Jump to content

Extremely slow and MBAM crashing.


Recommended Posts

  • Replies 65
  • Created
  • Last Reply

Top Posters In This Topic

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Malwarebytes 2.0, please run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Let me see those logs, also give an update on any remaining issues or concerns...
     
    Kevin...
     
    fixlist.txt
Link to post
Share on other sites

Kevin,

 

1. I don't see any uTorrent, BitTorrent, or similar in Add/Remove Programs. I will uninstall or disable any of those if you can let me know which one you see.

 

2. Downloaded fixlist.txt. Ran FRST. Fix completed. Have fixlog but can't get it off computer.

 

3. Started MBAM. I was watching Task Manager, and MBAM was way down the list. All the Host Processes piled up quick taking all the RAM, and the computer shut down.

 

4. It is now at a black screen that says "Broadcom UNDI PXE-2.1 v12.2.0. Copyright (C0 2000-2009 Broadcom Corporation, Copyright © 1997-2000 Intel Corporation, All Rights Reserved. PXE-E61: Media test failure, check cable, PXE-M0F: Existing Broadcom PXE ROM. No bootable device--insert boot disk and press any key" with blinking cursor.

 

(sigh)

 

 

 

Other Issues:

1. Click on something. Ten minutes later (or longer), the computer may or may not process that. Takes forever to do the simplest tasks. Frustrating to see so many hourglasses.

 

2.Action Center in tray shows "Backup in progress" (on startup). When you open Action Center, backup is not running (?)

 

3. When Windows crashes and computer restarts, will not start in Safe Mode. When loading windows files, it stops at file after CLASSPNP.SYS.

 

Hope this sparks some ideas. 

 

Regards,

 

Leaning

Link to post
Share on other sites

Can you boot your system to normal mode, if so run the following:

 

Download Listparts 32 bit from here: http://www.bleepingcomputer.com/download/listparts/dl/77/ Or  Listparts 64 bit from here: http://www.bleepingcomputer.com/download/listparts/dl/78/

Save direct to your Desktop.

  • Double click ListParts.exe to launch the program.
  • Double click ListParts64.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.

Copy the contents of the log in next reply.

 

Kevin...
 

Link to post
Share on other sites

Kevin,

 

1. I set the "Network BOOT" in the BIOS  to "Disabled", and the computer successfully booted from the HD to Windows. No more PXE-E61 and PXE-M0F error.

 

2. I ran Listparts64. Result.txt attached. (I clicked the "ListBCD" checkbox. If you need it, I can run it again with that not checked.) (I also clicked Scan, but not Fix.)

 

3. I am continuing the troubleshooting you gave me earlier. I will try to run a Threat Scan using MalwareBytes. (I am uploading the Result.txt and that's it for now in case the computer crashes again during the MalwareBytes scan.)

 

Thanks!

 

Leaning

 

Result.txt

Link to post
Share on other sites

Will do. FYI, for MBAM, it took 30 minutes (!) to do the Pre-Scan Operations. And now time elapsed is 1 hour, 45 minutes (!) and it still on the 2nd step (System Drivers) with only 72 items scanned so far (!). It might be done some time tomorrow.

 

Respectfully,

 

Leaning

Link to post
Share on other sites

Kevin, 

 

1. MBAM ran for 29 hours, showed it had found 20 problems, was still scanning the filesystem, then the computer shut down.

 

2. I went ahead and ran RogueKiller64 (scan and report only). Report attached.

 

3.  Windows Update is running, and it tends to restart the computer on its own. Just a thought. Maybe it's what is stopping MBAM.

 

HTH!

 

Leaning

 

 

RKreport0_S_05172014_075226.txt

Link to post
Share on other sites

Read the following link before we continue and run Combofix:

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

1. Ran ComboFix. ComboFix.txt attached.

 

2. FYI: Back when the computer would not boot to Windows, a Zorin boot disc was used (a purely Linux disc wouldn't work). From that, they went through, looked for directories for stuff they didn't think they needed (Google/Yahoo/Coupon bars, etc.), and deleted those files. That produced the .Trash-999 directory. It doesn't look like that trash was ever emptied, so that directory is still there.

 

3. No change in computer speed so far. Everything still super slow.

 

4. Standing by for next steps.

 

Respectfully,

 

leaning

 


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::Folder::C:\.Trash-999RegLock::[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,   5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b"{46897C77-E7A6-4C33-BFFB-E9C2E2718942}"=hex:51,66,7a,6c,4c,1d,38,12,19,7f,9a,   42,94,a9,5d,09,c0,ed,aa,82,e7,2f,cd,56"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,   6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b"{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}"=hex:51,66,7a,6c,4c,1d,38,12,97,28,21,   70,14,91,51,0c,cf,cc,2e,6f,c0,b8,06,8a"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,38,12,49,4c,04,   a2,cd,51,b8,a4,d6,29,f9,08,a8,03,90,5c"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"=hex:51,66,7a,6c,4c,1d,38,12,e0,a3,9c,   e7,58,bb,07,04,d4,e3,1f,31,e6,9f,17,b5Registry::[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=-"{46897C77-E7A6-4C33-BFFB-E9C2E2718942}"=-"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=-"{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}"=-"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=-"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=-"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=-"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=-"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"=-

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is ticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see those logs in next reply...

 

Kevin

Link to post
Share on other sites

Kevin,

 

1. I was running MBAM when I saw that you had replied. It was 8 hours in and still scanning the filesystem. It only found 11 items so far (better than 24):

PUP. Optional. PriceGong.A           2 registry keys

Adware. ShoppingReport2              8 keys

Adware. Softomate                          1 key

 

I cancelled that scan and started on your fixes. No log from that because it didn't complete.

 

2. I ran Combofix using the script you provided. it was progressing along, but now it has been stuck at the Administrator blue popup screen for 5 hours. it says "Deleting Folders:  C:\.Trash-999.  It deleted all the files within it fine, but it has been stuck there for many hours and doesn't look like it will move on, but I am just keeping it there until you say otherwise. No log from this either (yet?).

 

Regards,

 

Leaning

Link to post
Share on other sites

Kevin,

 

1. I ran combofix. Trying to get the log to you, but it takes hours for the java (?) popup that allows me to browse for the file and attach it.

 

2. ESET has been running for three days and is 30% complete with no errors so far. It should be finished maybe at the end of the week.

 

Regards,

 

Leaning

Link to post
Share on other sites

Kevin,

 

Any other tools in your toolbag? I can't keep ESET running long enough to finish and make a report. It runs for a few hours, then the computer shuts down and restarts.

 

Other concerns you asked for (same as before):

 

1) Can't boot to safe mode because can't get past the file after CLASSPNP.SYS.

2) Action center says Backup in Progress, even though it isn't.

3) Computer still horribly slow.

4) Can't run SFC /SCANNOW. Gets about 21% completed, then says it can't continue.

 

Any ideas?

 

Respectfully,

 

Leaning

Link to post
Share on other sites

I can't even get Windows to boot up anymore. It goes to Startup Repair. Searches for problems. Startup Repair completes. Restarts. Tries to load Windows. Quick blue screen. Then shuts down and restarts.

 

Startup Repair Root cause found: Unspecified changes to system configuration might have caused the problem. Repair Action: System files integrity check and repair. Result: Failed. Error code =0 x17. Time taken 285279 ms.

 

All the others say Completed Successfully. Error code 0x0.

 

(sigh)

 

Any ideas?

 

Regards,

 

leaning

Link to post
Share on other sites

1. Restarted it and now it's back up to Windows (!)(?).

 

2. Minidump folder is empty, so nothing to zip. (!)

 

3. It seems to be running a bit quicker, so I am running MBAM. If it completes, did you want to look at the log before I clean, or go ahead and clean, and send log afterwards?

 

4. If this works, I'll try running ESET again and send you that log. Again, should I let ESET fix or you look at the log first, then fix?

 

Very weird stuff.

 

Leaning

Link to post
Share on other sites

Kevin,

 

Just to keep you updated:

 

1. I can't boot to Windows. It does the "Starting Windows" with the logo, but then it goes to a black screen with just a white cursor in the middle of it.  Booting to the Setup disc does the same thing.

 

Do you know of a way to get past that?

 

Regards,

 

Leaning

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.