Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Avast Making My Computer Slow, Freeze Up & Generally Be A Pain?!


  • This topic is locked This topic is locked
4 replies to this topic

#1 stillanovice

stillanovice

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maine
  • Local time:02:18 AM

Posted 25 October 2014 - 06:33 PM

Please help - I feel like I'm going in circles, and I will appreciate all help given.

 

 

About 3 months ago, I had a problem with Arcade Yum creating crazy popups, and I came here and someone helped me get rid of it.  In that process, he told me to download Avast, so I did.  It was downloaded for a trial period which just ran out in this last week. 

 

About 3 weeks or a month ago, my laptop started slowing down, freezing and just generally being a pain where I couldn't navigate AT ALL!  It is constant and the fan in this laptop is constantly running.  I don't know much about all this stuff, but it feels like there are a whole set of other programs running in the background that my laptop can't keep up with. 

 

I asked for help again, and this is the thread:      http://www.bleepingcomputer.com/forums/t/550162/ugh-im-still-infected-i-need-help-again/page-2

 

The last entry from Broni tells me to do the DDS Logs and post a new topic here.  As soon as I started those steps, I got an error message telling me:  Your Current Security Settings Do Not Allow This File To Be Downloaded

 

It hit me that maybe it's this Avast thing I downloaded awhile back.  I tried to uninstall, but it doesn't show up on my list of installed programs.  I googled it and tried to do the AvastClear removal tool, but I got the same message as above:  Your Current Security Settings ...Blah Blah

 

I am so incredibly frustrated I just want to close the laptop and go out and buy another one and start fresh!  :(

 

*******************

 

This is an edit to my message:

 

I just did a scan w/MBAM and here is the log:   (I quarantined everything)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/25/2014
Scan Time: 7:55:35 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.22.04
Rootkit Database: v2014.10.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403950
Time Elapsed: 40 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 16
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\Datamngr, , [407ce5325c207fb79b34b385f60d42be],
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, , [2597ff18c1bb78be0cca8a9744bf58a8],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, , [05b7ab6ca0dc999d80ac4be33dc6e11f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [2a928f88493340f63e87d8b6ab595aa6],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [bb018f8889f3033334924d41b054f10f],
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\WOW6432NODE\XTRM GROUP LTD.\MySafeProxy, , [b705ab6ce399de583e94829c0cf7728e],
PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers+Apps+1.1, , [5c6026f1c4b80333d29638f2d03350b0],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1392159129-2078248977-845139479-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, , [2993cf480d6f42f465936b23d72d5da3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1392159129-2078248977-845139479-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [7c40b5621963a690a4570778f3119c64],
PUP.Optional.GenericAddon.A, HKU\S-1-5-21-1392159129-2078248977-845139479-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, , [a41843d45428003680262bf8d330f907],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1392159129-2078248977-845139479-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, , [675541d6c4b86fc72fc6f43d8d76847c],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1392159129-2078248977-845139479-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, , [39836bac314b2e089a03a1ca9f6507f9],
PUP.Optional.BrowsersApp.A, HKU\S-1-5-21-1392159129-2078248977-845139479-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers+Apps+1.1, , [249869ae621ac6704f19ce5cf40f2ad6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1392159129-2078248977-845139479-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [625a91866c10181e0bf0ceb1699b4ab6],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [caf2f0278bf145f15020e326e61d25db],

Registry Values: 2
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [05b7ab6ca0dc999d80ac4be33dc6e11f]
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_300, , [912bed2a205c60d65187e53c93704db3],

Registry Data: 0
(No malicious items detected)

Folders: 13
Rogue.Multiple, C:\ProgramData\374311380, , [4577d2456f0d072f6c80cc13f01228d8],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, , [239924f3a8d41f175ff507029d6632ce],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, , [239924f3a8d41f175ff507029d6632ce],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, , [239924f3a8d41f175ff507029d6632ce],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, , [239924f3a8d41f175ff507029d6632ce],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, , [239924f3a8d41f175ff507029d6632ce],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{57005C8C-3F18-48AA-A09F-795A4C6A62C8}, , [239924f3a8d41f175ff507029d6632ce],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.NewPlayer.A, C:\Program Files (x86)\ver3NewPlayer, , [dce070a716665fd73d758689b74cff01],
PUP.Optional.MySafeProxy.A, C:\Windows\temp\XTRM Group Ltd, , [ad0f37e0710b94a24117e7321be82ed2],
PUP.Optional.MySafeProxy.A, C:\Windows\temp\XTRM Group Ltd\MySafeProxy, , [ad0f37e0710b94a24117e7321be82ed2],
PUP.Optional.MySafeProxy.A, C:\Windows\temp\XTRM Group Ltd\MySafeProxy\1.0.11.0, , [ad0f37e0710b94a24117e7321be82ed2],
PUP.Optional.MySafeProxy.A, C:\Windows\temp\XTRM Group Ltd\MySafeProxy\1.0.11.0\rollback, , [ad0f37e0710b94a24117e7321be82ed2],

Files: 17
PUP.Optional.BrowsersApp.A, C:\Users\Cal\AppData\Roaming\UXRCC.exe, , [fbc136e13c404ceab1ad0852d0359f61],
PUP.Optional.BrowsersApp.A, C:\Users\Cal\AppData\Roaming\ZUOL.exe, , [01bb53c4fa82fe3835294c0e9273fe02],
PUP.Optional.AdLyrics, C:\Users\user\AppData\Local\Temp\B6B2tmp\5555-1001_newplayer.exe, , [685454c38def2b0be7d85974a061e818],
PUP.Optional.DesktopTemperature.A, C:\Users\user\AppData\Local\Temp\B6C6tmp\dt1_24_6_1.exe, , [5d5fb3642c504ee886d3f3cfb44d5da3],
PUP.Optional.MySafeProxy.A, C:\Users\user\AppData\Local\Temp\B6D7tmp\msp-bootstrap.exe, , [4874f522097371c58a129a3454ad1de3],
Rogue.Multiple, C:\ProgramData\374311380\BIT997A.tmp, , [4577d2456f0d072f6c80cc13f01228d8],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889\GoogleCrashHandler.exe, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889\GoogleUpdate.exe, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889\GoogleUpdateBroker.exe, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889\GoogleUpdateHelper.msi, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889\GoogleUpdateOnDemand.exe, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889\goopdate.dll, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889\goopdateres_en.dll, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889\npGoogleUpdate4.dll, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889\psmachine.dll, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.GlobalUpdate.A, C:\Users\user\AppData\Local\Temp\comh.57889\psuser.dll, , [caf2f0278bf145f15020e326e61d25db],
PUP.Optional.NewPlayer.A, C:\Program Files (x86)\ver3NewPlayer\T3NewPlayerX28.exe, , [dce070a716665fd73d758689b74cff01],

Physical Sectors: 0
(No malicious items detected)

(end)


Edited by stillanovice, 25 October 2014 - 08:44 PM.


BC AdBot (Login to Remove)

 


#2 stillanovice

stillanovice
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maine
  • Local time:02:18 AM

Posted 26 October 2014 - 06:50 PM

Today, I've been getting messages constantly (even though I'm not doing anything and certainly not downloading anything) that say: Your Current Security Settings Do Not Allow This File To Be Downloaded   The message will just randomly pop up on the screen when I'm not even at the laptop!  There were two specific times when it popped up that I was doing something ... at one point, I tried to log on to Facebook, and it gave me that message.  Another time, I tried to open a picture in an email, and that message came up. 

 

Not only has that been going on all day, but Avast has decided to go crazy ... during this last hour, it has given me no less than 10 popup warnings that certain websites are threats.  This was all going on while we were eating dinner - no one was at the computer navigating.  It was almost like someone somewhere was using my computer, and I couldn't see it, but I could see the warnings that Avast was giving me about the websites they were going to.   

 

I did an MBAM scan again today and here is the log:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/26/2014

Scan Time: 2:23:04 PM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.10.26.04

Rootkit Database: v2014.10.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: user

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 405191

Time Elapsed: 46 min, 47 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

PUP.Optional.CrossRider.A, C:\Users\user\AppData\Local\Temp\B6C4tmp\setup.exe, , [94b8ff1a2656270f3482dbfb35ccce32],

Physical Sectors: 0

(No malicious items detected)

 

(end)



#3 stillanovice

stillanovice
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maine
  • Local time:02:18 AM

Posted 26 October 2014 - 07:55 PM

I've been looking around, and I found this:  https://forum.avast.com/index.php?topic=154473.0  which is exactly what has been happening tonight for my laptop, as well as this:  http://www.htmlframer.com/   and I'm getting a notification about  a web address:  6057.sindelclick.com  and Avast says URL: Mal

 

I'm guessing I figured out what the problem is - but I still need help getting rid of this mess please  :)



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 30 October 2014 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 05 November 2014 - 08:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users