Jump to content

Help! Reasonably fast Laptop really slow from no where


Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Your event log shows signs of defective hardware:
 
 
 
28/10/2013 09:23:33, Error: cdrom [11]  - The driver detected a controller error on \Device\CdRom1.
26/10/2013 20:57:58, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
 
This may cause the performance issues.
 
Let´s see:
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.
A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.

To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the <ENTER> key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Link to post
Share on other sites

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          29/04/2013 20:02:16
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Conor-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xe73d1 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0xf76d is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 63341.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1e006f for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x12078 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 73848.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1547f4 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1c422 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 115746.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x157849 for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x202ee is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 131822.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x15759d for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x22e10 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 142864.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1e0669 for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x23312 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 144146.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x25b621 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x26bfa is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 158714.
The attribute of type 0x80 and instance tag 0x0 in file 0x2b847
has allocated length of 0x3a5000 instead of 0x3a3000.
Deleted corrupt attribute list entry
with type code 128 in file 178247.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x4400000000f333.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 62259.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x64000000025322.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 152354.
  374016 file records processed.                                         

File verification completed.
Deleting orphan file record segment 62259.
Deleting orphan file record segment 152354.
  365 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  58 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
The object id index entry in file 0x19 points to file 0x1fe83
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x1feab
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id in file 0x1c237 does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 25.
The object id in file 0x1cb2d does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 25.
Unable to locate the file name attribute of index entry ~$Letter.docx
of index $I30 with parent 0x1fe in file 0x230b5.
Deleting index entry ~$Letter.docx in index $I30 of file 510.
Unable to locate the file name attribute of index entry ~$LETT~1.DO~
of index $I30 with parent 0x1fe in file 0x230b5.
Deleting index entry ~$LETT~1.DO~ in index $I30 of file 510.
Unable to locate the file name attribute of index entry Letter.lnk
of index $I30 with parent 0x20d in file 0x22e2d.
Deleting index entry Letter.lnk in index $I30 of file 525.
  434804 index entries processed.                                        

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file prefs.js (46173) into directory file 61099.
Recovering orphaned file TEMPFI~1.TMP (74711) into directory file 147916.
Recovering orphaned file Temp File.tmp (74711) into directory file 147916.
Recovering orphaned file C96359~1.DMP (115314) into directory file 71778.
Recovering orphaned file c9635914-acee-47cf-85f6-fcd391205a94.dmp (115314) into directory file 71778.
Recovering orphaned file MOZILL~1.LNK (117549) into directory file 167324.
Recovering orphaned file Mozilla Firefox.lnk (117549) into directory file 167324.
Recovering orphaned file LOCALS~1.RDF (142864) into directory file 61099.
Recovering orphaned file localstore.rdf (142864) into directory file 61099.
Recovering orphaned file {7781B~1 (143723) into directory file 3047.
Recovering orphaned file {7781bee5-2ad4-43b9-9a37-8e49daefebfa} (143723) into directory file 3047.
  12 unindexed files scanned.                                        

CHKDSK is recovering remaining unindexed files.
  6 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  374016 file SDs/SIDs processed.                                        

Cleaning up 538 unused index entries from index $SII of file 0x9.
Cleaning up 538 unused index entries from index $SDH of file 0x9.
Cleaning up 538 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 63341.
Inserting data attribute into file 73848.
Inserting data attribute into file 115746.
Inserting data attribute into file 131822.
Inserting data attribute into file 142864.
Inserting data attribute into file 144146.
Inserting data attribute into file 158714.
Inserting data attribute into file 178247.
  30403 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37735448 USN bytes processed.                                            

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 472922135 KB total disk space.
  62973084 KB in 157518 files.
     89872 KB in 30397 indexes.
         0 KB in bad sectors.
    492611 KB in use by the system.
     65536 KB occupied by the log file.
 409366568 KB available on disk.

      4096 bytes in each allocation unit.
 118230533 total allocation units on disk.
 102341642 allocation units available on disk.

Internal Info:
00 b5 05 00 1c de 02 00 89 3d 05 00 00 00 00 00  .........=......
b5 08 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  ....:...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-04-29T19:02:16.000000000Z" />
    <EventRecordID>46739</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Conor-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xe73d1 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0xf76d is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 63341.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1e006f for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x12078 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 73848.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1547f4 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1c422 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 115746.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x157849 for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x202ee is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 131822.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x15759d for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x22e10 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 142864.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1e0669 for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x23312 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 144146.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x25b621 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x26bfa is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 158714.
The attribute of type 0x80 and instance tag 0x0 in file 0x2b847
has allocated length of 0x3a5000 instead of 0x3a3000.
Deleted corrupt attribute list entry
with type code 128 in file 178247.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x4400000000f333.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 62259.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x64000000025322.  The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 152354.
  374016 file records processed.                                         

File verification completed.
Deleting orphan file record segment 62259.
Deleting orphan file record segment 152354.
  365 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  58 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
The object id index entry in file 0x19 points to file 0x1fe83
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x1feab
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id in file 0x1c237 does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 25.
The object id in file 0x1cb2d does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 25.
Unable to locate the file name attribute of index entry ~$Letter.docx
of index $I30 with parent 0x1fe in file 0x230b5.
Deleting index entry ~$Letter.docx in index $I30 of file 510.
Unable to locate the file name attribute of index entry ~$LETT~1.DO~
of index $I30 with parent 0x1fe in file 0x230b5.
Deleting index entry ~$LETT~1.DO~ in index $I30 of file 510.
Unable to locate the file name attribute of index entry Letter.lnk
of index $I30 with parent 0x20d in file 0x22e2d.
Deleting index entry Letter.lnk in index $I30 of file 525.
  434804 index entries processed.                                        

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file prefs.js (46173) into directory file 61099.
Recovering orphaned file TEMPFI~1.TMP (74711) into directory file 147916.
Recovering orphaned file Temp File.tmp (74711) into directory file 147916.
Recovering orphaned file C96359~1.DMP (115314) into directory file 71778.
Recovering orphaned file c9635914-acee-47cf-85f6-fcd391205a94.dmp (115314) into directory file 71778.
Recovering orphaned file MOZILL~1.LNK (117549) into directory file 167324.
Recovering orphaned file Mozilla Firefox.lnk (117549) into directory file 167324.
Recovering orphaned file LOCALS~1.RDF (142864) into directory file 61099.
Recovering orphaned file localstore.rdf (142864) into directory file 61099.
Recovering orphaned file {7781B~1 (143723) into directory file 3047.
Recovering orphaned file {7781bee5-2ad4-43b9-9a37-8e49daefebfa} (143723) into directory file 3047.
  12 unindexed files scanned.                                        

CHKDSK is recovering remaining unindexed files.
  6 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  374016 file SDs/SIDs processed.                                        

Cleaning up 538 unused index entries from index $SII of file 0x9.
Cleaning up 538 unused index entries from index $SDH of file 0x9.
Cleaning up 538 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 63341.
Inserting data attribute into file 73848.
Inserting data attribute into file 115746.
Inserting data attribute into file 131822.
Inserting data attribute into file 142864.
Inserting data attribute into file 144146.
Inserting data attribute into file 158714.
Inserting data attribute into file 178247.
  30403 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37735448 USN bytes processed.                                            

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 472922135 KB total disk space.
  62973084 KB in 157518 files.
     89872 KB in 30397 indexes.
         0 KB in bad sectors.
    492611 KB in use by the system.
     65536 KB occupied by the log file.
 409366568 KB available on disk.

      4096 bytes in each allocation unit.
 118230533 total allocation units on disk.
 102341642 allocation units available on disk.

Internal Info:
00 b5 05 00 1c de 02 00 89 3d 05 00 00 00 00 00  .........=......
b5 08 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  ....:...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

Link to post
Share on other sites

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"




Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

MBAM Log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Conor :: Conor-PC [administrator]

29/10/2013 18:33:02
mbam-log-2013-10-29 (18-33-02).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 536934
Time elapsed: 5 hour(s), 7 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\130808194733583.rsc (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\131028113319671.rsc (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Conor\AppData\Roaming\Thinstall\MATLAB R2007b\4000003900003i\matlab.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

(end)

 

 

ESET Log:

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak    a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1    a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe    a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application
C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\130825111737855.rsc    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\131018172051034.rsc    Win32/InstalleRex.K application
C:\Windows\KMSEmulator.exe    Win32/HackKMS.A application
C:\Windows\AutoKMS\AutoKMS.exe    MSIL/HackKMS.A application
 

Link to post
Share on other sites

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

Link to post
Share on other sites

IF you already removed AutoKMS (which cracks MS Office...), everything is fine now.

 

 

 

C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\130825111737855.rsc    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\131018172051034.rsc    Win32/InstalleRex.K application

 

These files aren´t malware but contain security risks. I would delete them immediately - your choice!

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

AdwCleaner Log:

 

# AdwCleaner v3.010 - Report created 31/10/2013 at 11:17:05
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Conor - Conor-PC
# Running from : C:\Users\Conor\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Conor\AppData\Roaming\thinstall

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\98llgyia.default-1382598762311\prefs.js ]


[ File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\aemi6jha.default-1358357058997\prefs.js ]


[ File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


*************************

AdwCleaner[R0].txt - [1751 octets] - [31/10/2013 11:17:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1811 octets] ##########
 

 

SecurityCheck Log

 

 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.9.900.117  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your computer is clean! :)

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.