Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Won't Update and Browsers Crash


  • Please log in to reply
59 replies to this topic

#1 Cassiopeia

Cassiopeia

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 12 July 2016 - 05:32 AM

I know you guys are busy, but I cannot locate a fix for this.  Windows Update will not update.  It reads
"0 of XXXKb" downloading, but never gets beyond that.
 
I use three browsers because I hate Interent Explorer, but each crashes.  Comodo Dragon and Ice Dragon, Mozilla Firefox.  They simply crash.  Internet Explorer needs to be updated, but it took over ten minutes and still did not install.
 
Windows Security Essentials stop working on their own.
 
One more thing: my system is slow.  I've upgraded to a new motherboard and installed 16GB or RAM, but it is actually slower than the previous build.
 
Any help would be appreciated.
 
Cass

Edited by Queen-Evie, 12 July 2016 - 11:47 AM.
moved from Windows 7 to Am I Infected


BC AdBot (Login to Remove)

 


m

#2 hamluis

hamluis

    Moderator


  • Moderator
  • 54,473 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:43 AM

Posted 12 July 2016 - 09:30 AM

1.  Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
2.  Please download and install Speccy to provide us with information about your computer.  Clicking on this link will automatically initiate the download.  
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.
 
Louis


#3 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,470 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:43 AM

Posted 12 July 2016 - 10:20 AM

This sounds like your computer may be infected.  If this is the case this should be addressed before doing anything else.

 

If no malware is found you can contact a moderator and have this moved back to the Windows Forum.
 
Please do the following in the order it is requested.  Post all of your logs in your topic, do not use quotes or wrap it in code.
 
The first application will make it possible to run the requested scans if malware is compromising its ability to run normally.
 
RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time you need to run your security applications listed below.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run successfully and you have run the requested scans you should reboot the computer to restore the processes and Windows Registry entries. 
 
 

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
mbam1_zps98e7fba9.png
 
3)  Click on Settings, you will see a image like the one below.
 
malware%20settings_zpsixkea5sd.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
 

 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
Post this in your topic.



This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 12 July 2016 - 10:23 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 12 July 2016 - 10:55 AM

I'm at hospital with my husband.  He's critically ill.  I will follow these instructions when I get home tonight.  Thanks for such a rapid response.

 

As for it being infected, I just installed the new motherboard and the new hard drive.  The only things I've done besides install Windows is install the browsers.

 

However, I will follow those instructions as well.

 

Cass



#5 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,470 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:43 AM

Posted 12 July 2016 - 11:05 AM

I'm so sorry to hear about your husband's health issues.  I will keep you two in my thoughts and prayers.


Edited by dc3, 12 July 2016 - 11:06 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 12 July 2016 - 06:04 PM

http://speccy.piriform.com/results/kn2lyTPWmd0viqG2IpBDXtA

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Cassie (administrator) on 12-07-2016 at 19:03:03
Running from "C:\Users\Cassie\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: MS-7974 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/12/2016 07:23:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.1.6018, time stamp: 0x576c9637
Faulting module name: mozglue.dll, version: 47.0.1.6018, time stamp: 0x576c85ba
Exception code: 0x80000003
Fault offset: 0x0000f02b
Faulting process id: 0x404
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/12/2016 06:21:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2016 06:10:40 AM) (Source: Application Error) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.9.218.0, time stamp: 0x56ac2c8e
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x000000000004e4b4
Faulting process id: 0x434
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3

Error: (07/12/2016 06:03:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.9.218.0, time stamp: 0x56ac2c8e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000001857a34e
Faulting process id: 0xf2c
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3

Error: (07/12/2016 06:02:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.9.218.0, time stamp: 0x56ac2c8e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000109
Faulting process id: 0x38c
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3

Error: (07/12/2016 06:02:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.1.6018, time stamp: 0x576c9637
Faulting module name: mozglue.dll, version: 47.0.1.6018, time stamp: 0x576c85ba
Exception code: 0x80000003
Fault offset: 0x0000f02b
Faulting process id: 0x7b8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/12/2016 05:45:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2016 09:16:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2016 09:12:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: consent.exe, version: 6.1.7601.17514, time stamp: 0x4ce79e79
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000005
Fault offset: 0x00000000000224e6
Faulting process id: 0x11e8
Faulting application start time: 0xconsent.exe0
Faulting application path: consent.exe1
Faulting module path: consent.exe2
Report Id: consent.exe3

Error: (07/11/2016 09:11:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000374
Fault offset: 0x00000000000c40f2
Faulting process id: 0xe40
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3


System errors:
=============
Error: (07/12/2016 07:00:18 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/12/2016 07:00:18 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/12/2016 07:00:16 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/12/2016 06:37:54 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/12/2016 08:38:45 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (07/12/2016 06:20:59 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/12/2016 06:20:58 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
%%3 = The system cannot find the path specified.


Error: (07/12/2016 06:10:47 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (07/12/2016 06:10:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 engine has been terminated due to an unexpected error.

    Failure Type: %%830

    Exception code: 0xc0000005

    Resource: file:C:\Windows\winsxs\Temp\2d9224a325dcd101e7010000fc0d240e\2d9224a325dcd101e8010000fc0d240e_manifest

Error: (07/12/2016 06:03:54 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.28.1 - Asmedia Technology)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Photo Scan (HKLM-x32\...\{61D1B0E8-8651-4AF3-8E8F-3EA3C0C9E8F7}) (Version: 1.00.0003 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
EPSON XP-420 Series Printer Uninstall (HKLM\...\EPSON XP-420 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.02 - MSI)
Mystery Case Files ®: 13th Skull ™ (HKLM-x32\...\BFG-Mystery Case Files - 13th Skull) (Version:  - )
NETGEAR WNA3100 wireless USB 2.0 driver (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Pioneer Lands (HKLM-x32\...\BFG-Pioneer Lands) (Version:  - )
Poppit! To Go (HKLM-x32\...\BFG-Poppit! To Go) (Version:  - )
PuppetShow: Lost Town (HKLM-x32\...\BFG-PuppetShow - Lost Town) (Version:  - )
PuppetShow: Mystery of Joyville ™ (HKLM-x32\...\BFG-PuppetShow - Mystery of Joyville) (Version:  - )
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.1.11 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.94.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
Sherlock Holmes: The Mystery of the Persian Carpet (HKLM-x32\...\BFG-Sherlock Holmes - The Mystery of the Persian Carpet) (Version:  - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
The Lost Cases of Sherlock Holmes (HKLM-x32\...\BFG-The Lost Cases of Sherlock Holmes) (Version:  - )
Time Stand Still (HKLM-x32\...\BFG-Time Stand Still) (Version:  - )
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Yard Sale Hidden Treasures: Lucky Junction (HKLM-x32\...\BFG-Yard Sale Hidden Treasures - Lucky Junction) (Version:  - )
Youda Marina (HKLM-x32\...\BFG-Youda Marina) (Version:  - )

========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 16343.21 MB
Available physical RAM: 13605.01 MB
Total Virtual: 22423.39 MB
Available Virtual: 18046.14 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:368.01 GB) (Free:310.84 GB) NTFS
3 Drive f: (FreeAgent Disk) (Fixed) (Total:298.09 GB) (Free:34.95 GB) NTFS

========================= Users: ========================================

User accounts for \\CASSIE-PC

Administrator            Cassie                   Guest                    


**** End of log ****
 

Thank you for the kind words.  Some days it feels as though I'm all alone in this.  James was doing better today, so your prayers worked.



#7 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 13 July 2016 - 05:27 AM

I posted the logs but received an error: "Error Occurred post too long".  This is when I post the tdsskiller file.  When TDSSKILLER completed, it read no threats found.


Edited by Cassiopeia, 13 July 2016 - 06:04 AM.


#8 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 13 July 2016 - 05:51 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/12/2016
Scan Time: 7:33 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.12.11
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cassie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 289551
Time Elapsed: 22 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent.W, C:\Users\Cassie\AppData\Local\Temp\Temp1_Windows 7 Loader.zip\Windows 7 Loader.exe, Quarantined, [78b37ba86c2e89ad085b28f713f1d52b],

Physical Sectors: 0
(No malicious items detected)


(end)


Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/12/2016 07:05:22 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/12/2016 07:06:03 PM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)
 



#9 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 13 July 2016 - 06:08 AM

ESET text:

F:\Downloads\Alcohol120_trial_1.9.8.7117.exe    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted
F:\Downloads\Avery Wizard Holiday 2009.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted
F:\Seagate Sync\VOL\Personal folder\Downloads\cbsidlm-cbsi134-SolSuite_Solitaire_2013-BP-10018763.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
F:\Seagate Sync\VOL\Personal folder\Downloads\ccsetup406.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted

 

F: is my external hard drive.  No wonder it took ten hours! 
 



#10 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,470 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:43 AM

Posted 13 July 2016 - 08:33 AM

Malwarebytes did find a Trojan virus (Trojan.Agent.W) which could have the ability to do the following:

 

Redirect Web traffic.
Manipulate certain Windows or third-party applications including settings or configurations.
Drop or install additional malicious programs.
Download and run additional malicious programs.
 
This could explain the issues you have been experiencing.
 
Is the computer running better now?
 
I would like to have you run one more scan.
 

 
emsisoft%201_zpsoqojjiws.png
 
Please download Emsisoft Emergency Kit and save it to your desktop. 
 
Double click on Emsisoft Emergency Kit file on your desktop.  emsisoft%203_zpsoox6uxmj.png
 
When the installation starts you see a image like the one below, click on Install.
 
Emsisoft%207_zpsmbuolk9r.png
 
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
 
When the update is complete, click on MALWARE SCAN under Scan.  When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes.
 
Emsisoft%20scan_zpsifqyozhf.png
 
Emsisoft Emergency Kit will start scanning.
 
When the scan is completed click on Quarantine.
 
When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.  Copy the log and paste it in your topic.
 
Edit:  I am glad to hear that your husband is doing better.  We will keep him in our thoughts.

Edited by dc3, 13 July 2016 - 08:35 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 13 July 2016 - 09:47 AM

How in the world did I get a trojan on a brand new pc?  

 

It was not running any better.  I will follow the instructions once I get home.  

 

Could this also make the pc run slow?  I had a mobo with 3GBs transfer to 7200rpm hard drive.  I upgraded to a 6MBs transfer to a 7200rpm new hard drive.  It has a quad core 3.2 processor.  I raised the RAM to 16GB.  The old one only had 4GB.  The new setup is slower than the old one.

 

Thanks.  I know you guys are busy, busy, busy.

 

(You should see how slow the 'net is on the hospital's wifi.)



#12 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 13 July 2016 - 08:03 PM

I ran the last one, Emsisoft Emergency Kit, it found nothing.  I reckon that means it's all clear.  Firefox has not shut down in an hour.

 

However, the pc is still slow. 

 

Have to research that.

 

Thanks for everything.

 

Cass



#13 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 14 July 2016 - 04:56 AM

Microsoft security essentials shut down.  I have green stripes across the bottom of my screen.  Firefox shut down as it has been.  The only browser I can use is IE.  Windows Update still will not update.  I will follow all the steps again, but this time, I will read them from a laptop and do nothing but the instructions on the pc.

 

Thanks.



#14 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 14 July 2016 - 05:31 AM

The system crashed: blue screen of death...



#15 dc3

dc3

    Bleeping Tree Hugger


  • Members
  • 29,470 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:43 AM

Posted 14 July 2016 - 08:41 AM

Please download and install Speccy to provide us with information about your computer.  Clicking on this link will automatically initiate the download. 
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users