Super Slow Windows 7 after running all downloads

My computer is running at slower then snails pace. I have run super anti spyware and malwarebytes. i have not been able to get combofix to run other then installing and same for MGTools.

here is the SAS logs, trying to get the MB log

Started acting up about five days ago, been trying to fix it. I believe it was after my teenager snuck onto my laptop. He says he was only on a wrestling website, but may have clicked a link??

 

Hi and welcome to Major Geeks, kris4chloe!

It is quite possible. It happens all the time. Attach any logs from the programs you are able to run successfully. Let me know what type of problems you encountered when a certain program(s) from the Run and Run Me First would not run for you.

Then we can go about fixing any leftover malware problems

 

ok here is malwarebytes log.

combo fix will not scan at all, i got it downloaded and when i click on it, a black screen comes up which shows it extracting files etc, but it never goes to the blue screen and when it is done it just disappears. i tried running it in safemode and it would go to blue screen but stall at step #3 and would sit there after several hours.

MGtools when installed in the root folder doesnt have an exe file just logs, so then i installed it to the desktop and it will start to run but it is just a black box with cmd.exe and does nothing even after several hours.

i will be heading to work soon, but will check for responses when i get home.

thank you so much for your help

 

Please check the root of C: for a file called MGlogs.zip. This is the file I want you to attach.

Also try the below:

Now we need to run TDSSKiller by Kaspersky
Follow the instructions here and attach your log when you are finished. (How to attach items to your post)


Please download MBRCheck by GeeksToGo to your desktop.
See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (Vista and Win7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (How to attach items to your post)

 

Sorry for not getting back to you, had to work all day yesterday and came home and combo fix had managed to start. i let it run and it took all day, it found some issues and repaired them. then kaspersky alert popped up and it fixed what it found.

unfortunately the system is still sluggish and it wont let me upload any of the files i need to for the scans, i will keep trying, but wanted to let you know that i am still working on it.

 

was able to get a couple files uploaded, still working on the combo fix one and never found the mgtools.

do you need the log from kaspersky too?

 

You attached it. It was TDSSKiller. Kaspersky makes this tool.

Do not worry about MGtools for now. Let's use this instead:
Also, attach your c:\ComboFix.txt log whenever you get a chance.

Please download OTL by Old Timer to your desktop.
See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double-click OTL.exe to run (Vista and Win7 right click and select Run as administrator)
• When the window appears, underneath Output at the top-right, make sure Standard Output is selected.
• Select Scan All Users.
• Under the Extra Registry section, check Use SafeList.
• Check the boxes beside LOP Check and Purity Check.
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  netsvcs
  %systemdrive%\*.exe
  /md5start
  atapi.sys
  csrss.exe
  explorer.exe
  ipnat.sys
  ipsec.sys
  regedit.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  %systemroot%\*. /mp /s
  %windir%\assembly\tmp\U /s
  %windir%\assembly\GAC\*.ini
  %windir%\assembly\GAC_MSIL\*.ini
  %windir%\assembly\gac_32\*.ini
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• When the scan is complete, Notepad will open with the results of the OTL scan.
• Close Notepad.
• There will be two log files on your desktop entitled OTL.txt and Extras.txt.
• Attach both OTL.txt and Extras.txt to your next message. (How to attach items to your post)

Please download aswMBR by Avast! to your desktop.

• Double-click aswMBR.exe to run it (Vista and Win7 right-click and select Run as Administrator)
• Select No when asked Would you like to download latest Avast! virus definitions?
• Click the [Scan] button.
  Note: This scan should only take a few seconds to complete.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach items to your post)

 

ok here are those scans. i can not find the combofix file either. i had to install it to the desktop and i tried searching for it and it is not anywhere?

 

You were supposed to download to the desktop, which is what it sounds like you did. However, the log file created by ComboFix (if the scan did complete) will be at the root of your Operating system hard drive (C:) -- NOT on your desktop.

 

well then it must not have completed, i thought it did. the only thing i have is a catchme file on the desktop that i have read is from combofix, but nothing on the c: portion

 

I don't see any obvious signs of malware but we can tidy up a bit and potentially take a look at the MGlogs.zip and ComboFix logs which will appear on your desktop (if they do exist) with this next fix.

From Programs and Features (via Control Panel), uninstall the below:

• Conduit Engine
• Coupons.com Toolbar
• Java(TM) 6 Update 26
• Swag Bucks Toolbar

Now we need to make use of OTL by Old Timer.

• Double-click OTL.exe to run (Vista and Win7 right-click and select Run as administrator)
• When OTL opens, copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  [COLOR="DarkRed"]:processes[/COLOR]
  killallprocesses
  [COLOR="DarkRed"]:otl[/COLOR]
  IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
  IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
  FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
  FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
  FF - prefs.js..browser.search.selectedEngine: "Coupons.com Customized Web Search"
  FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q="
  [2011/08/17 10:52:51 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\mcsb86o7.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
  [2011/05/30 07:47:30 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\mcsb86o7.default\extensions\engine@conduit.com
  [2011/03/15 21:03:38 | 000,000,925 | ---- | M] () -- C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\mcsb86o7.default\searchplugins\conduit.xml
  O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\S-1-5-21-859328136-1895803494-2576887143-1001\..\Toolbar\WebBrowser: (Coupons.com Toolbar) - {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
  O3 - HKU\S-1-5-21-859328136-1895803494-2576887143-1001\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
  O4:[b]64bit:[/b] - HKLM..\Run: []  File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
  O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
  [COLOR="DarkRed"]:services [/COLOR]
  [COLOR="DarkRed"]:files[/COLOR]
  dir c:\ /c
  dir c:\combofix.txt /c
  dir c:\mglogs.zip /c
  copy c:\combofix.txt c:\users\kristi\desktop /c
  copy c:\mglogs.zip c:\users\kristi\desktop /c
  [COLOR="DarkRed"]:reg[/COLOR]
  [COLOR="DarkRed"]:commands[/COLOR]
  [purity]
  [createrestorepoint]
  [emptytemp]
  [emptyflash]
  

• Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• When complete, Notepad will open.
• Close Notepad.
• A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
• Attach this log to your next message. (How to attach items to your post)

• Now open OTL again and click the http://img683.imageshack.us/img683/4483/quickscanotl.png button
  Note: This automatically updates the OTL.txt log on your desktop.
• Attach OTL.txt to your next message. (How to attach items to your post)

Now install the current version of Sun Java from: Sun Java Runtime Environment

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

Please explain what operations are slow! For example answer the below:

• Is boot up slow?
• Is shutdown slow?
• Is browsing/surfing slow? If yes, also answer the below sub-questions
  • What type of connection to the internet do you use ( DSL, Cable, FIOS,etc)?
  • What browser are you using? Have tried more than one?
• Is downloading slow?
• Is running any/every application?
• Is it also slow in safe boot mode?
• Also are any processes showing in Task Manager to be using a lot of CPU time?
• Anything else slow?

 

Here are your requested files, along with the mgtools log, combo fix didnt show up on the home page so that confirmed it did not complete.

Should I try to run it again?

As far as how the computer is, it is still the same. Everything is super slow, booting down and up take about 6 minutes. Trying to open any programs or browsers takes over 5 minutes, some as much as 10 minutes and some never open. I have tried IE, FF and Chrome. IE is the only browser that I have been able to work in and even then it takes me about 10 minutes to get it to upload files.

Chrome opens but I am not able to go to any sites, it just says it is unresponsive and asks if i want to kill or wait.

I am on fios.

Should I run combofix again?

 

The ones I can see are clean. I'm starting to think this is more of a hardware or software issue.

I see some event log errors pertaining to Spybot Search and Destroy and Microsoft Security Essentials; are any of these still installed?

Does the computer take forever to boot nto Safe Mode? See: Starting your computer in Safe mode

Yes, I would like you to run ComboFix again. Run it from Safe Mode if you have issues with it in Normal Mode.

Also, I want you to download a new copy of MGtools.exe (overwrite the old one if prompted) to either your desktop or to the root of C:\
Then run MGtools.exe
Attach c:\mglogs.zip if it completes this time.

 

security essentials is what i was using as anti-virus but removed it and put on kaspersky when this happened. spybot i put on at some point to try to find what was wrong but took it off because i didnt want to many programs on at the same time.

i was finally able to run mgtools and get a log and the same for combofix, combofix found infections, so it is definetily that.

here are the logs, please let me know what to do next.

thanks.

 

So did you have trouble running MGtools in Normal Mode? If you did that's fine, but try to complete as much of the below steps while in Normal Mode. Only resort to Safe Mode if something won't run.

The ComboFix log is incomplete, just like your TDSSKiller logs are incomplete. I'm not sure why yet but let's see what happens when you complete these steps:

Now we need to make use of ComboFix by sUBs

• Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
  • If it is not on your desktop, the below will not work.
• Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
• Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]DirLook::[/COLOR]
C:\ProgramData\McAfee
[COLOR="DarkRed"]File::[/COLOR]
C:\windows\SysWow64\midimap.dll
[COLOR="DarkRed"]FileLook::[/COLOR]
C:\windows\SysNative\drivers\fbd.sys
C:\windows\SysWow64\midimap.dll
C:\windows\SysWow64\netlogon.dll
C:\windows\system32\CI.dll
C:\Qoobox\Quarantine\C\windows\SysWow64\netlogon.dll.vir
[COLOR="DarkRed"]Folder::[/COLOR]
C:\Users\Kristi\AppData\Local\Conduit
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
C:\Program Files (x86)\Spybot - Search & Destroy
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]

• Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
• At this point, you must exit all browsers now before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
• This shall launch ComboFix.
  Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
• Allow ComboFix to update itself if prompted.
• When it finishes, a log will be produced at C:\ComboFix.txt
  Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
• Attach this log to your next message. (How to attach items to your post)

Now we need to run TDSSKiller by Kaspersky
Follow the instructions here and attach your log when you are finished. (How to attach items to your post)

Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

 

I'm not having any luck running combo fix in nomal mode. I did the text file like directed and it launched and after the blue screen did all the downloading etc it went to a blank blue box and sat there for over an hour.

I appreciate your help but can not sit through combofix for 8-12 hours again. I have work that I need to get done. I have already spent a whole week trying to resolve it.

I think at this point I am going to just reformat and reinstall and start from scratch.

Again thanks for everything

 

No problem. Surf safely!

I would recommend reading the following: How to Protect yourself from malware!