Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: possible infection  (Read 3553 times)

0 Members and 1 Guest are viewing this topic.

Sylverkitti

    Topic Starter


    Beginner

    Thanked: 1
    possible infection
    « on: October 05, 2015, 08:28:09 PM »
    ok so I ran all the usual checks when I thought something was wrong, and can't find anything. So, when my daughter has her facebook profile up playing games, the computer ALWAYS has issues, freezing, screens going part clear where you cannot see anything on part of them...and always you can hear it running hard. In my facebook profile it rarely has issues...same games...same browser...sometimes only moments apart...

    ok and looking in Task Manager to see whats running so hard is always "System"  file name of ntoskrnl and description of NT Kernel & System. This utilizes about 300k+ in memory. It runs ALL THE TIME, so it can't just be updates?

    here are my needed files:

    # AdwCleaner v5.010 - Logfile created 05/10/2015 at 19:05:47
    # Updated 04/10/2015 by Xplode
    # Database : 2015-10-05.3 [Server]
    # Operating system : Windows 10 Home  (x64)
    # Username : Sylverkitti - SYLVERKITTI-HP
    # Running from : C:\Users\Sylverkitti\Downloads\adwcleaner_5.010.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [-] [C:\Users\Sylverkitti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Sylverkitti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : conduit.search
    [-] [C:\Users\Sylverkitti\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Sylverkitti\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP528249B0-15F1-43CD-B2AC-438DA1C55117&SSPV=

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [1269 bytes] ##########



    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/5/2015
    Scan Time: 7:13 PM
    Logfile: malwarebytes1.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.10.05.07
    Rootkit Database: v2015.10.02.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Sylverkitti

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 538006
    Time Elapsed: 37 min, 34 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)



     Results of screen317's Security Check version 1.009 
       x64 (UAC is enabled) 
     Internet Explorer 11 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
    Avira Antivirus   
    Windows Defender   
     Antivirus up to date!   
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Java 8 Update 60 
     Adobe Flash Player    19.0.0.185 
     Adobe Reader XI 
     Mozilla Firefox (41.0.1)
     Google Chrome (45.0.2454.101)
     Google Chrome (45.0.2454.99)
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbam.exe 
     Avira Antivir avgnt.exe
     Avira Antivir avguard.exe
     Malwarebytes Anti-Malware mbamscheduler.exe   
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C:  %
    ````````````````````End of Log``````````````````````[/u]

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 988
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: possible infection
    « Reply #1 on: October 06, 2015, 04:21:29 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Windows 10 comes with its' own AV called Windows Defender. If you wish to use another AV you should disable WD.
    *********************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    Sylverkitti

      Topic Starter


      Beginner

      Thanked: 1
      Re: possible infection
      « Reply #2 on: October 06, 2015, 07:23:29 PM »
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 7.6.4 (09.28.2015:1)
      OS: Windows 10 Home x64
      Ran by Sylverkitti on Tue 10/06/2015 at 20:15:14.64
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      ~~~ Services



      ~~~ Tasks



      ~~~ Registry Values



      ~~~ Registry Keys

      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util BetterBrowse



      ~~~ Files



      ~~~ Folders

      Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin



      ~~~ FireFox

      Emptied folder: C:\Users\Sylverkitti\AppData\Roaming\mozilla\firefox\profiles\j0x8odpj.default\minidumps [18 files]



      ~~~ Chrome

      Successfully deleted: [Folder] C:\Users\Sylverkitti\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic

      [C:\Users\Sylverkitti\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

      [C:\Users\Sylverkitti\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
      gpdjojdkbbmdfjfahjcgigfpmkopogic

      [C:\Users\Sylverkitti\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

      [C:\Users\Sylverkitti\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
      [
        gpdjojdkbbmdfjfahjcgigfpmkopogic
      ]





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on Tue 10/06/2015 at 20:19:37.38
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 988
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: possible infection
      « Reply #3 on: October 07, 2015, 01:02:51 PM »
      I'd like to scan your machine with ESET OnlineScan

      •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan

      •Click the button.
      •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the icon on your desktop.
      •Check
      •Click the button.
      •Accept any security warnings from your browser.
      • Leave the check mark next to Remove found threats.
      •Check
      •Push the Start button.
      •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      •When the scan completes, push
      •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      •Push the button.
      •Push
      A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      Sylverkitti

        Topic Starter


        Beginner

        Thanked: 1
        Re: possible infection
        « Reply #4 on: October 07, 2015, 07:34:12 PM »
        ok I may have done something wrong? I did not get any export to text option, or anything, but it said no threats found....issue seems to be getting worse, had to shut my browser down and restart comp a few times today bc it all froze...

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 988
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: possible infection
        « Reply #5 on: October 07, 2015, 07:55:46 PM »
        What browser are you using?
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

        Sylverkitti

          Topic Starter


          Beginner

          Thanked: 1
          Re: possible infection
          « Reply #6 on: October 07, 2015, 07:59:07 PM »
          firefox

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 988
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: possible infection
          « Reply #7 on: October 08, 2015, 03:18:59 PM »
          Does it do the same thing with IE?
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          Sylverkitti

            Topic Starter


            Beginner

            Thanked: 1
            Re: possible infection
            « Reply #8 on: October 08, 2015, 04:35:13 PM »
            does the computer act up the same with IE? or are you talking about the file download we just tried?

            Sylverkitti

              Topic Starter


              Beginner

              Thanked: 1
              Re: possible infection
              « Reply #9 on: October 09, 2015, 03:09:38 PM »
              everything is much worse in IE, when I try to do anything full screen the thing flashes and blinks out all pixelated.

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 988
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: possible infection
              « Reply #10 on: October 09, 2015, 03:57:53 PM »
              In that case I suspect there is something not quite right with your hardware. Someone needs to check this computer to make sure all connections are secure. You should also check the hard drive and the RAM using the tools below.

              Run hard drive diagnostics: tacktech.com
              Make sure, you select tool, which is appropriate for the brand of your hard drive.
              Depending on the program, it'll create bootable floppy, or bootable CD.
              If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
              For Toshiba hard drives, see here:

              Note : If you do not know how to set your computer to boot from CD follow the steps here
              **********************************************
              That could be a problem with bad RAM. Please run this check just to eliminate that possibility.
              Test your RAM here.

              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              Sylverkitti

                Topic Starter


                Beginner

                Thanked: 1
                Re: possible infection
                « Reply #11 on: October 10, 2015, 05:55:58 PM »
                its hard to believe that its hardware related when it only acts up when Im using facebook....

                but you never know? ok so I have an HP computer but I do not see HP computers listed......

                Sylverkitti

                  Topic Starter


                  Beginner

                  Thanked: 1
                  Re: possible infection
                  « Reply #12 on: October 10, 2015, 06:23:04 PM »
                  well I guess this is all beyond me? I tried the RAM thing, downloaded it but when I tried to unpack file it was corrupted.

                  I tried to figure out the DFT but it pulls up no devices...its all blank...

                  SuperDave

                  • Malware Removal Specialist


                  • Genius
                  • Thanked: 988
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: possible infection
                  « Reply #13 on: October 10, 2015, 07:47:20 PM »
                  You could try resetting your browsers back to their defaults.
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender