Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running slow and internet times out in browser


  • This topic is locked This topic is locked
15 replies to this topic

#1 puertorico

puertorico

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 16 January 2016 - 08:44 AM

I hope this is the correct forum for Hijack this logs.

 

Could someone tell me what is causing this ?

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:49 PM, on 1/16/2016
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)
Boot mode: Normal

Running processes:
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Users\CDH\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\hffext\hffsrv.exe
C:\Windows\ffpext\ffpsrv.exe
C:\Program Files (x86)\VLC Player GPU+\GPULog.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\CDH\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
C:\Users\CDH\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Users\CDH\Desktop\Tor Browser\Browser\firefox.exe
C:\Users\CDH\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Computer-Repair\VirusSpywareRemoval\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL
O2 - BHO: LocationFinder Class - {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - C:\Program Files (x86)\Skyhook Wireless\Loki Plugin\loki.dll
O2 - BHO: Visual bookmarks - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - C:\Program Files (x86)\Yandex\YandexBarIE\fastdial.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HFFSRV] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
O4 - HKLM\..\Run: [GPULoader] "C:\Program Files (x86)\VLC Player GPU+\GPULog.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\CDH\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: RealTimes Desktop Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13001 bytes
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 17 January 2016 - 11:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


How is the computer running now?
Wait for further instructions.

===

p.s.
HijackThis is no longer supported and is not ready for current operating systems.
I suggest your remove it via Control Panel > Programs and Features applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 puertorico

puertorico
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 18 January 2016 - 04:51 AM

Thanks for your reply,

I have attached the files as requested, but I seem to have multiple sets of Adware .Txt's, anyway I attached them all, better safe than sorry. lol

 

Also the FarBar file .

 

Please let me know if I need to take any further actions?

 

Thank you!

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 18 January 2016 - 10:00 AM


Open your Control panel > Programs and Features applet and remove these programs.

Internet Explorer için Yandex.Bar 6.0 (HKLM-x32\...\{6136C65B-318C-4093-AF2D-DCE7ECCCDB72}) (Version: 6.0.0.1720 - Yandex)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) <- old version.
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\VLC Player GPU+\GPULog.exe
(BitTorrent Inc.) C:\Users\CDH\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\CDH\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
HKLM-x32\...\Run: [GPULoader] => C:\Program Files (x86)\VLC Player GPU+\GPULog.exe [1323232 2014-03-05] ()
HKU\S-1-5-21-3030171753-1767478677-427377982-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3030171753-1767478677-427377982-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {6A8F5DA6-2375-4D53-9A2F-6326BE2754D8} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: Visual bookmarks -> {C93F72A2-2162-4BBA-A07A-F13663C297A6} -> C:\Program Files (x86)\Yandex\YandexBarIE\fastdial.dll => No File
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
Toolbar: HKU\S-1-5-21-3030171753-1767478677-427377982-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3030171753-1767478677-427377982-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
S3 dump_wmimmc; \??\C:\GamesCampus\Heroes In the Sky\GameGuard\dump_wmimmc.sys [X]
S3 esihdrv; \??\C:\Users\CDH\AppData\Local\Temp\esihdrv.sys [X]
S3 TKCtrl; \??\C:\Windows\system32\TKCtrl2k64.sys [X]
S3 TKFsAvM; \??\C:\Windows\system32\TKFsAv64.sys [X]
S3 TkFsFtM; system32\TKFsFt64.sys [X]
S1 TKFWFV; system32\TKFWFV64.sys [X]
S3 TKFWVT; \??\C:\Windows\system32\TKFWVT64.sys [X]
S3 TkIdsVt; \??\C:\Windows\system32\TkIdsVt64.sys [X]
S3 TKPcFt; \??\C:\Windows\system32\TKPcFtCb64.sys [X]
S3 X6va003; \??\C:\Users\CDH\AppData\Local\Temp\003C8BC.tmp [X]
C:\Program Files (x86)\VLC Player GPU+
C:\Users\CDH\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
Task: {5E5E025F-27CC-438B-BDD0-F0BC1AE170FC} - \SomotoUpdateCheckerAutoStart -> No File <==== ATTENTION
Task: {DAEAEA6C-4F9C-4F05-A5E9-7DEDB73ABCD1} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {F70AB61A-FDDA-45C3-AAAB-295A51899ECE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-12-11] ()
2013-12-10 05:53 - 2014-03-05 09:39 - 01323232 _____ () C:\Program Files (x86)\VLC Player GPU+\GPULog.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Please post the log and let me know what problem persists.


p.s.
You can delete the old AcwCleanerxx.txt files.

#5 puertorico

puertorico
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 18 January 2016 - 01:34 PM

Thank you, I followed the steps you suggested and things seem to improved slightly, but still much slower than it used to be.

 

I attached the Fixlog as requested,

 

Anything further that I might try?

 

I am becoming concerned that it might be a processor problem!

 

 

 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 19 January 2016 - 09:13 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CloseProcesses:

CMD: netsh winsock reset
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

If the problem persist run this tool.

You will need to temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold the following options are available to you.
Select only the check boxes for the options in bold.

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look
Auto Clean


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean



Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Make sure you Enable your AV Program.


Keep me posted.

#7 puertorico

puertorico
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 19 January 2016 - 03:44 PM

I have completed all the tasks set, pls find attached the log files.

 

 

The loading of pages is excruciatingly slow, I am sorry we haven't managed to solve this, having taken up your valuable time.

 

I don't suppose you have any other tricks, I could try?

 

Many thanks for all of your efforts on my behalf.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 20 January 2016 - 08:43 AM

Did you execute the Zoek scan as I have requested?

Your Zoek log is possibly not complete.
Please check the contents of you file.
Post the complete log for my review.
===

You IP address references this location.
http://whatismyipaddress.com/ip/195.175.39.40
Is this correct?

===

Have you tried recently to close/power off all of your Router, Modem and Computer.

Wait one minute and power everything back. This may help.

===

Contact your ISP and see if they can reset everything to the required settings.

Keep me posted.

#9 puertorico

puertorico
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 20 January 2016 - 03:23 PM

You were right about the Zoek report, the computer crashed before it was able to finish the first time.

Anyhow I repeated the steps, and it took about 45 minutes to complete, and then re-booted automatically, so I attach the report.

According to : http://whatismyipaddress.com   

The IP you mentioned directs to another City 9 hours from here, so I hope that is just the server, re-directing and not a Hijack.

 

What's your opinion on it?

 

 

 

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 21 January 2016 - 09:36 AM

[quote]According to : http://whatismyipaddress.com
The IP you mentioned directs to another City 9 hours from here, so I hope that is just the server, re-directing and not a Hijack.[/quote]

Check with your Internet Provider and make sure it's OK.

====
[quote]


Your Winsock was reset and the computer was restarted.

What problem persists?

#11 puertorico

puertorico
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 21 January 2016 - 11:27 AM

Things are now much better thanks, however I am still unable to watch anything on Youtube or Facebook, as it causes the computer to close down,

It never used to do that, what could be the causes?

 

Overheating ?

Graphics Card?

 

Your help would be greatly appreciated!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 21 January 2016 - 02:55 PM

Navigate to this page and run the video.



Look at your settings and change them to the suggested ones.

#13 puertorico

puertorico
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 22 January 2016 - 07:08 AM

Well it actually made things run faster,thanks for the tip, but the computer closed down as usual, when I watched a video.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 PM

Posted 22 January 2016 - 10:51 AM

Check the manufacturer's site of you video card for the latest drivers.

Run the chkdsk command.
https://technet.microsoft.com/en-us/magazine/ee872425.aspx

===

Clean your caches.

#15 puertorico

puertorico
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 22 January 2016 - 01:25 PM

OK thanks for all your help, I will try those, but the main issues have been resolved, so thank you for your time and effort, it is appreciated.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users