[GeekGirl40]

Flickering started back for a short while on Firefox last night. I reset it hoping it would help it's performance. Also, It has a tendency to run up to 300 to 700% memory. Norton would log it but it's uninstalled for now. As well as uninstalled Ad Plus and NoScript in case it's adding to the dysfunction. Reinstalled NoScript to show you when warning's pop up in my next post. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 8.1 x64 Ran by OpheliaR on Thu 01/15/2015 at 11:22:45.37 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\WINDOWS\prefetch\ASKINSTALLER.EXE-9FF7869E.pf ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\Alawar Stargaze Successfully deleted: [Folder] C:\ProgramData\AlawarWrapper ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 01/15/2015 at 11:29:09.78 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.107 - Report created 15/01/2015 at 12:17:09 # Updated 07/01/2015 by Xplode # Database : 2015-01-13.2 [Live] # Operating System : Windows 8.1 (64 bits) # Username : OpheliaR - GODSPROPERTY2 # Running from : C:\Users\OpheliaR\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v35.0 (x86 en-US) ************************* AdwCleaner[R0].txt - [6341 octets] - [21/12/2014 14:05:38] AdwCleaner[R1].txt - [5449 octets] - [22/12/2014 10:24:37] AdwCleaner[R2].txt - [1080 octets] - [06/01/2015 11:37:45] AdwCleaner[R3].txt - [1140 octets] - [06/01/2015 16:16:00] AdwCleaner[R4].txt - [1307 octets] - [08/01/2015 10:32:46] AdwCleaner[R5].txt - [900 octets] - [15/01/2015 12:17:09] AdwCleaner[S0].txt - [6624 octets] - [21/12/2014 14:20:05] AdwCleaner[S1].txt - [5518 octets] - [22/12/2014 10:31:24] AdwCleaner[S2].txt - [1148 octets] - [07/01/2015 14:59:30] ########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1139 octets] ##########

[Advertisements]

Sorry about how that came out. It didn't start out like that at all.

[GeekGirl40]

Sorry about how that came out. It didn't start out like that at all.

[Buddierdl]

Can you attach the files for me from adwCleaner and JRT?

[GeekGirl40]

Ok

Attached Files

•  JRT.txt   832bytes   146 downloads
•  AdwCleanerR5.txt   1.19KB   168 downloads

[Buddierdl]

How is Firefox running after the reset?

Does IE have the same problems?

[GeekGirl40]

Slightly better. Flickering slowed again.It will have moments when it's processing high and seems to get all weird. I noticed too that Adobe Flash player 16.0 r0 32 bit will sometimes run high in memory. I think depending on what website I'm on. Not sure yet since I'm just paying more attention to it lately. Also I see two of these background processes. Is that normal.Only one will read high and the other will be low.

 

IE is ok for now. When I did all I mentioned to it yesterday, while searching on Bing some of its graphiics disappeared and some of its lettering that suppose to be white were blue. That lasted until I restarted IE then no more issues with it. Also, while I was on Facebook last night I clicked thier icon to get back to my main page and I recieved a pop up asking if I wanted to leave this page or stay on it. I would stay and kept clicking another link to take me to my other page and I go the same message. I closed it out and reopened with no problems.

[GeekGirl40]

Meant to say that most issues I been having with redirect attempts and so on has been on Firefox. Like I mentioned at the start, what ever I use often I began to have issues. I use Firefox often now, but it was Chrome that I used 90% of the time. IE seldom.

[Buddierdl]

When you are re-directed, what kind of sites are you sent to? Are they always the same?

Please download and run this tool, and post the report for me: http://www.bleepingc...ortcut-cleaner/

[GeekGirl40]

Yes.Shortcut Cleaner 1.3.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 http://www.bleepingc...ortcut-cleaner/

Windows Version: Windows 8.1
Program started at: 01/15/2015 03:02:27 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\OpheliaR\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\OpheliaR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\OpheliaR\Desktop


0 bad shortcuts found.

Program finished at: 01/15/2015 03:02:29 PM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
 

[Buddierdl]

When you are re-directed, what kind of sites are you sent to?

[GeekGirl40]

Same site, but a link thats on the site will open at any time. No particular site and it's not constant, but enough to have me concerned. On this site the times I post will be a different post time next time I log in. That's another thing. I can log out and close tab, just to come back to site and I'm still logged in. That happens on both IE and Firefox on several sites I use often and on Chrome when I had it. One time I logged out of a game that I use only one of my email addresses and next time I played it another of my email address was entered in it. I probably cleared out most of the junk through various scans prior to inquiring about it.

[Buddierdl]

Let's run a few more scans, and then see what we can do about the strange issues with your browsers. Let me know if there is any improvement after these scans.
 
Step 1: Run SecurityCheck
 
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.
 
Please download Malwarebytes' Anti-Malware from Here. 
 
Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)

• Select the language and click OK.
• Accept the agreement
• Please uncheck the box next to Enable the Free Trial (unless you would like to try it) and check the box next to Launch Malwarebytes' Anti-Malware, then click on finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Scan Now".
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click on Quarantine All,.
• When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
• Upon restart, launch Malwarebytes Antimalware and select History.
• Double click on the last scan done, then on Copy to Clipboard.
• To submit your reply, click on Add Reply, then right click on the window and select Paste.
• Submit your reply.

Extra Note:
 
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 
Step 3: Run online scan.
 
Run ESET Online Scanner:
 
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 
Things I need in your next reply:

• SecurityCheck log
• MBAM log
• ESET log
• How is the computer running now?

[GeekGirl40]

Much better performance since my last reply.......

 

 

 

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     16.0.0.257  
 Mozilla Firefox (35.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae64.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/17/2015
Scan Time: 3:01:14 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.17.01
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: OpheliaR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 451082
Time Elapsed: 1 hr, 1 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1b589d04af633944ad8c4664b803c953
# engine=21842
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-07 10:16:28
# local_time=2015-01-07 05:16:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5129 16777214 100 97 233962 106922004 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 44585481 0 0
# scanned=330658
# found=12
# cleaned=8
# scan_time=40470
sh=15306C92941D1B8CA6105A359566DC15C78FDE87 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\OpheliaR\AppData\Local\Temp\rninst~0\ui_data\stubinst_pkg_en-us.cab"
sh=8F510D9BFD520EAFBA846BC618C8B704B2A2464A ft=1 fh=8adad6b861d75364 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\OpheliaR\AppData\Local\Temp\rninst~0\ui_data\ask\ASKInstaller.exe"
sh=69B97D06E0549BC68C233B7692B2950CB90F2040 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\OpheliaR\AppData\Local\Temp\rninst~0\ui_data\ask\ask_en.cab"
sh=1CC66D39A1BAF4B3282897FF951FD6AFCD022269 ft=1 fh=d70db284cac258da vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\OpheliaR\AppData\Local\Temp\rninst~0\ui_data\inst_config\OCSetupHlp.dll"
sh=15306C92941D1B8CA6105A359566DC15C78FDE87 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\OpheliaR\AppData\Local\Microsoft\Windows\INetCache\IE\6NEB4OBW\stubinst_pkg_en-us[1].cab"
sh=69B97D06E0549BC68C233B7692B2950CB90F2040 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\OpheliaR\AppData\Local\Microsoft\Windows\INetCache\IE\EV9OVO90\ask_en[1].cab"
sh=1997580424FE070468F692B8F4641BF9B30BC5D0 ft=1 fh=24659b6f80c7090d vn="Win32/Toolbar.Montiera.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\OpheliaR\Desktop\Old Firefox Data\tc97cbjx.default\extensions\[email protected]\uninstall.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\OpheliaR\Downloads\ccsetup501.exe"
sh=46333729F6FAC1BC033402486DD15592B3622599 ft=1 fh=c1cae6d82910f6dd vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\OpheliaR\Downloads\zaSetupWeb_133_209_000-5400_123.exe"
sh=9B5AA9D21F25F281DCD07094AAEE9BD4CF03F12D ft=1 fh=1c058e4f2945e215 vn="Win32/Toolbar.Montiera.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Users\OpheliaR\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe"
sh=8490554F15357EA162494EE1763509959F3EBAEB ft=1 fh=58b66b725959d138 vn="Win32/Toolbar.Montiera.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Users\OpheliaR\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe"
sh=E4772585CEB9AA369A292D03667C7AA76E9EA04A ft=1 fh=274da3f94e245cf7 vn="Win32/Toolbar.Montiera.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Users\OpheliaR\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1b589d04af633944ad8c4664b803c953
# engine=22013
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-17 01:14:22
# local_time=2015-01-17 08:14:22 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 11718381 0 0
# scanned=328243
# found=0
# cleaned=0
# scan_time=14301
 

[Buddierdl]

Ok. Let's clean up your temp files:

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

What issues remain now that we need to fix?

[GeekGirl40]

Okay. Temp files done. Really I have just a few questions and just deal with the minor stuff later.

You asked if I reinstalled Windows. What was the indicator and should I be concerned? This weekend I checked my other user sides and so far so good. They both started up as if it was the first time I been on them. Again, I did refresh and had one restore within last couple months. So will that show up as a reinstall?

 

What causes about:blank to replace my homepage on IE?

 

Also is there another way to uninstall Chrome so I can reinstall it? On MalwareBytes Anti-Exploit  its shows up under the tab Shields, says Google Chrome (and plug-ins) as an application and under Filename says chrome.exe, but I can't seem to find it. I want to get rid of all it's contents. It was one of the apps that messed up badly at the start of all this. Other than that, I  thank you for your help and patience.

Edited by GeekGirl40, 19 January 2015 - 11:07 AM.