I have a slow computer Please Help, may be a rootkit,LOG included

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mary7, Sep 5, 2011.

  1. mary7

    mary7 Private E-2

    Each time i run reformat it begins slowing down again
    programs take for ever to load,
     

    Attached Files:

    Last edited by a moderator: Sep 5, 2011
  2. mary7

    mary7 Private E-2

    (Removing inline logs, MGlogs.zip should be attached as a whole not like this)
     
    Last edited by a moderator: Sep 5, 2011
  3. mary7

    mary7 Private E-2

    (Removing inline logs, MGlogs.zip should be attached as a whole not like this)
     
    Last edited by a moderator: Sep 5, 2011
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

  5. mary7

    mary7 Private E-2

    (Removing inline logs, MGlogs.zip should be attached as a whole not like this) Please read the "How to attach" link I gave you!!! :) Going to delete your below post as I have not got time to keep editing like this. Thankyou.
     
    Last edited by a moderator: Sep 5, 2011
  6. mary7

    mary7 Private E-2

    Sorry for posting the logs wrong, Hopefully these are right
     

    Attached Files:

  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Don't worry about it. :)
    Please explain what operations are slow! For example answer the below:


    • Is boot up slow?
    • Is shutdown slow?
    • Is browsing/surfing slow?
    • Is downloading slow?
    • Is running any application?
    • Is it also slow in safe boot mode?
    • Also are any process showing in Task Manager to be using a lot of CPU time?
    • Anything else slow?

    I want you to run TDSSKiller so refer to the below for how to do so.

    TDSSkiller - How to run

    -------------------------

    Please also download MBRCheck to your desktop
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

    Also, you ran MGTools.exe in safe mode. I would prefer if you could do this in NORMAL mode now if at all possible.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
  8. mary7

    mary7 Private E-2

    Boot up is not slow,
    Shutdown is not slow,
    browsing/Surfing is slow,
    downloading not slow,
    running all aplications is slow,
    safe mode with networking was not slow,
    system idel process shows 98 under cpu everything else shows mostly 0,
    Nothing else is slow,

    I noticed the MBR scan found something, non standard or infected MBR

    Here are the logs,
     

    Attached Files:

  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Do you have your XP boot CD?
     
  10. mary7

    mary7 Private E-2

    I don't have the Cd
     
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Earlier on ComboFix installed the Recovery Console. We're going to use that now.

    Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
    (you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)

    [​IMG]


    [​IMG]

    When you get to the above screen, take note of the number that references your operating system.

    If it's '1' like the picture above, type 1 and press Enter

    [​IMG]

    Next type FIXMBR

    If it ask if you're sure you want to write a new MBR, answer 'Y'

    Then type EXIT to reboot the machine.

    With that done, re-run MBRCheck, and attach the new log. Let me know how things are now.
     
  12. mary7

    mary7 Private E-2

    It doesn't show the windows recovery option or windows xp home, just a cuser flashing
     
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This is a download of an .iso file of just the Recovery Console for XP.
    Burn to CD with Nero or other 'disc image' capable tool and boot.

    XP Recovery Console.

    You can use ImageBurn to create the disc.

    After you create the disc, boot into the bios and change the boot order to CD/DVD as first boot device. Put in the disc and reboot. Once you are in the Recovery console, type:
    fixmbr

    Exit out and remove the disc.

    Now once back into normal mode, re-run MBRCheck and attach that log.
     
  14. mary7

    mary7 Private E-2

    My Computer is faster now,although when i minimize, maximize internet explorer is showing odd behaviour I can see the blue bar at the top spreading up the page it only takes a few seconds to open and drags to fill the screen, I dont know if this is normal, but before now it took ages to open, I also noticed a small box opening each time i log on it says via raid tool in the middle and shuts after about 3 seconds,

    Here is the MBR Log,
     

    Attached Files:

    Last edited: Sep 5, 2011
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good job. I suggest that you post in the software forum for your additional issues, esp. the raid message.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0

    Help Support MajorGeeks
    Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     
  16. mary7

    mary7 Private E-2

    I have done the below and my pc did speed up but slowed down again after I turned off system & turned back on again and I had to log into safe mode with networking as internet explorer wouldnt load, when i tried to enter safe mode with networking windows xp I got this error<system root>\system32\hal.dll. is missing
    I also installed comondo firewall ccleaner & comondo antivirus, it blocked RECGUARD.EXE and said it is a unreconised file and has been sandboxed , here is a new log below run in safe mode
     

    Attached Files:

    Last edited: Sep 6, 2011
  17. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Not topic for the malware forum. You can post about this in the software forum. :)
    This too.
     
  18. mary7

    mary7 Private E-2

    I still have a problem with Malware, my computer did speed up until i disabled system restore restarted & renabled system restore, it is now a lot slower than it was, I think the problem has somehow reinstalled itself Internet Exlorer wont open except is safe mode, my Computer is extreamly slow, I can't run anything- only in safe mode,

    Kind Regards,

    Mary.
     
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You will need to redo the Read and Run First instructions and attach the requested logs.
     
  20. mary7

    mary7 Private E-2

    I have rerun all the scans as reqested,

    Here are the logs,

    kind regards,

    Mary
     

    Attached Files:

  21. mary7

    mary7 Private E-2

    Attached Files:

  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.
    cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

    If they still will not run and give you an MGLog.zip, then do this:

    Please download OTL by Old Timer and save it to your Desktop.

    See the download links under this icon [​IMG]

    1. Double click OTL.exe to run OTL (Vista and Win7 right click and select Run as Administrator)
    2. When OTL opens, change the Output (at the top-right portion of the program) to Minimal Output
    3. Put check-marks in LOP Check and Purity Check
    4. Now click the [​IMG] button.


    When the scan is complete, a file entitled OTL.txt will be created on your Desktop.
    Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
     
  23. mary7

    mary7 Private E-2

    get run key and shownew is not reconised as a internal or external command operable program or batch file,

    a Extras.txt file was also created do you want me to upload it?

    Here is the log,
     

    Attached Files:

    • OTL.Txt
      File size:
      71.2 KB
      Views:
      5
  24. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have a slow computer because of this:
    190.48 Mb Total Physical Memory | 52.95 Mb Available Physical Memory | 27.80% Memory free

    The only thing you can do is to go to crucial.com and have them scan your system and see how much memory your system will take.
     
  25. mary7

    mary7 Private E-2

    Ok Thanks for your help
     
  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You're most welcome. Safe surfing.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0

    Help Support MajorGeeks
    Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds