[Solved] Have I been Infected ?

[neilofnorton]

Starbuck

cannot select paste as per your instructions.

After scan for adw

have done a full a malwarebytes scan - no threats

just successfully completed a full Kaspersky scan-1500000 files - no threats. Over 4 hours

 

Your 1st June instructions - clear out - still necessary ?

 

Very close to finding that sledgehammer

 

Once again thanks for your patience.

 

Neil

[Starbuck]

have done a full a malwarebytes scan - no threats

just successfully completed a full Kaspersky scan-1500000 files - no threats. Over 4 hours

That's ok then.

It must have been something that you downloaded.

I have a couple of threads on PuP's (Adware), I suggest you familiarize yourself with them.

It may help in the future:

 

What are PuP's (Adware)

 

How to avoid potentially unwanted programs

 

Before running the cleanup steps in Post #45, we should clean out the MalwareBytes quarantine folder:

 

Restart MBAM.

Click on the History tab >> Quarantine

Tick to select all items and then click the Delete button.

Close MBAM.

 

Now run the steps in Post #45.

 

Very close to finding that sledgehammer

I think we've all felt like that at some point. :mad:

 

Let me know how the cleanup goes.

[neilofnorton]

Starbuck

Hopefully I have followed your instructions properly - back up worked ok since the clean up.

At present no apparent problems.

Will report further after a week.

Once again thanks for your help - the amount of time, expertise and patience you have displayed is really appreciated.

Your immediate response to the problems I have identified must be unique .

Neil

[Starbuck]

At present no apparent problems.

 

Will report further after a week.

Ok, that's fine.

 

Once again thanks for your help - the amount of time, expertise and patience you have displayed is really appreciated.

Your immediate response to the problems I have identified must be unique .

Thanks for the comments, it's appreciated.

We all know what it's like when something isn't working properly.

So the sooner we can help to fix the problem the better.

[neilofnorton]

Starbuck

Problem

No known faults except twice today tried to do a full Kaspersky scan - computer seized twice half way through.

Tried to do full scan in "safe mode" - same thing happened.

 

Everything else seems to be ok. All clear with malaware scan.

 

 

 

Neil

[Starbuck]

Hi Neil,

 

When you installed Kaspersky..... was it just the AntiVirus or was it the Internet Security version?

[neilofnorton]

Starbuck

Kaspersky internet security multi -device 2016

 

premium multi-device protection only used for computer

Neil

[Starbuck]

Hi Neil,

 

Ok thanks.

The reason I asked is that the Kaspersky Internet Security version also includes a Firewall.

If this is running along with the Windows Firewall, it will cause problems with the system.

[neilofnorton]

Starbuck

Window Defender - should I turn it off ?

 

Neil

[Starbuck]

Window Defender - should I turn it off ?

Do you mean Windows Firewall Neil?

 

Windows Defender should already be disabled.

If both the Kaspersky Firewall and the Windows Firewall are turned on, I'd suggest turning off the Kaspersky Firewall.

The Windows Firewall will give you less problems.

[neilofnorton]

Starbuck

Not disabled anything.

Just did a "full Kaspersky scan" 1.5 million items over 4 hours-worked fine - no seizure-no threats identified.

 

Crazy computer ???? (or crazy operator)

 

 

Neil

[Starbuck]

Hi Neil,

 

Well this is the beauty of 'Windows' ..... always expect the unexpected. :confused2:

[neilofnorton]

Starbuck

Tried twice yesterday to do a back up on Seagate 2TB- twice computer seized up after 30 minutes.

Question - my experience to get the computer working is to switch off the machine off the machine and then switch it back on.

Is there any other way to bring it back to life because although the screen is blank the light on the computer is still on and whatever keys I press

nothing happens. (the unexpected - I won a £25 premium bond prize - took me 30 years)

Neil

[Starbuck]

Hi Neil,

 

the unexpected - I won a £25 premium bond prize - took me 30 years

That's better than me... I've never won anything on my premium bond.

 

Just looking at this...

 

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.33 GB) (Free:847.7 GB) NTFS

Drive f: (Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:1388.63 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 18000000)

Partition 1: (Not Active) - (Size=110 MB) - (Type=DE)

Partition 2: (Active) - (Size=11.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=920.3 GB) - (Type=07 NTFS)

================================================== ======

Disk: 5 (Size: 1863 GB) (Disk ID: 41FCE061)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

So do you have 2 hard drives installed?

If so, it's just a thought but what power is your PSU ?

[Starbuck]

Thread now moved to the Win7 forum as the problem is not malware related.

[KenB]

Neil,

 

Let me have the "Speccy" link that Starbuck advised you to post and we can take it from there :)

 

Please confirm - your PSU = 460 Watt ?

[neilofnorton]

Neil,

 

Let me have the "Speccy" link that Starbuck advised you to post and we can take it from there :)

 

Please confirm - your PSU = 460 Watt ?

 

 

Ken Am I on the right track

 

PSU 460 watt got that from checking my computer Dell Studion XPS 7100

Generated by Piriform Speccy v1.29.714

24 Jun 2016 @ 12:34

 

http://speccy.piriform.com/results/img/249.pngSummary

 

Operating System

Windows 7 Ultimate 64-bit SP1

 

 

 

 

CPU

AMD Phenom II X6 1050T:

25 °C

 

Thuban 45nm Technology

 

 

 

 

RAM

4.00GB Dual-Channel DDR3 @ 666MHz (9-9-9-24)

 

 

 

 

Motherboard

Dell Inc. 0FF3FN (CPU 1):

33 °C

 

 

 

Graphics

26PF9320 (1152x864@75Hz)

 

 

ATI Radeon HD 5670 (Dell):

69 °C

 

 

 

Storage

931GB Western Digital WDC WD10 01FAES-75W7A0 SATA Disk Device (SATA):

36 °C

 

1863GB Seagate Desktop USB Device (USB (SATA)):

42 °C

 

 

 

Optical Drives

TSSTcorp DVD+-RW TS-H653H SATA CdRom Device

 

 

 

 

Audio

Realtek High Definition Audio

 

 

 

 

 

 

 

http://speccy.piriform.com/results/img/254.pngOperating System

 

Windows 7 Ultimate 64-bit SP1

 

 

Computer type: Desktop

 

 

Installation Date: 02/12/2010 13:01:20

 

 

Windows Security Center

User Account Control (UAC):

Enabled

 

Notify level:

3 - Always Notify

 

 

 

Windows Update

AutoUpdate:

Download Automatically and Install at Set Scheduled time

 

Schedule Frequency:

Every Day

 

Schedule Time:

09:00

 

 

 

Windows Defender

Windows Defender:

Disabled

 

 

 

Firewall

Firewall:

Enabled

 

Display Name:

Kaspersky Internet Security

 

 

 

Antivirus

Antivirus:

Enabled

 

Display Name:

Kaspersky Internet Security

 

Virus Signature Database:

Up to date

 

 

 

.NET Frameworks installed

v4.6 Full

 

 

v4.6 Client

 

 

v3.5 SP1

 

 

v3.0 SP2

 

 

v2.0 SP2

 

 

 

 

Internet Explorer

Version:

11.0.9600.18349

 

 

 

PowerShell

Version:

2.0

 

 

 

Java

 

Java Runtime Environment

Path:

C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe

 

Version:

8.0

 

Update:

91

 

Build:

14

 

 

 

 

Environment Variables

USERPROFILE:

C:\Users\Neil

 

SystemRoot:

C:\Windows

 

 

User Variables

TEMP:

C:\Users\Neil\AppData\Local\Temp

 

TMP:

C:\Users\Neil\AppData\Local\Temp

 

 

 

Machine Variables

ComSpec:

C:\Windows\system32\cmd.exe

 

EMC_AUTOPLAY:

c:\Program Files (x86)\Common Files\Roxio Shared\

 

FP_NO_HOST_CHECK:

NO

 

NUMBER_OF_PROCESSORS:

6

 

OS:

Windows_NT

 

Path:

C:\ProgramData\Oracle\Java\javapath

 

 

C:\Program Files\Common Files\Microsoft Shared\Windows Live

 

 

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

 

 

C:\Windows\system32

 

 

C:\Windows

 

 

C:\Windows\System32\Wbem

 

 

C:\Windows\System32\WindowsPowerShell\v1.0\

 

 

C:\Program Files (x86)\AMD\Fusion Media Explorer\

 

 

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static

 

 

c:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\

 

 

c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\

 

 

C:\Program Files (x86)\Windows Live\Shared

 

PATHEXT:

.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

 

PROCESSOR_ARCHITECTURE:

AMD64

 

PROCESSOR_IDENTIFIER:

AMD64 Family 16 Model 10 Stepping 0, AuthenticAMD

 

PROCESSOR_LEVEL:

16

 

PROCESSOR_REVISION:

0a00

 

PSModulePath:

C:\Windows\system32\WindowsPowerShell\v1.0\Modules\

 

RoxioCentral:

c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\

 

TEMP:

C:\Windows\TEMP

 

TMP:

C:\Windows\TEMP

 

USERNAME:

SYSTEM

 

windir:

C:\Windows

 

 

 

 

Power Profile

Active power scheme:

Dell

 

Hibernation:

Enabled

 

Turn Off Monitor after: (On AC Power):

15 min

 

Turn Off Hard Disk after: (On AC Power):

20 min

 

Suspend after: (On AC Power):

30 min

 

Screen saver:

Enabled

 

 

 

Uptime

 

Current Session

Current Time:

24/06/2016 12:34:05

 

Current Uptime:

9,711 sec (0 d, 02 h, 41 m, 51 s)

 

Last Boot Time:

24/06/2016 09:52:14

 

 

 

 

Services

Running:

Adobe Acrobat Update Service

 

Running:

AMD External Events Utility

 

Running:

AMD Fusion Utility Service

 

Running:

AMD RAIDXpert

 

Running:

Application Experience

 

Running:

Application Information

 

Running:

Background Intelligent Transfer Service

 

Running:

Base Filtering Engine

 

Running:

CNG Key Isolation

 

Running:

COM+ Event System

 

Running:

Computer Browser

 

Running:

Cryptographic Services

 

Running:

DCOM Server Process Launcher

 

Running:

Desktop Window Manager Session Manager

 

Running:

DHCP Client

 

Running:

Diagnostic Policy Service

 

Running:

Diagnostic Service Host

 

Running:

Diagnostics Tracking Service

 

Running:

Distributed Link Tracking Client

 

Running:

DNS Client

 

Running:

Dock Login Service

 

Running:

Extensible Authentication Protocol

 

Running:

Function Discovery Provider Host

 

Running:

Function Discovery Resource Publication

 

Running:

Group Policy Client

 

Running:

HomeGroup Listener

 

Running:

HomeGroup Provider

 

Running:

HP Support Solutions Framework Service

 

Running:

Human Interface Device Access

 

Running:

IKE and AuthIP IPsec Keying Modules

 

Running:

IP Helper

 

Running:

IPsec Policy Agent

 

Running:

Kaspersky Anti-Virus Service 16.0.0

 

Running:

Multimedia Class Scheduler

 

Running:

Network Connections

 

Running:

Network List Service

 

Running:

Network Location Awareness

 

Running:

Network Store Interface Service

 

Running:

Offline Files

 

Running:

Peer Name Resolution Protocol

 

Running:

Peer Networking Grouping

 

Running:

Peer Networking Identity Manager

 

Running:

Plug and Play

 

Running:

PnP-X IP Bus Enumerator

 

Running:

Portable Device Enumerator Service

 

Running:

Power

 

Running:

Print Spooler

 

Running:

Program Compatibility Assistant Service

 

Running:

Remote Desktop Services

 

Running:

Remote Procedure Call (RPC)

 

Running:

RPC Endpoint Mapper

 

Running:

Secondary Logon

 

Running:

Security Accounts Manager

 

Running:

Security Center

 

Running:

Server

 

Running:

Shell Hardware Detection

 

Running:

SoftThinks Agent Service

 

Running:

Software Protection

 

Running:

SSDP Discovery

 

Running:

Superfetch

 

Running:

System Event Notification Service

 

Running:

Task Scheduler

 

Running:

TCP/IP NetBIOS Helper

 

Running:

Themes

 

Running:

UPnP Device Host

 

Running:

User Profile Service

 

Running:

Windows Audio

 

Running:

Windows Audio Endpoint Builder

 

Running:

Windows Backup

 

Running:

Windows Driver Foundation - User-mode Driver Framework

 

Running:

Windows Event Log

 

Running:

Windows Firewall

 

Running:

Windows Font Cache Service

 

Running:

Windows Image Acquisition (WIA)

 

Running:

Windows Live ID Sign-in Assistant

 

Running:

Windows Management Instrumentation

 

Running:

Windows Media Player Network Sharing Service

 

Running:

Windows Modules Installer

 

Running:

Windows Search

 

Running:

Windows Update

 

Running:

WLAN AutoConfig

 

Running:

WMI Performance Adapter

 

Running:

Workstation

 

Stopped:

ActiveX Installer (AxInstSV)

 

Stopped:

Adaptive Brightness

 

Stopped:

Adobe Flash Player Update Service

 

Stopped:

Application Identity

 

Stopped:

Application Layer Gateway Service

 

Stopped:

Application Management

 

Stopped:

ASP.NET State Service

 

Stopped:

BitLocker Drive Encryption Service

 

Stopped:

Block Level Backup Engine Service

 

Stopped:

Bluetooth Support Service

 

Stopped:

BranchCache

 

Stopped:

Certificate Propagation

 

Stopped:

COM+ System Application

 

Stopped:

Credential Manager

 

Stopped:

Diagnostic System Host

 

Stopped:

Disk Defragmenter

 

Stopped:

Distributed Transaction Coordinator

 

Stopped:

Encrypting File System (EFS)

 

Stopped:

Fax

 

Stopped:

FLEXnet Licensing Service

 

Stopped:

Google Update Service (gupdate)

 

Stopped:

Google Update Service (gupdatem)

 

Stopped:

GoToAssist

 

Stopped:

Health Key and Certificate Management

 

Stopped:

InstallDriver Table Manager

 

Stopped:

Interactive Services Detection

 

Stopped:

Internet Connection Sharing (ICS)

 

Stopped:

Internet Explorer ETW Collector Service

 

Stopped:

KtmRm for Distributed Transaction Coordinator

 

Stopped:

Link-Layer Topology Discovery Mapper

 

Stopped:

Media Center Extender Service

 

Stopped:

Microsoft .NET Framework NGEN v2.0.50727_X64

 

Stopped:

Microsoft .NET Framework NGEN v2.0.50727_X86

 

Stopped:

Microsoft .NET Framework NGEN v4.0.30319_X64

 

Stopped:

Microsoft .NET Framework NGEN v4.0.30319_X86

 

Stopped:

Microsoft iSCSI Initiator Service

 

Stopped:

Microsoft Software Shadow Copy Provider

 

Stopped:

Net.Msmq Listener Adapter

 

Stopped:

Net.Pipe Listener Adapter

 

Stopped:

Net.Tcp Listener Adapter

 

Stopped:

Net.Tcp Port Sharing Service

 

Stopped:

Netlogon

 

Stopped:

Network Access Protection Agent

 

Stopped:

Office Source Engine

 

Stopped:

Office Software Protection Platform

 

Stopped:

Parental Controls

 

Stopped:

Performance Counter DLL Host

 

Stopped:

Performance Logs & Alerts

 

Stopped:

PNRP Machine Name Publication Service

 

Stopped:

Problem Reports and Solutions Control Panel Support

 

Stopped:

Protected Storage

 

Stopped:

Quality Windows Audio Video Experience

 

Stopped:

Remote Access Auto Connection Manager

 

Stopped:

Remote Access Connection Manager

 

Stopped:

Remote Desktop Configuration

 

Stopped:

Remote Desktop Services UserMode Port Redirector

 

Stopped:

Remote Procedure Call (RPC) Locator

 

Stopped:

Remote Registry

 

Stopped:

Routing and Remote Access

 

Stopped:

RoxMediaDB10

 

Stopped:

Secure Socket Tunneling Protocol Service

 

Stopped:

Smart Card

 

Stopped:

Smart Card Removal Policy

 

Stopped:

SNMP Trap

 

Stopped:

SPP Notification Service

 

Stopped:

stllssvr

 

Stopped:

Tablet PC Input Service

 

Stopped:

Telephony

 

Stopped:

Thread Ordering Server

 

Stopped:

Virtual Disk

 

Stopped:

Volume Shadow Copy

 

Stopped:

vssbrigde64

 

Stopped:

WebClient

 

Stopped:

Windows Activation Technologies Service

 

Stopped:

Windows Biometric Service

 

Stopped:

Windows CardSpace

 

Stopped:

Windows Color System

 

Stopped:

Windows Connect Now - Config Registrar

 

Stopped:

Windows Defender

 

Stopped:

Windows Error Reporting Service

 

Stopped:

Windows Event Collector

 

Stopped:

Windows Installer

 

Stopped:

Windows Live Family Safety Service

 

Stopped:

Windows Live Mesh remote connections service

 

Stopped:

Windows Media Center Receiver Service

 

Stopped:

Windows Media Center Scheduler Service

 

Stopped:

Windows Presentation Foundation Font Cache 3.0.0.0

 

Stopped:

Windows Remote Management (WS-Management)

 

Stopped:

Windows Time

 

Stopped:

WinHTTP Web Proxy Auto-Discovery Service

 

Stopped:

Wired AutoConfig

 

Stopped:

WWAN AutoConfig

 

 

 

TimeZone

TimeZone:

GMT

 

Language:

English (United Kingdom)

 

Location:

United Kingdom

 

Format:

English (United Kingdom)

 

Currency:

£

 

Date Format:

dd/MM/yyyy

 

Time Format:

HH:mm:ss

 

 

 

Scheduler

24/06/2016 13:02;:

Adobe Flash Player Updater

 

24/06/2016 13:18;:

GoogleUpdateTaskMachineUA

 

25/06/2016 09:18;:

GoogleUpdateTaskMachineCore

 

 

Adobe Acrobat Update Task

 

 

CCleanerSkipUAC

 

 

CreateChoiceProcessTask

 

 

PCDEventLauncher

 

 

 

Hotfixes

 

Installed

 

23/06/2016 Update for Microsoft Silverlight (KB3162593)

This update to Silverlight improves security, reliability, accessibility

 

 

support, startup performance, enhances line-of-business support

 

 

and

 

Is what I have copied what you need

The copying process would have copied a log that was so long it would have taken 20 minutes to copy and paste.

 

 

There was a small schedule of the performance of the computer but I could not copy it.

 

Neil

 

Neil

[KenB]

Hi Neil

 

You said in your first post that you have problems starting up and the machine is running slower and slower.

 

This could be RAM related.

You have 4GB which is probably in 2 modules.

Switch off at the wall.

I suggest that you take the side panel off and remove just one of the RAM modules.

Try booting up now.

 

If still a problem - swap the RAM modules and try booting up with the other one.

 

2GB is not really enough for 64 bit systems but it should boot up OK for testing.

 

Your temperatures look fine :)

[neilofnorton]

KenB

There are 4 modules

I have checked the far right one

Kingston irx8 pc3 ktw 149 eld this was 1gb

I presume the other three are 1gb each

Not checked them

 

Neil

[neilofnorton]

Ken

After my removal I did a memory check on the computer - no problems found

Neil

[KenB]

Hi Neil

I don't really trust software to test RAM - please confirm that you have tried booting up with just TWO modules in place [ the other two out ]

And that you have tried various combinations of two modules.

 

If your RAM slots are colour coded then use two modules in the same colour.

 

It could be that 2 modules have a problem - hence trying them in different combinations.

 

I don't suppose you have other compatible RAM that you could try ?

 

=================

If the RAM proves to be OK then I am thinking that it could be Hard-Disk related.

Have you run a test on this at all ?

If so - which one ?

 

If it is hard disk related then you would be best advised to backup anything that you don't want to lose. [ just in case :) ]

[neilofnorton]

Ken

Hard disc check- Starbuck guided me through numerous checks - I presume he was happy with the results.

 

Memory checks as requested by you put on hold for a short time because after many years of waiting BT has just now made available

fibre optic to my area after years of promises. My current facility is so pathetic.

I have ordered their top package at a very favourable rate.

 

After installation I will do your requested checks.

 

I do not have any other memory options but if necessary this computer has a maximum memory capability of 16gb-if necessary I

will purchase the necessary upgrade.

 

On Sunday I did a backup which was carried out without any "freeze up" of the system-appeared successful.

 

This Dell has a health check system - check confirmed all functions passed the test.

 

Once infinity installed (within a fortnight) I will report further on the performance- at present major improvement is apparent.

 

Neil

[KenB]

Hi Neil,

 

I will purchase the necessary upgrade.

If the 8 GB is working - this is more than enough. It is not necessary to spend out on a further 8GB ........unless you specifically want to.

 

The intermittent boot-up could be due to a failing PSU.

 

Get back to me after you have had BT upgrade your system.

[neilofnorton]

Ken

 

Fibre optics installed eventually on Wednesday-appears ok up to now.

 

4 1gb modules on computer - tried in various options - made no difference to performance.

Removed 2 and rebooted- noticed no difference to performance.

Did a Dell modulo memory analysis test - all 20 tests passed.

 

Whilst moving modules I did a Kaspersky vulnerability scan- 3 scans in all.

 

All scans seized up- 4 modules or two modules

 

All showing the same data 50358 files 88% with two minutes left

 

seizure showing on all three scans

 

C:\windows\system32\DriverStore\FileRepository\...02.inf-amd64-neutral-04d05dIf6a90ea24\Amd64\HPWK550T.GPD (well known to Google)

 

Full scans have all seized apart from the very first scan after installtion.

 

The same seizures applied prior to infinitiy being installed

 

Everything else appears to be ok

 

Neil

[neilofnorton]

Ken

Just tried to do a backup on Seagate 2TB

 

System froze at about 70%

 

Neil