[student2014]

Good Afternoon

I am a student and in middle of studying for an exam that I need the computer to do questions on   , I left my PC windows computer on I do not know what happened but for the past two days it has been running slow and realized there is probably a virus. I have a similar situation as stated in this old forum . http://www.geekstogo...ll-have-trojan/ .

After looking online for help I tried malwarebytes which I guess removed something... but it didnt work. I also tried the microsoft defender ... and

I downloaded AVAST.. and am currently in safemode with network allowed but it will not scan.. the error message reads

"Unable to start scan. There are no more endpoints available from the endpoint mapper"

 

Not sure what that means, I am thinking it is a virus.. computer runs slow.. freezes my programs when starting in normal mode. I am afraid of possible deleting things I need or downloading an anti-virus software that is actually a virus.

Please help in trying to get rid of what is hurting my computer.

Thank you in advance for any support !!

[Advertisements]

Could you post the MBAM log please and then :

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Could you post the MBAM log please and then :

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[student2014]

I'm sorry what is MBAM log?

[student2014]

OK I ran the scan and here is the FRST file from the farbar recovery.

[student2014]

oops here I attached it

Attached Files

•  FRST.txt   51.05KB   260 downloads

[Essexboy]

OK I can see the major problem .. You have three antivirus programmes

What we will do is initially clear those away, then re-install Avast (working)
Once that is done we will remove the junk that I can see

First download the following four programmes to your desktop :

Avast Free
Avast Uninstall Utility
AVG removal tool
Norton removal tool

Second using Control Panel > Programmes and features uninstall the following :

Avast
AVG
Norton/Symantec

Next, having uninstalled the main programmes now run the uninstall tools that you have downloaded to the desktop, one at a time. Each tool will probably require a reboot

Last but not least. Now they are all removed install Avast from the setup file you downloaded

 Now to clear the rubbish

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {C75DABC5-A982-412C-AD9E-AF7491C94EC1} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2786678
SearchScopes: HKLM-x32 - {C75DABC5-A982-412C-AD9E-AF7491C94EC1} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...l&geo=US&ver=18
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2786678
SearchScopes: HKCU - {C75DABC5-A982-412C-AD9E-AF7491C94EC1} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} URL = http://search.hotspo...q={searchTerms}
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\voy96wbi.default\searchplugins\safesearch.xml
2014-09-19 14:37 - 2014-09-19 14:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\{775E81A1-6E1C-4933-8E5A-DAA056BE2E69}
2014-09-19 10:13 - 2014-09-19 10:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{99FE5B3E-70FD-4663-9590-676906F87CC6}
2014-09-18 22:17 - 2014-09-18 22:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{41BCB346-1F00-429B-82B1-9867E5481FA6}
2014-09-18 20:39 - 2014-09-18 20:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\{665CA41F-827F-49F6-811E-1E40D3857725}
2014-09-18 20:19 - 2014-09-18 20:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\{BD15AE60-0087-417A-9748-9E2850817651}
2014-09-18 19:17 - 2014-09-18 19:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4B0D7428-DD11-45DD-B5D3-E2FEA74EA3EE}
2014-09-18 18:24 - 2014-09-18 18:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8BC4FAFC-602B-49E5-A5D0-AE520F6DFA7C}
2014-09-18 17:07 - 2014-09-18 17:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C2B7C0B-6E10-43A2-A3FB-F432D43E4A0C}
2014-09-18 16:46 - 2014-09-18 16:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{6B784301-58B4-4DC1-B9AC-430A28FFD0AB}
2014-09-17 00:34 - 2014-09-17 00:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3D590A40-C067-4964-B762-D8A4336F02CA}
2014-09-16 18:39 - 2014-09-16 18:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\{207E8292-F523-4D75-9F97-1064745D615F}
2014-09-14 19:04 - 2014-09-14 19:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{305A2C83-0438-497A-896C-296574B022D0}
2014-09-14 14:26 - 2014-09-14 14:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\{6FA0726D-DCFB-4EDF-B353-3042E0B296CC}
2014-09-13 11:10 - 2014-09-13 11:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D8ED179C-252D-4F76-861A-0F1B08A15F79}
2014-09-11 10:29 - 2014-09-11 10:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C82FFC11-BFA2-4A44-975C-857B408F972F}
2014-09-09 10:10 - 2014-09-09 10:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9AB7A3E5-D295-4FE5-A4C9-0F7AE4A54250}
2014-09-09 10:08 - 2014-09-09 10:08 - 00575128 _____ () C:\Windows\Minidump\090914-47736-01.dmp
2014-09-08 16:36 - 2014-09-08 16:36 - 00607696 _____ () C:\Windows\Minidump\090814-49530-01.dmp
2014-09-08 14:10 - 2014-09-08 14:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4D19E4D1-0EA4-4D3A-B409-EB9CF210D6A9}
2014-09-08 12:25 - 2014-09-08 12:25 - 00511600 _____ () C:\Windows\Minidump\090814-47642-01.dmp
2014-09-07 15:46 - 2014-09-07 15:46 - 00000000 ____D () C:\Users\Owner\AppData\Local\{B0ED3DFC-D1E0-4611-A1BC-14E429F3BEF2}
2014-09-03 00:09 - 2014-09-03 16:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3A280141-1919-4201-9750-6E70FE7E6C22}
2014-09-02 23:23 - 2014-09-02 23:23 - 00549440 _____ () C:\Windows\Minidump\090214-44226-01.dmp
2014-09-02 12:08 - 2014-09-02 12:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4110B664-93E1-4ED6-A80B-5F63CD29CC0F}
2014-09-02 12:05 - 2014-09-02 12:05 - 00524736 _____ () C:\Windows\Minidump\090214-46862-01.dmp
2014-09-01 17:53 - 2014-09-01 17:53 - 00491008 _____ () C:\Windows\Minidump\090114-43727-01.dmp
2014-08-30 23:19 - 2014-08-30 23:19 - 00513960 _____ () C:\Windows\Minidump\083014-44257-01.dmp
2014-08-30 17:32 - 2014-08-30 17:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A553A9E9-77DF-441F-A58A-09205D19DE1C}
2014-08-30 12:17 - 2014-08-30 12:17 - 00613160 _____ () C:\Windows\Minidump\083014-63133-01.dmp
2014-08-29 22:04 - 2014-08-29 22:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1C57A3C5-4FBE-4B97-A7A8-E84C77DCAB7C}
2014-08-29 22:01 - 2014-08-29 22:01 - 00576952 _____ () C:\Windows\Minidump\082914-49935-01.dmp
2014-08-28 18:47 - 2014-08-28 18:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D773EE1C-E01D-4A42-922A-E2C586857F77}
2014-08-27 23:38 - 2014-08-27 23:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\{865EBCE8-D1CA-4E06-BC72-3EDE853D60FF}
2014-08-27 23:36 - 2014-08-27 23:36 - 00640504 _____ () C:\Windows\Minidump\082714-54803-01.dmp
2014-08-25 20:38 - 2014-08-25 20:38 - 00000000 ____D () C:\Users\Owner\AppData\Local\{92241EB8-5227-486D-BD15-5796ED792D56}
2014-08-25 20:35 - 2014-08-25 20:36 - 00599696 _____ () C:\Windows\Minidump\082514-59249-01.dmp
2014-08-22 19:59 - 2014-08-22 19:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\{0F25895E-450B-4155-8D45-F164EE08D9DA}
2014-08-20 19:28 - 2014-08-21 18:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\{EF6008DF-EAC0-4D65-BB17-2223F1EA332A}
2014-08-20 19:24 - 2014-08-20 19:24 - 00550288 _____ () C:\Windows\Minidump\082014-86174-01.dmp
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

 

FINALLY

 

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

[student2014]

Hello again,

Truly sorry for the delay so finally after many restarts and shutdowns .. lol :/

here is the first file log . I will run adware and attach the second.

Attached Files

•  Fixlog.txt   12.07KB   289 downloads

[student2014]

ok. done. So I ran adware and this is the log I got. I am running on safe mode when I do all this but if/when I get into regular mode, this pops up I'm not sure if its important so wanted to mention it. When windows is starting up on desktop I get a grey box with a message stating " GfxUI has stopped working" 

 

Thank you very much for all your help. Here is the attachment .

Attached Files

•  AdwCleanerS0.txt   2.73KB   238 downloads

[Essexboy]

" GfxUI has stopped working" indicates a problem with your graphics driver, do you have a desktop or laptop ?

How is the computer behaving apart from that

[student2014]

Good Morning,

Well in safe mode runs fine , but when I go in regular mode it is slow and freezes when I try to open the internet. It is a laptop

[Essexboy]

Could you go to this site http://www.intel.com.../support/detect and click "Check your system for updates" and see if it provides a driver update for you

Could you now run a fresh FRST scan for me please and we will see if the cause for the slowness is apparent

[student2014]

when I try to go to the intel site. it says it cant work without me updating java and then when I want to update it with their link it tells me I cant run it on safe mode . But if I am in regular mode my comp freezes. :/ So unable to check my driver updates then this way.

 

this is the picture I first get at intel and then once it takes me to download java what i get.

Attached Thumbnails

• 
• 

[student2014]

and here is the log from a repeat scan :/  . is it a virus you think or something else going on

Attached Files

•  FRST.txt   40.99KB   275 downloads

[Essexboy]

Nope all the malware type stuff has now gone

Is Avast running properly ?

OK lets now see if we can locate the blockage in normal mode
Carry out the following and then let the system reboot to normal mode

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.

5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.How is the computer behaving now in normal mode

[student2014]

ok so I did what you said but does it take a while for it to prompt to restart? B/c it never told me to. or should I restart the comp my self