Unsure about possible infection?

[Nixboiz]

Hi,

I am looking for help, please.

Within the past 2 weeks my computer has had four unexpected shut-downs.  I am unsure if they were crashes as no loss of data has occurred and the computer has restarted without problems.  In addition there is much lags/delays from hanging as in a "not responding" state to mouse/keyboard actions which take so much time to perform  any task that web search etc becomes unbearably slow especially when using Firefox and Word or Excel.  I noticed that the version of FF on my 64-bit computer was 32-bit so I installed the 64-bit version which changed nothing and seemed to in fact worsen the problem.  I ran Malware Bytes and came to the forum where the next step seems to be installing Farbar which I delayed doing as Windows Defender kicked in with an alert which made me wary of proceeding.  Seeing as Hijack This was a tool used by the specialists at MWB in the past I ran a scan with that.  Please note that I have not made any system changes since making the two scans on the 23 Sept. Today I chose to over-ride Windows Defender and have attached the Farbar scan results.

Many thanks for your time.

Nicola

 

hijackthis_log 23Sept2017.txt

malwarebytes scan 23Sept2017.txt

Farbar-27sept2017_Addition.txt

Farbar-27sept2017_FRST.txt

[AdvancedSetup]

Hello @Nixboiz and

The Malwarebytes log says you did not choose to remove what was found.  "No Action By User,"

Please make sure you have the program remove what it finds.

Let's run a new scan please.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

• If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• If you don't have Malwarebytes 3 installed yet please download it from here and install it.
• Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
• If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

• Right-click on the program and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now if any items were found.
• After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER and then get new, updated logs for FRST below.

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
• Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

[Nixboiz]

Thank for the quick reply.

MWB Version Information

MWB v-3.2.2.2029
Component package v-1.0.188
Update package v-1.0.2896.

I have looked through all the tabs but do not see an update button, so will await your instruction to proceed with scan.

 

 

Two things I forgot to mention in the original post 

1.  As soon as MWB was installed IoBit disappeared from my computer and it is no longer in the list of programmes.  A quick search revealed this information http://www.iobit.com/incompatible-notice/asc/steps-to-use-asc.php  but I have taken no further steps not studied the information closely yet.  I confess I do not know much about Iobit other than my husband installed it.

2.  Google Chrome is working much better than FFox although it does freeze up occasionally but not as frequently as the preferred FFox

[AdvancedSetup]

Our program will normally automatically check for updates when you open it. We only detect a portion of the iObit software and remove it. They make a lot of software and we don't flag it as it does not fit the category to be listed as such. This is a Chinese company that years ago stole our database to use for their product. I'm not aware of any similar activity though in years from them.

Please proceed with the scans above.

Thanks

Ron

 

[Nixboiz]

Attached are all the logs of the scans as requested.  MWB found 0 threats this time.

Again my computer has crashed -- twice in the last two days

Hear from you soon and thanks.

AdwCleaner28sept2017[S2].txt

AdwCleaner28sept2017[S1].txt

AdwCleaner28setp2017[S3].txt

malwarebytes scan 28Sept2017.txt

Farbar-28sept2017FRST.txt

Farbar-28sept2017Addition.txt

[AdvancedSetup]

Sorry for the delay. Did not appear to get a mail response that you had replied.

The logs do not indicate anything specifically malware related that would cause a shutdown. Most malware does not shut down the computer.

There is this entry, but it may not be related to a shutdown either.

Application errors:
==================
Error: (09/29/2017 02:10:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x596dbeec
Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0xadaa6ed6
Exception code: 0xe0434352
Fault offset: 0x000eb832
Faulting process id: 0xd40
Faulting application start time: 0x01d33884fed470bf
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: f6b687ba-6e4e-4894-be4d-bc2445878f85
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/29/2017 02:10:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
   at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

You can try reading the pinned topics in this forum below and see if they can assist you further.

https://forums.malwarebytes.com/forum/160-bsod-crashes-kernel-debugging/

Thank you

Ron

 

[Nixboiz]

 

so, I gather that there is nothing more to be done here.  I have had a quick look at the topics in the forum link, so will start a new thread there.

 

Thank you...

[AdvancedSetup]

The logs are not showing anything that would account for a reboot. The forum I linked you to can do a lot of other checks to see what's causing a crash.

Best of luck, I'm sure they can assist you.

Ron