Computer freezes for long periods of time randomly. Also boots up and runs real slow

[kcshaklee99]

Computer freezes for long periods of time randomly and boots up and runs real slow. I've done a little cleaning and ran a registry program that a computer guy helped me with and it has helped a little. is it possible that my Avast or malwarebytes let something thru and should I also have a spyware program like spybot on here?

Thanks for your help.

[Maniac]

Hello kcshaklee99! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

[kcshaklee99]

Hi here is the DDS file and the Attach file requested. Thanks for your help.

Computer keeps freezing and have to manually shut down and also boots up and runs slow

Jim

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2

Run by Admin at 13:19:12 on 2013-08-20

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.958.338 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\Windows\system32\rundll32.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

C:\Windows\system32\Taskmgr.exe

C:\Users\Admin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer provided by Dell

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Conime] c:\windows\system32\conime.exe

mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup

StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\admin\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{B6505625-388A-475D-A00E-1F8CFAAF8CE6} : DHCPNameServer = 192.168.1.1

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-16 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-16 175176]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-10 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-10 369584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-10 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-10 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-10 46808]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-9 21504]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2013-8-14 167424]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 23040]

.

=============== Created Last 30 ================

.

2013-08-15 22:55:53 -------- d-----w- c:\users\admin\appdata\roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

2013-08-15 20:50:40 -------- d-----w- c:\users\admin\appdata\local\Htc

2013-08-15 20:47:58 -------- d-----w- c:\users\admin\appdata\roaming\HTC

2013-08-15 00:59:28 -------- d-----w- c:\users\admin\appdata\local\Downloaded Installations

2013-08-15 00:57:36 -------- d-----w- c:\program files\Spirent Communications

2013-08-15 00:54:28 -------- d-----w- c:\program files\HTC

2013-08-14 20:34:00 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-08-14 20:33:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-08-14 20:18:41 783360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-14 20:18:38 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-14 20:18:38 15872 ----a-w- c:\windows\system32\icaapi.dll

2013-08-14 20:18:35 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 20:18:22 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 20:17:09 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 20:17:03 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 20:17:01 1205168 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 20:16:22 992768 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 20:16:21 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 20:16:21 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 20:16:17 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-13 23:52:04 499712 ----a-w- c:\windows\iwexec.exe

2013-08-13 23:51:59 -------- d-----w- C:\tcConference

2013-08-13 22:02:42 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-08-06 21:33:15 -------- d-----w- c:\windows\system32\MRT

2013-07-31 20:59:21 -------- d-----w- c:\users\admin\appdata\local\Protexis

2013-07-31 20:28:37 -------- d-----w- c:\program files\NT Registry Optimizer

2013-07-25 21:35:44 -------- d-----r- c:\users\admin\Dropbox

2013-07-25 21:32:00 -------- d-----w- c:\program files\Dropbox

2013-07-25 21:28:42 -------- d-----w- c:\users\admin\appdata\roaming\Dropbox

2013-07-25 20:18:54 -------- d-----w- c:\users\admin\appdata\local\Apps

2013-07-25 20:18:53 -------- d-----w- c:\users\admin\appdata\local\Deployment

2013-07-25 20:11:59 -------- d-----w- c:\users\admin\appdata\local\Yahoo

2013-07-24 21:28:20 -------- d-----w- c:\programdata\Visan

2013-07-24 21:28:20 -------- d-----w- c:\programdata\PrintProjects

2013-07-24 21:28:20 -------- d-----w- c:\program files\PrintProjects

2013-07-24 21:26:57 -------- d-----w- c:\users\admin\appdata\local\Eastman_Kodak_Company

2013-07-24 21:23:32 -------- d-----w- c:\users\admin\appdata\local\Eastman Kodak Company

2013-07-24 21:04:17 36352 ----a-w- c:\users\admin\appdata\roaming\PnPutil.exe

2013-07-24 21:04:16 800824 ----a-w- c:\users\admin\appdata\roaming\DPInst.exe

2013-07-24 21:04:15 106496 ----a-w- c:\users\admin\appdata\roaming\gacutil.exe

2013-07-24 19:18:57 -------- d-----w- c:\windows\pss

2013-07-24 01:57:53 -------- d-----w- c:\users\admin\{341e4644-391a-4eaf-8f5c-ee48c8c83c7c}

2013-07-24 01:55:21 -------- d-----w- c:\program files\Kodak

2013-07-24 01:53:21 -------- d-----w- c:\users\admin\appdata\roaming\Temp

2013-07-23 23:01:39 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a329a9a8-7029-4856-a3a4-40dd969c5b7a}\mpengine.dll

.

==================== Find3M ====================

.

2013-08-07 19:39:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-08-07 19:39:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-17 22:28:30 4096000 ----a-w- c:\program files\GUT27BC.tmp

2013-07-17 00:10:11 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-07-17 00:10:10 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll

2012-09-19 23:05:56 4096000 ----a-w- c:\program files\GUTDB42.tmp

.

============= FINISH: 13:21:17.65 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume3

Install Date: 7/19/2007 12:47:37 AM

System Uptime: 8/20/2013 12:30:34 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0RY206

Processor: AMD Sempron™ Processor 3600+ | Socket AM2 | 2009/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 139 GiB total, 84.939 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 4.52 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Download Manager

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.7)

aioscnnr

avast! Free Antivirus

CCleaner

CDDRV_Installer

center

Conexant D850 PCI V.92 Modem

Corel Paint Shop Pro Photo XI

Corel Snapfire Plus

Dell DataSafe Online

Dell Support Center

Dell System Customization Wizard

DellSupport

Digital Line Detect

Dropbox

essentials

Games, Music, & Photos Launcher

Google Talk Plugin

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Deskjet 3520 series Basic Device Software

HP Photo Creations

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

IPTInstaller

Java 7 Update 25

Java Auto Updater

KhalSetup

Kodak AIO Printer

KODAK AiO Software

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Modem Diagnostic Tool

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2758694)

NetWaiting

NTREGOPT 1.1j

NVIDIA Drivers

NVIDIANetworkDiagnostic

ocr

PowerDVD

PreReq

PrintProjects

Product Documentation Launcher

QualxServ Service Agreement

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler

Roxio MyDVD DE

Roxio Update Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

SetPoint

Sonic Activation Module

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

URL Assistant

User's Guides

.

==== End Of File ===========================

[Maniac]

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 3

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

• Download on the desktop RogueKiller
• Quit all programs
• Start RogueKiller.exe
• Wait until Prescan has finished ...
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log
• RogueKiller log

[kcshaklee99]

Hi here are the 4 reports:

Junkware Removal Tool log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows Vista Home Basic x86
Ran by Admin on Mon 08/26/2013 at 10:33:56.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo

 

~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\systweak"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/26/2013 at 10:37:31.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

AdwCleaner log

 

# AdwCleaner v3.001 - Report created 26/08/2013 at 11:51:56
# Updated 24/08/2013 by Xplode
# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)
# Username : Admin - MIKES
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\RegClean Pro_UPDATES

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\RegClean Pro_UPDATES
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\RegClean Pro_UPDATES
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

-\\ Google Chrome v

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1228 octets] - [26/08/2013 11:06:37]
AdwCleaner[R1].txt - [1288 octets] - [26/08/2013 11:09:18]
AdwCleaner[R2].txt - [1208 octets] - [26/08/2013 11:51:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1268 octets] ##########

 

 

Malwarebytes' Anti-Malware log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.26.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: MIKES [administrator]

8/26/2013 11:12:08 AM
mbam-log-2013-08-26 (11-12-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240704
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

RogueKiller log

 

 

Mode : Scan -- Date : 08/26/2013 11:46:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] AdwCleaner.exe -- C:\Users\Admin\Desktop\AdwCleaner.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 8 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2181040529-65555768-2323870305-1001UA.job : C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2181040529-65555768-2323870305-1001Core.job : C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2181040529-65555768-2323870305-1000UA.job : C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2181040529-65555768-2323870305-1000Core.job : C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2181040529-65555768-2323870305-1000Core : C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2181040529-65555768-2323870305-1000UA : C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2181040529-65555768-2323870305-1001Core : C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2181040529-65555768-2323870305-1001UA : C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST316081 5AS SCSI Disk Device +++++
--- User ---
[MBR] 70486eebc3406326d051c9c0c7ae891a
[bSP] e4f1a3792e18a93ded96ab613143948a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21053440 | Size: 142306 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08262013_114622.txt >>

 

 

Also ADWCleaner has a few boxes with checks that say KEY, am I supposed to click the button that says clean or anything :-)

Rogue Killer also has boxes checked that say found. Do I need to do anything there or just close those 2 applications.

Thanks
 

[Maniac]

Please re-run AdwCleaner and click on Clean button. You could close RogueKiller.

[kcshaklee99]

Hi Borislav, sorry, I posted yesterday that I re-ran adwcleaner and clicked the clean button and then I posted the log here but I must not have hit post or something because today it is gone. I re ran adwcleaner and hit clean and it finished.

Jim

[Maniac]

How are things now?

[kcshaklee99]

It is still freezing up. It hasn't today but yesterday it did it 3 times and I had to manually shut the computer off and restart it. If I open more than one window at a time or type to fast or anything it freezes up and has to be turned off by hoding down the on button. I try alt control delete and nothing works so I shut it down and turn it back on?

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[kcshaklee99]

It said no threats found when it finished and there was no report to run?

Thanks

[Maniac]

Explain about the situation there. You have missed a long time and I don't know what is going on there.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!