1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Likely a virus that needs to be removed.

Discussion in 'Malware and Virus Removal' started by h2ofwlr, 2017/11/25.

Page 2 of 2
  1. 2017/11/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It should be almost instant.
    Restart computer and try again.
     
    broni,
    #21
  2. 2017/12/01
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    The fixlog appears in like 15 seconds, but the "fixing" is not that way, as it says 'please wait as it is being fixed'.

    I reran it after rebooting like you suggested, and about an 1/2 hour later it said that the "fixing" was completed. So not sure it was almost done before and needed 15 hrs total, or if the 1/2 hr last night it was fixed. I think it needed the 15 hrs as the 2 logs are a bit different.

    BTW, no noticeable improvement on speed as I keep getting firefox's pop up suggestions to enhance the speed.

    2 fix logs are attached as it appears there are some differences.

    Fixlog from 1.5 days ago
    Fix result of Farbar Recovery Scan Tool (x86) Version: 29-11-2017
    Ran by First Class Car Care (29-11-2017 19:57:13) Run:1
    Running from C:\Documents and Settings\Alan\Desktop
    Loaded Profiles: First Class Car Care & UpdatusUser (Available Profiles: First Class Car Care & UpdatusUser & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll <==== ATTENTION
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION
    GroupPolicy: Restriction ? <==== ATTENTION
    URLSearchHook: [S-1-5-21-1801674531-1979792683-1417001333-1007] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: No Name -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> No File
    BHO: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
    Toolbar: HKLM - No Name - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
    S2 SecurityService; "C:\Program Files\TotalAV\SecurityService.exe" [X]
    S0 cerc6; no ImagePath
    S4 vsdatant; a [X]
    U1 WS2IFSL; no ImagePath
    S0 WudfPf; system32\DRIVERS\WudfPf.sys [X]
    2011-01-23 21:55 - 2011-01-23 21:55 - 000011429 _____ () C:\Documents and Settings\Alan\Application Data\Microsoft Excel.TSK
    2010-02-11 22:08 - 2017-09-20 05:25 - 000208896 _____ () C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-04-27 13:09 - 2010-04-27 13:09 - 000000143 _____ () C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\fusioncache.dat
    2010-04-27 12:13 - 2014-12-22 20:17 - 000008541 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a
    C:\Program Files\Google\Desktop\Install
    2017-11-25 21:26 - 2010-12-09 09:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\First Class Car Care\Local Settings\Temp\dllnt_dump.dll
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    AlternateDataStreams: C:\Documents and Settings\Alan\Desktop\Firefox Setup 50.1.0.exe:SummaryInformation [43]
    AlternateDataStreams: C:\Documents and Settings\Alan\Desktop\Firefox Setup 50.1.0.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

    *****************

    HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => value restored successfully
    HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => key removed successfully.
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    Could not restore Default URLSearchHook.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key removed successfully.
    HKLM\Software\Classes\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key removed successfully.
    HKLM\Software\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61} => key removed successfully.
    HKLM\Software\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61} => key not found
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => key removed successfully.
    HKLM\Software\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => key removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => key removed successfully.
    HKLM\Software\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => key not found
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => value removed successfully.
    HKLM\Software\Classes\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => key not found
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value removed successfully.
    HKLM\Software\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => key not found
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
    HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} => key removed successfully.
    HKLM\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} => key not found
    HKLM\Software\Mozilla\Firefox\Extensions\\jqs@sun.com => value removed successfully.
    HKLM\System\CurrentControlSet\Services\SecurityService => key removed successfully.
    SecurityService => service removed successfully.
    HKLM\System\CurrentControlSet\Services\cerc6 => key removed successfully.
    cerc6 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\vsdatant => key removed successfully.
    vsdatant => service removed successfully.
    HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
    WS2IFSL => service removed successfully.
    HKLM\System\CurrentControlSet\Services\WudfPf => key removed successfully.
    WudfPf => service removed successfully.
    C:\Documents and Settings\Alan\Application Data\Microsoft Excel.TSK => moved successfully
    C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
    C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\fusioncache.dat => moved successfully
    C:\Documents and Settings\All Users\Application Data\hpzinstall.log => moved successfully
    C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a => moved successfully
    C:\Program Files\Google\Desktop\Install => moved successfully
    C:\Documents and Settings\First Class Car Care\Local Settings\Temp\dllnt_dump.dll => moved successfully
    "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started:
    "C:\Program Files\Microsoft Security Client\Backup" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\DbgHelp.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\Drivers" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\en-us" =>Deleting reparse point and unlocking completed.




    Fixlog from last night

    Fix result of Farbar Recovery Scan Tool (x86) Version: 30-11-2017
    Ran by First Class Car Care (01-12-2017 00:20:57) Run:2
    Running from C:\Documents and Settings\Alan\Desktop
    Loaded Profiles: First Class Car Care & UpdatusUser (Available Profiles: First Class Car Care & UpdatusUser & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll <==== ATTENTION
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION
    GroupPolicy: Restriction ? <==== ATTENTION
    URLSearchHook: [S-1-5-21-1801674531-1979792683-1417001333-1007] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: No Name -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> No File
    BHO: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
    Toolbar: HKLM - No Name - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    Toolbar: HKU\S-1-5-21-1801674531-1979792683-1417001333-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
    S2 SecurityService; "C:\Program Files\TotalAV\SecurityService.exe" [X]
    S0 cerc6; no ImagePath
    S4 vsdatant; a [X]
    U1 WS2IFSL; no ImagePath
    S0 WudfPf; system32\DRIVERS\WudfPf.sys [X]
    2011-01-23 21:55 - 2011-01-23 21:55 - 000011429 _____ () C:\Documents and Settings\Alan\Application Data\Microsoft Excel.TSK
    2010-02-11 22:08 - 2017-09-20 05:25 - 000208896 _____ () C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-04-27 13:09 - 2010-04-27 13:09 - 000000143 _____ () C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\fusioncache.dat
    2010-04-27 12:13 - 2014-12-22 20:17 - 000008541 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a
    C:\Program Files\Google\Desktop\Install
    2017-11-25 21:26 - 2010-12-09 09:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\First Class Car Care\Local Settings\Temp\dllnt_dump.dll
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    AlternateDataStreams: C:\Documents and Settings\Alan\Desktop\Firefox Setup 50.1.0.exe:SummaryInformation [43]
    AlternateDataStreams: C:\Documents and Settings\Alan\Desktop\Firefox Setup 50.1.0.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

    *****************

    HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => value restored successfully
    HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => key not found
    "C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
    Could not restore Default URLSearchHook.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found
    HKLM\Software\Classes\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found
    HKLM\Software\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61} => key not found
    HKLM\Software\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61} => key not found
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => key not found
    HKLM\Software\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => key not found
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => key not found
    HKLM\Software\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => key not found
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => value not found.
    HKLM\Software\Classes\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => key not found
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value not found.
    HKLM\Software\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => key not found
    HKU\S-1-5-21-1801674531-1979792683-1417001333-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
    HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} => key not found
    HKLM\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} => key not found
    HKLM\Software\Mozilla\Firefox\Extensions\\jqs@sun.com => value not found.
    SecurityService => service not found.
    cerc6 => service not found.
    vsdatant => service not found.
    WS2IFSL => service not found.
    WudfPf => service not found.
    "C:\Documents and Settings\Alan\Application Data\Microsoft Excel.TSK" => not found.
    "C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
    "C:\Documents and Settings\First Class Car Care\Local Settings\Application Data\fusioncache.dat" => not found.
    "C:\Documents and Settings\All Users\Application Data\hpzinstall.log" => not found.
    "C:\RECYCLER\S-1-5-18\$37ad6bc9e176f6b0348baabcecda702a" => not found.
    "C:\Program Files\Google\Desktop\Install" => not found.
    "C:\Documents and Settings\First Class Car Care\Local Settings\Temp\dllnt_dump.dll" => not found.
    "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started:
    "C:\Program Files\Microsoft Security Client\EppManifest.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\LegitLib.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpAsDesc.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpClient.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpCommu.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\mpevmsg.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpOAv.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpRTP.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MpSvc.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MsMpCom.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MsMpEng.exe" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MsMpLics.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MsMpRes.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\msseces.exe" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\MsseWat.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\Setup.exe" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\SetupRes.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\shellext.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\SqmApi.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\SymSrv.dll" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client\SymSrv.yes" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client" =>Deleting reparse point and unlocking completed.
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => key removed successfully.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
    C:\Documents and Settings\Alan\Desktop\Firefox Setup 50.1.0.exe => ":SummaryInformation" ADS could not remove.
    C:\Documents and Settings\Alan\Desktop\Firefox Setup 50.1.0.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.


    The system needed a reboot.

    ==== End of Fixlog 01:12:53 ====
     
    Last edited: 2017/12/01
    h2ofwlr,
    #22


  3. to hide this advert.

  4. 2017/12/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    As for Firefox...

    Reset Firefox: Refresh Firefox - reset add-ons and settings | Firefox Help

    If the above didn't help...

    Uninstall Firefox completely using this manual: Uninstall Firefox from your computer | Firefox Help
    NOTE. Use MozBackup: MozBackup - Backup tool for Firefox and Thunderbird to backup your bookmarks and passwords. Do NOT backup anything else.
    Install fresh copy.

    Then...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
    broni,
    #23
  5. 2017/12/08
    h2ofwlr

    h2ofwlr Well-Known Member Thread Starter

    Joined:
    2005/01/17
    Messages:
    118
    Likes Received:
    0
    The refresh of FF did not help as still very sluggish. The weird thing is 2 days ago the computer acted like it should for about a day, now yesterday and today it is back like 2 weeks ago.

    Do any of these codes help to see what is causing it?

    "Warning Unresponsive script" https://static.xx.fbcdn.net/rsrc.php/v3/yq/r/LpCFIQ1VQjn.js.120 when it is locked up.

    Often when during the screen locking up is see a "shock wave unresponsive plugin" popup. This had been happening for yrs on this one.

    When having to do a ctrl/alt/del this appears: tea.timer.exe is not responding.

    So do any of the 3 point to a specific program that may be corupt? And more important an easy fix?
    I'm weighing if it's better to just move the files to the newer computer and shoot the HD with a shotgun ;) - yeah it has been that frustrating of a time eater for me.
     
    h2ofwlr,
    #24
  6. 2017/12/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If resetting Firefox didn't help reinstall it following instructions from my link.
     
    broni,
    #25
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...