Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer acting strangely and extremely slow!


  • Please log in to reply
28 replies to this topic

#1 mo12

mo12

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 30 April 2014 - 11:09 PM

I have Vistas premium home version 64 bit with IE8 and service pack 2. Yesterday I got a red alert from Microsoft Security Essentials saying that all kinds of things were turned off in security essentials so I found out how to turn it all on. I also scanned with updated Malwarebytes free version and it found things which I removed. I don't seem to be getting the red warning sign anymore but the computer is terribly painfully slow and I keep getting these notices on the bottom of my screen saying that a certain percent of some file is downloading and it's weird stuff. It asks me if I want to run or save the file and I just click cancel but these strange files keep appearing as if they are downloading, Stuff like s3-us-west-2.amazonaws.com, they're unknown files, some say something about a video etc. When I click on Internet Explorer it takes forever to display my home page and when I go to google to search it really hangs for a long time and in Outlook it takes ages to go to an e-mail that I've clicked on and stuff like that. Please advise me on what to do to start the process of straightening things out. Thanks!



BC AdBot (Login to Remove)

 


m

#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:32 PM

Posted 01 May 2014 - 05:09 AM

Hello, mo12.

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.

  • Do not reboot the computer, you will need to run the application again.


Download AdwCleanerby Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button. (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • NOW : If you're ready to clean it all up.....click the Clean button.(only once)
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


In your next reply, please include the following:
  • Rkill log
  • Adwcleaner log
  • JRT log

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 May 2014 - 09:09 AM

Can you tell me how to paste the Rkill log in here? I tried select all, copy and paste and it didn't work.



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:32 PM

Posted 01 May 2014 - 09:11 AM

Open rkill.log > select all > Copy > click at "Reply to this topic" box > Press "Ctrl+V"

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 May 2014 - 09:34 AM

It says there is an error on page and I can't seem to paste the log. The log is on my desktop, I open it and choose select all, copy, then click on reply to topic, click in the box and control v but nothing happens and it says error on page at the bottom.



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:32 PM

Posted 01 May 2014 - 11:52 AM

paste your logs here, one log per paste: http://pastebin.com

 

Then paste the link here.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 May 2014 - 12:15 PM

1.Rkill 2.6.5 by Lawrence Abrams (Grinler)

 

2.http://www.bleepingcomputer.com/

 

3.Copyright 2008-2014 BleepingComputer.com

 

4.More Information about Rkill can be found at this link:

 

5. http://www.bleepingcomputer.com/forums/topic308364.html

 

6.

 

7.Program started at: 05/01/2014 11:44:07 AM in x64 mode.

 

8.Windows Version: Windows Vista ™ Home Premium Service Pack 2

 

9.

 

10.Checking for Windows services to stop:

 

11.

 

12. * No malware services found to stop.

 

13.

 

14.Checking for processes to terminate:

 

15.

 

16. * C:\Users\Maureen\AppData\Roaming\Nymo\WIN209D.exe (PID: 2580) [UP-HEUR]

 

17. * C:\Windows\CNYHKey.exe (PID: 2624) [WD-HEUR]

 

18. * C:\Windows\MHotkey.exe (PID: 2632) [WD-HEUR]

 

19. * C:\Windows\ModLedKey.exe (PID: 2828) [WD-HEUR]

 

20. * C:\Windows\ChiFuncExt.exe (PID: 1636) [WD-HEUR]

 

21.

 

22.5 proccesses terminated!

 

23.

 

24.Checking Registry for malware related settings:

 

25.

 

26. * No issues found in the Registry.

 

27.

 

28.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

29.

 

30.Performing miscellaneous checks:

 

31.

 

32. * No issues found.

 

33.

 

34.Checking Windows Service Integrity:

 

35.

 

36. * No issues found.

 

37.

 

38.Searching for Missing Digital Signatures:

 

39.

 

40. * No issues found.

 

41.

 

42.Checking HOSTS File:

 

43.

 

44. * HOSTS file entries found:

 

45.

 

46.  127.0.0.1       localhost

 

47.  ::1             localhost

 

48.

 

49.Program finished at: 05/01/2014 11:45:24 AM

 

50.Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)



#8 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 May 2014 - 12:18 PM

Okay so finally here is the Rkill log! Should I do the adware step now? I will not be able to figure out what to save or not save so will be posting the log for your analysis.



#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:32 PM

Posted 01 May 2014 - 12:21 PM

OK, so after you click report button in adwcleaner steps, post that log the same way you do with rkill. Don't click Clean.

 

Also don't do JRT steps yet.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 May 2014 - 12:46 PM

1.# AdwCleaner v3.205 - Report created 01/05/2014 at 12:27:26

 

2.# Updated 28/04/2014 by Xplode

 

3.# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)

 

4.# Username : Maureen - MAUREEN-PC

 

5.# Running from : C:\Users\Maureen\Desktop\AdwCleaner.exe

 

6.# Option : Scan

 

7.

 

8.***** [ Services ] *****

 

9.

 

10.

 

11.***** [ Files / Folders ] *****

 

12.

 

13.

 

14.***** [ Shortcuts ] *****

 

15.

 

16.

 

17.***** [ Registry ] *****

 

18.

 

19.Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}

 

20.Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

 

21.Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}

 

22.

 

23.***** [ Browsers ] *****

 

24.

 

25.-\\ Internet Explorer v8.0.6001.19518

 

26.

 

27.

 

28.*************************

 

29.

 

30.AdwCleaner[R0].txt - [829 octets] - [01/05/2014 12:27:26]

 

31.

 

32.########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [888 octets] ##########



#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:32 PM

Posted 01 May 2014 - 12:53 PM

OK, files found by adwcleaner are PUP (Possibly McAfee Security Scan Plus that comes with Flash Player.)

You can clean it now by scan again and click on clean.

 

Also you can do JRT now.

 

Post adwcleaner[S0].txt and JRT.txt the same way.

Also, can you paste here now? Which browser you use?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 May 2014 - 01:22 PM

1.# AdwCleaner v3.205 - Report created 01/05/2014 at 13:09:10

 

2.# Updated 28/04/2014 by Xplode

 

3.# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)

 

4.# Username : Maureen - MAUREEN-PC

 

5.# Running from : C:\Users\Maureen\Desktop\AdwCleaner.exe

 

6.# Option : Clean

 

7.

 

8.***** [ Services ] *****

 

9.

 

10.

 

11.***** [ Files / Folders ] *****

 

12.

 

13.

 

14.***** [ Shortcuts ] *****

 

15.

 

16.

 

17.***** [ Registry ] *****

 

18.

 

19.Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

 

20.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}

 

21.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}

 

22.

 

23.***** [ Browsers ] *****

 

24.

 

25.-\\ Internet Explorer v8.0.6001.19518

 

26.

 

27.

 

28.*************************

 

29.

 

30.AdwCleaner[R0].txt - [967 octets] - [01/05/2014 12:27:26]

 

31.AdwCleaner[R1].txt - [1026 octets] - [01/05/2014 13:08:31]

 

32.AdwCleaner[S0].txt - [955 octets] - [01/05/2014 13:09:10]

 

33.

 

34.########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1014 octets] ##########



#13 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 May 2014 - 01:26 PM

I am using Internet Explorer 8 browser and I've been using pastebin to post. Question: How do I shut off my security protection before doing JRT?



#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:04:32 PM

Posted 01 May 2014 - 01:28 PM

Which Antivirus/Antimalware you have?

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 mo12

mo12
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 May 2014 - 01:31 PM

I have Microsoft security Essentials and Malwarebytes.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users