Solved Using 96% RAM with 3 tabs open

August 31, 2014 at 04:29:39
Specs: Windows 8.1, i5-4690k/ 8gb 1600mhz ram
Using 96% ram with 3 tabs open and thats it
[IMG]http://i61.tinypic.com/2ivybgw.png[/IMG]
[IMG]http://i62.tinypic.com/2r4lm6s.jpg[/IMG]
[IMG]http://i58.tinypic.com/20poht0.png[/IMG]

See More: Using 96% RAM with 3 tabs open

Report •


✔ Best Answer
August 31, 2014 at 08:19:08
Yeah tricky to read images and now they are getting covered with an un-removable advert.

Download, Install, Update and Run this:
http://filehippo.com/download_malwa...
(from green button top right).

If it finds anything copy/paste the log on here so that we have an idea what is going on.

Always pop back and let us know the outcome - thanks



#1
August 31, 2014 at 04:36:27
So what's the problem?

High memory usage in itself is not a problem. Windows will use as much memory as it can get access to.

Stuart


Report •

#2
August 31, 2014 at 05:19:22
It's never normally that high? And some programs such as battlefield get really laggy

And the processes don't add up,

message edited by LukeyWo


Report •

#3
August 31, 2014 at 05:54:32
The images are virtually unreadable but the last one shows the Non Paged Pool is extremely high. This is likely due to a driver problem or malware.

Report •

Related Solutions

#4
August 31, 2014 at 08:19:08
✔ Best Answer
Yeah tricky to read images and now they are getting covered with an un-removable advert.

Download, Install, Update and Run this:
http://filehippo.com/download_malwa...
(from green button top right).

If it finds anything copy/paste the log on here so that we have an idea what is going on.

Always pop back and let us know the outcome - thanks


Report •

#5
August 31, 2014 at 08:36:37
Will do downloading now thanks for the help guys

Report •

#6
August 31, 2014 at 08:46:08
Here are the results, they probably mean more to you than me

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Luke

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364846
Time Elapsed: 2 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.Astromenda, HKU\S-1-5-21-707678292-1697937155-3482057288-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, , [120c79540d6e2511a59b6d0930d209f7],
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, , [120c79540d6e2511a59b6d0930d209f7],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, , [c7577c5145366bcb7b751321d133837d],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-707678292-1697937155-3482057288-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WSE_Astromenda, , [de401db0d4a74cea3f72de0f0df5df21],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-707678292-1697937155-3482057288-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [7ca2b5182a5157df6849e73642c17d83],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-707678292-1697937155-3482057288-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [cf4fa32abbc07bbb7392e74d7391e020],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-707678292-1697937155-3482057288-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [d64827a6daa13bfbaf40f63e47bde020],

Registry Values: 3
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 1605757059080283504, , [c7577c5145366bcb7b751321d133837d]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-707678292-1697937155-3482057288-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2Y1E2Z1G1J1T1M, , [cf4fa32abbc07bbb7392e74d7391e020]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-707678292-1697937155-3482057288-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1605757059080283504, , [d64827a6daa13bfbaf40f63e47bde020]

Registry Data: 1
PUP.Optional.Astromenda.A, HKU\S-1-5-21-707678292-1697937155-3482057288-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://astromenda.com/?f=1&a=ast_app_14_35_ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0Bzy0C0EzztA0BtBtAtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzz0AtCyEtBtDtBtG0BtBzz0EtG0E0AzzyDtGyB0FtB0FtGtDzyyEyD0CyD0AtD0B0AzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FtAyEyByEtDtDtGyE0CyC0DtGyE0Ezy0CtGzzyEyDyBtGtD0DyBtAzyyE0E0FyDzzzy0D2Q&cr=446438627&ir=, Good: (www.google.com), Bad: (http://astromenda.com/?f=1&a=ast_app_14_35_ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0Bzy0C0EzztA0BtBtAtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzz0AtCyEtBtDtBtG0BtBzz0EtG0E0AzzyDtGyB0FtB0FtGtDzyyEyD0CyD0AtD0B0AzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FtAyEyByEtDtDtGyE0CyC0DtGyE0Ezy0CtGzzyEyDyBtGtD0DyBtAzyyE0E0FyDzzzy0D2Q&cr=446438627&ir=),,[a47ad4f9a3d876c0da7c51977f85bf41]

Folders: 2
PUP.Optional.Astromenda.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda, , [23fba32abdbe5fd7b3a48663cf33a45c],
PUP.Optional.Astromenda.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc, , [23fba32abdbe5fd7b3a48663cf33a45c],

Files: 4
PUP.Optional.Astromenda.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, , [23fba32abdbe5fd7b3a48663cf33a45c],
PUP.Optional.Astromenda.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, , [23fba32abdbe5fd7b3a48663cf33a45c],
PUP.Optional.Astromenda.A, C:\Users\Lukas\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, , [23fba32abdbe5fd7b3a48663cf33a45c],
PUP.Optional.Astromenda.A, C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://astromenda.com/?f=1&a=ast_app_14_35_ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0Bzy0C0EzztA0BtBtAtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzz0AtCyEtBtDtBtG0BtBzz0EtG0E0AzzyDtGyB0FtB0FtGtDzyyEyD0CyD0AtD0B0AzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FtAyEyByEtDtDtGyE0CyC0DtGyE0Ezy0CtGzzyEyDyBtGtD0DyBtAzyyE0E0FyDzzzy0D2Q&cr=446438627&ir=",), ,[5bc3b9147ffcc670561e2fe842c355ab]

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#7
August 31, 2014 at 09:00:11
Yes, at least two know badies there.

Go here, download and "Save" the file, using blue button top right:
http://www.bleepingcomputer.com/dow...
Run the Scan then paste the log on here please.

Win8.1 will complain about ADWCleaner being a suspicious file. It isn't but MS are slow to catch on. If this happens go to "More Info" and select "Run anyway".

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#8
August 31, 2014 at 09:08:56
i use Hotspot shield as my vpn?

# AdwCleaner v3.308 - Report created 31/08/2014 at 17:06:28
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Luke - LUKE
# Running from : C:\Users\Luke\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : hshld
Service Found : hsstrayservice
Service Found : hsswd

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\hotspot shield
Folder Found : C:\ProgramData\hotspot shield
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Found : C:\Users\Luke\AppData\Roaming\hotspot shield

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\IM
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\IM
Key Found : HKLM\SOFTWARE\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Google Chrome v26.0.1410.40

[ File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Homepage] : hxxp://astromenda.com/?f=1&a=ast_app_14_35_ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0Bzy0C0EzztA0BtBtAtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzz0AtCyEtBtDtBtG0BtBzz0EtG0E0AzzyDtGyB0FtB0FtGtDzyyEyD0CyD0AtD0B0AzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FtAyEyByEtDtDtGyE0CyC0DtGyE0Ezy0CtGzzyEyDyBtGtD0DyBtAzyyE0E0FyDzzzy0D2Q&cr=446438627&ir=
Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [2114 octets] - [31/08/2014 17:06:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2174 octets] ##########


Report •

#9
August 31, 2014 at 09:33:41
There's a fair bit of nonsense there. Uncheck all entries which refer to Hotspot shield then run the Clean. Note that some entries are just for information (no check boxes).

Let us know if there has been any improvement to your RAM usage and paste the new (cleaned) ADWCleaner log on here please.

Always pop back and let us know the outcome - thanks


Report •

#10
August 31, 2014 at 10:03:02
# AdwCleaner v3.308 - Report created 31/08/2014 at 17:56:37
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Lukas - LUKE
# Running from : C:\Users\Luke\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : hshld
[x] Not Deleted : hsstrayservice
[x] Not Deleted : hsswd

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\hotspot shield
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
[x] Not Deleted : C:\Program Files (x86)\hotspot shield
[x] Not Deleted : C:\Users\luke\AppData\Roaming\hotspot shield

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\IM
[x] Not Deleted : HKLM\SOFTWARE\hotspotshield
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Google Chrome v26.0.1410.40

[ File : C:\Users\luke\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Homepage] : hxxp://astromenda.com/?f=1&a=ast_app_14_35_ch&cd=2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0Bzy0C0EzztA0BtBtAtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzz0AtCyEtBtDtBtG0BtBzz0EtG0E0AzzyDtGyB0FtB0FtGtDzyyEyD0CyD0AtD0B0AzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FtAyEyByEtDtDtGyE0CyC0DtGyE0Ezy0CtGzzyEyDyBtGtD0DyBtAzyyE0E0FyDzzzy0D2Q&cr=446438627&ir=
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [2262 octets] - [31/08/2014 17:06:28]
AdwCleaner[R1].txt - [2322 octets] - [31/08/2014 17:09:35]
AdwCleaner[R2].txt - [2382 octets] - [31/08/2014 17:55:52]
AdwCleaner[S0].txt - [2275 octets] - [31/08/2014 17:56:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2335 octets] ##########

aaaaaaaand im on 12% ram thank you :D


Report •

#11
August 31, 2014 at 10:08:28
OK, the immediate problem has been resolved which can only help. However, I regard those two programs as "First Aid" which doesn't necessarily mean there is nothing else lurking (or its remnants). If you want to ensure that your computer is properly cleaned then let us know. If so I will alert another helper who, if available, might feel it worth digging deeper.

Always pop back and let us know the outcome - thanks


Report •

#12
August 31, 2014 at 10:22:26
A full clean would be extremely helpful, thank you for your help

Report •

#13
August 31, 2014 at 11:10:29
I think you made a wise decision. I will alert a "Johnw" from Perth Australia where it is now about 2.10am. If he wants to take the reins then he is unlikely to respond within 4 or 5 hours. Don't worry about the "Best Answer" you have given, that can be changed if you subsequently think fit, as I have no hang-ups about it. Pleased to have helped so far and to know that you are out of the immediate hole.

EDIT:
StuartS was indeed right in #1, although it is now clear that there was a specific reason.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#14
August 31, 2014 at 12:28:09
Sorry I'm new to all this haha, thanks for your help I chose your answer as you gave me away to fix with the link ect and you carried on your help throughout many thanks

message edited by LukeyWo


Report •

#15
August 31, 2014 at 12:36:21
No problem, review it again later. Have alerted Johnw.

Always pop back and let us know the outcome - thanks


Report •

#16
August 31, 2014 at 15:58:59
Thanks Derek.

First step.

Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

Next step, run Malwarebytes again.

Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif

Make sure you Quarantine everything it finds.

Copy and Paste the contents of the log, in your reply please.

message edited by Johnw


Report •

#17
August 31, 2014 at 16:03:00
Okay will do that now thanks for helping me out

Report •

#18
August 31, 2014 at 16:05:27
"Okay will do that now thanks for helping me out"
Note LukeyWo, I missed adding Junkware Removal Tool, sorry.

Report •

#19
August 31, 2014 at 16:15:04
This is the JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by Luke on 01/09/2014 at 0:08:33.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

Successfully stopped: [Service] hshld
Successfully deleted: [Service] hshld
Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Successfully stopped: [Service] hsswd
Successfully deleted: [Service] hsswd

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Luke\AppData\Roaming\hotspot shield"
Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/09/2014 at 0:10:11.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

and the malwarebytes log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01/09/2014
Scan Time: 00:11:32
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.31.07
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Luke

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366215
Time Elapsed: 2 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#20
August 31, 2014 at 16:19:56
Nice work LukeyWo.

I can do a deeper check on these logs for you, just to make really sure.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#21
August 31, 2014 at 16:31:45
The addition link
http://www63.zippyshare.com/v/95253...
The frst link
http://www63.zippyshare.com/v/85178...

Report •

#22
August 31, 2014 at 16:37:03
Whilst I check out the logs.

This is where a user is going wrong.

As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
Users are advised to pay attention while installing this ad-supported application:
Offers to change the homepage for web browsers installed in the system
Offers to change the default search engine for web browsers installed in the system
Offers to download or install software or components (such as browser toolbars) that the program does not require to fully function
At program startup/shutdown, opens web pages featuring advertising or similar income generating content
http://www.softpedia.com/get/Securi...
http://i.imgur.com/gcnOUV7.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
How to download from Softpedia
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif
A reliable application that aims to protect your computer against third-party components often offered during software installations.

Another tool to use, being Free, you have to update it manually, once a month is Ok.
SpywareBlaster
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/tut...
http://www.javacoolsoftware.com/spy...
FAQ
http://www.javacoolsoftware.com/spy...
Forum
http://www.wilderssecurity.com/foru...


Report •

#23
August 31, 2014 at 16:45:21
Oh i understand now, so some of the stuff ive installed, also installed other programs which had been using up my RAM ect? i do have Norton 360 running but ive ben told its not really worth it? and malwarebyte seems to do the same job better than norton so would i be alright just to remove that?

Report •

#24
August 31, 2014 at 16:58:20
"i do have Norton 360 running but ive ben told its not really worth it?"
I Agree.
Norton removal tool.
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

"and malwarebyte seems to do the same job"
The paid version, yes.

I use the default Microsoft AV & Firewall.


Report •

#25
August 31, 2014 at 17:10:33
Yeah i use them and did have norton, the link you posted doesnt seem to work for me?

Report •

#26
August 31, 2014 at 17:18:30
Links come & go.

norton uninstaller internet security windows 8
http://is.gd/U4w709


Report •

#27
August 31, 2014 at 17:21:14
Ahha my bad cheers for that. Thank you for everything you've done is there anything else that needs to be done or is that all?

message edited by LukeyWo


Report •

#28
August 31, 2014 at 17:25:16
After uninstalling Norton.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#29
August 31, 2014 at 17:31:56
it runs but im getting no log at the end of it?
just a error message telling me to not run in compatibility mode, which it isnt being run in compatibility mode.

message edited by LukeyWo


Report •

#30
August 31, 2014 at 17:35:14
" anything else that needs to be done or is that all?"
Still going through your Farbar logs.



Report •

#31
August 31, 2014 at 17:42:21
"just a error message telling me to not run in compatibility mode, which it isnt being run in compatibility mode"
Opp's my error, the program doesn't run on W8.

Will now need a few hours to finish the Farbar logs.


Report •

#32
August 31, 2014 at 17:46:41
Hahaa I thought it didn't work but everything you said so far has worked a treat so didn't want to question it. do you mind if i check back in the morning its 1.46am over here in the uk

message edited by LukeyWo


Report •

#33
August 31, 2014 at 17:49:19
Thought that would happen, catch you when we are both ready.

Report •

#34
August 31, 2014 at 17:50:20
I'll probably be back in a couple hours anyway so no rush take your time

Report •

#35
August 31, 2014 at 20:08:09
Here are other programs you had installed which also installed unwanted stuff.

PC Cleaner
http://www.softpedia.com/get/Tweak/...
Device Doctor
http://www.softpedia.com/get/System...

Copy & Paste the text below ( starting AlternateDataStreams ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

AlternateDataStreams: C:\Users\Lukas\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Lukas\SkyDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\Lukas\SkyDrive (4).old:ms-properties
AlternateDataStreams: C:\Users\Lukas\SkyDrive.old:ms-properties
C:\ProgramData\pclunst.exe
C:\Users\Lukas\jagex_cl_runescape_LIVE.dat
C:\Users\Lukas\jagex_cl_runescape_LIVE1.dat
C:\Users\Lukas\random.dat
C:\Users\Lukas\AppData\Local\Temp\ose00000.exe
C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe


Report •

#36
September 1, 2014 at 00:26:07
Here is the log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Lukas at 2014-09-01 08:25:18 Run:1
Running from C:\Users\Lukas\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\Users\Lukas\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Lukas\SkyDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\Lukas\SkyDrive (4).old:ms-properties
AlternateDataStreams: C:\Users\Lukas\SkyDrive.old:ms-properties
C:\ProgramData\pclunst.exe
C:\Users\Lukas\jagex_cl_runescape_LIVE.dat
C:\Users\Lukas\jagex_cl_runescape_LIVE1.dat
C:\Users\Lukas\random.dat
C:\Users\Lukas\AppData\Local\Temp\ose00000.exe
C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe
*****************

"C:\Users\Lukas\SkyDrive (2).old" => ":ms-properties" ADS not found.
"C:\Users\Lukas\SkyDrive (3).old" => ":ms-properties" ADS not found.
"C:\Users\Lukas\SkyDrive (4).old" => ":ms-properties" ADS not found.
"C:\Users\Lukas\SkyDrive.old" => ":ms-properties" ADS not found.
C:\ProgramData\pclunst.exe => Moved successfully.
C:\Users\Lukas\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Lukas\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Lukas\random.dat => Moved successfully.
C:\Users\Lukas\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====


Report •

#37
September 1, 2014 at 00:39:27
RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Download it onto your Desktop If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

You are now clean.


Report •

#38
September 1, 2014 at 03:00:55
Many many thanks Johnw, i can know use the infomation you've given me to help others with similar problems

Report •

#39
September 1, 2014 at 03:06:35
"Many many thanks Johnw"
YW Luke, Derek got you started on the right track.

Yep it's good that you can help others.


Report •

#40
September 1, 2014 at 05:30:54
Good to see a load more junk fly out of that machine - nice job Johnw and LukeyWo.

message edited by Derek


Report •

#41
September 1, 2014 at 06:28:11
Yeah I'm glad to see it go I've only had the pc 9 months built it myself I'll be a lot more vigilant on what I download in the future

Report •


Ask Question