Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple prefs.js files and other shenableepns


  • Please log in to reply
3 replies to this topic

#1 ToastedMarshmallows

ToastedMarshmallows

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 05 May 2017 - 04:46 PM

Hello;

First time posting here after a long while (3 years). I lost my old account since, and haven't had any malware problems. Glad to see that the funding issue went well.

 

Anyway, back to topic. I've been suspicious of my pc for a while now; it's been chugging for no good reason for a while now, most notably firefox. So I looked around my files and I saw that I had a whopping 9000 duplicates of my prefs.js; after consulting the internet I found out that it could be because of the original prefs.js not being writable. That wasn't the case however..

 

After deleting the duplicates, suddenly my After Effects shortcut disappeared. I would just shrug it off but I didn't do anything to change that. Then when I ran the .exe itself, it just opened a command prompt and that was it.

 

My internet has been kind of sluggish as well.

 

I'm ruling out paranoia here, but I'm also experiencing hard resets during heavy loads, and I have trouble rendering things on a 24gb ram pc with a GTX970. Currently looking to just upgrade if it's hardware problems, but I wanna rule out malware first. I've done an MBAM scan as well as an Adwcleaner scan; then I also ran hitmanpro. Nothing. Avast is all green as well recently.

 

Can anyone help me rule out if this is unrelated to malware?



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:14 AM

Posted 06 May 2017 - 06:45 AM

Sounds like your Firefox is corrupted/ contaminated. Suggest you backup your bookmarks and then do a clean uninstall of Firefox. You can do that by closing Firefox, running the

uninstall from the list of installed programs. Then do searches for Firefox and Mozilla. Delete all that is found. That will delete your Firefox profile.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 ToastedMarshmallows

ToastedMarshmallows
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 11 May 2017 - 05:36 PM

Here are both logs. May I also add that I recently got an avast warning for a trojan that tried to attack me during trying to log into Paypal... It had the keyword authchallenge something. I already re-installed firefox.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by ArashiKen (Administrator) on Fri 05/12/2017 at  6:22:35.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 33

Successfully deleted: C:\Users\ArashiKen\AppData\Roaming\speedrunnerslog.txt (File)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ICEW52 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M91TE0L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28NQIBQY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4SFGBGP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUUFXZ5D (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIT5V16G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAK0BPME (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOMX0CIB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TKLNYG82 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYBC76LT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHIV4VB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ArashiKen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAJMKPMV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ICEW52 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M91TE0L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28NQIBQY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4SFGBGP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUUFXZ5D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIT5V16G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAK0BPME (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOMX0CIB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TKLNYG82 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYBC76LT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYHIV4VB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAJMKPMV (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/12/2017 at  6:23:07.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Avast Antivirus   
Malwarebytes      
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.5    
 Java 8 Update 121  
 Java version 32-bit out of Date!
 Adobe Flash Player 25.0.0.148  
 Mozilla Firefox (53.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 AVAST Software Avast x64 aswidsagenta.exe
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm zatray.exe  
 CheckPoint ZoneAlarm ICM-Service.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 43% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#4 buddy215

buddy215

  • BC Advisor
  • 12,877 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:14 AM

Posted 11 May 2017 - 07:34 PM

Your hdd needs defragmenting if it is not a SSD drive.

 

You ran a different Security Check than what I asked for. Please run that one.

 

After defragmenting if the hdd is not a SSd drive....scan using the programs below to try to find and remove what Avast is warning about.

 

Download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log
  • copy and paste the log into your reply
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users