• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Closed/Inactive I don't know if I'm infected with malware or a virus

Status
Not open for further replies.
Summerball

Summerball

PCHF Member
Jan 13, 2017
12
2
33
#1
Hi guys,

I'm having an issue with my laptop.
My brother used to play games on it and so, Now I have his laptop and I tried playing few games such as : Gmod/Red orchestra/Insurgency and some more but every single one crashes after 5 - 10 minutes or at start up. He did not have this problem when he played the same games, but I do.

I'm not a perfect computer expert but I know some stuff and I haven't found the issue. Please help me.
These are my specs :

Model laptop : ASUS X750JB Windows 8 pro 32-bit (A video on youtube has the same laptop, but his game goes smoothly...)
Memory : 8gb (The sticker says 8gb, but dxdiag results show that I used 3396MB and have 1927MB over...)
Also nvidea control panel shows that I have 4 gb ram
CPU : Intel(R) Core(TM) i7-4700HQ CPU @2.40Ghz (8CPU'S) ~2.4GHZ
GPU : There are 2 cards I think because Dxdiag results show : Intel(R) HD graphics 4600 1511MB but I have a nvidea card also that's called Geforce GT 740M.

I went to nvidea control panel and switched it the option ''PhysX-configuration'' to Nvidea instead of Intel, because logically nvidea should be better when using for gaming, but no succes. Also, the little icon that says ''Laptop screen'' stays at Intel(R) HD graphics, but the arrow changes to Nvidea.

I have no hope left...I do not know what to do! Please, be my hero and offer me a solution.
PS : I placed a few pictures so you can see my specs and nvidea control panel, maybe this will be easier then.
 

Attachments

  • Foto dxdiag 2.jpg
    Foto dxdiag 2.jpg
    119.4 KB · Views: 11
  • Foto DXDIAG.jpg
    Foto DXDIAG.jpg
    130.9 KB · Views: 10
  • Foto nvidea 1.jpg
    Foto nvidea 1.jpg
    119.8 KB · Views: 10
  • nvidea 2.jpg
    nvidea 2.jpg
    169.8 KB · Views: 11
  • nvidea 3.jpg
    nvidea 3.jpg
    178.5 KB · Views: 10
#2
Welcome To PCHF. :)

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

icon2-jpg.794


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

frst-disclaimer-jpg.795

  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan

frst-jpg.796


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002-jpg.797


Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 
#3
Hello again,

I followed the steps and got 2 logs, and I will post them here.

Edit : I uploaded the txt file of FRTS, so it's easier.
 

Attachments

  • FRST.txt
    61.7 KB · Views: 11
Last edited:
#4
This is the second post about the txt file named ''Addition''

EDIT : Like all the others, I uploaded a txt file of this instead of copying.
 

Attachments

  • Addition.txt
    50.8 KB · Views: 13
Last edited:
#5
I see that you have µTorrent installed. Though P2P programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roullette. Any file could be the one that will turn your computer into a very expensive door stop, and I would appeciate if you disabled the software and refrained from using it while we are working on your current issue. For all we know, this could be how your system was infiltrated.

Please run these scans, while I look over your FRST logs. :)



Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Rogue Killer Scan.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png


The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
 
#6
One question?

Is the program Служба автоматического обновления программ (HKU\S-1-5-21-165627662-1409266448-3510752754-1001\...\MailRuUpdater) (Version: - Mail.Ru) legit. Did you install this?

Once you have posted the above logs, then I will have your fix with FRST ready for you. :)
 
#9
This is the result of JRT cleaner :
EDIT : I uploaded a txt file, so this topic won't be so long and easier to look over.
 

Attachments

  • JRT.txt
    2.3 KB · Views: 8
Last edited:
#11
I can't copy and paste the txt file of rogue killer for some reason so I will just upload the txt file here instead of copying i.
 

Attachments

  • rk_1061.txt
    544.3 KB · Views: 11
Last edited:
#13
I got the logs from SecurityCheck, but since the laptop is originally installed in russian, the text document is also in russian.
I don't know how to change this, if you know please tell me but if it's not that big of an issue then alright.

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 14.01.2017 19:20:53
Path starting: C:\Users\orchoi\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: orchoi
VersionXML: 3.73is-14.01.2017
___________________________________________________________________________

Windows 8(6.2.9200) (x86) ProfessionalWMC Lang: Russian(0419)
Дата установки ОС: 16.10.2016 17:20:53
Статус лицензии: Windows(R), ProfessionalWMC edition Срок истечения многопользовательской активации: 43124 мин.
Статус лицензии: Office 16, Office16ProPlusVL_KMS_Client edition Срок истечения многопользовательской активации: 253607 мин.
Режим загрузки: Normal
Браузер по умолчанию: Internet Explorer (C:\Program Files\Internet Explorer\iexplore.exe)
Системный диск: C: ФС: [NTFS] Емкость: [232.4 Гб] Занято: [151.5 Гб] Свободно: [80.9 Гб]
------------------------------- [ Windows ] -------------------------------
Service Pack не установлен Внимание! Скачать обновления
^Возможно потребуется повторная активация Windows^
Internet Explorer 10.0.9200.17607
Контроль учётных записей пользователя включен
Загружать автоматически обновления и устанавливать по заданному расписанию
Дата установки обновлений: 2017-01-13 13:02:58
Windows Update (wuauserv) - Служба остановлена
Security Center (wscsvc) - Служба работает
Remote Registry (RemoteRegistry) - Служба остановлена
SSDP Discovery (SSDPSRV) - Служба работает
Remote Desktop Services (TermService) - Служба остановлена
Windows Remote Management (WS-Management) (WinRM) - Служба остановлена
---------------------------- [ Antivirus_WMI ] ----------------------------
ESET Smart Security 8.0 (включен и обновлен)
Windows Defender (выключен и обновлен)
---------------------------- [ Firewall_WMI ] -----------------------------
Персональный файервол ESET (включен)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (выключен и обновлен)
ESET Smart Security 8.0 (включен и обновлен)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Smart Security v.8.0.319.1
--------------------------- [ OtherUtilities ] ----------------------------
TeamViewer 11 v.11.0.66695 Внимание! Скачать обновления
VLC media player v.2.2.4
WinRAR 5.40 (32-bit) v.5.40.0
Wireshark 2.2.3 (32-bit) v.2.2.3
TeamViewer 11 (TeamViewer) - Служба работает
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.30 v.7.30.105
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.1.8.2 Внимание! Клиент сети P2P! Может содержать рекламные модули или использоваться для скачивания нежелательного контента.
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.12.5.3.17 Внимание! Скачать обновления
^Для проверки новой версии используйте приложение Apple Software Update^
Bonjour v.3.1.0.1
Bonjour-service (Bonjour Service) - Служба работает
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Google\Chrome\Application\chrome.exe v.55.0.2883.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\ESET\ESET Smart Security\egui.exe v.8.0.319.0
ESET Service (ekrn) - Служба работает
C:\Program Files\ESET\ESET Smart Security\ekrn.exe v.8.0.319.0
?????? ????????? Windows (WinDefend) - Служба остановлена
---------------------------- [ UnwantedApps ] -----------------------------
Driver Booster 4.0 v.4.0.2 Внимание! Приложение распространяется в рамках партнерских программ и сборников-бандлов. Рекомендуется деинсталляция. Возможно Вы стали жертвой обмана или социальной инженерии.
Popcorn Time v.5.5.1.2 Внимание! Подозрение на Adware! Если данная программа Вам неизвестна, рекомендуется ее деинсталляция и сканирование ПК с помощью Malwarebytes Anti-Malware и Malwarebytes AdwCleaner Перед деинсталляцией и сканированием обязательно проконсультируйтесь в теме форума, где Вам оказывается помощь!!!
Unity Web Player v.5.3.5f1 Внимание! Приложение распространяется в рамках партнерских программ и сборников-бандлов. Рекомендуется деинсталляция. Возможно Вы стали жертвой обмана или социальной инженерии.
----------------------------- [ End of Log ] ------------------------------
 

Attachments

  • SecurityCheck.txt
    10 KB · Views: 8
Last edited by a moderator:
#15
FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Zemana Deep Scan.




    • Right click on Zemana and run as admin.
    • Click the Cog/Sproket Wheel, at the top right of Zemana
    • Select Advanced - I have read the warning and wish to proceed.
    • Place a tick next to Detect Suspicious (Root CA) Certificates.
    • Then click the house icon in Zemana.
    • Then hit your start button at the lower left hand corner of your desktop.
    • Then left click on Computer.
    • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
    • bOVO6lY.png
    • Once the scan has completed click graph icon on the top right of the programs User interface.
    • Double click to open the latest log-file.
    • Copy it to your clipboard.
    • Post the log here in your next reply.
Zoek Scan

Note: Zoek Can take up to an hour to run, this is normal. Do not try and stop it even it if seems to be stalled. Let it run it's course!
---- Please run this tool from Safe Mode with networking.----- If it has trouble starting in normal mode.

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

Fresh FRST Logs.


Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply
 

Attachments

  • fixlist.txt
    17.9 KB · Views: 16
#16
Hey, before I do the next thing you ask of me , I think that I may have found the root of my problem. Keyword : May.

First I updated my ESET security 8 to 10, then I tried gaming, still no succes. Then I disabled ESET security 10 and enabled windows firewall (standard) and made an exception to the games that I want, and since the on I encountered minimal issues.
However, I tried it for like 1 hour, I am still testing, so far so good. Who knows, maybe that was the problem all along.
I'll keep you updated tomorrow.
 
#17
I still highly suggest that you complete this thread, there is indeed malware on your machine that needs removing.

As far as the security check log posted here, I can not read Russian so do what the log says and update and or un install anything suggested by the tool.
 
#18
I will complete the thread tomorrow when I wake up, I am still testing.
I might have a little clue on why it doesn't work.
The game itself, let's for example choose Insurgency, works fine without adding any mods, but when I do, sometimes it works and sometimes it doesn't.
Like, when I crash on startup or on loading screen, I know that the mod is either : A) corrupt or B) too much ram using, so I delete it.
But, what suprises me is, when I choose mods that work fine in one match, the other match it makes me CTD (Crash to desktop), while I played a full match with the exact same mods.

Can it be that my memory can't handle the mods at some point or?
 
#20
This is the result of the Zemana scan :
Zemana AntiMalware 2.70.2.442 (geïnstalleerd)

-------------------------------------------------------
Scan Result : Compleet
Scan Date : 2017-1-17
Operating System : Windows 8 32-bit
Processor : 8X Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
BIOS Mode : Legacy
CUID : 12F31CD67571AD31771A70
Scan Type : Aangepaste scan
Duration : 5m 33s
Scanned Objects : 296330
Detected Objects : 12
Excluded Objects : 0
Read Level : Normal
Auto Upload : Aangeschakeld
Detect All Extensions : Uitgeschakeld
Scan Documents : Uitgeschakeld
Domain Info : KOPIMI,0,2

Detected Objects
-------------------------------------------------------

ICReinstall_Setup_ImgBurn_2.5.8.0_dlm.exe
Status : Gescand
Object : %temp%\icreinstall_setup_imgburn_2.5.8.0_dlm.exe
MD5 : C62AACFF57365475D3933844A77EE384
Publisher : PremiumBeam (New Media Holdings Ltd.)
Size : 1322944
Version : 0.0.0.0
Detection : Adware:Win32/FriedMedia!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %temp%\icreinstall_setup_imgburn_2.5.8.0_dlm.exe

mrupdsrv.exe
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\byugsliussvanleqkzsaileqxkywxbwo\update service\mrupdsrv.exe
MD5 : 4D0704E8ABED2656DC4C02C08676D7AE
Publisher : LLC Mail.Ru
Size : 2187992
Version : 3.3.0.7
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\byugsliussvanleqkzsaileqxkywxbwo\update service\mrupdsrv.exe

MailRuUpdater.exe
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\byugsliussvanleqkzsaileqxkywxbwo\mailruupdater.exe
MD5 : 4EE4D92E9691754FEAE9FDD890701E37
Publisher : LLC Mail.Ru
Size : 4157656
Version : 3.8.0.5
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\byugsliussvanleqkzsaileqxkywxbwo\mailruupdater.exe

native_host_app.exe
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\byugsliussvanleqkzsaileqxkywxbwo\gochromiumnativehost\native_host_app.exe
MD5 : 7336F1E3ECA0F095CC5ED279804026D3
Publisher : LLC Mail.Ru
Size : 2270936
Version : 3.2.0.12
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\byugsliussvanleqkzsaileqxkywxbwo\gochromiumnativehost\native_host_app.exe

chrome.dll
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\chrome.dll
MD5 : 59BFBD260272888E7D760AAB2633E925
Publisher : LLC Mail.Ru
Size : 39928832
Version : 54.0.2840.189
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\chrome.dll

amigo.exe
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\amigo.exe
MD5 : F3BEF32E56A17274F8FEB56FFB683067
Publisher : LLC Mail.Ru
Size : 3394776
Version : 54.0.2840.189
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\amigo.exe

nacl64.exe
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\nacl64.exe
MD5 : 09FF0502EA7A5AE6FB62156A2E921D91
Publisher : LLC Mail.Ru
Size : 5556952
Version : 54.0.2840.189
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\nacl64.exe

libglesv2.dll
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\libglesv2.dll
MD5 : CA186EC30E5CF3A494196B404155C2BC
Publisher : LLC Mail.Ru
Size : 1879768
Version : 2.1.0.0
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\libglesv2.dll

libegl.dll
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\libegl.dll
MD5 : D93211DAA0BB0EEEBB34F95980E3236E
Publisher : LLC Mail.Ru
Size : 85720
Version : 2.1.0.0
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\libegl.dll

chrome_watcher.dll
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\chrome_watcher.dll
MD5 : 17AF283984AF81842216284564B69F0C
Publisher : LLC Mail.Ru
Size : 463576
Version : 54.0.2840.189
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\chrome_watcher.dll

chrome_elf.dll
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\chrome_elf.dll
MD5 : D18C6EB0D0E7AFFE737F6E37335E05E2
Publisher : LLC Mail.Ru
Size : 374488
Version : 54.0.2840.189
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\chrome_elf.dll

chrome_child.dll
Status : Gescand
Object : %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\chrome_child.dll
MD5 : FD73CDA3BCB43059FDE3B88FA79E233A
Publisher : LLC Mail.Ru
Size : 49894400
Version : 54.0.2840.189
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Quarantaine
Related Objects :
Bestand - %homedrive%\adwcleaner\quarantine\files\nszirrjsizhlfncfdoyfmhggwwwiuoso\application\54.0.2840.189\chrome_child.dll


Cleaning Result
-------------------------------------------------------
Cleaned : 12
Reported as safe : 0
Failed : 0

(I'll be back later, but I had time to quickly run this scan, when I'm back I'll proceed with the other scan.)
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu