Page 1 of 2

WINDOWS 7 OS WINDOWS OF BROWSERS AND PROGRAMS PLAYING GAMES

PostPosted: Wed Sep 30, 2015 6:23 pm
by DJmandrevski
I got a old pc running windows 7 OS 64 bit E6500 something on the CPU or motherboard

recently i had a program self installed that come up with Trojans, and stuff like that

now my windows is jumping from one window to another or like ghostly clicking things around on the desktop

i think i still have virus or my windows gone too corrupt

also my firefox plays up on my adobe player for my facebook games and keeps closing the browser all the time


help me i dont want to reformat or back up that not an option at the moment


PS SORRY IF THIS BEING MENTION IN PASSED THREADS I HAVE NOT LOOKED YET JUST LOGGED ON AND WROTE THIS UP FOR HELP :)

Re: WINDOWS 7 OS WINDOWS OF BROWSERS AND PROGRAMS PLAYING GA

PostPosted: Wed Sep 30, 2015 8:17 pm
by evasive
http://www.bleepingcomputer.com/

they have a few specialists and their own toolset for removing stuff like that.

You already looked inside your computer, did you see signs of bad capacitors?
http://www.badcaps.net

That could be a reason too.

Other than that, I would try another mouse and keyboard first. Sounds weird but it happened to a client of me a long time ago.

Re: WINDOWS 7 OS WINDOWS OF BROWSERS AND PROGRAMS PLAYING GA

PostPosted: Thu Oct 01, 2015 8:37 am
by Karlsweldt
Be wary of any sites that offer "free" games or programs! Not all, but many, may contain malware or tracking cookies. And some can infect your system with a Trojan or virus.
A good way to check your system for malware is to start in 'safe' mode, do a scan with a quality antivirus program. But first turn off the 'restore' feature of Windows, or it may undo all your efforts on the next normal boot!

Re: WINDOWS 7 OS WINDOWS OF BROWSERS AND PROGRAMS PLAYING GA

PostPosted: Fri Oct 02, 2015 12:15 pm
by rascard2007
U can download some free bootable discs like "Kaspersky Rescue Disk" or "AVG Rescue CD" boot with them and clean the system then U can repair ur windows install and reinstall the software that were removed by the antivirus

I recently had a serious virus infection used both for clean the PC and dont have even to repair the win7 install

Re: WINDOWS 7 OS WINDOWS OF BROWSERS AND PROGRAMS PLAYING GA

PostPosted: Mon Oct 12, 2015 9:08 am
by DJmandrevski
i would not think it's hardware or bad caps it's software, the tabs on the task bar on win7 like expand and contract or split kind of animation also it looks like someone really taking control sort of. windows briefly flicker from one window opened to another and back making it hard to type i believe it might be an error in explorer.exe file or other file

Re: WINDOWS 7 OS WINDOWS OF BROWSERS AND PROGRAMS PLAYING GA

PostPosted: Mon Oct 12, 2015 3:37 pm
by Karlsweldt
There have been instances of a 'browser virus" that plays bad tricks. May be worth a try with Hijack This at finding what should not be on your system. Do only a scan, post results here so a pro can recommend what to delete or is suspicious.
There is a freeware version. http://www.hijackthis.com/hijackthis

Re: WINDOWS 7 OS WINDOWS OF BROWSERS AND PROGRAMS PLAYING GA

PostPosted: Mon Oct 12, 2015 3:50 pm
by DJmandrevski
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:45:09 AM, on 13-Oct-15
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)

FIREFOX: 41.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
C:\Users\lele\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\RunOnce: [delshell] cmd.exe /c del /q "C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.bak"
O4 - HKLM\..\RunOnce: [delshelltmp] cmd.exe /c del /q "C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64tmp.bak"
O4 - HKLM\..\RunOnce: [rdshafolder12485] cmd.exe /c if not exist "C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe" rd /s /q "C:\Program Files (x86)\Lenovo\SHAREit"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\lele\AppData\Local\Torch\Update\TorchCrashHandler.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7797 bytes

i think this was the result you after sorry i might have some < umm umm > programs non legit but oh well this the result of hijackthis result
i deleted only shareit but it still come up so i del it on highjack only, done nothing else i could see few more entries i can delete but since i don't know 100% what these files do i better leave them in even if might be a trojan entry


also i should mention sometimes it like flickers the window either a browser or program window many many times a second and then stops for like 1/4 to 1/2 sec later and goes normal and does it again maybe half min again later also sometimes a window disappears that dont appear when click and sometimes a window pops in for a split sec and disappears. that all i could describe further window flickering probs

Re: WINDOWS 7 OS WINDOWS OF BROWSERS AND PROGRAMS PLAYING GA

PostPosted: Tue Oct 13, 2015 5:16 am
by rascard2007
U have a lot of file missing issues, perhaps they were erased by the antivirus to stop the infection and all do u experience now is just the computer post-infection "hangover"

Try booting the win7 DVD and do a system repair to roll everything back

Re: WINDOWS 7 OS WINDOWS OF BROWSERS AND PROGRAMS PLAYING GA

PostPosted: Mon Oct 19, 2015 12:52 pm
by evasive
Looks like "System Check" malware leftovers or similar. Indeed, do a SFC repair with the DVD. After that post another hijackthis log, we'll see what needs to be taken out.

Re: WINDOWS 7 OS WINDOWS OF BROWSERS AND PROGRAMS PLAYING GA

PostPosted: Mon Oct 19, 2015 2:42 pm
by Karlsweldt
As to your flickering monitor images.. is this a CRT model or LCD model?
The older CRT models were susceptible to stray EMF (electrical magnetic fields) near the screen. Even a power transformer on a utility pole 10 feet away might cause flickering. LCD screens are almost immune to the effect.