Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help - Internet Browser Crashing Computer


  • Please log in to reply
9 replies to this topic

#1 mazkomac

mazkomac

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 25 September 2016 - 11:01 PM

I've been searching around for help on this and stumbled into this forum and hopefully somebody can help. I have an older Lenovo that I use for relatively low level applications and internet usage, and recently I feel like it's been infected. Basically, when I use an internet browser (at first I thought only Chrome but it also just happened in Firefox) at some point it freezes up the entire computer. The only way to make it usable again is a full on hard shut down and then turning it back on. I am computer literate but not exactly experienced at dealing with Malware or sure what to look for. I ran a HiJack this scan and saw what looks to be some suspicious files, but I also know they could be essential processes. Here's what the results are from the log page.

 

 

Edit: I was redirected from another site which had said to use Hijackthis when reporting. I missed the steps above, I've attached the two FRST files to the post.

 

Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Di Anne\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe
C:\Users\Di Anne\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avuirunnerx.exe" C:\Program Files (x86)\AVG\AVG2015\avgui.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Di Anne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Di Anne\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Di Anne\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Di Anne\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Di Anne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Di Anne\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apc AppVerifier (AppVerifier) - AppVerifier - C:\ProgramData\App-verifier\AppVerifier.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13321 bytes
 

 

Any help would be greatly appreciated, thank you so much.

Attached Files


Edited by mazkomac, 25 September 2016 - 11:36 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 26 September 2016 - 10:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove this program via the Control Panel > Programs > Programs and Features.
Advanced PC Care (HKLM\...\B7A64AC7-B828-4D74-98B2-097AFA836948_is1) (Version: 1.0.0.4187 - Advancedpccare.com)

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Advancedpccare.com) C:\Program Files\Advanced PC-Care\advancedpccare.exe
(Trend Micro Inc.) C:\Users\Di Anne\Downloads\HijackThis.exe
CHR Extension: (Chrome Web Store Payments) - C:\Users\Di Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-30]
CHR Extension: (Hover Zoom) - C:\Users\Di Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2016-08-15]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\User\AppData\Local\Wajam\Chrome\wajam.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\IlemiTVApp.com\stv10.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx <not found>
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Di Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
CustomCLSID: HKU\S-1-5-21-28599943-2460014462-1484826607-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Di Anne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-28599943-2460014462-1484826607-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Di Anne\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {212E5244-DE1F-4BA5-81DD-8CBA9559CFC5} - System32\Tasks\Universal\Universal Driver Updater\Start Universal Driver Updater automatic scanning => C:\Program Files (x86)\Universal Driver Updater\UniversalDriverUpdater.exe [2016-09-12] (PCVARK)
Task: {294C6F1B-3BD6-4739-AE61-2E6954C2FC01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {30AFED40-694D-4E0D-8576-5E21DE9658B5} - System32\Tasks\Universal\Universal Driver Updater\Start Universal Driver Updater ?n logon => C:\Program Files (x86)\Universal Driver Updater\UniversalDriverUpdater.exe [2016-09-12] (PCVARK)
Task: {40E91C90-58E8-447D-8681-6ED648E4F0C0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5F9CDB19-F532-43E3-949D-D7AD12813D07} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {68DCE22D-DC37-4749-AB9C-A8D2F4D3058C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7E0CA24B-4FBA-40FA-918A-A777C4E6CA81} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {820FF667-DAA7-431B-A636-CA6CD8EFDA05} - System32\Tasks\Advanced PC Care_Logon => C:\Program Files\Advanced PC-Care\advancedpccare.exe [2015-12-09] (Advancedpccare.com)
Task: {903423BB-4110-4FFE-853E-B7F86F6692F6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {96404AFF-AF16-4525-9788-6F081D8246EA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {A62237DE-916F-4336-B016-231DEA9DBF26} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8EBC393-7489-4D05-B8AE-BA7DA8946D0A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C5EE2B47-B7C8-4468-A55A-2296C752E52A} - System32\Tasks\Advanced PC-Care_Logon => C:\Program Files\Advanced PC-Care\apc.exe
Task: {CE95056C-F140-4B53-A446-417152B6827F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F46F6899-AB08-413F-AE77-A6B6E2316931} - System32\Tasks\0915avUpdateInfo => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe
Task: {FDEDA447-CAF2-44C5-8AA5-A05EDB59B7DE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FE5C2E4E-A0B9-4C32-86C7-67950C6DC940} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FF14DDFD-648C-47F1-99F4-D06858600113} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\0915avUpdateInfo.job => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe
C:\Program Files (x86)\Universal Driver Updater
C:\Program Files\Advanced PC-Care

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
===

Please post the logs and let me know what problem persists.


p.s.
HijackThis is no longer supported and is not ready for your Operating System.
I suggest your remove via the Control panel > Programs > Programs and Features Applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 mazkomac

mazkomac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 27 September 2016 - 12:07 AM

Thank you very much for the quick and speedy recovery. It is freezing quite randomly so Ill have to probably apply the fix in sessions between restarts. Doing so now.

#4 mazkomac

mazkomac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 27 September 2016 - 12:28 AM

I was unable to remove Advanced PC Care. It was not in the list of programs available for uninstall. Before I thought to post on this forum, I went and uninstalled a few malware looking programs from the Programs List and Advanced PC was one of them, but I remember getting a message of something to the effect of "Advanced PC doesn't need to be uninstalled". WHen I search for it with the search bar all I get is 2 sets of shrotcuts, but nothing else. I ran the fix and this is the result

 

 

 

 

 

 

. Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Di Anne (26-09-2016 22:19:41) Run:1 Running from C:\Users\Di Anne\Downloads Loaded Profiles: Di Anne (Available Profiles: postgres & Frank and Di & Di Anne & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: (Advancedpccare.com) C:\Program Files\Advanced PC-Care\advancedpccare.exe (Trend Micro Inc.) C:\Users\Di Anne\Downloads\HijackThis.exe CHR Extension: (Chrome Web Store Payments) - C:\Users\Di Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-30] CHR Extension: (Hover Zoom) - C:\Users\Di Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2016-08-15] CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\User\AppData\Local\Wajam\Chrome\wajam.crx CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\IlemiTVApp.com\stv10.crx CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - C:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath C:\Users\Di Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda CustomCLSID: HKU\S-1-5-21-28599943-2460014462-1484826607-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Di Anne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-28599943-2460014462-1484826607-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Di Anne\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File Task: {212E5244-DE1F-4BA5-81DD-8CBA9559CFC5} - System32\Tasks\Universal\Universal Driver Updater\Start Universal Driver Updater automatic scanning => C:\Program Files (x86)\Universal Driver Updater\UniversalDriverUpdater.exe [2016-09-12] (PCVARK) Task: {294C6F1B-3BD6-4739-AE61-2E6954C2FC01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {30AFED40-694D-4E0D-8576-5E21DE9658B5} - System32\Tasks\Universal\Universal Driver Updater\Start Universal Driver Updater ?n logon => C:\Program Files (x86)\Universal Driver Updater\UniversalDriverUpdater.exe [2016-09-12] (PCVARK) Task: {40E91C90-58E8-447D-8681-6ED648E4F0C0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {5F9CDB19-F532-43E3-949D-D7AD12813D07} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {68DCE22D-DC37-4749-AB9C-A8D2F4D3058C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {7E0CA24B-4FBA-40FA-918A-A777C4E6CA81} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {820FF667-DAA7-431B-A636-CA6CD8EFDA05} - System32\Tasks\Advanced PC Care_Logon => C:\Program Files\Advanced PC-Care\advancedpccare.exe [2015-12-09] (Advancedpccare.com) Task: {903423BB-4110-4FFE-853E-B7F86F6692F6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {96404AFF-AF16-4525-9788-6F081D8246EA} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {A62237DE-916F-4336-B016-231DEA9DBF26} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {A8EBC393-7489-4D05-B8AE-BA7DA8946D0A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {C5EE2B47-B7C8-4468-A55A-2296C752E52A} - System32\Tasks\Advanced PC-Care_Logon => C:\Program Files\Advanced PC-Care\apc.exe Task: {CE95056C-F140-4B53-A446-417152B6827F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {F46F6899-AB08-413F-AE77-A6B6E2316931} - System32\Tasks\0915avUpdateInfo => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe Task: {FDEDA447-CAF2-44C5-8AA5-A05EDB59B7DE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {FE5C2E4E-A0B9-4C32-86C7-67950C6DC940} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {FF14DDFD-648C-47F1-99F4-D06858600113} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\0915avUpdateInfo.job => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe C:\Program Files (x86)\Universal Driver Updater C:\Program Files\Advanced PC-Care End ***************** Restore point was successfully created. Processes closed successfully. C:\Program Files\Advanced PC-Care\advancedpccare.exe => No running process found C:\Users\Di Anne\Downloads\HijackThis.exe => No running process found C:\Users\Di Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully C:\Users\Di Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl => moved successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kkfggacklibaabdomphfdpcodjgihgon" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli" => key removed successfully idsvc => service removed successfully wpcsvc => service removed successfully "C:\Users\Di Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found. "HKU\S-1-5-21-28599943-2460014462-1484826607-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully "HKU\S-1-5-21-28599943-2460014462-1484826607-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{212E5244-DE1F-4BA5-81DD-8CBA9559CFC5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{212E5244-DE1F-4BA5-81DD-8CBA9559CFC5}" => key removed successfully C:\WINDOWS\System32\Tasks\Universal\Universal Driver Updater\Start Universal Driver Updater automatic scanning => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Universal\Universal Driver Updater\Start Universal Driver Updater automatic scanning" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{294C6F1B-3BD6-4739-AE61-2E6954C2FC01}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{294C6F1B-3BD6-4739-AE61-2E6954C2FC01}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30AFED40-694D-4E0D-8576-5E21DE9658B5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30AFED40-694D-4E0D-8576-5E21DE9658B5}" => key removed successfully Could not move "C:\WINDOWS\System32\Tasks\Universal\Universal Driver Updater\Start Universal Driver Updater ?n logon" => Scheduled to move on reboot. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Universal\Universal Driver Updater\Start Universal Driver Updater ?n logon => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40E91C90-58E8-447D-8681-6ED648E4F0C0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40E91C90-58E8-447D-8681-6ED648E4F0C0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F9CDB19-F532-43E3-949D-D7AD12813D07}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F9CDB19-F532-43E3-949D-D7AD12813D07}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68DCE22D-DC37-4749-AB9C-A8D2F4D3058C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68DCE22D-DC37-4749-AB9C-A8D2F4D3058C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E0CA24B-4FBA-40FA-918A-A777C4E6CA81}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E0CA24B-4FBA-40FA-918A-A777C4E6CA81}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{820FF667-DAA7-431B-A636-CA6CD8EFDA05} => key not found. C:\WINDOWS\System32\Tasks\Advanced PC Care_Logon => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced PC Care_Logon" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{903423BB-4110-4FFE-853E-B7F86F6692F6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{903423BB-4110-4FFE-853E-B7F86F6692F6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96404AFF-AF16-4525-9788-6F081D8246EA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96404AFF-AF16-4525-9788-6F081D8246EA}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A62237DE-916F-4336-B016-231DEA9DBF26}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A62237DE-916F-4336-B016-231DEA9DBF26}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8EBC393-7489-4D05-B8AE-BA7DA8946D0A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8EBC393-7489-4D05-B8AE-BA7DA8946D0A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5EE2B47-B7C8-4468-A55A-2296C752E52A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5EE2B47-B7C8-4468-A55A-2296C752E52A}" => key removed successfully C:\WINDOWS\System32\Tasks\Advanced PC-Care_Logon => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced PC-Care_Logon" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE95056C-F140-4B53-A446-417152B6827F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE95056C-F140-4B53-A446-417152B6827F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F46F6899-AB08-413F-AE77-A6B6E2316931}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F46F6899-AB08-413F-AE77-A6B6E2316931}" => key removed successfully C:\WINDOWS\System32\Tasks\0915avUpdateInfo => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0915avUpdateInfo" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDEDA447-CAF2-44C5-8AA5-A05EDB59B7DE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDEDA447-CAF2-44C5-8AA5-A05EDB59B7DE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE5C2E4E-A0B9-4C32-86C7-67950C6DC940}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE5C2E4E-A0B9-4C32-86C7-67950C6DC940}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF14DDFD-648C-47F1-99F4-D06858600113}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF14DDFD-648C-47F1-99F4-D06858600113}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully C:\WINDOWS\Tasks\0915avUpdateInfo.job => moved successfully C:\Program Files (x86)\Universal Driver Updater => moved successfully C:\Program Files\Advanced PC-Care => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27072946 B Java, Flash, Steam htmlcache => 6044 B Windows/system/drivers => 1037745626 B Edge => 99086331 B Chrome => 127780899 B Firefox => 381594888 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 26988 B NetworkService => 2974 B postgres => 0 B Frank and Di => 269209 B Di Anne => 434463128 B DefaultAppPool => 0 B RecycleBin => 423164878 B EmptyTemp: => 2.4 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-09-2016 22:24:20) "C:\WINDOWS\System32\Tasks\Universal\Universal Driver Updater\Start Universal Driver Updater ?n logon" => Could not move ==== End of Fixlog 22:24:20 ====


Edited by mazkomac, 27 September 2016 - 12:28 AM.


#5 mazkomac

mazkomac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 27 September 2016 - 01:21 AM

Attached is the log from the Malwarebytes scan and Quarantine. Since running the scan, quarantining and installing Java I have experienced no problems of any sort. The restarts seem to take a while (goes to Lenovo logo screen, then an empty darkish screen for a while, then eventually back to sign in screen) since the initial issue started and are persisting now but if that's the extent of the problems then it's no problem at all. I am yet to experience and freezing or crashing since making the fixes. Even if it's not over yet, thank you so much for your help thus far! I'm absolutely blown away at the amazingness of this site. 

 

 

 

Attached Files

  • Attached File  log.txt   16.72KB   1 downloads


#6 mazkomac

mazkomac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 27 September 2016 - 02:15 AM

It seems I spoke a little too soon. After browsing for a while I got the freezing effect and my computer essentially crashed again. I can move the mouse around but nothing is respondent. The first time I hard restarted it, it almost went back into "crash mode" immediately. The second time I did it I also reset my router and modem. Not sure if this makes a difference or just coincidence, but it's allowed me to come on here now and type this message. 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 27 September 2016 - 09:54 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

p.s.
You may have some hardware problems and are getting this freezing problem.
What is the Manufacturer's or your computer they may have a tool to verify the integrity of the hardware.

#8 mazkomac

mazkomac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 27 September 2016 - 04:03 PM

Hello again. Yes, it appears you've done a great job of clearing the Adware off of my comp so maybe it's something else. One strange thing I noticed is that since this started, it's automatically logging me into my account. As in, I know longer go through the blue scree of clicking on my profile to get in (I didn't have password in first place).

 

 

Another note is that I've noticed when it crashes, and I'm on Facebook, the first thing I notice is Facebook is unable to connect to the chat. That gives me the clue that it's about to happen or has happened. Since applying your fixes, I've noticed a noticeable improvement, and seems to allow me to operate the computer at lengths, but I will update here today on the frequency of the crashes. 

 

Finally, there are times when I've booted the computer up and without even entering a browser in enters a crash mode. Then there are other times, like now, where I've been on for a few hours and haven't had any crashes or signs of crashes. I ran your last instructions and have attached the log. I'll edit this thread and comment on how the PC is performing through the rest of the day.

 

The comp is a Lenovo G770. A rather old model but before this year hasn't seen much use (kind of a backup PC)

Attached Files



#9 mazkomac

mazkomac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 27 September 2016 - 08:29 PM

Just an update, in an interesting twist, I've been on campus the whole day, using their internet of course, and have experienced absolutely no issues. I'm not sure if this is just a long time between crashes but it does seem unprecedented. I did mention that there seemed to be a correlation to when the internet would seemingly disconnect and the computer would crash. Not sure what this means, but just providing more info. I'll be able to see when I get home if it starts crashing again...which would then make it seem like it was connected to an internet/modem/router issue. Thanks again! 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 28 September 2016 - 10:44 AM

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users