items I am sure that another helper will assist you -

As regards chkdsk in Command Prompt, I'm getting the message - chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N) << This is the normal message, you just press Y and then Reboot the computer (Sorry I did not add that :( )
I mainly use Opera though of late it's been a bit 'sluggish' << Can you use I.Explorer, as Opera may just need an update.
Please do these things at your own time, as there is no need to rush these 2 items (Disk check and System file checker).

If you read AdWare report it says
Deleted : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/? and
Deleted [l.36] : icon_url = "hxxp://start.funmoods.com/favicon.ico",
Deleted [l.39] : keyword = "funmoods.com",
Deleted [l.42] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&[...]
Also a few other minor extra unwanted items have been removed now -
AdWare may have removed an AVG toolbar, but that is not required and is regarded as another Add-on item.

Some Updates for you now -
Java is now 7 Update 10
1. Update your Java version here: http://www.java.com/en/download/installed.jsp
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it.
•Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
•Accept any prompts.
•Do NOT post JavaRa log if prompted, this is not required
Check in Programs and Features that no old versions of Java exist now

You can remove Adobe Flash Player 10 (Flash Player out of Date! ) as you do have the later version installed

Adobe Reader XI (11.0) << from here is now the current version.
Uncheck the Chrome Add-On when you download this Adobe update.

µTorrent (Version: 3.1.3) is always a place to pick up minor infections, but the choice is yours to delete or keep (I prefer delete)

I will wait on your answer after the other 2 checks as to how the computer is behaving now.

Thank You -

#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:28 AM

Posted 06 January 2013 - 05:40 AM

Hi -
This is the script given to me from Malwarebytes and it sets exclusions in your AVG and Shield that should prevent the freezing when you are running your scans.
Please try the solution as listed below, and see if this helps the problem with the new version of Malwarebytes -
This is best performed with Internet Explorer, and not another browser -

I noticed that when you posted your last problem and quietman7 helped, that you had the same / similar problem with MBAM then.
From memory the problem also related to Fun Moods at that time, so this may be related in some way.

Show Hidden Files and Folders in Windows Vista and Windows 7:

  • Click on the Start Posted Image button and select Computer
  • Press the Alt key on your keyboard and click on Tools
  • Select Folder Options
  • Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders
  • Next, uncheck the box next to Hide protected operating system files (Recommended)
  • Then, uncheck the box next to Hide extensions for known filetypes
  • Click Apply then click OK
Set Exclusions for Malwarebytes' Anti-Malware in AVG in Windows Vista and Windows 7:

  • Open AVG and close the pop-up ad that shows up on the bottom of the screen then double-click on Resident Shield
  • Click on Tools at the top and select Advanced settings...
  • Click on Excluded Items under Resident Shield
  • Click on the Add Path button on the right
  • Click on the + next to Computer in the Browse For Folder window
  • Click on the + next to your system drive (usually C:)
  • Click on the + next to Program Files Note: This should be Program Files (x86) for 64 bit Windows versions.
  • Click once on the Malwarebytes' Anti-Malware folder so that it is highlighted and click on OK
  • Click on the Add Path button on the right
  • Click on the + next to Computer in the Browse For Folder window
  • Click on the + next to your system drive (usually C:)
  • Click on the + next to ProgramData
  • Click once on the Malwarebytes folder so that it is highlighted and click on OK
  • Click on the Add File button on the right and click on Computer on the left
  • Double-click on your system drive (usually C:)
  • Double-click on Windows
  • Scroll to the right until you find the System32 folder and double-click on it
  • Double-click on the drivers folder
  • Scroll to the right until you find mbam.sys and double-click on it
  • Click on the Apply button at the bottom of the program window and then click on OK
  • Close the AVG window
Reset Hidden Files and Folders in Windows Vista and Windows 7:
  • Click on the Start Posted Image button and select Computer
  • Press the Alt key on your keyboard and click on Tools
  • Select Folder Options
  • Click the View tab and make sure that Do not show hidden files and folders is selected under Hidden files and folders
  • Next, check the box next to Hide protected operating system files (Recommended)
  • Then, check the box next to Hide extensions for known filetypes
  • Click Apply then click OK
Set Exclusions for AVG in Malwarebytes' Anti-Malware:

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click on the Add button
  • In the small browse window that opens, navigate to C:\Program Files and click once on AVG and click OK
  • Close Malwarebytes' Anti-Malware





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users