clampi?

[rcb56]

looking in the program files for the program the log files for this date include about 12 logs...need them all?

 

[Juliet]

I don't think I need to see any of those logs.

Please find these tools I had you download earlier and delete those.

AdwCleaner and Junkware Removal Tool

We'll see if we can get updated versions

~~~

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
  In order to use AdwCleaner, you have to agree the Eula:
• Right-click AdwCleaner.exe and select
  
  Run as administrator to run the programme.
• Follow the prompts.
• Click
  
  Scan.
• Upon completion, click
  
  Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
• Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
• Click
  
  Clean.
• Follow the prompts and allow your computer to reboot.
• After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

~~~

Let's open and update Malwarebytes Anti-Malware

• Open Malwarebytes
• Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
  
  
  
  
• On the Dashboard click on Update Now
  
• Go to the Setting Tab
  
• Under Setting go to Detection and Protection
  
• Under PUP and PUM make sure both are set to show Treat Detections as Malware
  
• Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  
• Then on the Dashboard click on Scan
  
• Make sure to select THREAT SCAN
  
• Then click on Scan
  
• Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  
• When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
• If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  
• Please paste the log back into this thread for review
  
  
• Exit Malwarebytes

please post
AdwCleaner[C1].txt
JRT.txt
Malwarebytes log

 

[rcb56]

sorry i was out of town unexpectedly...ok running adware it didn't prompt me on the eula or reboot...it all is running good though

# AdwCleaner v6.043 - Logfile created 20/02/2017 at 20:37:03
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-20.3 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Dad - BRIDGES1
# Running from : C:\Users\Dad\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3772 Bytes] - [13/02/2017 03:25:15]
C:\AdwCleaner\AdwCleaner[S0].txt - [3761 Bytes] - [13/02/2017 03:24:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [1126 Bytes] - [20/02/2017 20:37:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1199 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Dad (Administrator) on Mon 02/20/2017 at 20:44:37.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/20/2017 at 20:47:00.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Juliet]

Malwarebytes log ?

 

[Juliet]

Also, please tell me how the computer is now.

 

[rcb56]

Malwarebytes log ?

oops!

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/20/2017
Scan Time: 8:51 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.02.21.01
Rootkit Database: v2017.02.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Dad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390929
Time Elapsed: 21 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[rcb56]

it's doing ok...it is skittish. it seems at times to be just normal and then s l o w d o w n and takes forever for no reason at all. it's staying online except an occasional call knocks me off. it may just be me but these scans come back so innocent looking and i can't help but wonder if the boogy man is napping somewhere,

 

[Juliet]

Let's do a quick check to see if windows is trying to update.

https://support.microsoft.com/en-us...d0d4-42b6-0018-ca48577f9909/update-windows-10

 

[rcb56]

it updated ok, it needed one that was installed. i guess all is well here, i know it was a scare to me as i'd never been confronted like i was by one who was operating totally criminal. live and learn...what do i need to watch for if there is anything i may can foresee, i understand clampi is very elusive. i've changed all of my info on banking, passwords and things like that.

 

[Juliet]

Since all passwords have been changed. the best to do for now is practice safe surfing as best you can.

Something doesn't look right ....handle with care.

• Please download DelFix or from Here and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
• Activate UAC
• Remove disinfection tools
• Click the Run button.
• -- This will remove the specialized tools we used to disinfect your system.
  Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP

• AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• 
  CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
• 
  Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
• 
  Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
• 
  NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
• Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
• 
  Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
• 
  SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
• 
  Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

 

[rcb56]

ok juliet thanks for everything and sorry i was away some. i have noticed that several times the website won't load all the way or just keeps loading...like this page has been loading since i came online at 9:40, may mean nothing but this pc usually connects easy. also it has had days. i guess i may stop back in a few days to say how it's all doing,,,? or? i'll wait and see how the next day or two.

 

[Juliet]

ok juliet thanks for everything and sorry i was away some. i have noticed that several times the website won't load all the way or just keeps loading...like this page has been loading since i came online at 9:40, may mean nothing but this pc usually connects easy. also it has had days. i guess i may stop back in a few days to say how it's all doing,,,? or? i'll wait and see how the next day or two.

Mine has done this before too, and if I'm right it kinda corrects itself. Mostly I click on the stop loading button on the browser bar.
It's possibly due to system security. ...it's one of those, who knows?

Maybe we need to do an online scanner check?

• Download Emsisoft Emergency Kit and save it to your desktop.
• Double-click icon then click Install
• A Window should open highlighting Start Emergency Kit Scanner
• Right click on the icon and select Run as administrator
• Click 1. Update now!
• Once the update is completed select Settings under Scan
• Uncheck Join the Emsisoft Anti-Malware Network
• Click Scan at the top
• Click On scan completion
• Click Quarantine detected objects, then click OK
• Click Malware Scan
• Once completed click View Report
• Save the file to your Desktop using the default file name
• Copy and paste the report in your reply

 

[rcb56]

Emsisoft Emergency Kit - Version 12.0
Last update: 2/27/2017 2:08:42 PM
User account: BRIDGES1\Dad
Computer name: BRIDGES1
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
not much to it...everything seems to run ok. it's been firefox, cortana that takes so much memory and spikes the performance
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 2/27/2017 2:17:33 PM

Scanned 79971
Found 0

Scan end: 2/27/2017 2:27:28 PM
Scan time: 0:09:55

 

[Juliet]

Read over these help topics for Firefox and Cortana

https://support.mozilla.org/t5/Fire...-uses-too-much-memory-RAM-How-to-fix/ta-p/562
https://www.tenforums.com/general-support/56572-cortana-memory-use.html


ready to remove the tools used again?

 

[rcb56]

ok juliet, i will and thanks...again!

 

[Juliet]

We're glad to help

• Please download DelFix or from Here and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
• Activate UAC
• Remove disinfection tools
• Click the Run button.
• -- This will remove the specialized tools we used to disinfect your system.
  Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

 

[rcb56]

ok before i delete it all i need to mention a couple of new instances...my pc seems to run ok but videos at most places won't play. youtube does ok but other sites may have a video embedded that won't play like msn for instance. also last night it started crashing the network again knocking me offline after a minute or so. just now bitdefender av protection crashed about 3 times...i know you may not can help with that, i did send the report it prompted me to but thought it was worth mentioning. any thoughts before i delete those or do i go ahead and delete?

 

[Juliet]

all browsers have trouble with videos?

Let's ensure you have the latest version of Flash on your system.

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

https://support.google.com/chrome/answer/6138475?co=GENIE.Platform=Desktop&hl=en
http://forums.mozillazine.org/viewtopic.php?f=38&t=2636177
https://support.mozilla.org/t5/Videos-sound-pictures-and/Fix-common-audio-and-video-issues/ta-p/401
scroll to
Flash plugin: See Install the Flash plugin to view videos, animations and games and Flash Plugin - Keep it up to date and troubleshoot problems
and
Enable or activate plugins

~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Java
https://www.java.com/en/download/installed.jsp
Not sure if you need this but, here is the latest version of Java
Java 8 Update 121 released
- https://www.java.com/en/download/manual.jsp

~~~~

For your internet
Early on FRST showed us problems with your Wi-Fi Direct Virtual Adapter

Faulty Device Manager Devices =============

Name: Microsoft Wi-Fi Direct Virtual Adapter #4
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter #5
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Press Windows key + X.
Click on Device manager, expand network adapters and right-click on Microsoft Wi-Fi Direct Virtual Adapter (then right click it and enable it) or select enable. If it is not listed, it may be hidden. To show hidden devices, click View and select show hidden devices
Try disabling and re-enabling

Try the above tips and let's see if anything is corrected.

 

[rcb56]

juliet i have to leave until monday. i'll be back then and do this...thanks, have a great weekend!

 

[Juliet]

:bigthumb: