[Resolved - K] Full Ram and Slow Processing

  • 29 Replies
  • 6579 Views
*

Offline J.T.

  • Bronze Member
  • 18
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #15 on: March 26, 2014, 06:19:25 PM »
Here is FIRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Elizabeth (administrator) on ELIZABETH-HP on 26-03-2014 20:12:56
Running from C:\Users\Elizabeth\Downloads
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
(DeviceVM, Inc.) C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Bootstrap Software Development) C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
(Sun Microsystems, Inc.) C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Elizabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1778984 2010-05-28] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun] - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2010-06-17] (Alcor Micro Corp.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM\...\Run: [ZumoDrive] - C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2038 2010-08-16] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-08] (Hewlett-Packard Company)
HKLM\...\Run: [BSDAppUpdater] - C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2010-10-13] (Bootstrap Software Development)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-23] (Microsoft Corporation)
HKU\S-1-5-21-2804946053-552634837-3886234623-1000\...\Run: [Syncables] - C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe [530736 2010-05-18] (Hewlett-Packard)
HKU\S-1-5-21-2804946053-552634837-3886234623-1000\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2804946053-552634837-3886234623-1000\...\Run: [RamBooster] - C:\Program Files\RamBooster 2.0\Rambooster.exe
HKU\S-1-5-21-2804946053-552634837-3886234623-1000\...\MountPoints2: {331a6997-76cc-11e1-9b39-68b5995d2327} - E:\TLBootstrap_WPP.exe
Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Elizabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {4B18D80F-AE03-4246-B287-BCFE87C9453F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {88BD1CDB-5B88-4D03-BF27-11A8DB443550} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {25A119EA-29DF-4594-885B-30958E687B8B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {4B18D80F-AE03-4246-B287-BCFE87C9453F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {88BD1CDB-5B88-4D03-BF27-11A8DB443550} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {DB010431-A615-4821-B1D0-122094FE14BB} URL = http://www.tepela.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=a6q3tBMN
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\plif0p5q.default-1395707136834
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Elizabeth\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_10_1
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_10_1 [2014-03-26]

========================== Services (Whitelisted) =================

R2 DvmMDES; C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-07-20] (DeviceVM, Inc.)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [246520 2010-09-30] (WildTangent, Inc.)
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-07-08] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-06-18] (IDT, Inc.)
S2 NewPlayerUpdaterService; "C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [27136 2010-06-17] (Alcor Micro, Corp.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [691248 2010-11-22] (Symantec Corporation)
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [18136 2009-11-11] (DeviceVM, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2010-11-11] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110110.002\IDSvix86.sys [353912 2010-11-08] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-03-05] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110111.002\NAVENG.SYS [86008 2010-12-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110111.002\NAVEX15.SYS [1360760 2010-12-16] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [299640 2011-04-20] (Symantec Corporation)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-03-26] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-26 20:07 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-26 20:07 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-26 20:07 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-26 20:07 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-26 20:04 - 2014-03-26 20:07 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-26 18:24 - 2014-03-26 18:24 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-03-25 23:04 - 2014-03-25 23:04 - 00020751 _____ () C:\Addition.txt
2014-03-25 22:49 - 2014-03-25 22:57 - 00020750 _____ () C:\Users\Elizabeth\Downloads\Addition.txt
2014-03-25 22:47 - 2014-03-26 20:12 - 00015370 _____ () C:\Users\Elizabeth\Downloads\FRST.txt
2014-03-25 22:46 - 2014-03-26 20:12 - 00000000 ____D () C:\FRST
2014-03-25 22:46 - 2014-03-25 22:46 - 01145856 _____ (Farbar) C:\Users\Elizabeth\Downloads\FRST.exe
2014-03-25 22:33 - 2014-03-25 22:33 - 00010969 _____ () C:\malwarebytes.txt
2014-03-25 22:10 - 2014-03-26 19:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 22:09 - 2014-03-25 22:09 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 22:08 - 2014-03-25 22:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-25 22:08 - 2014-03-25 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 22:08 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-25 22:08 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-25 22:08 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 22:07 - 2014-03-25 22:08 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Elizabeth\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-25 22:05 - 2014-03-25 22:05 - 00006669 _____ () C:\Users\Elizabeth\Desktop\JRT.txt
2014-03-25 21:49 - 2014-03-25 21:49 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 21:47 - 2014-03-25 21:48 - 01038974 _____ (Thisisu) C:\Users\Elizabeth\Downloads\JRT.exe
2014-03-25 21:43 - 2014-03-26 19:55 - 00000012 ____H () C:\dvmexp.idx
2014-03-25 21:43 - 2014-03-25 21:43 - 00000000 ___HD () C:\dvmexp
2014-03-25 21:34 - 2014-03-26 18:57 - 00000000 ____D () C:\AdwCleaner
2014-03-25 21:32 - 2014-03-25 21:33 - 01950720 _____ () C:\Users\Elizabeth\Downloads\AdwCleaner.exe
2014-03-25 21:23 - 2012-07-25 12:03 - 00017136 _____ () C:\Windows\system32\sasnative32.exe
2014-03-25 21:22 - 2014-03-25 21:22 - 00000046 _____ () C:\Users\Elizabeth\AppData\Roaming\WB.CFG
2014-03-25 21:21 - 2014-03-25 21:21 - 00000953 _____ () C:\Users\Elizabeth\Desktop\MiPony.lnk
2014-03-25 21:20 - 2014-03-25 21:21 - 00000000 ____D () C:\Program Files\MiPony
2014-03-25 21:20 - 2014-03-25 21:20 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
2014-03-25 15:16 - 2014-03-25 18:51 - 00006281 _____ () C:\Attach.txt
2014-03-25 15:15 - 2014-03-25 18:51 - 00021585 _____ () C:\DDS.txt
2014-03-25 15:13 - 2014-03-25 18:50 - 00021585 _____ () C:\Users\Elizabeth\Desktop\dds.txt
2014-03-25 15:13 - 2014-03-25 18:50 - 00006281 _____ () C:\Users\Elizabeth\Desktop\attach.txt
2014-03-25 15:10 - 2014-03-25 15:10 - 00688992 ____R (Swearware) C:\Users\Elizabeth\Downloads\dds.com
2014-03-24 21:38 - 2014-02-23 02:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-24 21:38 - 2014-02-23 02:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-24 21:38 - 2014-02-23 02:54 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-24 21:38 - 2014-02-23 02:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-24 21:38 - 2014-02-23 02:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-24 21:38 - 2014-02-23 02:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-24 21:38 - 2014-02-23 01:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-24 20:25 - 2014-03-24 20:25 - 00000000 ____D () C:\Users\Elizabeth\Desktop\Old Firefox Data
2014-03-12 20:17 - 2014-02-06 21:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 20:17 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 20:17 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 20:17 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 20:17 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-02 19:05 - 2014-03-02 19:05 - 00001059 _____ () C:\Users\Elizabeth\Desktop\Continue VuuPC Installation.lnk
2014-03-02 18:55 - 2014-03-02 18:56 - 00000366 _____ () C:\Windows\Tasks\APSnotifierCA.job
2014-03-02 18:53 - 2014-03-02 18:53 - 01122552 _____ (AnyProtect.com) C:\Users\Elizabeth\AppData\Local\nsz97AC.tmp
2014-03-02 18:47 - 2014-03-02 18:47 - 00000000 ____D () C:\Users\Elizabeth\AppData\Local\Tuguu_SL

==================== One Month Modified Files and Folders =======

2014-03-26 20:13 - 2014-03-25 22:47 - 00015370 _____ () C:\Users\Elizabeth\Downloads\FRST.txt
2014-03-26 20:12 - 2014-03-25 22:46 - 00000000 ____D () C:\FRST
2014-03-26 20:09 - 2009-07-14 00:34 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 20:09 - 2009-07-14 00:34 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 20:08 - 2013-11-10 17:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-26 20:07 - 2014-03-26 20:04 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-26 20:07 - 2010-08-16 15:53 - 00000000 ____D () C:\Program Files\Java
2014-03-26 20:02 - 2009-09-06 19:02 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-26 20:01 - 2010-11-12 21:15 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\ZumoDrive
2014-03-26 19:59 - 2012-08-16 20:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-26 19:57 - 2013-01-21 21:50 - 00000000 ___RD () C:\Users\Elizabeth\Dropbox
2014-03-26 19:57 - 2013-01-21 21:44 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\Dropbox
2014-03-26 19:56 - 2014-03-25 22:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 19:55 - 2014-03-25 21:43 - 00000012 ____H () C:\dvmexp.idx
2014-03-26 19:55 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-26 19:54 - 2014-01-22 01:02 - 00000672 _____ () C:\Windows\setupact.log
2014-03-26 19:54 - 2014-01-22 01:00 - 00068636 _____ () C:\Windows\PFRO.log
2014-03-26 19:53 - 2010-09-27 06:06 - 01533622 _____ () C:\Windows\WindowsUpdate.log
2014-03-26 19:37 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\TAPI
2014-03-26 18:57 - 2014-03-25 21:34 - 00000000 ____D () C:\AdwCleaner
2014-03-26 18:24 - 2014-03-26 18:24 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-03-26 08:04 - 2014-01-27 22:51 - 00038887 _____ () C:\Windows\IE11_main.log
2014-03-25 23:04 - 2014-03-25 23:04 - 00020751 _____ () C:\Addition.txt
2014-03-25 22:57 - 2014-03-25 22:49 - 00020750 _____ () C:\Users\Elizabeth\Downloads\Addition.txt
2014-03-25 22:46 - 2014-03-25 22:46 - 01145856 _____ (Farbar) C:\Users\Elizabeth\Downloads\FRST.exe
2014-03-25 22:33 - 2014-03-25 22:33 - 00010969 _____ () C:\malwarebytes.txt
2014-03-25 22:09 - 2014-03-25 22:09 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 22:09 - 2014-03-25 22:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-25 22:08 - 2014-03-25 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 22:08 - 2014-03-25 22:07 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Elizabeth\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-25 22:05 - 2014-03-25 22:05 - 00006669 _____ () C:\Users\Elizabeth\Desktop\JRT.txt
2014-03-25 21:49 - 2014-03-25 21:49 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 21:48 - 2014-03-25 21:47 - 01038974 _____ (Thisisu) C:\Users\Elizabeth\Downloads\JRT.exe
2014-03-25 21:43 - 2014-03-25 21:43 - 00000000 ___HD () C:\dvmexp
2014-03-25 21:33 - 2014-03-25 21:32 - 01950720 _____ () C:\Users\Elizabeth\Downloads\AdwCleaner.exe
2014-03-25 21:22 - 2014-03-25 21:22 - 00000046 _____ () C:\Users\Elizabeth\AppData\Roaming\WB.CFG
2014-03-25 21:21 - 2014-03-25 21:21 - 00000953 _____ () C:\Users\Elizabeth\Desktop\MiPony.lnk
2014-03-25 21:21 - 2014-03-25 21:20 - 00000000 ____D () C:\Program Files\MiPony
2014-03-25 21:20 - 2014-03-25 21:20 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
2014-03-25 18:51 - 2014-03-25 15:16 - 00006281 _____ () C:\Attach.txt
2014-03-25 18:51 - 2014-03-25 15:15 - 00021585 _____ () C:\DDS.txt
2014-03-25 18:50 - 2014-03-25 15:13 - 00021585 _____ () C:\Users\Elizabeth\Desktop\dds.txt
2014-03-25 18:50 - 2014-03-25 15:13 - 00006281 _____ () C:\Users\Elizabeth\Desktop\attach.txt
2014-03-25 15:10 - 2014-03-25 15:10 - 00688992 ____R (Swearware) C:\Users\Elizabeth\Downloads\dds.com
2014-03-25 07:15 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-25 06:56 - 2009-07-14 00:33 - 00288216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-25 06:54 - 2010-08-16 15:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-24 21:28 - 2013-08-17 18:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-24 21:22 - 2013-07-19 21:49 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-24 20:25 - 2014-03-24 20:25 - 00000000 ____D () C:\Users\Elizabeth\Desktop\Old Firefox Data
2014-03-24 20:07 - 2012-01-23 19:45 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\SoftGrid Client
2014-03-24 19:55 - 2010-11-13 14:11 - 00000000 ____D () C:\Users\Elizabeth\AppData\Roaming\Apple Computer
2014-03-24 19:39 - 2010-11-13 13:33 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-03-24 19:37 - 2012-05-05 12:21 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-24 19:21 - 2014-01-29 20:04 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForElizabeth.job
2014-03-12 18:59 - 2012-08-16 20:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 18:59 - 2011-08-30 20:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 18:28 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-03-05 09:26 - 2014-03-25 22:08 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-25 22:08 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-25 22:08 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 22:12 - 2012-05-09 16:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-02 19:05 - 2014-03-02 19:05 - 00001059 _____ () C:\Users\Elizabeth\Desktop\Continue VuuPC Installation.lnk
2014-03-02 18:56 - 2014-03-02 18:55 - 00000366 _____ () C:\Windows\Tasks\APSnotifierCA.job
2014-03-02 18:53 - 2014-03-02 18:53 - 01122552 _____ (AnyProtect.com) C:\Users\Elizabeth\AppData\Local\nsz97AC.tmp
2014-03-02 18:47 - 2014-03-02 18:47 - 00000000 ____D () C:\Users\Elizabeth\AppData\Local\Tuguu_SL

Some content of TEMP:
====================
C:\Users\Elizabeth\AppData\Local\Temp\BackupSetup.exe
C:\Users\Elizabeth\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Elizabeth\AppData\Local\Temp\Quarantine.exe
C:\Users\Elizabeth\AppData\Local\Temp\sp64126.exe
C:\Users\Elizabeth\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Elizabeth\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Elizabeth\AppData\Local\Temp\Uninst.exe
C:\Users\Elizabeth\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Elizabeth\AppData\Local\Temp\WindowsAPI.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-23 15:56

==================== End Of Log ============================

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #16 on: March 26, 2014, 07:11:41 PM »
Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
Click Start
  • When asked, allow the add/on to be installed
Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

Copy and paste the report in next reply.

Next,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

Let me see the logs from FRST and ESET, let me know if any remaining issues or concerns...

Kevin

*

Offline J.T.

  • Bronze Member
  • 18
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #17 on: March 26, 2014, 07:42:39 PM »
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Elizabeth at 2014-03-26 21:41:34 Run:1
Running from C:\Users\Elizabeth\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKLM - {4B18D80F-AE03-4246-B287-BCFE87C9453F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {4B18D80F-AE03-4246-B287-BCFE87C9453F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {DB010431-A615-4821-B1D0-122094FE14BB} URL = http://www.tepela.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=a6q3tBMN
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
C:\Users\Elizabeth\AppData\Local\Temp\BackupSetup.exe
C:\Users\Elizabeth\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Elizabeth\AppData\Local\Temp\Quarantine.exe
C:\Users\Elizabeth\AppData\Local\Temp\sp64126.exe
C:\Users\Elizabeth\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Elizabeth\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Elizabeth\AppData\Local\Temp\Uninst.exe
C:\Users\Elizabeth\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Elizabeth\AppData\Local\Temp\WindowsAPI.dll
Task: {3390D292-32A5-44EA-B67A-AC7365D03D65} - System32\Tasks\APSnotifierCA => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files\AnyProtectEx
End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B18D80F-AE03-4246-B287-BCFE87C9453F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4B18D80F-AE03-4246-B287-BCFE87C9453F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B18D80F-AE03-4246-B287-BCFE87C9453F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4B18D80F-AE03-4246-B287-BCFE87C9453F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB010431-A615-4821-B1D0-122094FE14BB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DB010431-A615-4821-B1D0-122094FE14BB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
C:\Users\Elizabeth\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Elizabeth\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Elizabeth\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Elizabeth\AppData\Local\Temp\sp64126.exe => Moved successfully.
C:\Users\Elizabeth\AppData\Local\Temp\swt-gdip-win32-3448.dll => Moved successfully.
C:\Users\Elizabeth\AppData\Local\Temp\swt-win32-3448.dll => Moved successfully.
C:\Users\Elizabeth\AppData\Local\Temp\Uninst.exe => Moved successfully.
C:\Users\Elizabeth\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\Elizabeth\AppData\Local\Temp\WindowsAPI.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3390D292-32A5-44EA-B67A-AC7365D03D65} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3390D292-32A5-44EA-B67A-AC7365D03D65} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierCA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierCA => Key deleted successfully.
"C:\Program Files\AnyProtectEx" => File/Directory not found.

==== End of Fixlog ====

*

Offline J.T.

  • Bronze Member
  • 18
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #18 on: March 26, 2014, 07:57:30 PM »
The online scanner has started.  I am on the east coast so I will let it run overnight.  Hopefully I will good results in the morning.

Thank you so much for the help you haven given me so far.

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #19 on: March 26, 2014, 08:05:52 PM »
ESET scan is very thorough so may take several hours to complete,. I`m in the UK so will catch up later, my local time is 2:00am, sleepy time me thinks..


*

Offline J.T.

  • Bronze Member
  • 18
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #20 on: March 27, 2014, 04:40:26 AM »
There were NO threats found after the ESET scan and I now have JAVA 7.0 installed.

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #21 on: March 27, 2014, 07:47:34 AM »
Hello J.T.

What is the current status of the system, are there any remaining issues or concerns.. Run the following please, post the produced log, if your security alerts, either accept the alert or turn the security off during the scan...

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Thanks,

Kevin

*

Offline J.T.

  • Bronze Member
  • 18
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #22 on: March 27, 2014, 01:07:21 PM »
 Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 JavaFX 2.1.1   
 Java(TM) 6 Update 20 
 Java 7 Update 51 
 Adobe Flash Player    12.0.0.77 
 Adobe Reader XI 
 Mozilla Firefox 27.0.1 Firefox out of Date! 
 Mozilla Thunderbird (3.1.11) Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````[/u]

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #23 on: March 27, 2014, 02:22:59 PM »
What is the current security set up, I do not see any Anti-Virus listed in security checks, also FW is listed as turned off..

*

Offline J.T.

  • Bronze Member
  • 18
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #24 on: March 27, 2014, 02:50:30 PM »
At this moment I do not have a security setup.  Was hoping at the end of this you could recommend one.  I do not like Norton.

Can you tell me how to turn the firewall on?

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #25 on: March 27, 2014, 03:06:57 PM »
What is the current status of the system?

Windows 7 Firewall on or off http://windows.microsoft.com/en-gb/windows/turn-windows-firewall-on-off#turn-windows-firewall-on-off=windows-7

This is the set up I use for Windows 7:

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection.

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....
Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100&#entry162100

Understanding WinPatrol - http://www.winpatrol.com/features.html

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

I have also just started using CryptoGuard by Hitman Pro, once installed it will protect all Browsers against crypto ransomware infections, is also free. Go to following link for instructions, it will work with the set up I describe above..

http://www.surfright.nl/en/alert/cryptoguard

Let me know if any remaining issues or concerns, if none we can clean up...

*

Offline J.T.

  • Bronze Member
  • 18
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #26 on: March 27, 2014, 07:24:29 PM »
I really do appreciate the time and effort you put in to helping me.  I know it can be difficult balancing a family, job and volunteering with this forum.  You were very efficient and patient with me.

Here is one last look at the current status.

 Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 JavaFX 2.1.1   
 Java(TM) 6 Update 20 
 Java 7 Update 51 
 Adobe Flash Player    12.0.0.77 
 Adobe Reader XI 
 Mozilla Firefox 27.0.1 Firefox out of Date! 
 Mozilla Thunderbird (3.1.11) Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````[/u]

Let me know if you see any issues and if not we can "clean up".

Thanks again.

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #27 on: March 28, 2014, 03:40:58 AM »
Hello J. T.

Security Checks looks a lot better, but still a couple of issues to address :-

Java(TM) 6 Update 20 - Uninstall via programs and features. The easiest way to find P & F, Select start, type Programs and Features into the search box... hit the enter key.

Update Internet Explorer to version 11. I`d consider that optional for now (your choice). Update here if you want it: http://windows.microsoft.com/en-gb/internet-explorer/ie-11-worldwide-languages

Update Firefox - https://support.mozilla.org/en-US/kb/update-firefox-latest-version

Update Mozilla Thunderbird - https://support.mozilla.org/en-US/kb/updating-thunderbird

To clean up do the following:

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
 
Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,
 
Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

Next,

Download "Delfix by Xplode" and save it to your desktop.

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed.

All tools should be gone, if any tools/logs remain just delete/uninstall them as appropriate...

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Let me know if the above steps complete OK, also if any remaining issues or concerns. If all is well we can close out your thread....

Take care,

Kevin... :t



*

Offline J.T.

  • Bronze Member
  • 18
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #28 on: March 28, 2014, 06:14:41 PM »
The last steps completed OK, and everything seems to be running OK for right now. Thank you so much for your help!

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7696
Re: [Resolved - K] Full Ram and Slow Processing
« Reply #29 on: March 28, 2014, 07:15:02 PM »
Since this issue appears to be resolved the topic has been closed. Glad we could help..... :t 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.