Malware Bytes warned me of malware

I am at college and once again connecting to the schools network has caused something. malware bytes claims I was on a malicious site. I closed the site and no warnings. a few hours late avast says I have a problem. I did what avast recommended and no more warnings from avast. minutes later malwarebytes says something try to attack, it gave an IP address located in Romania. it also said a file in System32, svchost was infected ( I had a similar problem last year with the file being infected on the same network) . after that no warnings. I did notice how ever, the intel turbo boost monitor takes a few minutes to popup, usually take 10-20 seconds ( I use it as a reference to start using my laptop). on top of that the boost monitor doesn’t work and my computer is slower aswell especially when logging on.

How to recive help instructions here https://forum.avast.com/index.php?topic=53253.0

the logs.

You have a PUP in your recycle bin … right click it and empty it
I see you have run Combofix … attach the log

Removal team is notified, it may take some time before they are online

Hello :slight_smile:

https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/junkware-removal-tool/JRTbythisisu.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and let this process run uninterrupted.
[*]This scan can take a while, depending on your System specs.
[*]Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

[*]Right-click on
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and click Scan.
[*]When finished, please click Clean.
[*]Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

the combofix log is from the previous problem i had, it was the blackbeard thing. the next logs. there are other adwcleaner logs, but the s2 is the last one.

here is the last log i forgot about.

I’ve gotten this message twice now. this is after 5 minutes of waiting for the turbo monitor to show up. ill get a black screen and this shows up afterwards. ive also noticed that on Core Temp program I have, the laptop is running at higher then usual. the base line right now is 40 Celsius and is usually 31.

Hi and sorry for the delay, I had a working Sunday.

Are you able to boot-up your machine at all?
In the logs provided I don;t see anything that may cause the logon issues. If the machine is unbootable, please try Safe Mode.

The machine is booting up fine but it takes time. More time on this network. Could that just be the network or something?

Boot issues shouldn’t be connected with network. There wasn’t also anything in those logs that could explain them.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

next logs

Hi :slight_smile:

https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Accept the disclaimer and agree if prompted to install Recovery Console.
[*]Do not take any actions while ComboFix goes through your System - it may cause it to stall!
[]This scan may take some time!
[
]When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If you’ll encounter any issues with internet connection after running ComboFix, please visit this link.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

http://forum.programosy.pl/images/smilies/icon_idea.gif
Don’t forget to re-enable your previously switched-off protection software!

hello here is the log. i may have messed up. i tried to uninstall the version i had to get the update and it didnt work, program continued, which is why you see “/ uninstall”. second, i forgot i had windows defender on, i dont recall ever having it on. and i forgot about MBAM. did i just mess you up?
thank you

Hi :slight_smile:

Nothing indcates that something went wrong. Just remember for future fixes that you shouldn;t run any switches on your own. It confuses helper and may render your machine unstable.

https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
Fix with ComboFix

Let’s prepare a Script for ComboFix to mark some things for being deleted.

[*]Press the
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png

  • R on your keyboard at the same time.
    [*]A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
    [*]In the shown window paste in the following script:

DDS::
uInternet Settings,ProxyOverride = *.local

ClearJavaCache::


[*]Go to File menu and select Save as.
[*]Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
[*]Name the file CFScript and select Save.

Your CFScript.txt file should appear on your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Now drag your CFScript file and drop it onto the
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
icon:

https://sites.google.com/site/cannedfixes/combofix/CFScript.gif

[*]This will start ComboFix. Let it run uninterrupted!
[*]A reboot may be needed during this run. Allow it.
[*]When finished, it shall produce a log for you at C:\ComboFix.txt and display it.

Please include that log in your next reply.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If you’ll encounter any issues with internet connection after running ComboFix, please visit this link.

http://forum.programosy.pl/images/smilies/icon_idea.gif
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

http://forum.programosy.pl/images/smilies/icon_idea.gif
Do not forget to turn on your previously switched-off protection software!

I’m sorry i haven’t replied i didn’t recieve a reply notification. i just recieved this from MBAM

Next combofix log

After 12 days I need to take a fresh look on your system.
Please try to check this thread at least daily. I wasn’t notified about other user’s post, so I understand you completely.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.

XP users click run after receipt of Windows Security Warning - Open File.
8 users will be prompted about Windows SmartScreen protection - click More information and Run.
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

logs