Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VERY SLOW COMPUTER


  • Please log in to reply
6 replies to this topic

#1 MPH34

MPH34

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 August 2014 - 01:14 PM

Took to me a quite while to even register.

 

 

I have some sort of virus or malware but I can't seem to get rid of it. I have the latest version of  Norton Antivirus and nothing shows up. I ran Malwarebytes and the rootkit version of Malwarebytes.  I ran the Junkware Removal Tool, Sophos Anti-rootkit, Macafees antirootkit, GMer, adwCleaner, and HitmanPro. I also ran programs called TDSkiller and RKill. Nothing malicious shows up on any of them.

 

I am unable to run ComboFix.  I can get it to the initial screen but it says Access is Denied when it starts. I right clicked and clicked 'Run as Administrator.'  That did not help. I disabled the Antivirus software.  I have a program called Constant Guard from Comcast. I have no idea if that has anything to do with it, but I have used ComboFix in the past with success.

 

Any tips would be very helpful. It is not my internet either. I had Comcast come out. The computer doesn't run fast on other connections.


Edited by MPH34, 27 August 2014 - 01:22 PM.


BC AdBot (Login to Remove)

 


#2 MPH34

MPH34
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 August 2014 - 01:43 PM

Also I ran another program that says Windows Automatic Update is disabled. I am curious if this is a big deal.



#3 MPH34

MPH34
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 August 2014 - 09:38 PM

I will go through the steps that have been posted for others since my computer is running right now. The computer works intermittently (usually at night). 

 

Here are the Security Check up Notepad contents:

 

Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 SUPERAntiSpyware Free Edition   
 HijackThis 2.0.2    
 Java 7 Update 67  
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 10.1.2 Adobe Reader out of Date!
 Mozilla Firefox (3.6.15) Firefox out of Date!
 Mozilla Thunderbird (5.0). Thunderbird out of Date!
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````
 iolo System Mechanic iologovernor64.exe  
 iolo Common Lib ioloServiceManager.exe 
 iolo System Mechanic LiveBoost.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10% 
````````````````````End of Log``````````````````````
 
 
Here is the Farbar logs:
 

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

Edited by MPH34, 27 August 2014 - 09:39 PM.


#4 MPH34

MPH34
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 August 2014 - 09:46 PM

Here is the Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/27/2014
Scan Time: 9:20:07 PM
Logfile: malwarebytesfile.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.27.08
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418022
Time Elapsed: 23 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.ASK.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "", "http://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9A89578E-31EC-4861-9F9D-75A0BA13C3C6&SSPV=", "http://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11466&pf=V7&trgb=CR&p2=Replaced,[4054e7e4502b7cba18dfaa6ab5508977]EBECReplaced,[4054e7e4502b7cba18dfaa6ab5508977]EOSJ000Replaced,[4054e7e4502b7cba18dfaa6ab5508977]EYYReplaced,[4054e7e4502b7cba18dfaa6ab5508977]EUS&gct=hp&apn_ptnrs=BEC&apn_dtid=Replaced,[4054e7e4502b7cba18dfaa6ab5508977]EOSJ000Replaced,[4054e7e4502b7cba18dfaa6ab5508977]EYYReplaced,[4054e7e4502b7cba18dfaa6ab5508977]EUS&apn_dbr=cr_35.0.1916.153&apn_uid=ED094FF4-D384-4BF5-9C98-E2876C5E13CC&itbv=12.12.2.84&doi=2014-07-04&psv=&pt=tb" ],), Replaced,[4054e7e4502b7cba18dfaa6ab5508977]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 MPH34

MPH34
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 August 2014 - 09:48 PM

Here is Rkill:

 

Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.


#6 MPH34

MPH34
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 August 2014 - 10:06 PM

Any help I can get would be greatly appreciated. Even in the short window since I've posted my computer has gotten insanely slow. At some point it typically becomes unworkable for a period of time. I really have no idea what the problem could be other than it being Malware. It isn't an internet connection problem and it is not a hardware problem. 


Edited by MPH34, 27 August 2014 - 10:10 PM.


#7 MPH34

MPH34
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 28 August 2014 - 07:33 AM

Here is a log from HitmanPro

 

 
   Computer name . . . . : USER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : User-PC\User
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-08-28 08:19:05
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 53s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 52
 
   Objects scanned . . . : 1,540,477
   Files scanned . . . . : 24,721
   Remnants scanned  . . : 384,717 files / 1,131,039 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\User\Downloads\FSS.exe
      Size . . . . . . . : 415,232 bytes
      Age  . . . . . . . : 0.4 days (2014-08-27 22:15:42)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 149759CADFDF8C19A4104C7DB08BA490D33CFBD29785640385239087B79E1FD2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\User\Downloads\FSS.exe
          0.0s C:\Users\User\Downloads\FSS.exe
 
 
Potential Unwanted Programs _________________________________________________
 
   session/startup_urls[1]
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
   session/startup_urls[2]
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
   HKLM\SOFTWARE\Classes\AppID\osmax.ocx\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{5C731C2A-6ADF-487E-99A2-7291BF794A14}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{7131C082-F3C6-404D-B8CC-8AF9CFB6209D}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\osmax.ocx\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{5C731C2A-6ADF-487E-99A2-7291BF794A14}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7131C082-F3C6-404D-B8CC-8AF9CFB6209D}\ (Babylon)
   HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ (AskBar)
   HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ (AskBar)
   HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ (AskBar)
   HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ (AskBar)
   HKU\S-1-5-21-3827219034-487437719-965800628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Condut\ (Sweetpacks)
   HKU\S-1-5-21-3827219034-487437719-965800628-1000\Software\Condut\ (Sweetpacks)
   HKU\S-1-5-21-3827219034-487437719-965800628-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ (AskBar)
   HKU\S-1-5-21-3827219034-487437719-965800628-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ (AskBar)
 
Cookies _____________________________________________________________________
 
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.investingchannel.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
 
 
[/code]





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users