Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Slow PC with Multiple Issues

This is a discussion on Slow PC with Multiple Issues within the Resolved HJT Threads forums, part of the Tech Support Forum category. PC - HP Probook 4530s, Intel Core i5-2450 (2.5ghz), Windows 7 64-bit, 4 GB RAM, HDD 500 GB (226GB free),


 
 
Thread Tools Search this Thread
Old 10-18-2015, 12:37 PM   #1
Registered Member
 
Join Date: Feb 2007
Posts: 30
OS: Windows 7 Home



PC - HP Probook 4530s, Intel Core i5-2450 (2.5ghz), Windows 7 64-bit, 4 GB RAM, HDD 500 GB (226GB free), purchased Jan. 2012

I will get right into it:

1. Computer's fan has been running hard and non-stop for several months now, fan exhaust is always hot. Fan does turn off when computer is put into sleep mode or shutdown. I have opened the back panel and thoroughly cleaned the fan and other components with a can of air. I have run AdwCleaner, MWB-Antimalware, ESET OnlineScanner in hopes of identifying a virus (all scans came back negative).

2. Computer has suddenly started running slow for last 3-4 days, all programs and web browser are loading slowly. I have also addressed all of the issues outlined on this page https://www.techsupportforum.com/foru...ow-532075.html

3. Battery is completely gone. Computer will shut off immediately if power cord is removed. (I know this is normal for a 3 year old notebook, just including it in case this may have some connection with the fan running.)

I was planning on posting this in the Windows forum however I thought perhaps I should ensure that some more covert form of malware was not behind these problems first. I have included my logs below, any expert advice would be deeply appreciated.

Thanks,

987654321

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 11.40.2
Run by Arif at 14:33:08 on 2015-10-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4030.2149 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [AdobeBridge] <no file>
mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [Conime] C:\windows\System32\conime.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Arif\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Arif\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB}\2656C6B696E6E2369303E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB}\3416E6475627265727970255E69667562737964797 : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB}\34F4C4055726C69636 : DHCPNameServer = 10.20.10.2
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB}\3637D69647866364 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB}\D45646963616C633 : DHCPNameServer = 192.168.253.10 8.8.8.8
TCP: Interfaces\{8876C2B0-4C9A-46F5-AA23-87D29A01A8DF} : DHCPNameServer = 192.168.253.10 8.8.8.8
TCP: Interfaces\{BE677193-EDE4-4FEF-93A4-A17D4C2A0A2C} : NameServer = 64.71.255.198 64.71.255.253
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = DPPassFilter scecli
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arif\AppData\Roaming\Mozilla\Firefox\Profiles\za5zexv5.default-1412869890417\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2015-10-18 89600]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2011-1-26 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-2 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-24 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-24 1135416]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2012-6-19 1646608]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-2 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2011-1-21 3154224]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-9-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-8-24 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-8-24 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-12-22 406632]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-2-2 1145448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe" --> C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-11-8 227936]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-1-12 36864]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;C:\windows\System32\drivers\swg3kser00.sys [2012-4-17 258432]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 swiwdmbx;Sierra Wireless USB Bus Service;C:\windows\System32\drivers\swiwdmbx64.sys [2012-4-17 109312]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\windows\System32\drivers\swnc8ua3.sys [2012-4-17 295936]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-19 1255736]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2015-10-18 18:02:40 -------- d-----w- C:\Users\Arif\AppData\Local\Xobni
2015-10-18 17:54:42 -------- d-----w- C:\ProgramData\PDFC
.
==================== Find3M ====================
.
2015-10-18 18:49:16 192216 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-10-05 14:50:18 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2015-10-05 14:50:10 109272 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2015-10-05 14:50:06 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2015-09-11 15:40:52 778440 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-09-11 15:40:52 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:33:47.78 ===============
Attached Files
File Type: txt attach.txt (12.4 KB, 24 views)
987654321 is offline  
Sponsored Links
Advertisement
 
Old 10-22-2015, 03:58 PM   #2
Registered Member
 
Join Date: Feb 2007
Posts: 30
OS: Windows 7 Home



Bump Please


I would like to add that internet browsers are working incredibly slowly. Browsers on my Android Phone and other Lenovo Notebook are working as normal.
987654321 is offline  
Old 10-23-2015, 12:35 AM   #3
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello 987654321,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

I haven't seen any suspicious file or folder in your reports. But let's be sure by looking at other tools.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Sponsored Links
Advertisement
 
Old 10-23-2015, 03:08 PM   #4
Registered Member
 
Join Date: Feb 2007
Posts: 30
OS: Windows 7 Home



Hello Tolga,

Thank You for your assistance. I have attached the 2 files you requested.
Attached Files
File Type: txt FRST.txt (30.9 KB, 17 views)
File Type: txt Addition.txt (40.7 KB, 18 views)
987654321 is offline  
Old 10-24-2015, 03:22 PM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello 987654321,

Thanks for the logs. Let's continue.

I see you have P2P software ( µTorrent) installed on your machine. Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation.

A reference for the risk of these programs is here

I would recommend that you uninstall any P2P Programs, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

=========================================================

Please do the following instructions.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work

Code:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3182575348-3129815447-1497505665-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3182575348-3129815447-1497505665-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FirewallRules: [TCP Query User{784F023E-C599-4F33-BFF2-94D38189FAF0}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{F1FE4F82-60CE-4885-9436-86316647A983}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 10-24-2015, 05:56 PM   #6
Registered Member
 
Join Date: Feb 2007
Posts: 30
OS: Windows 7 Home



I tried to uninstall utorrent. When I started the uninstall process, Malwarebytes gave me a pop-up stating it has blocked a potentially unwanted program "PUP.Optional.OpenCandy"

As this sounded suspicious, I did not proceed with the uninstall. I thought it would be best for you to know about it before I go forward.

Please advise me how I should proceed? Shall I continue with the uninstall and the fixlist.txt?

Thanks
987654321 is offline  
Old 10-25-2015, 11:51 PM   #7
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello 987654321,

Thanks for the informations. Please continue.
__________________
tekir06 is offline  
Old 10-26-2015, 06:37 PM   #8
Registered Member
 
Join Date: Feb 2007
Posts: 30
OS: Windows 7 Home



Hi Tolga,

I have uninstalled uTorrent and run the FRST code you requested. The Fixlog is posted below.

Do you mind explaining what this code actually did to my system?

Thanks

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by Arif (2015-10-26 20:18:44) Run:1
Running from C:\Users\Arif\Desktop
Loaded Profiles: Arif (Available Profiles: Arif)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3182575348-3129815447-1497505665-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3182575348-3129815447-1497505665-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FirewallRules: [TCP Query User{784F023E-C599-4F33-BFF2-94D38189FAF0}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{F1FE4F82-60CE-4885-9436-86316647A983}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3182575348-3129815447-1497505665-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3182575348-3129815447-1497505665-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{784F023E-C599-4F33-BFF2-94D38189FAF0}C:\program files (x86)\emule\emule.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F1FE4F82-60CE-4885-9436-86316647A983}C:\program files (x86)\emule\emule.exe => value removed successfully
EmptyTemp: => 1020.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:20:40 ====
987654321 is offline  
Old 10-27-2015, 03:35 AM   #9
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello 987654321,

Of course, I explain. I saw some of the lines in the reports. This lines should not be in the system. Removing this lines by running FRST. That's all. But it was not over yet. We will continue until we're sure.

Please do the following steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Launch Malwarebytes Anti-Malware

A check for database updates will be performed.
On the Settings tab > Detection and Protection subtab, Detection Options section, tick the box Scan for rootkits.
Click on the Scan tab, then click on Start Scan.
A check for database updates will be performed.
After the update check completes, a scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click Yes to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click 'Remove Selected'.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 10-27-2015, 07:22 AM   #10
Registered Member
 
Join Date: Feb 2007
Posts: 30
OS: Windows 7 Home



Hi Tolga,

I have completed the two steps you requested. The AdwCleaner log is posted below, the MBAM log is attached.

# AdwCleaner v5.015 - Logfile created 27/10/2015 at 08:47:38
# Updated 26/10/2015 by Xplode
# Database : 2015-10-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Arif - CONSTITUTION
# Running from : C:\Users\Arif\Desktop\adwcleaner_5.015.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update WebConnect

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [835 bytes] ##########
Attached Files
File Type: txt MBAM Log 10-27-2015.txt (1.0 KB, 13 views)
987654321 is offline  
Old 10-27-2015, 11:00 PM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello 987654321,

Thanks for the logs. Please do the following steps. Then tell me, how is the machine behaving now? What problems do you still have?

STEP 1

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed.
Next, download the latest Java, version 8 Update 65 from the following link

Download Free Java Software

=========================================================

STEP 2


Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology
Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________
tekir06 is offline  
Old 10-30-2015, 03:12 PM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello 987654321, Still with us ? If you don't reply within 24 hours, this thread shall be closed.
__________________
tekir06 is offline  
Old 10-30-2015, 07:01 PM   #13
Registered Member
 
Join Date: Feb 2007
Posts: 30
OS: Windows 7 Home



Hi Tolga,

Sorry, I had a busy couple of days at work and did not open this computer. I am still with you. Running ESET scanner right now.

Will post the results as soon as possible.

Thanks
987654321 is offline  
Old 10-31-2015, 12:23 PM   #14
Registered Member
 
Join Date: Feb 2007
Posts: 30
OS: Windows 7 Home



Hello Tolga,

I have updated Java and Run ESETOnline Scanner. The scanner showed no threats.

Overall, my computer is running much more smoothly than before. Before your directions, it would often take a long time to load simple tasks such as opening windows explorer or loading web browsers. Those problems have been resolved.

The one remaining issue is that the fan is constantly running very hard. It never stops completely but sometimes will slow down for a minute or two before turning on full again. I thought this may be a virus issue but now I am not sure. Do you have any advice for me regarding this issue?

Thanks
987654321 is offline  
Old 10-31-2015, 01:45 PM   #15
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello 987654321,

You're Welcome

I'm glad to solve the problem. Your Reports are clear. I think it is not related to malware your Fan problem. You can clean the fan. Or you can take to experts who cleaned it.

Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.
  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 11-01-2015, 06:03 AM   #16
Registered Member
 
Join Date: Feb 2007
Posts: 30
OS: Windows 7 Home



Thank You very much for your help.

You may mark the thread as resolved.

987654321
987654321 is offline  
Old 11-01-2015, 10:17 PM   #17
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello 987654321,

You're welcome. Thank you for your patience and cooperation.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple gaming issues
My problem is fairly long winded, so I'll try to explain it as best as I can. I have issues with playing quite a lot of more recent games right now, crashes, bluescreens etc. I'll give a list of the games I've had trouble with, what effects them and then I'll give some more info. H1Z1 -...
Kiritan PC Gaming Support 9 07-17-2015 06:57 PM
Avast detecting multiple issues
Hi Avast keeps popping up saying its blocked a harmful file, some it moves to the chest, some it just blocks. I have screenshotted the avast chest should you need it, one of the issues seems to be a type of windows update file in WIN32??? I run XP SP3 still. I have run DDS. DDS...
whitefox723 Resolved HJT Threads 19 06-03-2015 06:53 PM
Multiple Internet Connection issues
I used to have an issue with my laptop (no other devices in the house) where some webpages don't load on their first attempt, but as soon as the "Could not load page" banner appears it auto-refreshed and loaded at normal speed. This happened with Chrome, Firefox, and IE so it doesn't seem to be a...
Bambishire Networking Support 5 03-06-2015 05:38 PM
Slow computer/virus/malware issues. Please help.
Hello, I am not exactly sure what's wrong with my computer, but I suspect its spyware/virus(s)/malware etc. The computer is very slow, it takes a while to start up and shut down. Opening files (jpeg, doc, xls and others) also takes a long time. Often enough the file does not even open, it...
julia.o Virus/Trojan/Spyware Help 1 02-06-2011 03:54 AM
[SOLVED] multiple phones = slow connection??
Hello, Thank you for taking the time to read my post and I appreciate any input you have. The Problem: Slow DSL connection when I wire more than one phone. I have one phone line coming into the home (red,green,black, yellow). I had to splice the line to get it to reach where I have...
treefrog1 Modems/Cable/DSL/Satellite 6 01-27-2011 08:46 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:43 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts