Jump to content

Infected windows 7 machine (freezes)

Arimyth

By Arimyth
in Resolved Malware Removal Logs

 Share

Recommended Posts

Arimyth

Arimyth

Posted
Posted

I've been on this forum once before with an issue. Been clean for 327 days but recently caught a bug.

The symptoms are that my computer will periodically freeze up (I still see things update such as live notifications, video feed, or new messages) but everything is unclickable and unresponsive. The hover animations don't appear and no clicks will register. I originally thought this was only when I let my computer idle for a few minutes or more but it happens pretty much any time now (although less common when I'm using it).

This will last until I do ctrl + alt + del and click once. It'll seemingly "jump" or "refresh" the system and the next time I try to click or hover over something (i.e. the task manager) it will work as normal and so will everything else on my computer. This will last for however long it takes for the bug to reappear.

Note that there may be other ways to mitigate the system besides ctrl + alt + del but I haven't found any others.

I've run MalwareBytes scans, Zemana Anti Malware scans, and a RogueKiller scan which all came up clean.

Attached below are the requested logs.

Addition.txt

FRST.txt

MalwareBytes.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @Arimyth and :welcome:

The computer does not look to be infected. There are some issues with some drivers, or program settings. You VSS is not saving backups as the system is too busy.

Your Google Chrome is way out of control. I realize it might be difficult for you to reset it as you have what looks to be a ton of customization going on with it but it's also sucking down almost all your resources.
My advise would be to do a full reset of Chrome back to factory defaults. Then only put back extensions your really need and use daily.

Take a look and make sure your  network card drivers are up to date. I believe this is the link for your updates but double-check and verify

Killer E240x Rivet Networks
https://www.killernetworking.com/driver-downloads/item/killer-drivers-64bit

 

Quote

 

System errors:
=============
Error: (09/02/2018 11:06:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AnyDesk Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/02/2018 09:37:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/02/2018 09:37:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/02/2018 09:37:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/02/2018 09:37:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/02/2018 09:37:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/02/2018 06:00:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AnyDesk Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/02/2018 05:59:20 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume ? were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

 

 

 

 

 

 

 

Thanks

Ron

 

Link to post
Share on other sites
Arimyth

Arimyth

Posted
  • Author
Posted

Hey. Thanks for the response. I am fairly convinced that I have an infection in my computer due to the fact that I only noticed this after a certain day (the 21st of August) which is when I was downloading a lot of files. Unfortunately I cannot return to that restore point as the zoek.exe program I ran created a restore point and when the scan failed and I tried to return to it, not only did it fail but it deleted all my other restore points.

No changes to Chrome were made during the time that this error popped up, and it also causes certain programs with startup overlays such as Malwarebytes and Sketchbook by Autodesk to be unclickable (i.e. the "x" button can't be clicked therefore rendering the program unusable).

Do you have any idea why the zoek.exe scan I ran stops and fails indefinitely at "Firefox Extensions"?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

We can use some other scanners but rarely is FRST not finding even entrenched infections. Extension junk maybe but not real threats.

As for zoek I've not used that in probably 5 years and even then probably only once or twice. Combofix back in the day was the king of scanners and is still an awesome scanner for Windows computers prior to Windows 8.1.  FRST has sort of taken over as the main scanner for gathering information, then writing scripts to deal with what is found.

 

Please run the following  and post back the log as an attachment when ready and we'll see if it finds anything or not. Make sure you fully close Chrome and any other obvious programs like chat programs, P2P, etc.

 

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

Thanks

Ron

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay, let me have you run the following.

Make sure your Antivirus is disabled while scanning

 

Please visit this web page and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

Ron

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

So it's just Malwarebytes that is giving you an issue? If so then perhaps a clean removal and reinstall will correct that.

 

 

Please download the Malwarebytes Support Tool and use it to do a Clean Removal and reinstall of Malwarebytes

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by the User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a check-mark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link - do not click Get Started

    mbst-welcome.jpg.2300dd6068ae92db1bdc8f0
     
  • Click the CLEAN button

    mbst-clean.jpg.f6ef4b074d793ab7a1028ff08|
     
  • A progress bar will appear and the program will proceed to remove Malwarebytes from your computer
  • Upon completion, click OK
  • Follow the onscreen prompts to reboot and reinstall Malwarebytes

 

Then let me know if you're still having issues

Thanks

Ron

 

Link to post
Share on other sites
Arimyth

Arimyth

Posted
  • Author
Posted (edited)

No it's not just MalwareBytes. As shown in the video, Sketchbook also gives the "unclickable" symptom, as well as my entire screen becoming periodically unclickable until I do "ctrl alt del".

As a sidenote, I have tried two clean removals and installs for both programs.

Edited by Arimyth
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Not really sure what's going on but neither are a sign of any infection I've ever seen or heard of. Browsers yes, other programs no.

Could possibly try a temp file cleanup, beyond that I'd probably look at trying a video driver update. If you have a previous System Restore Point you might try going back to that. Create a new one for the way the system is now. Then go back to an older System Restore and see if it fixes it or not.

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

I doubt it will help but I'd recommend you do a Full disk check regardless. That will at least ensure the integrity of all your data.

From an elevated admin command prompt you can type in 

CHKDSK   C:   /R

It will say it can't lock the drive. Press the Y key to allow it to run after a reboot. Then reboot and let it run. 

If not working then make a New, System Restore Point
Then look at updating your video card drivers.

Not really seeing any reason for your current issue.

 

Link to post
Share on other sites
Arimyth

Arimyth

Posted
  • Author
Posted

Did the steps you suggested and it ran the diagnostic on the next boot. I didn't watch it till it finished but when I came back my computer had rebooted so I suppose it was successful.

I also updated the graphics drivers to the latest version with no improvement to the issue.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Sorry, wish I knew what was wrong but not seeing anything obvious and the computer logs don't show an infection.

Might try opening a new topic in the following forum and see if someone else can assist you further.

General Windows PC Help
https://forums.malwarebytes.com/forum/6-general-windows-pc-help/

Ron

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.