I have a slow computer Please Help, may be a rootkit,LOG included

[mary7]

Each time i run reformat it begins slowing down again
programs take for ever to load,

[mary7]

(Removing inline logs, MGlogs.zip should be attached as a whole not like this)

[mary7]

(Removing inline logs, MGlogs.zip should be attached as a whole not like this)

[Kestrel13!]

Hi there, you have made a mess posting all these logs inline (We prefer them to be attached) Please take a look at this.

HOW TO: Attach Items To Your Post

Then you will know how to attach all of the requested logs instead. I am going to remove all the inline postings now.

Here's the link to our procedures for reference. READ & RUN ME FIRST. Malware Removal Guide

[mary7]

(Removing inline logs, MGlogs.zip should be attached as a whole not like this) Please read the "How to attach" link I gave you!!! Going to delete your below post as I have not got time to keep editing like this. Thankyou.

[mary7]

Sorry for posting the logs wrong, Hopefully these are right

[Kestrel13!]

Quote:

Originally Posted by mary7

Sorry for posting the logs wrong, Hopefully these are right

Don't worry about it.

Quote:

I have a slow computer Please Help

Please explain what operations are slow! For example answer the below:

• Is boot up slow?
• Is shutdown slow?
• Is browsing/surfing slow?
• Is downloading slow?
• Is running any application?
• Is it also slow in safe boot mode?
• Also are any process showing in Task Manager to be using a lot of CPU time?
• Anything else slow?

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run

-------------------------

Please also download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

Also, you ran MGTools.exe in safe mode. I would prefer if you could do this in NORMAL mode now if at all possible.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[mary7]

Boot up is not slow,
Shutdown is not slow,
browsing/Surfing is slow,
downloading not slow,
running all aplications is slow,
safe mode with networking was not slow,
system idel process shows 98 under cpu everything else shows mostly 0,
Nothing else is slow,

I noticed the MBR scan found something, non standard or infected MBR

Here are the logs,

[Kestrel13!]

Do you have your XP boot CD?

[mary7]

I don't have the Cd

[Kestrel13!]

Earlier on ComboFix installed the Recovery Console. We're going to use that now.

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)






When you get to the above screen, take note of the number that references your operating system.

If it's '1' like the picture above, type 1 and press Enter



Next type FIXMBR

If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

With that done, re-run MBRCheck, and attach the new log. Let me know how things are now.

[mary7]

It doesn't show the windows recovery option or windows xp home, just a cuser flashing

[TimW]

This is a download of an .iso file of just the Recovery Console for XP.
Burn to CD with Nero or other 'disc image' capable tool and boot.

XP Recovery Console.

You can use ImageBurn to create the disc.

After you create the disc, boot into the bios and change the boot order to CD/DVD as first boot device. Put in the disc and reboot. Once you are in the Recovery console, type:
fixmbr

Exit out and remove the disc.

Now once back into normal mode, re-run MBRCheck and attach that log.

[mary7]

My Computer is faster now,although when i minimize, maximize internet explorer is showing odd behaviour I can see the blue bar at the top spreading up the page it only takes a few seconds to open and drags to fill the screen, I dont know if this is normal, but before now it took ages to open, I also noticed a small box opening each time i log on it says via raid tool in the middle and shuts after about 3 seconds,

Here is the MBR Log,

[TimW]

Good job. I suggest that you post in the software forum for your additional issues, esp. the raid message.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
     
     
   
   
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
   
   
10. After doing the above, you should work thru the below link:
    
    • How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

Help Support MajorGeeks
Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

MajorGeeks on FaceBook

[mary7]

I have done the below and my pc did speed up but slowed down again after I turned off system & turned back on again and I had to log into safe mode with networking as internet explorer wouldnt load, when i tried to enter safe mode with networking windows xp I got this error<system root>\system32\hal.dll. is missing
I also installed comondo firewall ccleaner & comondo antivirus, it blocked RECGUARD.EXE and said it is a unreconised file and has been sandboxed , here is a new log below run in safe mode

[Kestrel13!]

Quote:

when i tried to enter safe mode with networking windows xp I got this error<system root>\system32\hal.dll. is missing

Not topic for the malware forum. You can post about this in the software forum.

Quote:

I also installed comondo firewall ccleaner & comondo antivirus, it blocked RECGUARD.EXE

This too.

[mary7]

I still have a problem with Malware, my computer did speed up until i disabled system restore restarted & renabled system restore, it is now a lot slower than it was, I think the problem has somehow reinstalled itself Internet Exlorer wont open except is safe mode, my Computer is extreamly slow, I can't run anything- only in safe mode,

Kind Regards,

Mary.

[TimW]

You will need to redo the Read and Run First instructions and attach the requested logs.

[mary7]

I have rerun all the scans as reqested,

Here are the logs,

kind regards,

Mary