Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Sylverkitti on October 05, 2015, 08:28:09 PM
-
ok so I ran all the usual checks when I thought something was wrong, and can't find anything. So, when my daughter has her facebook profile up playing games, the computer ALWAYS has issues, freezing, screens going part clear where you cannot see anything on part of them...and always you can hear it running hard. In my facebook profile it rarely has issues...same games...same browser...sometimes only moments apart...
ok and looking in Task Manager to see whats running so hard is always "System" file name of ntoskrnl and description of NT Kernel & System. This utilizes about 300k+ in memory. It runs ALL THE TIME, so it can't just be updates?
here are my needed files:
# AdwCleaner v5.010 - Logfile created 05/10/2015 at 19:05:47
# Updated 04/10/2015 by Xplode
# Database : 2015-10-05.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Sylverkitti - SYLVERKITTI-HP
# Running from : C:\Users\Sylverkitti\Downloads\adwcleaner_5.010.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\Sylverkitti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Sylverkitti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : conduit.search
[-] [C:\Users\Sylverkitti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Sylverkitti\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP528249B0-15F1-43CD-B2AC-438DA1C55117&SSPV=
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [1269 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/5/2015
Scan Time: 7:13 PM
Logfile: malwarebytes1.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.10.05.07
Rootkit Database: v2015.10.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Sylverkitti
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 538006
Time Elapsed: 37 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Avira Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 8 Update 60
Adobe Flash Player 19.0.0.185
Adobe Reader XI
Mozilla Firefox (41.0.1)
Google Chrome (45.0.2454.101)
Google Chrome (45.0.2454.99)
````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Windows 10 comes with its' own AV called Windows Defender. If you wish to use another AV you should disable WD.
*********************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Home x64
Ran by Sylverkitti on Tue 10/06/2015 at 20:15:14.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util BetterBrowse
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin
~~~ FireFox
Emptied folder: C:\Users\Sylverkitti\AppData\Roaming\mozilla\firefox\profiles\j0x8odpj.default\minidumps [18 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Sylverkitti\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
[C:\Users\Sylverkitti\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Sylverkitti\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gpdjojdkbbmdfjfahjcgigfpmkopogic
[C:\Users\Sylverkitti\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Sylverkitti\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gpdjojdkbbmdfjfahjcgigfpmkopogic
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/06/2015 at 20:19:37.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
ok I may have done something wrong? I did not get any export to text option, or anything, but it said no threats found....issue seems to be getting worse, had to shut my browser down and restart comp a few times today bc it all froze...
-
What browser are you using?
-
firefox
-
Does it do the same thing with IE?
-
does the computer act up the same with IE? or are you talking about the file download we just tried?
-
everything is much worse in IE, when I try to do anything full screen the thing flashes and blinks out all pixelated.
-
In that case I suspect there is something not quite right with your hardware. Someone needs to check this computer to make sure all connections are secure. You should also check the hard drive and the RAM using the tools below.
Run hard drive diagnostics: tacktech.com (http://www.tacktech.com/display.cfm?ttid=287)
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: imgburn (http://www.imgburn.com/) to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here: (http://sdd.toshiba.com/main.aspx?Path=ServicesSupport/FujitsuDrivesUSandCanada/SoftwareUtilities#diagnostic)
Note : If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
**********************************************
That could be a problem with bad RAM. Please run this check just to eliminate that possibility.
Test your RAM here. (http://www.memtest86.com/)
-
its hard to believe that its hardware related when it only acts up when Im using facebook....
but you never know? ok so I have an HP computer but I do not see HP computers listed......
-
well I guess this is all beyond me? I tried the RAM thing, downloaded it but when I tried to unpack file it was corrupted.
I tried to figure out the DFT but it pulls up no devices...its all blank...
-
You could try resetting your browsers back to their defaults.