Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something is happening with my computer & website


  • Please log in to reply
35 replies to this topic

#1 mexxomp

mexxomp

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 19 April 2016 - 07:40 PM

About a month and a half ago I noticed two things on my computer; it slowed down drastically and also about once a day it would seem to reload a page on the web or sort of have a screen change for a mili-second then go back to normal.

 

I tried to upload Malware, but I couldn't run it. I had used Malwarebytes before and couldn't get that to work either. I keep getting an error saying "sfc.dll" or something had an error and to reload the Malware.

 

And, then beginning this Sunday, I noticed my Adsense account (I have a couple websites) was very different. In the last three days, my page views went from an average 4,000+ a day to 684 n Sunday, 982 on Monday and 755 today.

 

Something is wrong. I feel like I have something that is attacking me.

 

Thanks,

Ted



BC AdBot (Login to Remove)

 


#2 mexxomp

mexxomp
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 22 April 2016 - 10:23 AM

Since I posted, I have some more odd things happen. 1) Two days ago I was on the index page of one of my websites and it all of sudden changed to a different URL for a garden club or something. 2) Then last night, I was in my email and clicked on one new email in the inbox and this website (https://www.fetcharate.com/pa/mortgage/?tg_ref=ysa_mo_pa&camp_id=a21-surp&keyword=gray-shock-laptop&sub2=hownmpifs_iyhmamp3_ybrt&csg_ref=ysapa) opened in a new tab. Also, the email disappeared.

 

Not sure what to do.

 

Thanks,

Ted



#3 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:07 AM

Posted 22 April 2016 - 11:01 AM

Perhaps the programs below will give you some relief. If the Eset scan won't run in regular mode, run it in

Safe Mode With Networking.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 mexxomp

mexxomp
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 22 April 2016 - 02:25 PM

Hi Buddy,

 

I ran the CCleaner as you suggested.

 

I then ran the Adwcleaner and followed your steps, but never had the chance to press the "Clean" button as the computer just restarted. It did open with the TXT file and here are the contents.

 

# AdwCleaner v5.112 - Logfile created 22/04/2016 at 12:17:10
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 8.1 Connected  (X64)
# Username : TedD - MADBUM-PC
# Running from : C:\Users\TedD\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{8F58B66C-8986-4FFB-A8CF-3771374A3738}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{577E210B-C04D-4AEA-A5F2-FC5F64D38A54}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{97356138-A8A9-406A-8BD0-F3925DE55126}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{5C7834F0-02FF-4AFC-9CC3-FC9577E98BFE}]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1948 bytes] - [22/04/2016 12:17:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [2048 bytes] - [22/04/2016 12:05:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2094 bytes] ##########
 



#5 mexxomp

mexxomp
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 22 April 2016 - 02:36 PM

Hi Buddy,

 

Here is the TXT for Junkware

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 Connected x64
Ran by TedD (Administrator) on Fri 04/22/2016 at 12:28:05.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\TedD\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\prefetch\AVAST_FREE_ANTIVIRUS_SETUP_ON-DA5003F5.pf (File)
Successfully deleted: C:\Windows\prefetch\AVG_PROTECTION_FREE_1115.EXE-D34F932C.pf (File)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{43B72634-E5F7-4DBD-B990-9451A46851F1} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/22/2016 at 12:34:11.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 mexxomp

mexxomp
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 22 April 2016 - 02:44 PM

On the Eset instructions, after I accepted terms I received a pop up box with an error (and then received more). I screen save it but not sure how to attach. So far it seems to be working but not sure what these are.



#7 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:07 AM

Posted 22 April 2016 - 03:05 PM

Which browser are you running the Eset scan in? Did you notice that browsers other than IE required a different download?

If it is scanning you can wait before posting screen shots of the error. I use Photo Bucket. Imgur is another choice for hosting

screen shots.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 mexxomp

mexxomp
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 22 April 2016 - 03:26 PM

I am using Firefox. It's scanning at 16% right now so might be a little while.

 

The top of the error popup says "esetsmartinstaller_enu.ex - Bad image". Then in the body it says (among other things) "C:\Windows\SYSTEM\sfc.dll contains and error". The last line says "Error status 0xc0000020". Not sure if any of that helps.



#9 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:07 AM

Posted 22 April 2016 - 04:00 PM

I'm surprised it is scanning...usually see that when there is a corrupt installer/ bad download. Did you download

this since you are not using IE....Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.

 

Or this.....Hold down Control and click on this link to open ESET OnlineScan in a new window.

 

If you did the eset smart installer....that would be the correct one with Firefox.

 

The Eset scan can take one or more hours depending on available computer resources and total size of data files.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 mexxomp

mexxomp
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 22 April 2016 - 04:18 PM

Yes, I downloaded it to my desktop and ran it per your instructions. It is scanning, but very slowly. Currently an hour and 16 minutes, 84,000 files and 22% done.



#11 mexxomp

mexxomp
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 22 April 2016 - 04:37 PM

This is taking a long time, probably won't be finished for 3-4 hours it seems. Will you be around later or tomorrow (Sat)? Or any further instructions after this is completed?



#12 mexxomp

mexxomp
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 22 April 2016 - 04:44 PM

Hi Buddy, while waiting for this Godaddy (my hosting account) says I may have malware in my hosting plan. They say it was on one page in particular. Geez. What's next?



#13 mexxomp

mexxomp
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 22 April 2016 - 05:20 PM

So one hour later and it is only 23% scanned with 17,000 files. Is this normal or is something going wrong?



#14 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:07 AM

Posted 22 April 2016 - 05:32 PM

Yeah...I was thinking the problem you described was most likely in the cloud....not on your computer.

 

You can stop the scan and uninstall Eset. Then try reinstalling. It may help and you may not get that error message.

Number of files isn't so much as the SIZE of those 17,000 files. Up to you. If at all possible though, complete the scan. 

Fastest would be to give Eset complete use of the computer. If you need it for other work then let it run while you sleep.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 mexxomp

mexxomp
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 22 April 2016 - 05:35 PM

Hi Buddy,

 

I'll just let it run for the next couple hours or however long it takes. Rather have it continue. I think it's slow because on the Task Manager, the C: is at 100%.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users