I think im infected with bootkit or something

[gorilla12]

Here is the logs as requested

FRST.txt

Addition.txt

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Malwarebytes Anti-Malware to your desktop.

• 
  

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

• 
  

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 

• 
  

Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Let me see those logs in your next reply...

 

Kevin

[gorilla12]

logs

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 28.9.2014

Scan Time: 8:31:47

Logfile: Mbam log.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.28.02

Rootkit Database: v2014.09.19.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: kok

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 293776

Time Elapsed: 4 min, 58 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 5

PUP.Optional.StmSetup, C:\Users\kok\Desktop\CamStudioSetup_v2.7.2.exe, Quarantined, [5431529d0477e84ee24bb343b94b23dd], 

PUP.Optional.StmSetup, C:\Users\kok\AppData\Local\Temp\ICReinstall_CamStudioSetup_v2.7.2.exe, Quarantined, [d9ac13dc4a31320477b64da911f340c0], 

PUP.Optional.StmSetup, C:\Users\kok\AppData\Local\Temp\Temp1_CamStudioSetup_v2.7.2 (1).zip\CamStudioSetup_v2.7.2.exe, Quarantined, [622328c768139f979a93b34340c412ee], 

PUP.Optional.StmSetup, C:\Users\kok\Downloads\CamStudioSetup_v2.7.2 (1).zip, Quarantined, [2164925db9c26bcbc26b6f873bc9f50b], 

PUP.Optional.StmSetup, C:\Users\kok\Downloads\CamStudioSetup_v2.7.2.zip, Quarantined, [b3d234bbfb80f73f121b42b434d0c040], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

RKreport_SCN_09282014_084438.log

[kevinf80]

RogueKiller log is clean, no sign of bootkit or rootkit infection, continue please and run the following:

 

Download TDSSKiller and save it to your Desktop.

Make sure TDSSKiller.exe  is on the Desktop itself, not within a folder on the desktop.

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
If Malicious objects are found, do NOT select Delete or Cure. Change the action to Skip, When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
 

Next,

 

Scan with Gmer rootkit scanner

 

Please download Gmer from Here by clicking on the "Download EXE" Button.

 

• Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
   
          Sections
          IAT/EAT
          Show All ( should be unchecked by default )
   
  
• Leave everything else as it is.
  
• Close all other running Programs as well as your Browsers.
  
• Click the Scan button & wait for it to finish.
  
• Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop.
  

 

Please post the content of the ark.txt here.

 

 

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

**If GMER crashes** Follow the instructions here and disable your security temporarily…

 

Let me see those logs....

 

Kevin.....

[gorilla12]

logs

TDSSKiller.3.0.0.40_28.09.2014_12.36.37_log.txt

ark.log

[kevinf80]

Clean logs once more, what makes you believe your system is infected?

[gorilla12]

Well my computer is slow and i dont know what to do so  i guess im infected  

[kevinf80]

Download TFC  to your desktop, from either of the following links

 

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

 

• 
     
• Save any open work. TFC will close all open application windows.
     
• Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
     
• If prompted, click "Yes" to reboot.
  

 

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• 
  

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• 
  

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

let me see those logs, also tell me if there is any improvement...

 

Kevin

[gorilla12]

I couldnt run junkware removal tool it was stuck on checking registry i waited long time on it 

AdwCleanerS0.txt

[kevinf80]

The registry scan time can be excessive from JRT, also did you turn off security programs before running the scan....

 

Did TFC make any difference, was there any improvement..

[gorilla12]

Yes my pc is now little faster when i ran TFC 

[kevinf80]

The logs produced from the scanners used are not indicating any specific malware or infection. Maybe the best way forward is to run a "Clean boot" and see if any services outwith Windows are possibly having an effect on the system...

 

Go to this link: http://support.microsoft.com/kb/929135 expand the section relevent for Windows 7, set up for a clean boot. Basically all services outwith Windows will be turned OFF, see how it responds after a reboot. Ensure any Security that possibly shows in the list is not turned OFF...

 

Let me know if that makes any difference...

 

Kevin

[gorilla12]

I did it and its now much faster

[kevinf80]

That would seem to indicate one of the 3rd part services is having an effect on your system, it will need to be identified. The instructions regarding identifying the problem service(s) are at the link I gave earlier..

 

Basically it is a process of elimination until the problem services is found. Repeat as you did previously, ensure all MS services are hidden, enable half of the non MS services then re-boot. If the issue does not return do exactly the same again, this time only enable the bottom half of non MS services.

If the issue returns we know the issue is in the bottom half, so you now repeat again but only enable half of the bottom half. Keep doing that until you isolate the problem sevice(s).

 

Let me know how you get on, I know it is a laborious task but it will locate the issue.

 

Kevin

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!