nickster Posted September 26, 2011 Report Share Posted September 26, 2011 System resources are being hogged. I downloaded Norton System Works, but the PC hangs and I only get the Norton splash screen after a few minutes, then I waited 30 minutes to see iff my system could get norton started for me to run a scan. It still was showing the splash screen. All programs I tried are affected by this. I am using safe mode and running Superanti spyware now, and have several other anti malware/virus programs I'll try to run in safe mode. Norton won't run in safe mode. I ran an AVG complete scan while in safe mode, but the report only listed about 50 locked files. It didn't mention anything I took as a red flag. It is slow right off the bat in regular mode, but I don't have enough time to open my browser or start anything before the system hangs. I may need to boot from a disk with anti/mal/virus program on it. Quote Link to comment Share on other sites More sharing options...
bludgard Posted September 26, 2011 Report Share Posted September 26, 2011 Hi, nickster.What makes you thing your machine is infected?Can you reach Windows desktop? If so, can you post a screenshot of all running processes in Task Manager? Quote Link to comment Share on other sites More sharing options...
ɹəuəllıʍ ʇɐb Posted September 27, 2011 Report Share Posted September 27, 2011 Best way to fix this is to uninstall all Norton / Symantec stuff. Quote Link to comment Share on other sites More sharing options...
nickster Posted September 27, 2011 Author Report Share Posted September 27, 2011 Hi, nickster.What makes you thing your machine is infected?Can you reach Windows desktop? If so, can you post a screenshot of all running processes in Task Manager?I am online now for college, in safe mode. I'll capture a screenshot in regular mode later tonight. For now, here is the current safe mode w/networking screenshot of task mgr and the super antispyware report. Text of Superantispyware report (is red) (won't let me attach a works document): I have not booted normally after Superantispywae did its scan, but it detected what it considers potentially malicious items. SUPERAntiSpyware Scan Log/>http://www.superantispyware.comGenerated 09/26/2011 at 02:36 PMApplication Version : 5.0.1118Core Rules Database Version : 7728Trace Rules Database Version: 5540Scan type : Complete ScanTotal Scan Time : 00:48:34Operating System InformationWindows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)UAC Off - AdministratorMemory items scanned : 430Memory threats detected : 0Registry items scanned : 73602Registry threats detected : 23File items scanned : 58016File threats detected : 82Adware.MyWebSearch/FunWebProducts(x86) HKLM\SOFTWARE\MyWebSearch(x86) HKLM\SOFTWARE\MyWebSearch\bar(x86) HKLM\SOFTWARE\MyWebSearch\bar#Maximized(x86) HKLM\SOFTWARE\MyWebSearch\bar#Visible(x86) HKLM\SOFTWARE\MyWebSearch\bar#pid(x86) HKLM\SOFTWARE\MyWebSearch\bar#fwp(x86) HKLM\SOFTWARE\MyWebSearch\bar#tiec(x86) HKLM\SOFTWARE\MyWebSearch\bar#Dir(x86) HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir(x86) HKLM\SOFTWARE\MyWebSearch\bar#sr(x86) HKLM\SOFTWARE\MyWebSearch\bar#pl(x86) HKLM\SOFTWARE\MyWebSearch\bar#un(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp(x86) HKLM\Software\FocusInteractive(x86) HKLM\Software\FocusInteractive\bar(x86) HKLM\Software\FocusInteractive\bar\Switches(x86) HKLM\Software\FocusInteractive\bar\Switches#ok(x86) HKLM\Software\FocusInteractive\bar\Switches#od(x86) HKLM\Software\FocusInteractive\bar\Switches#nk(x86) HKLM\Software\FocusInteractive\bar\Switches#ndC:\Program Files (x86)\MyWebSearch\bar\1.binC:\Program Files (x86)\MyWebSearch\bar\2.binC:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.datC:\Program Files (x86)\MyWebSearch\bar\SettingsC:\Program Files (x86)\MyWebSearch\barC:\Program Files (x86)\MyWebSearchMalware.TraceC:\Windows\TASKS\{22116563-108C-42c0-A7CE-60161B75E508}.job(x86) HKU\S-1-5-21-2852480957-4085591632-1622588118-1001\Software\NtWqIVLZEWZUAdware.Tracking Cookie.avgtechnologies.112.2o7.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].specificclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].yieldmanager.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].r1-ads.ace.advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].media6degrees.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].imrworldwide.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].imrworldwide.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].yadro.ru [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].apmebf.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].mediabrandsww.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].content.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].content.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].media6degrees.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].ru4.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].ru4.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].lucidmedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ].atdmt.com [ C:\USERS\NICK RABUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ].atdmt.com [ C:\USERS\NICK RABUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ].doubleclick.net [ C:\USERS\NICK RABUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]Trojan.Agent/CDesc[Generic]ZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/ADDINMANA.DLLC:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIPZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/NSISSCRIPTEDITOR.DLLZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/PREVIEW.DLLZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/PROJECTZIP.DLLZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/RESOURCEID.DLLZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/STYLEMANA.DLLZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/RACODECOMPLETE.DLLZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/RAFILE.DLLZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/WBDLL.DLL Quote Link to comment Share on other sites More sharing options...
nickster Posted September 27, 2011 Author Report Share Posted September 27, 2011 Hi, nickster.What makes you thing your machine is infected?Can you reach Windows desktop? If so, can you post a screenshot of all running processes in Task Manager? I put the tsk mgr screenshot into a Works doc, but can't upload a Works doc. saved as a png:and attached to this reply Quote Link to comment Share on other sites More sharing options...
-pops- Posted September 27, 2011 Report Share Posted September 27, 2011 What I would do is a new install of Windows. There appears to be a lot of spyware/adware/malware in the SASW report which makes me think that a clean install of the O/S is the quickest and easiest option. When you get going again, install an anti-virus and an anti-malware program ahead of doing almost anything else - and, like Pat Willener said, not Norton/Symantec. Don't install multiple anti-virus programs - if you want a second opinion on viruses use an online service such as Trend HouseCall. Do you have ZoneAlarm installed? The presence of vsmon.exe suggests that you do. If you do, I don't feel there is a need for it now that Windows has an effective firewall. If you don't then this term sometimes points to a virus, spyware, trojan or worm infection. Also, and not wishing to judgemental, your SASW report shows some very dubious cookies and possible trojans - not things I would want on my computers. Quote Link to comment Share on other sites More sharing options...
bludgard Posted September 27, 2011 Report Share Posted September 27, 2011 I am with -pops-. Although recovering your machine to a safe/reliable state is more efficient with a previously created system image, a clean install of the OS is the only other way to insure the return of a heathy system. It is possible to clean your system of malware, but with the removal of viri/malware there is often the colateral damage of removing legitamate files necessary for the machine to perform at par. Most likely, one will fix a specific issue to have another raise its ugly head. In your log is:Malware.TraceC:\Windows\TASKS\{22116563-108C-42c0-A7CE-60161B75E508}.job(x86) HKU\S-1-5-21-2852480957-4085591632-1622588118-1001\Software\NtWqIVLZEWZU This entry is associated with Fake-Alert (a trojan downloader) or something similar. Did/do you by chance have pop-ups informing you that there were hundreds of infections on your machine and that you needed/need to remove the infections by clicking on a certain window? As it is now in the wee hours here, I will give the logs another looking-over with fresh eyes later today. If you care to continue resolving this issue, I will be more than happy to lend a hand. In the meantime, please post a similarly formatted screenshot of all running processes in Task Manager from Windows normal mode with your next post. Toodles Quote Link to comment Share on other sites More sharing options...
nickster Posted September 29, 2011 Author Report Share Posted September 29, 2011 I am with -pops-. Although recovering your machine to a safe/reliable state is more efficient with a previously created system image, a clean install of the OS is the only other way to insure the return of a heathy system. It is possible to clean your system of malware, but with the removal of viri/malware there is often the colateral damage of removing legitamate files necessary for the machine to perform at par. Most likely, one will fix a specific issue to have another raise its ugly head. In your log is:Malware.TraceC:\Windows\TASKS\{22116563-108C-42c0-A7CE-60161B75E508}.job(x86) HKU\S-1-5-21-2852480957-4085591632-1622588118-1001\Software\NtWqIVLZEWZU This entry is associated with Fake-Alert (a trojan downloader) or something similar. Did/do you by chance have pop-ups informing you that there were hundreds of infections on your machine and that you needed/need to remove the infections by clicking on a certain window? As it is now in the wee hours here, I will give the logs another looking-over with fresh eyes later today. If you care to continue resolving this issue, I will be more than happy to lend a hand. In the meantime, please post a similarly formatted screenshot of all running processes in Task Manager from Windows normal mode with your next post. Toodles I have been busy with college and work, so haven't booted to regular mode yet, but here is the Malwarebytes log. I haven't gotten a pop up recently about being infected, but I have never clicked on ads like pop ups that have an urgent request to download their "product"Thank you. Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 7821Windows 6.1.7601 Service Pack 1 (Safe Mode)Internet Explorer 9.0.8112.164219/28/2011 7:49:17 PMMalwarebytes log 2011-09-28 (19-48-51)Scan type: Full scan (C:\|)Objects scanned: 373074Time elapsed: 1 hour(s), 14 minute(s), 14 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 7Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{b33ee05e-0e9f-5672-5ac7-4fedac3dbf5c} (Adware.Ezula) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{eca3e63b-2d45-2cad-efb1-65fd6c346935} (Adware.LoudMo) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\CB0GKKO4NC (Trojan.FakeAlert) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\OUU6KC5WPX (Trojan.FakeAlert) -> No action taken.HKEY_CURRENT_USER\Software\FLV Direct Player (Adware.FLVPlayer) -> No action taken.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.I have told Malwarebytes to remove and apparently did. Quote Link to comment Share on other sites More sharing options...
bludgard Posted September 29, 2011 Report Share Posted September 29, 2011 Run this program to remove Norton. Find your version from the list provided on the webpage. There are instructions for usage; including backing up your product key in case you want to reinstall. As the original topic is:"System resources being hogged in regular mode starting at bootup" There is no way to troubleshoot further until an attempt is made to boot Windows normally. I guess you could work in Safe Mode indefinately (what a drag on such a nice OS). I'll be around, nickster. Handle your work and school. When you get caught up, we can see what is what. In the meantime, there are some ipads here at a really great price. :lol: Quote Link to comment Share on other sites More sharing options...
-pops- Posted September 29, 2011 Report Share Posted September 29, 2011 I'm still of the opinion that my suggestions in my post #6 is the way to go. It is the only way to guarantee that you are free of rubbish programs. Quote Link to comment Share on other sites More sharing options...
nickster Posted October 11, 2011 Author Report Share Posted October 11, 2011 I'm still of the opinion that my suggestions in my post #6 is the way to go. It is the only way to guarantee that you are free of rubbish programs. It looks like that is what I will do. I tried normal mode and clicked icons for anti spyware/malware as quickly as I could, but had splash screens for 3 of them up when my system hanged. Manually removing the bad items is very time-consuming. First, I'd have to determine what is bad using resource like this forum, which doesn;'t guarantee I wouldn't remove a critically-needed item. Thank you for the suggestions, folks. Steve Jobs ... RIP Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.