dt3 Posted September 21, 2020 ID:1408734 Share Posted September 21, 2020 My computer is def infected with something. Started noticing issue 10 days ago. First chrome/firefox/IE were very slow to open a website getting stuck on resolving host. Then computer started hanging on shut down saying configuring windows even though no updates were installed. Tried doing a restore point and it wouldn't let it, D/L malwarebytes but couldn't be installed/ anti virus wouldn't scan. And yesterday I got an email that someone tried to access my email account from Indonesia I did finally manage to get malware bytes with my room mates helps but it only runs in safe mode, and the problem is still there even after quarantining some item it found . I have attached farbar logs which I was only able to do in safe mode. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 22, 2020 ID:1408916 Share Posted September 22, 2020 (edited) Hello dt3 and welcome to Malwarebytes, Contnue with the following: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply.... fixlist.txt Edited September 22, 2020 by kevinf80 typing error Link to post Share on other sites More sharing options...
dt3 Posted September 22, 2020 Author ID:1408925 Share Posted September 22, 2020 Hi Kevin, Thanks for the reply. I have attached the fix log. I'm running everything in safe mode as that's the only way they open. Please note since I ran FRST for the above post it was randomly uninstalled from my system. When I D/L it again it would not let me save it to desktop and said something about permission required I had to save it to another directory and move it to desktop in safe mode. I'm confident the fix was run properly but wanted to bring that to your attention in case it didn't. Fixlog.txt Link to post Share on other sites More sharing options...
dt3 Posted September 22, 2020 Author ID:1408927 Share Posted September 22, 2020 I am currently unable to open malware bytes. Should I go to next step and run Adwcleaner? Link to post Share on other sites More sharing options...
kevinf80 Posted September 22, 2020 ID:1408939 Share Posted September 22, 2020 Yes please run the remaining steps, we`ll have a look at Malwarebytes later. Also could you zip up and attach this folder C:\Windows\minidump You may have to copy the folder to your Desktop and zip up from there... Link to post Share on other sites More sharing options...
dt3 Posted September 22, 2020 Author ID:1408942 Share Posted September 22, 2020 Attached pls find the following logs ADWCleaner log from 5 days ago, I installed this then on advice of a friend it picked up some things that it got rid off when I ran it then. ADWCleaner from today. MSERT log- I think this is a false positive. I have had a cracked version of office for a long time without any issues but if that's the issue I'm happy to remove it. AdwCleaner[C00].txt AdwCleaner[S03].txt msert.log Link to post Share on other sites More sharing options...
dt3 Posted September 22, 2020 Author ID:1408943 Share Posted September 22, 2020 I'm having a hard time uploading the zip file. My browser just hands and eventually I get an error message that it couldn't upload any ideas? Link to post Share on other sites More sharing options...
dt3 Posted September 22, 2020 Author ID:1408959 Share Posted September 22, 2020 This should work Minidump.zip Link to post Share on other sites More sharing options...
kevinf80 Posted September 22, 2020 ID:1408998 Share Posted September 22, 2020 Hiya dt3, It is possible your video card maybe failing, can you do a stress check with the following: https://geeks3d.com/furmark/ Thanks, Kevin.. Link to post Share on other sites More sharing options...
dt3 Posted September 22, 2020 Author ID:1409005 Share Posted September 22, 2020 Yes I was def having issues with the video card before this. In fact I purchased a new video card but I'm not sure if I should put it in while you are doing this diagnostics. Link to post Share on other sites More sharing options...
dt3 Posted September 22, 2020 Author ID:1409010 Share Posted September 22, 2020 Can't seem to run it I get a "Could not intialize ZoomGPU startup failed" message. Link to post Share on other sites More sharing options...
kevinf80 Posted September 22, 2020 ID:1409027 Share Posted September 22, 2020 Hiya dt3 I believe the only problem you have is down to the video card, nearly all dump files do indicate that... I did not expect the stress test to work, but dd have to try. Change the card and try it out... Thanks, Kevin.. Link to post Share on other sites More sharing options...
dt3 Posted September 22, 2020 Author ID:1409036 Share Posted September 22, 2020 Can the video card issue be causing the problems I'm still having like malwarebytes not running, internet very slow (hanging), computer hanging on shut downs/restarts. Link to post Share on other sites More sharing options...
kevinf80 Posted September 23, 2020 ID:1409102 Share Posted September 23, 2020 Have you changed the video card...? Link to post Share on other sites More sharing options...
dt3 Posted September 23, 2020 Author ID:1409115 Share Posted September 23, 2020 Hi yes new card is in, still having same issues. Link to post Share on other sites More sharing options...
kevinf80 Posted September 23, 2020 ID:1409125 Share Posted September 23, 2020 When you installed the card did you also install the latest drive from video cards manf. website, or let windows attribute driver at boot. Link to post Share on other sites More sharing options...
dt3 Posted September 23, 2020 Author ID:1409128 Share Posted September 23, 2020 I D/L latest drive to install but it just hangs midway through installation and in safe mode I get an error message that Visual C++ can not be installed in safe mode. Link to post Share on other sites More sharing options...
kevinf80 Posted September 23, 2020 ID:1409132 Share Posted September 23, 2020 Set your system to run in clean boot mode, see how it responds. Full instructions at the following link... https://support.microsoft.com/en-gb/kb/929135 Basically all none MS services are disabled, see how your system runs in that mode. Link to post Share on other sites More sharing options...
dt3 Posted September 23, 2020 Author ID:1409138 Share Posted September 23, 2020 Followed your link to try and do a clean boot but system wont turn down properly when it comes time to restart. I first get a message saying waiting for task host window, I wait for it but nothing happens so I press force restart. Then I get the next message 'failure to display security and shut down options' and I'm forced to shut down manually. I've attached pics so you can see what I'm dealing with. Is there another way to do a clean boot? Link to post Share on other sites More sharing options...
kevinf80 Posted September 23, 2020 ID:1409164 Share Posted September 23, 2020 Try the following.... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. fixlist.txt Link to post Share on other sites More sharing options...
dt3 Posted September 23, 2020 Author ID:1409177 Share Posted September 23, 2020 Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 23, 2020 ID:1409191 Share Posted September 23, 2020 Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. The file will be randomly named Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm Run Dr Web Tick the I agree box and select continue Click select objects for scanning Tick all boxes as shown Click the wrench and select automatically apply actions to threats Press start scan The scan will now commence Once the scan has finished click open report <<<--- Do not miss this step A notepad will open Select File > Save as.. Save it to your desktop This log will be excessive, Please attach it to your next reply… Link to post Share on other sites More sharing options...
dt3 Posted September 23, 2020 Author ID:1409199 Share Posted September 23, 2020 It wont run. I am in safe mode. I click on it and nothing happens. Link to post Share on other sites More sharing options...
kevinf80 Posted September 23, 2020 ID:1409208 Share Posted September 23, 2020 I do not believe there is any malware or infection on your system, there was no evidence showing in FRST logs. In my opinion the best way forward is a repair install of the OS, no personal stuff will be lost. Full instructions at the following link: https://www.sevenforums.com/tutorials/3413-repair-install.html Let me know if that option is ok for you... Link to post Share on other sites More sharing options...
dt3 Posted September 23, 2020 Author ID:1409219 Share Posted September 23, 2020 A couple questions before I give this a try. 1. What do you think is causing programs not to run. Like malwarebytes, Dr web. This isn't malware related? 2. If I did have malware would this take care of it or would it remain on there? Thanks Link to post Share on other sites More sharing options...
Recommended Posts