Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i infected or is my pc dying?


  • Please log in to reply
9 replies to this topic

#1 Shivte

Shivte

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 22 January 2016 - 03:33 PM

Hey,

 

I've had some problems for some time now and i can't seem to fix it.

 

The first indicator of a problem was a few weeks ago when all of a sudden i would take like 2-3 minutes for my mouse to react when i start up my pc. The clicking reacted but i couldn't move the mouse untill after those few minutes. Sometimes the mouse would react more quickly after a startup then the other time. Prety weird and annoying. 

 

Also my keyboard starting doing weird. It's a logitech G19 gaming keyboard. I can type but the buttons illumination bugs out. Also it would stay on even while i power of my pc. That was fixed all of a sudden when electricity fell out for a moment in the house (lol) but the keyboard is still unresponsive to anything but pressing the buttons. Profiles wont work etc...

 

I tried uninstalling and reinstalling the drivers of both keyboard and mouse but that doesn't fix anything.

 

 

Now today my computer started bugging out with multimedia. I couldn't watch any vids anymore. Not online and not offline. It works for a bit after the startup and than it stops working. I cant watch vids on my harddrives or online. I can't play music anymore... Some programs work and others do nothing.

 

Like it's really messed up... 

 

I scanned for mallware with malwarebytes and doesn't find anything. If i let avira antirvirus scan it doesn't find anything either...

 

What is happening?



BC AdBot (Login to Remove)

 


#2 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:07:57 PM

Posted 22 January 2016 - 05:43 PM

Hey, Welcome to BC, please do as I instruct

 

1.I'd like us to scan your machine with ESET Online Scanner:


Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

2. Antivirus scan

 

Please run a full scan with the antivirus on your computer and post the log here. You should be able to find your scan log in one of your tabs saying something along the lines of 'scan results'

 

3. Remove remaining adware with adwcleaner

Please download Adwcleaner by Xplode here

 

Now run the file, and you should have a screen with something like this

adwcleaner-start.jpg

 

Please click Scan  and then when finished Post the scan log (it will pop up after scan)

 

NOTE Please do not clean the items yet

 

After this can you use your computer, then tell me if you have any remaining problems?


Edited by awesomecooldude101, 22 January 2016 - 06:09 PM.

they call me te java mayster


#3 Shivte

Shivte
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 24 January 2016 - 02:24 PM

Thanks for the reply.

 

I did all the steps. My virusscanner can't find anything. I changed to avast and it says it found nothing but a bunch of files werent scanned "the archive is protected with a password" All these files were on a external harddrive.

ADWCleaner found like 3 files wich i deleted.

I will let you know after a few days if problems persist since today i had no problem with watching vids etc. Tho the day i posted and had these video problems, when i tried to power off my pc it actually stayed on. My screen went out etc but my fans kept running etc. I had to manually power down my power supply! VERY weird.

 

EDIT: better didnt say that. I have it back again. Shockwave flash player crashes but at the same time i can't watch vids or listen music on my pc anymore. Once this happens the pc starts to act weird. When i try to power down my pc it actually wont; I have to manually turn of my power supply or it wont go off. Everything works fine in safe mode btw. No reboot or startup issues at all in safe mode, nor video loading ones or any other of the problems.

 

This is the ESET log:

 

C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files (x86)\KMSPico 10.0.6\installkms.bat BAT/TrojanClicker.Small.NCJ trojan
C:\Program Files (x86)\KMSPico 10.0.6\New folder\installkms.bat BAT/TrojanClicker.Small.NCJ trojan
C:\Users\Dennis\AppData\Local\PMB Files\Upgrade41270\PMB_updater.exe Win32/InstallCore.GI potentially unwanted application
C:\Users\Dennis\Downloads\32bit_Standard_v165.exe Win32/DownWare.L potentially unwanted application
E:\DYCKIE\Backup Set 2009-12-20 190000\Backup Files 2009-12-27 190000\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\DYCKIE\Backup Set 2010-04-11 190001\Backup Files 2010-06-13 190001\Backup files 2.zip a variant of Win32/Keygen.AH potentially unsafe application
F:\DENNIS-PC\Backup Set 2012-12-01 210000\Backup Files 2013-08-02 171254\Backup files 2.zip Win32/SoftonicDownloader.E potentially unwanted application
F:\DENNIS-PC\Backup Set 2012-12-01 210000\Backup Files 2013-09-01 210001\Backup files 3.zip Win32/DownWare.L potentially unwanted application
F:\DENNIS-PC\Backup Set 2013-11-01 211550\Backup Files 2013-11-01 211550\Backup files 19.zip Win32/DownWare.L potentially unwanted application
F:\DENNIS-PC\Backup Set 2013-11-01 211550\Backup Files 2013-11-01 211550\Backup files 20.zip Win32/DownWare.L potentially unwanted application
F:\DENNIS-PC\Backup Set 2014-01-01 210001\Backup Files 2014-01-01 210001\Backup files 12.zip Win32/InstallCore.GI potentially unwanted application
F:\DENNIS-PC\Backup Set 2014-01-01 210001\Backup Files 2014-01-01 210001\Backup files 24.zip Win32/DownWare.L potentially unwanted application
F:\DENNIS-PC\Backup Set 2014-07-01 210000\Backup Files 2014-07-01 210000\Backup files 15.zip Win32/InstallCore.GI potentially unwanted application
F:\DENNIS-PC\Backup Set 2015-07-02 200124\Backup Files 2015-10-02 155215\Backup files 17.zip Win32/InstallCore.GI potentially unwanted application
F:\DENNIS-PC\Backup Set 2015-07-02 200124\Backup Files 2015-10-02 155215\Backup files 37.zip a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
F:\DENNIS-PC\Backup Set 2015-07-02 200124\Backup Files 2015-10-02 155215\Backup files 38.zip Win32/DownWare.L potentially unwanted application
F:\DENNIS-PC\Backup Set 2015-07-02 200124\Backup Files 2015-11-01 210007\Backup files 5.zip a variant of Win32/OpenCandy.A potentially unsafe application
F:\Windows Bibliotheken\Downloads\FreemakeAudioConverterSetup.exe Win32/OpenCandy potentially unsafe application
F:\Windows Bibliotheken\Downloads\picpick_inst.exe Win32/InstallMonetizer.AN potentially unwanted application
F:\Windows Bibliotheken\Downloads\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application

Edited by Shivte, 24 January 2016 - 04:37 PM.


#4 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:07:57 PM

Posted 24 January 2016 - 04:59 PM

ESET, found a couple of trojans and a bunch of PUP's and PUM's. Can I please have the Adwcleaner log? Can you please try to re install shockwave and the software you use to watch videos and play your music. Next we will try this

 

1. Emsisoft Emergency Kit

 

§  Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.

§  Save EmsisoftEmergencyKit.exe to your Desktop.

§  Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:

§  Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).

§  Once the extraction is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.

§  Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:

§  Choose Yes, then wait for EEK to finish updating.

§  Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.

§  Wait for the scan to finish.

§  If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then chooseQuarantine Selected.

§  If Emsisoft Emergency Kit asks to reboot, please do so immediately.

§  The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.

§  Please Copy and Paste the contents of the scan log in your next reply.

 

2. RKill and MBAM

Please download RKill from here. (if one doesn't run install the next one)

Click on the icon and run it, a black box should appear like this running.jpg

§  Please download Malwarebytes Anti-malware from here

§  Launch Malwarebytes' Anti-Malware (MBAM) 

§  Choose to try the 7 day free trial

§  Click on the tab update, then click Check for Updates

§  If an update is found, it will download and install the latest version.

§  Then on the Scanner tab select Perform full scan, then click Scan.

§  When the scan is complete, click OK, then Show Results to view the results.

§  Be sure that everything is checked, and click Remove Selected.

§  When completed, a log will open in Notepad.

§  Post the log in your next reply.

 

How is the computer doing now?


they call me te java mayster


#5 Shivte

Shivte
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 29 January 2016 - 04:35 PM

Sorry it took so long to reply. I had a very busy week with helping my brother moving etc so not much time to do anything on pc!

 

This is the adwcleaner log:

 

# AdwCleaner v5.030 - Logbestand aangemaakt 24/01/2016 op 18:09:10
# Laatste update 17/01/2016 door Xplode
# Database : 2016-01-19.2 [Server]
# Besturingssysteem : Windows 10 Home  (x64)
# Gebruikersnaam : Dennis - DENNIS-PC
# Gestart vanuit : C:\Users\Dennis\Downloads\AdwCleaner.exe
# Optie : Scannen
# Ondersteuning : http://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Mappen ] *****
 
Map Gevonden : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
 
***** [ Bestanden ] *****
 
Bestand Gevonden : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
Bestand Gevonden : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nl.softonic.com_0.localstorage
Bestand Gevonden : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nl.softonic.com_0.localstorage-journal
Bestand Gevonden : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_smplayer.nl.softonic.com_0.localstorage
Bestand Gevonden : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_smplayer.nl.softonic.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Snelkoppelingen ] *****
 
 
***** [ geplande taken ] *****
 
 
***** [ Register ] *****
 
Sleutel Gevonden : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
Sleutel Gevonden : HKCU\Software\APN PIP
Sleutel Gevonden : HKCU\Software\Softonic
Sleutel Gevonden : HKCU\Software\WEBAPP
Sleutel Gevonden : HKLM\SOFTWARE\PIP
 
***** [ Internetbrowsers ] *****
 
[C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gevonden : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gevonden : pbjikboenpfhbbejgkoklgkhjpfogcam
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1965 bytes] ##########
 
Emsis log:
 
Emsisoft Emergency Kit - Versie 11.0
Laatste Update: 29-1-2016 22:18:46
Gebruikersaccount: Dennis-PC\Dennis
 
Scaninstellingen:
 
Scanmodus: Malware Scan
Objecten: Rootkits, Geheugen, Sporen, Bestanden
 
Detecteer PUPs: Aan
Scan archieven: Uit
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
 
Scan gestart: 29-1-2016 22:19:01
Key: HKEY_USERS\S-1-5-21-3105205305-2244939968-4280010518-1000_CLASSES\WOW6432NODE\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} Ontdekt: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-3105205305-2244939968-4280010518-1000_CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040} Ontdekt: Application.Toolbar (A)
 
Gescand: 85210
Gevonden: 2
 
Scan geëindigd: 29-1-2016 22:19:35
Scantijd: 0:00:34
 
Key: HKEY_USERS\S-1-5-21-3105205305-2244939968-4280010518-1000_CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040} Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-3105205305-2244939968-4280010518-1000_CLASSES\WOW6432NODE\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} Application.Toolbar (A)
 
In quarantaine geplaatst 2
 
Rkill log:
 
Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/29/2016 10:22:43 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\System\CMGxMon.exe (PID: 9144) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * fcvsc [Missing Service]
 * HdAudAddService [Missing Service]
 * HyperVideo [Missing Service]
 * netvsc [Missing Service]
 * wfpcapture [Missing Service]
 
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/29/2016 10:23:01 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)
 
 
Malware bytes didn't find anything either.
 
I'm really starting to think i'm having a faulthy hardware somewhere wich is causing problems When the shockwave player crashes i would think i cant watch vids online but i can't anymore on my harddisk either so thats prety weird since shockwave is just a plugin to watch vids with your internet browser... Dont know if i'm still experiencing problems tho since i didn't use my pc much this week, but the mouse taking forever to react on startup is still there tho and my keyboard not working optimally also.
 
 
 
Grtz


#6 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:07:57 PM

Posted 31 January 2016 - 01:04 AM

Try another mouse and keyboard, see if you can borrow one from a friend, can you do the emsisoft steps please? Also reinstall shockwave and your browser.


they call me te java mayster


#7 Shivte

Shivte
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 04 February 2016 - 10:49 AM

I did the emsisoft steps. I reinstalled shockwave and browser so lets see if it gets better. Didn't have any problems anymore but didnt use my pc either cause i'm rly busy atm so i'll watch out and see what it does.

Thanks.


Edited by Shivte, 04 February 2016 - 10:50 AM.


#8 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:07:57 PM

Posted 12 February 2016 - 04:58 AM

any progress?


they call me te java mayster


#9 Shivte

Shivte
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 17 February 2016 - 02:10 PM

Not really. Mouse still doesn't react after startup but i have some peace of mind now that most likely it has nothing to do with an infection.

I'll try it out sometime with another mouse and keyboard from a friend or something cause i don't have another mouse or keyboard myself.



#10 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:07:57 PM

Posted 12 March 2016 - 09:10 PM

Sorry for the long reply real life problems happened. Can you try reistalling the mouse and keyboard, please test the mouse and keyboard on another computer


they call me te java mayster





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users