Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer locks up after 3 minutes


  • This topic is locked This topic is locked
22 replies to this topic

#1 thedougster

thedougster

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 31 July 2016 - 07:49 AM

Hi

I have a Windows 7 PC that in the last week suddenly will run fine after reboot but after about 3 minutes basically locks up completely.

If I try to open Windows Explorer, for example, it will take several minutes.  The computer basically becomes unusable.

After several tries I was finally able to get Farbar to complete before the computer locks up.

Output files are attached.

Thank you in advance for your assistance.

Doug

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:43 AM

Posted 01 August 2016 - 05:39 AM

Hello thedougster,

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 thedougster

thedougster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 04 August 2016 - 07:57 PM

Hi Ray -

Thank you for looking into this.  Please let me know if there is any additional info I can provide.

Doug



#4 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:43 AM

Posted 04 August 2016 - 09:09 PM

Hello Doug, and welcome to Bleeping Computer.

I will be helping you with your computer problem. My friends call me Ray.

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything without being asked.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.


Let's run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool will reboot your computer.

Press the Windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy and paste the entire contents of the code box below into a new file.

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll => No File
Toolbar: HKU\S-1-5-21-3841549100-1452082165-3539736945-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw => not found
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP79FCA1B7-5E0E-42A0-8A53-E0FC3684BC0F&SSPV="
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Norton Identity Safe) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.6.0.52_0\npcoplgn.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
Task: {1E8AEE7E-59F2-490E-AE05-01DEED510EC1} - \DealPlyUpdate -> No File <==== ATTENTION

On the Notepad menu, click Format and remove the checkmark from Word Wrap.Save the file as fixlist.txt into the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST64.exe and click Fix only once and wait until the program completes execution.

When requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.



Scan with AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click I agree.
  • Click Scan.
  • AdwCleaner will begin... be patient as the scan may take some time to complete.
  • Please don't run the Clean function until after I review the log.
  • Copy and paste the contents of the logfile into your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when the tool was run.


In your next reply...

  • Please copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Please copy and paste the entire contents of the AdwCleaner log into the body of your message.

How is your PC running now. Be specific and include all relevant symptoms.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 thedougster

thedougster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 05 August 2016 - 10:03 AM

Hi Ray -

Here is fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Doug (2016-08-05 10:49:43) Run:1
Running from C:\Fixit
Loaded Profiles: Doug (Available Profiles: Doug & Janice & Eric & Lauren)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll => No File
Toolbar: HKU\S-1-5-21-3841549100-1452082165-3539736945-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw => not found
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP79FCA1B7-5E0E-42A0-8A53-E0FC3684BC0F&SSPV="
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Norton Identity Safe) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.6.0.52_0\npcoplgn.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
Task: {1E8AEE7E-59F2-490E-AE05-01DEED510EC1} - \DealPlyUpdate -> No File <==== ATTENTION
*****************
 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
HKU\S-1-5-21-3841549100-1452082165-3539736945-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value removed successfully
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115} => value removed successfully
Chrome StartupUrls => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => not found.
C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.6.0.52_0\npcoplgn.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found.
C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E8AEE7E-59F2-490E-AE05-01DEED510EC1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E8AEE7E-59F2-490E-AE05-01DEED510EC1}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate => key not found. 
 
==== End of Fixlog 10:49:43 ====

Hi Ray -

Here is the log file from AdwCleaner

Thanks again for your help.

 

# AdwCleaner v5.201 - Logfile created 05/08/2016 at 10:54:53
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Doug - UHL-HP
# Running from : K:\Computer\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : YahooAUService
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Yahoo!\Companion
Folder Found : C:\Users\Doug\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog
 
***** [ Files ] *****
 
File Found : C:\END
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_blekko.com_0.localstorage
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_blekko.com_0.localstorage-journal
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.viewpoints.com_0.localstorage
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.viewpoints.com_0.localstorage-journal
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wtov9.com_0.localstorage
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wtov9.com_0.localstorage-journal
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\SpeedUpMyPC
Key Found : HKLM\SOFTWARE\W3I
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}
Key Found : HKU\S-1-5-21-3841549100-1452082165-3539736945-1001\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-3841549100-1452082165-3539736945-1001\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-3841549100-1452082165-3539736945-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-3841549100-1452082165-3539736945-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{92E11903-58E7-40BA-B217-E442E3C508A2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92E11903-58E7-40BA-B217-E442E3C508A2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92E11903-58E7-40BA-B217-E442E3C508A2}
Key Found : HKU\S-1-5-21-3841549100-1452082165-3539736945-1001\Software\Microsoft\Internet Explorer\SearchScopes\{92E11903-58E7-40BA-B217-E442E3C508A2}
 
***** [ Web browsers ] *****
 
[C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : slirsredirect.search.aol.com
[C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com_
[C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ojcgaoafcmbadjkfdippkdddgkeaipbn
[C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : cknghehebaconkajgiobncfleofebcog
[C:\Users\Janice\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : slirsredirect.search.aol.com
[C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [7738 bytes] - [05/08/2016 10:54:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7811 bytes] ##########


#6 thedougster

thedougster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 05 August 2016 - 10:16 AM

Hi Ray -

Previously the computer became almost completely unresponsive after about 3 minutes.

At this point it has been up and running for about 10 minutes and is completely responsible so it looks very promising so far.

Thanks

Doug



#7 thedougster

thedougster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 05 August 2016 - 12:16 PM

Hi Ray -

Bad news.  I checked on the computer after a few hours and it has now locked up again.

All I get is the wallpaper and nothing else.  The computer is unresponsive to mouse clicks or keyboard entry so something is still wrong.

Thanks

Doug



#8 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:43 AM

Posted 06 August 2016 - 08:43 PM

Hi Doug,

 
Quote:
The computer is unresponsive to mouse clicks or keyboard entry ...

You may be experiencing incipient disk failure. How old is your PC? Are you using the original internal hard disk? Does this PC get many hours of usage every day?


I would like to try to get a disk scan. To get past the frozen state, let's enter Safe Mode with Networking.


Enter Safe Mode With Networking

  • Restart your computer.
  • Press the F8 key rapidly as soon as your PC begins to boot up.
  • A black Advanced Boot Options window will open.
  • Use your down arrow key to select Safe Mode with Networking then press Enter.
  • You can see additional info here.

Use your browsers while still in Safe Mode with Networking. Do you notice an improvement in performance?


Assuming your PC is not frozen, scan with GSmartControl for Windows

  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click C:\Program Files (86)\gsmartcontrol (select the application and not the Icon)
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents into your reply

 

 

In your next reply...

  • Tell me about the age and useage of your PC and its disk.
  • Please tell me whether your PC is operative in Safe Mode. If not, what symptoms and/or error messages did you see?
  • Are you using a second (clean) computer to communicate when the sick PC is unresponsive?
  • If your PC is operative in Safe Mode, please use it in your customary way for several hours, and tell me whether you get good performance or slowdowns or freezes.
  • Copy and paste the results of the GSmartControl scan into the body of your message.

How is your PC running now. Be specific and include all relevant symptoms.

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 thedougster

thedougster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 06 August 2016 - 10:38 PM

The PC was purchased and started use in December 2010.

The HD is a 750GB 7200rpm SATA 3Gb/s.

The computer is an HP Pavilion p6670t.

It is on most of the time but I have the power settings set for it to go to sleep after 30 minutes.

It is probably used a few hours a day on average.

Up until this issue we have never had any problems with it.

 

With the PC  in safe mode, it is working perfectly and has been completely responsive even after 15-20 minutes.

 

In regular mode, after about 3 minutes it is barely responsive but does respond.  For example, if I try to open Control Panel or Microsoft Word it takes several minutes to open and display.

I will continue to use it in Safe Mode and report back after a few hours.  There has been no change in behavior since my original submission.

 

Yes, I am using a different computer to communicate.

 

 

GSmart Scan is:

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Model Family:     Seagate Barracuda 7200.12
Device Model:     ST3750528AS
Serial Number:    9VPA8KZE
LU WWN Device Id: 5 000c50 02d1db5ec
Firmware Version: HP35
User Capacity:    750,156,374,016 bytes [750 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 4
Local Time is:    Sat Aug 06 23:14:11 2016 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
See vendor-specific Attribute list for marginal Attributes.
 
General SMART Values:
Offline data collection status:  (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (  600) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: ( 131) minutes.
SCT capabilities:       (0x103f) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   078   073   047    Pre-fail  Always       -       177624167
  3 Spin_Up_Time            0x0023   095   095   035    Pre-fail  Always       -       0
  4 Start_Stop_Count        0x0032   090   090   050    Old_age   Always       -       10955
  5 Reallocated_Sector_Ct   0x0033   089   089   051    Pre-fail  Always       -       481
  7 Seek_Error_Rate         0x002f   089   060   047    Pre-fail  Always       -       851501554
  9 Power_On_Hours          0x0032   068   068   050    Old_age   Always       -       28618
 10 Spin_Retry_Count        0x0033   100   100   051    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   095   095   050    Old_age   Always       -       5458
180 Unused_Rsvd_Blk_Cnt_Tot 0x002b   100   100   043    Pre-fail  Always       -       151808
183 Runtime_Bad_Block       0x0032   100   100   050    Old_age   Always       -       0
184 End-to-End_Error        0x0033   100   100   051    Pre-fail  Always       -       0
187 Reported_Uncorrect      0x0032   001   001   050    Old_age   Always   FAILING_NOW 41995
188 Command_Timeout         0x0032   100   098   050    Old_age   Always       -       120260919325
189 High_Fly_Writes         0x003a   098   098   058    Old_age   Always       -       2
190 Airflow_Temperature_Cel 0x0022   076   060   034    Old_age   Always       -       24 (Min/Max 24/24)
194 Temperature_Celsius     0x0022   024   040   034    Old_age   Always   FAILING_NOW 24 (0 14 0 0 0)
195 Hardware_ECC_Recovered  0x003a   047   029   058    Old_age   Always   FAILING_NOW 177624167
196 Reallocated_Event_Count 0x0032   089   089   050    Old_age   Always       -       481
197 Current_Pending_Sector  0x0032   098   098   050    Old_age   Always       -       110
198 Offline_Uncorrectable   0x0030   100   100   048    Old_age   Offline      -       132
199 UDMA_CRC_Error_Count    0x0032   200   200   050    Old_age   Always       -       0
 
SMART Error Log Version: 1
ATA Error Count: 50019 (device log contains only the most recent five errors)
CR = Command Register [HEX]
FR = Features Register [HEX]
SC = Sector Count Register [HEX]
SN = Sector Number Register [HEX]
CL = Cylinder Low Register [HEX]
CH = Cylinder High Register [HEX]
DH = Device/Head Register [HEX]
DC = Device Command Register [HEX]
ER = Error register [HEX]
ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.
 
Error 50019 occurred at disk power-on lifetime: 28618 hours (1192 days + 10 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 ff ff ff 0f  Error: UNC at LBA = 0x0fffffff = 268435455
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 08 a8 0a 66 40 00      00:06:56.536  READ FPDMA QUEUED
  60 00 40 8a 11 2c 40 00      00:06:56.529  READ FPDMA QUEUED
  60 00 80 a0 ec 52 40 00      00:06:56.528  READ FPDMA QUEUED
  60 00 00 a0 eb 52 40 00      00:06:56.526  READ FPDMA QUEUED
  60 00 30 aa 0f 2c 40 00      00:06:56.526  READ FPDMA QUEUED
 
Error 50018 occurred at disk power-on lifetime: 28618 hours (1192 days + 10 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 ff ff ff 0f  Error: UNC at LBA = 0x0fffffff = 268435455
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 08 a8 0f 2c 40 00      00:06:53.148  READ FPDMA QUEUED
  60 00 40 40 1d 09 45 00      00:06:53.139  READ FPDMA QUEUED
  60 00 08 ff ff ff 4f 00      00:06:53.129  READ FPDMA QUEUED
  60 00 40 ff ff ff 4f 00      00:06:53.124  READ FPDMA QUEUED
  60 00 08 80 31 03 40 00      00:06:53.122  READ FPDMA QUEUED
 
Error 50017 occurred at disk power-on lifetime: 28618 hours (1192 days + 10 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 ff ff ff 0f  Error: UNC at LBA = 0x0fffffff = 268435455
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 08 28 e3 06 40 00      00:06:49.586  READ FPDMA QUEUED
  60 00 08 98 7b d3 49 00      00:06:49.578  READ FPDMA QUEUED
  60 00 20 f2 af 27 40 00      00:06:49.571  READ FPDMA QUEUED
  60 00 08 a8 7c d3 49 00      00:06:49.559  READ FPDMA QUEUED
  60 00 38 fa 23 41 40 00      00:06:49.552  READ FPDMA QUEUED
 
Error 50016 occurred at disk power-on lifetime: 28618 hours (1192 days + 10 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 ff ff ff 0f  Error: UNC at LBA = 0x0fffffff = 268435455
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 08 70 c3 03 40 00      00:06:46.595  READ FPDMA QUEUED
  60 00 08 ff ff ff 4f 00      00:06:46.585  READ FPDMA QUEUED
  60 00 40 ff ff ff 4f 00      00:06:46.554  READ FPDMA QUEUED
  60 00 01 8a c3 03 40 00      00:06:46.553  READ FPDMA QUEUED
  60 00 40 98 2e 7d 4f 00      00:06:46.553  READ FPDMA QUEUED
 
Error 50015 occurred at disk power-on lifetime: 28618 hours (1192 days + 10 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 ff ff ff 0f  Error: UNC at LBA = 0x0fffffff = 268435455
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 08 ff ff ff 4f 00      00:06:43.598  READ FPDMA QUEUED
  60 00 08 ff ff ff 4f 00      00:06:43.591  READ FPDMA QUEUED
  60 00 08 ff ff ff 4f 00      00:06:43.580  READ FPDMA QUEUED
  60 00 08 ff ff ff 4f 00      00:06:43.572  READ FPDMA QUEUED
  60 00 40 98 2e 7d 4f 00      00:06:43.562  READ FPDMA QUEUED
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed: read failure       90%     28618         701152329
# 2  Short offline       Completed without error       00%     26271         -
# 3  Short offline       Completed without error       00%     25953         -
# 4  Short offline       Completed without error       00%     24872         -
# 5  Short offline       Completed without error       00%     24822         -
# 6  Short offline       Completed without error       00%     24776         -
# 7  Short offline       Completed without error       00%     24725         -
# 8  Short offline       Completed without error       00%     24707         -
# 9  Short offline       Completed without error       00%     24657         -
#10  Short offline       Completed without error       00%     24607         -
#11  Short offline       Completed without error       00%     24542         -
#12  Short offline       Completed without error       00%     24511         -
#13  Short offline       Completed without error       00%     24463         -
#14  Short offline       Completed without error       00%     24412         -
#15  Short offline       Completed without error       00%     24392         -
#16  Short offline       Completed without error       00%     24364         -
#17  Short offline       Completed without error       00%     24318         -
#18  Short offline       Completed without error       00%     24293         -
#19  Short offline       Completed without error       00%     24291         -
#20  Short offline       Completed without error       00%     24279         -
#21  Short offline       Completed without error       00%     24241         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


#10 thedougster

thedougster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 07 August 2016 - 07:09 AM

Hi Ray -

I left the computer running overnight in Safe Mode.

I just checked and it is still running perfectly.  I would say it is more responsive in Safe Mode than it was even before we had this problem.

Thanks



#11 thedougster

thedougster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 07 August 2016 - 09:13 AM

Sorry missed one question - yes, I am using the original internal HD



#12 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:43 AM

Posted 07 August 2016 - 08:58 PM

Hi Doug,

Thank you for the GSmartControl log.

Based on the reports of extensive failures shown in the GSmartControl scan, it shows your HDD is untrustworthy and it is possible for the drive to crash sooner rather than later. I strongly advise you to back up all your data files onto a different drive or other off-line storage immediately.

Please let me know when all your data is backed up.

Thank you,

Ray

 

 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#13 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:43 AM

Posted 07 August 2016 - 09:12 PM

Hi Doug,

 

This is second of two consecutive messages.

 

Your ailing PC may or may not be infected with malware (in addition to the HDD problems). Please be careful about possibly contaminating your clean PC with files from your sick one.

Panda USB Drive Immunization

Let's vaccinate your USB drives to prevent infecting them and your clean computer.

Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean working computer.
Note: The download mirror is called MajorGeeks and the download should start automatically. Please do not click any advertisements.
 

  • Insert your USB flash drive into your clean working computer.
  • Double-click USBVaccineSetup.exe to install the program.
  • Select your language. Read and accept the agreement to continue.
  • Choose whether to run the vaccinator at all times and/or for all newly inserted USB drives.
  • Click Next then Finish to complete the installation. The Panda Research USB Vaccine window will open.
  • Select your USB drive from the list. If it is not already vaccinated, click Vaccinate USB.
  • Note: Optionally you can click Vaccinate computer as well. That disables executable items from running automatically on your PC.
  • A message should appear that your USB drive was vaccinated. If not, please describe the error symptoms including verbatim copies of error messages and stop here.
  • Please immunize your USB flash drives before you use them on your infected computer.

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#14 thedougster

thedougster
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 10 August 2016 - 10:11 AM

Hi Ray -

Sorry for the delay in responding.

I have previously backed up all my data and have done so again.

All set.

Thanks



#15 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:43 AM

Posted 10 August 2016 - 08:51 PM

Hi Doug,
 
 
 

Sorry for the delay in responding.

No problem, however, I'd appreciate a quick note if you will be delayed again in future for more than 48 hours.
 
 
 

I have previously backed up all my data and have done so again.

 That's good. Your HDD could last indefinitely or it could fail the next time you boot up. Meanwhile, let's continue to look for a possible malware issue.
 

It will probably be necessary to perform the following sections in Safe Mode with Networking, but I'd like to try Normal mode first to see whether the PC is still unacceptably slow or frozen. Please describe the performance in Normal mode and in Safe Mode.

 


Perform the following sections in the sequence as given.


I recommend uninstalling the following programs. If you desire to keep them, I would ask that you reinstall them following our efforts here.

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Freeze.com NetAssistant
Yahoo! Software Update

  • Reboot your computer

I also recommend allowing AdwCleaner (in the next section) to remove all your search providers. Let me know whether you need help in re-installing any search provider following our efforts here.



Retain or delete items in AdwCleaner log

Rerun AdwCleaner as you did in my Post #4. Consider whether you want to retain Yahoo Companion. See: What Is Yahoo Companion? If you want to retain Yahoo Companion, remove the checkmark from these entries:

C:\Program Files (x86)\Yahoo!\Companion
C:\Users\Doug\AppData\LocalLow\Yahoo!\Companion


If you want to retain Yahoo Companion, it is necessary also to remove checkmarks from the following seven entries:
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
HKCU\Software\Yahoo\Companion
HKCU\Software\AppDataLow\Software\Yahoo\Companion
HKLM\SOFTWARE\Yahoo\Companion
HKU\S-1-5-21-3841549100-1452082165-3539736945-1001\Software\Yahoo\Companion
HKU\S-1-5-21-3841549100-1452082165-3539736945-1001\Software\AppDataLow\Software\Yahoo\Companion

 

 

If you are sure you want to retain any other entries, remove the associated checkmarks, however, it is perfectly safe to allow AdwCleaner to remove the items it has detected. After removing checkmarks from entries you want to retain:

  • Click Clean.
  • Copy and paste the contents of the logfile into your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Scan with Malwarebytes Anti-Malware

Please launch the Malwarebytes Anti-Malware (MBAM) program which is already installed on your PC. Allow MBAM to update its definitions, then scan for threats. Post the scan results in your next reply.


 

Scan with ESET Online Scanner

Please launch the ESET Online Scanner program which is already installed on your PC. Allow ESET to update its definitions, then scan for threats. Post the scan results in your next reply.
 

 

Try Normal mode again

Reboot into Normal mode and test performance of your browsers and your other usual tasks. Has performance improved? Describe fully any abnormal symptoms you notice.
 


In your next reply...

  • How did Normal mode perform before you accomplished the steps in this post?
  • Was it necessary to run the scans in Safe Mode?
  • Confirm that you uninstalled Freeze.com NetAssistant and Yahoo! Software Update.
  • Copy and paste the entire contents of the AdwCleaner log into the body of your message.
  • Copy and paste the entire contents of the MBAM log into the body of your message.
  • Copy and paste the entire contents of the ESET log into the body of your message.
  • Tell me how your PC performs in Normal mode after you accomplished all the steps in this post.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users