Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running very slow #2


  • This topic is locked This topic is locked
21 replies to this topic

#1 duzap

duzap

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 05 September 2014 - 02:45 PM

Hello,

 

I am starting a new thread as I have been requested here: http://www.bleepingcomputer.com/forums/t/546015/computer-running-very-slow/

 

DDS.txt

http://pastebin.com/mqiyZEmU

 

Attach.txt

http://pastebin.com/JjgLjywD

 

 

 

Thank you.



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 PM

Posted 06 September 2014 - 10:59 AM

Hello  duzap and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Please do the following

 

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)

I want you to poste the FRST.txt report into your reply to me

 

 

Thanks


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 duzap

duzap
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 06 September 2014 - 05:47 PM

FRST64

http://pastebin.com/UpXA8g5p



#4 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 PM

Posted 07 September 2014 - 03:25 AM

Hi,

Please do the following for me

Please download SystemLook from one of the links below and save it to your Desktop.
Download 1
Download 2

  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
:filefind
RootkitRevealer

:folderfind
RootkitRevealer

:regfind
RootkitRevealer
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan.
  • Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Regards
 


Edited by olgun52, 07 September 2014 - 02:22 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 duzap

duzap
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 08 September 2014 - 04:13 PM

RootkitRevealer is a program I downloaded from technet here: http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

To check if I have rootkits few weeks ago.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 00:07 on 09/09/2014 by Idan
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "RootkitRevealer"
No files found.
 
========== folderfind ==========
 
Searching for "RootkitRevealer"
No folders found.
 
========== regfind ==========
 
Searching for "RootkitRevealer"
[HKEY_CURRENT_USER\Software\Sysinternals\RootkitRevealer]
[HKEY_USERS\S-1-5-21-149788724-1810438044-2685332258-1000\Software\Sysinternals\RootkitRevealer]
 
-= EOF =-


#6 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 PM

Posted 09 September 2014 - 06:06 AM

 

RootkitRevealer is a program I downloaded from technet here: http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

To check if I have rootkits few weeks ago.

Error: (08/22/2014 05:18:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa

Yes. I saw him. You can delete it.

--------------------------------------------------------------------------

 

Step 1:

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

HKLM-x32\...\Run: [] => [X]
S3 catchme; \??\C:\idan\catchme.sys [X]
C:\Users\Idan\AppData\Local\Temp\sonarinst.exe
HKEY_CURRENT_USER\Software\Sysinternals\RootkitRevealer
HKEY_USERS\S-1-5-21-149788724-1810438044-2685332258-1000\Software\Sysinternals\RootkitRevealer
File:C:\a.log 
Folder:C:\TEMPP
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 

Step 2:

 

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

    Double click the mbar.zip file to open it, then 'Extract all files'.
    Double click the mbar folder to open it, then double click mbar.exe to start the tool.

    Check for Updates, then Scan your system for malware
  • If malware is found, do NOT press the Cleanup button yet. Click EXIT.

We'd like to see the log first. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt .

Please post the contents of that log in your next reply.

 

Step 3:

 

Please download and run RogueKiller 64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

 

Have a nice day.

Best regards.


Edited by olgun52, 09 September 2014 - 06:09 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 PM

Posted 11 September 2014 - 04:43 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

 

Regards


Edited by olgun52, 11 September 2014 - 04:44 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 duzap

duzap
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 11 September 2014 - 05:05 PM

Sorry for the delay.
 
 
I didn't include the line "Folder:c:\TEMPP" because it's a private folder that I have created where I have some stuff of mine.
I am afraid it will be removed if I will include it in the fixlist.txt file. So if it's really necessary to include it please let me know.
 
Here is the Fixlog.txt file:
 
MBAR

http://pastebin.com/KW5XTDjD

 

RogueKiller

http://pastebin.com/CAT9Q9ks


Edited by duzap, 11 September 2014 - 05:08 PM.


#9 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 PM

Posted 11 September 2014 - 06:34 PM

Hi again,

 

Looks clean the Logs.

 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 PM

Posted 14 September 2014 - 05:27 AM

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 PM

Posted 16 September 2014 - 04:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,257 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:48 AM

Posted 18 September 2014 - 06:07 PM

This topic has been re-opened at the request of the person who originally posted.

#13 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 PM

Posted 18 September 2014 - 06:38 PM

Hi duzap,

 

Please run combofix.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 duzap

duzap
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 20 September 2014 - 04:32 AM

ComboFix

http://pastebin.com/8rEUfME7



#15 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 PM

Posted 20 September 2014 - 06:23 AM

Hi duzap,

 

Did you already use Fortinet antivirus ?

 

-------------------------------------------------------------------------------

 

OTL Scan:

 

Download OTL to your Desktop
Secondary link

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • We only need the OTL.txt

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users