Hello
3 days ago I was searching for snipping tool program, didn’t know which I want. So I went to http://download.cnet.com and download around 15 programs (custom install nothing else except the actual program to install)… each by each I tried them all, installed → tried → uninstalled! After restart my System acts funny, windows, programs flicking-blicking once in a while and once in a while act crazy cannot click or right mouse menu doesn’t appear… I ran Avast (full, smart, on-boot) and ran Ad-aware - didn’t find anything, cleaned all temps, cleaned all PC using CCleaner, also Reg Orginizer, found all files which these new programs left - deleted them all. One strange thing that I still see 3-4 leftovers of the programs in taskbar… here short video https://youtu.be/2fiPF0AObHY what could it be? Do restore point will help? Do drivers damaged? Do PC infected?
THanks
Run a scan with Malwarebytes
Which one you recommend?
follow instructions https://forum.avast.com/index.php?topic=53253.0
One issue
One issue?
The MBam logs already shows around a dozen issues >:(
“one issue” i meant that aswmbr.exe just doesn’t work so far )
Let me know what problems remain after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: BHO-x32: No Name -> {5D44FA23-B295-DB3B-E652-38D265315357} -> No File BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: No Name -> {F52BE5FE-E612-1C31-2C7D-B1E9B86251AD} -> No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR HKU\S-1-5-21-978410073-846054053-3847043086-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - CHR HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - CHR HKLM-x32\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - 2016-02-07 19:53 - 2016-02-07 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Organizer 2016-02-07 19:53 - 2016-02-07 19:53 - 00000000 ____D C:\Program Files (x86)\Reg Organizer 2016-02-07 13:53 - 2016-02-07 13:53 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2016-02-07 13:53 - 2016-02-07 13:53 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2016-02-07 11:52 - 2016-02-07 11:53 - 00000000 ____D C:\Users\Michael\AppData\Local\._LiveCode_ 2016-02-07 11:52 - 2016-02-07 11:52 - 00000026 ____H C:\ProgramData\.d59546f61165ae53742c10f688282916.dat 2016-02-07 11:48 - 2016-02-07 11:48 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Greenshot 2016-02-07 11:48 - 2016-02-07 11:48 - 00000000 ____D C:\Users\Michael\AppData\Local\Greenshot 2016-02-07 11:37 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Michael\AppData\Roaming\FastStone 2016-02-07 11:37 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Michael\AppData\Local\FastStone 2016-02-07 00:12 - 2016-02-07 00:12 - 00000000 ____D C:\Program Files (x86)\Windows Media Adapter v615 2016-02-07 00:01 - 2016-02-07 00:15 - 00000000 ____D C:\Users\Michael\Documents\My Recordings 2016-02-07 00:01 - 2016-02-07 00:15 - 00000000 ____D C:\Users\Michael\AppData\Local\DeskShare Data 2016-02-07 00:01 - 2016-02-07 00:15 - 00000000 ____D C:\ProgramData\Deskshare 2016-02-07 00:01 - 2016-02-07 00:01 - 00000000 ____D C:\Users\Michael\AppData\Local\Spoon 2016-02-06 22:44 - 2016-02-07 10:50 - 00000000 ____D C:\Program Files (x86)\360 2016-02-07 14:56 - 2013-11-07 22:53 - 00000000 ____D C:\Program Files (x86)\surf! aeNad ekiEeepp CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath Task: {2C0322ED-0959-44F9-9F12-55BC1E1CB4D4} - System32\Tasks\{BEF870CB-7227-47EE-BFF8-D73327F67207} => pcalua.exe -a "C:\Program Files (x86)\Shop-Up\Uninstall.exe" -c /fromcontrolpanel=1 Task: {96A218EC-591A-44A6-87B8-9C4F9F3DE2AD} - System32\Tasks\{20739B55-D290-44CD-BC17-A1EB9BC21741} => pcalua.exe -a C:\PROGRA~2\HOTLLA~1\Player\UNWISE.EXE -c C:\PROGRA~2\HOTLLA~1\Player\INSTALL.LOG C:\ProgramData\.d59546f61165ae53742c10f688282916.dat C:\Program Files (x86)\Shop-Up C:\PROGRA~2\HOTLLA~1 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
Thx. Still flicking-blicking while using Mozilla Firefox… overall seems that PC working ok. I restarted Mozilla and deleted all extensions.
Is firefox still playing up after removing the extensions
After REFRESH/Restart all extensions are gone but it still playing up.
Yes. Now many other program playing up such as Word, Photoshop, Producer 4 etc so pretty much all programs ) every time I see “not responding” message appearing and disappearing on the program top bar and program freezes for a second when working with it. I guess I’m fucked
OK lets look for conflicts now
In the search box type Msconfig and select the programme that appears at the top
1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
https://dl.dropboxusercontent.com/u/73555776/Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
https://dl.dropboxusercontent.com/u/73555776/cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
Then let me know how the system is behaving
Hi, little better maybe BUT same thing… :-\
OK do you know how to run SFC /scannow ?
http://www.thewindowsclub.com/how-to-run-system-file-checker-analyze-its-logs-in-windows-7-vista
Run this and then see if the problem resolves itself
My friend here…
https://www.youtube.com/watch?v=6JB5q3kP_X8
Still the same problem ?
Yes, same thing
could you open task manager on your desktop and when the system locks let me know what file is taking the most CPU
By “system locks” you mean lags/freezes?
Here video https://youtu.be/DfgTfGQOJyg