Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

track pad freezes. computer slow


  • This topic is locked This topic is locked
19 replies to this topic

#1 shellfish101

shellfish101

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 10 February 2016 - 05:10 PM

I had made this post a couple weeks ago.  I followed the direction in the post. My computer was running better since then, but today the track pad is freezing again, and it is running slow again.  http://www.bleepingcomputer.com/forums/t/603760/computer-slow-track-pad-freezes-weird-file-in-adware-scan/

 

 

I ran adware.  It found this.  

 

# AdwCleaner v5.002 - Logfile created 25/10/2015 at 16:17:45
# Updated 18/08/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Shelly - SHELLYSLAPTOP
# Running from : C:\Users\Shelly\Desktop\virus protection\adwcleaner_5.002.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\WEBAPP
[!] Key Not Deleted : [x64] HKCU\Software\WEBAPP
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Shelly\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Shelly\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [932 bytes] ##########
# AdwCleaner v5.033 - Logfile created 10/02/2016 at 17:00:27
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Shelly - SHELLYSLAPTOP
# Running from : C:\Users\Shelly\Desktop\adwcleaner_5.033.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Shelly\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj
[-] File Deleted : C:\Users\Shelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.petango.com_0.localstorage
[-] File Deleted : C:\Users\Shelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.petango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Shelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
[-] File Deleted : C:\Users\Shelly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2368 bytes] ##########
 

Edited by shellfish101, 10 February 2016 - 05:28 PM.


BC AdBot (Login to Remove)

 


#2 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 10 February 2016 - 05:25 PM

Also ran the fixlog thing and reset the google chrome settings as directed last time.  track pad is still freezing up.

 

 

Attached Files


Edited by shellfish101, 10 February 2016 - 05:27 PM.


#3 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 13 February 2016 - 11:09 AM

The device is so horribly slow today it is barely usable.  this is the task manager view. wJjdzKH.png



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 15 February 2016 - 05:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/605096 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 15 February 2016 - 05:29 PM

Still same problems, with track pad freezing and device running slow.  Also I am seeing memory 100% and disk space in 90% range.

Attached Files

  • Attached File  FRST.txt   47.89KB   5 downloads


#6 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 16 February 2016 - 03:18 AM

Hello shellfish101.

I am Marie Curie and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.

  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.

--------------------------------------------------------------

 

You posted the FRST.txt, but I would also like to see the Addition.txt.

 

STEP 1
xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Double-Click FRST.exe to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach the Addition.txt in your next reply.

STEP 2
aA7bkRO.pngaswMBR

  • Please download aswMBR and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click aswMBR.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears.
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop.
  • Re-enable your anti-virus software.
  • Attach the log in your next reply.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.
 

======================================================
 
STEP 3
pfNZP4A.pngLogs
In your next reply please include the following logs.

  • Addition.txt
  • aswMBR log

Edited by Curie, 16 February 2016 - 03:18 AM.


#7 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 24 February 2016 - 02:26 AM

Hello shellfish101,
 
I have not heard back from you in over a week.

  • Do you still require help?
  • If you require additional time to complete my instructions, please let me know.
  • If after 48 hours you have not replied to this thread it will have to be closed.

 



#8 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 28 February 2016 - 03:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#9 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 29 February 2016 - 02:24 AM

I reopened the topic by request of the shellfish101.



#10 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 29 February 2016 - 09:27 PM

Here is the addition text and the other one.

Attached Files



#11 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 01 March 2016 - 02:55 AM

Hello Shelly.

 

Please read the following box before you proceed:

 

You have iObit software or leftovers of iObit software on your system. iObit got infamous for stealing intellectual property. Some of the software that it provides comes with adware and most are seen as potentially unwanted programmes (PUP). I personally would not trust any of its software. See also the articles below:

 

Please tell me in your next reply if you want me to remove any iObit leftovers.

 

STEP 1
E3feWj5.pngJunkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted.
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Attach JRT.txt to your next reply.
     

STEP 2
BY4dvz9.pngAdwCleaner


  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Attach the log in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
======================================================

STEP 3
pfNZP4A.pngLogs
In your next reply please include the following logs.


  • JRT.txt
  • AdwCleaner[S0].txt
  • Please tell me if you want too keep iObit software

Edited by Curie, 01 March 2016 - 02:58 AM.


#12 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 01 March 2016 - 08:57 PM

I never downloaded that IObit.  How would it get on my computer?  Just curious.  Also , yes you can remove it.

 

 

Attached Files



#13 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 02 March 2016 - 06:29 AM

iObit is a company with several products, e.g., Advanced SystemCare, DriverBooster, Smart Defrag. I don't see a special product in the logs, I just see an updater, which is possibly a leftover. Maybe you installed one of those, but did not know it is from iObit.

 

Another possibility is that it came bundled with another programme. Some installers will try to trick you in to accepting third-party offers during the installation. If you do not opt-out of the offer, you might get programmes installed that you are not aware of.

 

STEP 1
xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    CloseProcesses:
    R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
    C:\Program Files (x86)\IObit\LiveUpdate
    
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3139656502-3334905310-4129259759-1001 -> {F4EA8DF1-7C7B-4C5C-B64F-D7C2CB15C7B3} URL =
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Shelly\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.


  • Double-Click FRST64.exe to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

 

 

STEP 2
GfiJrQ9.pngMalwarebytes Anti-Malware (MBAM)

  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.

 

 

======================================================
 
STEP 3
pfNZP4A.pngLogs
In your next reply please include the following logs.

  • Fixlog.txt
  • MBAM log


 

 



#14 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 02 March 2016 - 07:25 PM

Here is the Farbar thing.  Malware Bytes is saying i have to purchase it for $24.95?  It says my trial has expired?  Is there another option?
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by Shelly (2016-03-02 19:16:32) Run:4
Running from C:\Users\Shelly\Desktop\virus protection
Loaded Profiles: Shelly (Available Profiles: Shelly)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
C:\Program Files (x86)\IObit\LiveUpdate
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3139656502-3334905310-4129259759-1001 -> {F4EA8DF1-7C7B-4C5C-B64F-D7C2CB15C7B3} URL =
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Shelly\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll => No File
EmptyTemp:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
LiveUpdateSvc => service removed successfully
C:\Program Files (x86)\IObit\LiveUpdate => moved successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3139656502-3334905310-4129259759-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F4EA8DF1-7C7B-4C5C-B64F-D7C2CB15C7B3} => key not found. 
HKCR\CLSID\{F4EA8DF1-7C7B-4C5C-B64F-D7C2CB15C7B3} => key not found. 
C:\Users\Shelly\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
EmptyTemp: => 1004.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:16:54 ====


#15 shellfish101

shellfish101
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 02 March 2016 - 08:52 PM

Sorry I figured it out, here is the mbam log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/2/2016
Scan Time: 7:52 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.02.06
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Shelly
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393933
Time Elapsed: 37 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users