Jump to content

Recommended Posts

Hi, I suspect I've got some sort of malware or infection on my laptop which has been persistent on and off over the past year (I've reinstalled/wiped the system sometimes which seemed to fix it but came back either from restoring to a backup or possibly from torrenting?) I'm not sure what the issue is or if it is a virus but it has been causing my computer to slow up majorly. I suspect it is a virus as my computer has been working fine for at least a fortnight but tonight after installing utorrent for the first time the issue reappeared. The file i was downloading seemed to be fine, but I noticed a possibly dodgy file from around the time I first noticed the problem was still there so have a feeling that may be the cause of the problem. Will post the logs in the following two posts - thank you for your help!

Link to post
Share on other sites

Hello and welcome! Sorry for the delay, sometimes it just happens.

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


Since some days have passed, provide me a fresh set of logfiles.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites

Hi :)

OK, let's move along. Killing time is here :)

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.
Please include the contents of that file in your reply.
Link to post
Share on other sites

Hi :)

No worries, I was travelling much lately so I couldn't respond timely for the last two days.

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;emptyclsid;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

OK, so we need to address the remnants now. How's your machine behaving?

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;iikflkcanblccfahdhdonehdalibjnif;chrnppllibpnmahfaklnpggkibhkapjkeob;chr
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

Hi and sorry for the delay. I blame it on the jetlag.

Let's see the Gmer report.

gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.

It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!
When the pre-scan is completed, please do the following:
  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.
Please include the content of this file in your next reply.

Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.

icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

Link to post
Share on other sites

Gmer doesn't show any unusual activity.
I start thinking that there's some driver conflict here.
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

OK, let's fix some minor things here.

 

Describe the current symptoms please.

 

 

 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
startCHR StartupUrls: Default -> "hxxp://www.v9.com/?type=hp&ts=1401196333&from=irs&uid=3217816575_132775_C8C102CD&i=psd&t=3432d97c3"CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathS3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]end
Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.
Link to post
Share on other sites

Main issue is general performance - browser pages (internet or otherwise) take a long time to load, the screen can freeze momentarily/causes programs to crash more easily, games are mostly unplayable with how slowly they run even on lowest settings and things like my LaTeX editor and MatLab take a long time to load and generate what I am making. Sorry can't be more specific. :/ Hard to describe beyond that- basically everything is very slow and laggy compared to normal.

 

I've attached the log - hope I did it correctly though because it generated instantly?

 

Thank you again!

Fixlog.txt

Link to post
Share on other sites

OK, please do that now.

chrome.png Reset Chrome to defaults

Please open Google Chrome.

  • Enter the Chrome menu by clicking the chrome-menu.png button.
  • Select Settings.
  • Click Show advanced settings and find the Reset browser settings section.
  • Click Reset browser settings.
  • In the dialog that appears, click Reset.
  • Chrome will reset itself.
Bare in mind that all your browsing history, passwords, cookies will be saved. This procedure will only remove all extensions, themes, plugins etc. and restore Chrome engine to a state similar after a fresh installation.

remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
  • Google Chrome
After completing uninstalls, please manually reboot your machine!

chrome.png Google Chrome reinstall

Please go to the official Chrome download website and install a fresh version.

Link to post
Share on other sites

We're not done yet.

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Link to post
Share on other sites

Sorry, will start pasting them from now on!

 

 Results of screen317's Security Check version 0.99.96  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
Norton 360         
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31  
 Adobe Flash Player     16.0.0.305  
 Mozilla Firefox (35.0.1)
 Google Chrome (40.0.2214.111)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

OK, let's run an additional scan.

I'm curious about one line and I want to double-check that.

FarbarServiceScanner.png Scan with Farbar Service Scanner

Download Farbar Service Scanner by Farbar and save it to your desktop.

  • Right-click on FarbarServiceScanner.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure all of the options are checked!
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
Please include that log in your next reply.
Link to post
Share on other sites

Here we go:

 

Farbar Service Scanner Version: 17-01-2015
Ran by Aiden (administrator) on 14-02-2015 at 01:52:29
Running from "C:\Users\Aiden\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

Appears fine :)

51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
Include it for my review.

Please also manually reboot your machine after posting your logfile.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.