Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malware detected, clean now but comp still running poorly.

27 May 2015   #1
JstRelax

Windows 7 Home Premium 64 bit
 
 
Malware detected, clean now but comp still running poorly.

Good day everyone,
I'm not sure how it happened but last week I noticed my comp running incredibly slow, freezing up, programs malfunctioning, etc... I ran Anti-Malwarebytes and sure enough I had some Malware. Here is the initial Scan:

Malwarebytes Anti-Malware
Scan Date: 5/21/2015
Scan Time: 11:16:19 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.21.04
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: bob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415725
Time Elapsed: 1 hr, 42 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [e563d4c25c2e46f0ff700907986ce31d],

Registry Values: 1
PUP.Vulnerable.DellSystemDetect, HKU\S-1-5-21-3829630863-2373432100-1501377825-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DellSystemDetect, C:\Users\bob\AppData\Local\Apps\2.0\R36N6J7H.EL7\N5PKC76J.RMW\dell..tion_0f612f649c4a10af_0005.0008_ a4204ff54ae5d3ac\DellSystemDetect.exe, No Action By User, [88c05442ff8bca6c72a4da03cb38827e]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Delta.A, C:\Users\bob\AppData\LocalLow\Delta\delta, Quarantined, [ec5c4f478a00ef47271c36a3be45b14f],

Files: 4
PUP.Optional.Somoto.A, C:\Users\bob\AppData\Local\Temp\nswC086.tmp, Quarantined, [4305cec8b0da5dd9572692f07b8607f9],
PUP.Optional.Somoto, C:\Users\bob\AppData\Local\Temp\bitool.dll, Quarantined, [ea5e22743d4d88aeeb728c7fd82bce32],
Rogue.Link, C:\Users\bob\Favorites\MP3 download MyFreeMp3.eu.url, Quarantined, [86c276201f6bec4a64b81c4583817789],
PUP.Optional.GoForFiles.A, C:\Windows\System32\Tasks\GoforFilesUpdate, Quarantined, [311744526a20a294e9cb4b188a7b6d93],

Physical Sectors: 0
(No malicious items detected)

(end)
--------------------------------------------------------------------

I then ran CCleaner, Dr. Web Cureit and Anti Malware again. It came up clean but comp still running badly. Then ran AdwCleaner with these results:

# AdwCleaner v4.205 - Logfile created 23/05/2015 at 12:52:09
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : bob - BOB-PC
# Running from : G:\Bob\Programs from other Computer\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Device
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\bob\AppData\Local\PackageAware
Folder Found : C:\Users\bob\AppData\LocalLow\Delta
Folder Found : C:\Users\bob\AppData\Roaming\goforfiles
Folder Found : C:\Users\bob\Documents\Updater

***** [ Scheduled tasks ] *****

Task Found : GoforFilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\928cdebd35bd49
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\GoforFiles
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\GoforFiles
Key Found : HKLM\SOFTWARE\PIP
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


*************************

I then ran Junkware Removal Tool. It found some things as well. Sorry I didn't save the log. Then ran AntiMalwarebytes again, then Hitman Pro. Did all of the above again and was coming up clean. Comp was still running badly. Ran Emsisoft Anti-Malware and came up clean. Then ran RKill, here's the log:

Rkill 2.7.0 by Lawrence Abrams (Grinler)

Program started at: 05/26/2015 02:38:43 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* NetIO Legacy TDI Support Driver (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/26/2015 02:44:39 PM
Execution time: 0 hours(s), 5 minute(s), and 55 seconds(s)
------------------------------------------------------

Then ran FixExec and SuperAntiSpyware. Came up clean. Ran TDSS Killer, I have the log but it is VERY long. Should I post the whole thing? I then ran RogueKiller, here is that log:

RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : bob [Administrator]
Started from : C:\Users\bob\Desktop\RogueKiller.exe
Mode : Scan -- Date : 05/27/2015 14:21:22

Processes : 0

Registry : 40
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} : Canon Easy-WebPrint EX -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {47833539-D0C5-4125-9FA8-0819E2EAAC93} : -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStart Menu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStart Menu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStart Menu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStart Menu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPane l | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPane l | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPane l | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPane l | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

Tasks : 1
[Suspicious.Path] \\4488 -- wscript.exe (C:\Users\bob\AppData\Local\Temp\launchie.vbs //B) -> Found

Files : 0

Hosts File : 0

Antirootkit : 0 (Driver: Not loaded [0xc000036b])

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 +++++
--- User ---
[MBR] a4d23e1f3c9f6ab870ac71a947ecc07a
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 208845 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30928845 | Size: 290142 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================


I then ran OTL by Oldtimer, again the log is extremely long so I was not sure how to proceed. All of this was done in Safe Mode by the way. For the most part it seems to be coming up clean but it's still not running correctly. Browser freezes up, programs randomly freeze up, simply right clicking on something will take 3 minutes to go through. Then randomly it'll run fine for an hour or so. Any help on how to proceed would be extremely appreciated. Thank you so much


My System SpecsSystem Spec
.
27 May 2015   #2
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Quote   Quote: Originally Posted by JstRelax View Post
Good day everyone,
<snip>
All of this was done in Safe Mode by the way.

Hi:

I'll defer to jacee and/or cottonball, who are formally trained in malware removal.

However, just to note:

Malwarebytes Anti-Malware (MBAM) should not be routinely run in Windows Safe Mode.
In order to work properly, it should be run in Normal Mode.
If it is does not run that way -- perhaps because of heavy infection -- then there are other strategies to get it to run, such as Chameleon.

More info about v2.1.6 HERE - User Guide ONLINE - User Guide PDF - FAQ: Common Questions, Issues, and their Solutions

Cheers,
My System SpecsSystem Spec
27 May 2015   #3
JstRelax

Windows 7 Home Premium 64 bit
 
 

Thanks for the reply moxiemamma. Yes I have ran Anti-malwarebytes in Safe Mode as well as Normal mode. Nothing is prevention it from running.
My System SpecsSystem Spec
.

27 May 2015   #4
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Hi:

Sorry for the misunderstanding.
I only saw mention of Safe Mode in your post:
Quote:
All of this was done in Safe Mode by the way...
Cheers,
My System SpecsSystem Spec
27 May 2015   #5
cottonball

Windows 7 Home Premium
 
 

JstRelax,

There are problems in the services area. Let's see if the following helps...

Please start the computer in: Safe Mode with Networking

Next, use the Windows Repair (All in One)
Download > Windows Repair (All In One) Download
Save to the Desktop

Right-click the tweaking.com program icon on the Desktop, and select: Run as Administrator
Click Next at the Setup, and follow the prompts.

Make sure to temporarily disable your AntiVirus program before the repairs are done.

At the program's console...
Go to Step 5 Backup, and under System Restore click on: Create

Next, go to Repairs tab and click: Automatically do a Registry Backup
Also click: Open Repairs

In the next prompt, press: Unselect all
(The items seen are checked by default, and you do not need all of them.)

Under Repair Options (on the left side) only check/select:
03 - Reset Service Permissions
26 - Restore Important Windows Services
27 - Set Windows Services to Default Startup

On the right side, check: Restart/Shutdown system when finished

Press: Start Repairs

When the program finishes, restart the computer.

Please post Windows the Repair log in your reply. It is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

Also, please run RKill once again, like you did before, and post the new RKill report in your reply.

Thanks!
My System SpecsSystem Spec
27 May 2015   #6
JstRelax

Windows 7 Home Premium 64 bit
 
 

Hi Cottonball, Thanks for your help. Here's the Tweaking report:

Tweaking.com - Windows Repair v3.0.0
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: BOB-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\bob
Current Profile SID: S-1-5-21-3829630863-2373432100-1501377825-1000
Current Profile Classes: S-1-5-21-3829630863-2373432100-1501377825-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\bob\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:09:54

Process Count: 26
Commit Total: 855.96 MB
Commit Limit: 12.68 GB
Commit Peak: 1.59 GB
Handle Count: 6331
Kernel Total: 216.35 MB
Kernel Paged: 169.82 MB
Kernel Non Paged: 46.53 MB
System Cache: 482.96 MB
Thread Count: 287
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.80 GB
Memory Used: 903.23 MB(11.3066%)
Memory Avail.: 6.92 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.80 GB
Memory Used: 773.69 MB(9.685%)
Memory Avail.: 7.05 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (5/27/2015 8:57:25 PM)

03 - Reset Service Permissions
Start (5/27/2015 8:57:27 PM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (5/27/2015 8:57:36 PM)

26 - Restore Important Windows Services
Start (5/27/2015 8:57:36 PM)
Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done, 0.16 seconds.

Running Repair Under System Account
Done (5/27/2015 8:57:50 PM)

27 - Set Windows Services To Default Startup
Start (5/27/2015 8:57:50 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/27/2015 8:57:58 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (5/27/2015 8:57:58 PM)
Total Repair Time: 00:00:34


...YOU MUST RESTART YOUR SYSTEM...
-------------------------------------------------

Here is the Rkill report:

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn&#39;t - A brief introduction to the program - Anti-Virus and Anti-Malware Software

Program started at: 05/27/2015 09:24:13 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/27/2015 09:51:04 PM
Execution time: 0 hours(s), 26 minute(s), and 50 seconds(s)



Thank You!
My System SpecsSystem Spec
28 May 2015   #7
cottonball

Windows 7 Home Premium
 
 

Quote:
Checking Windows Service Integrity:
* No issues found.


Any improvement?
My System SpecsSystem Spec
28 May 2015   #8
JstRelax

Windows 7 Home Premium 64 bit
 
 

No not yet. After I ran the tweaking repair it froze while loading up in normal mode. Had to reboot then run Rkill. After that still no improvement. My windows live mail client locked up for about 5 mins. Even just opening the folders to get to the tweaking log took forever. There'd be a delay after each click.
My System SpecsSystem Spec
28 May 2015   #9
MoxieMomma

OEM Windows 7 Ult (x64) SP1
 
 

Hi, again:

Sorry to interrupt -- JstRelax, please continue to work with cottonball.

However, upon re-reading your original post I noticed that you had MBAM configured only to "warn" for PUPs, not to remove them.

Quote:
Malwarebytes Anti-Malware
Scan Date: 5/21/2015
Scan Time: 11:16:19 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
When you are finished cleaning and repairing your system, you might want to change the MBAM Settings for PUPs and PUMs to "Treat Detections as Malware".

Cheers,


Attached Thumbnails
Malware detected, clean now but comp still running poorly.-pup-pum-2015-05-28_5-37-35.png  
My System SpecsSystem Spec
28 May 2015   #10
cottonball

Windows 7 Home Premium
 
 

@MoxieMomma,

Thanks!!!!
That one went right over my head.

@JstRelax,

Please run MBAM once again, and do as MoxieMomma suggested.

Also, are there any other MBAM reports prior to the one you posted above?
If so, please post or attach.


In addition to the above, open Windows Repair once again, and go to the Step 4 tab, and run System File Check by clicking on: Do It

When done, please look for the new Windows Repair log, and post it in your reply.
My System SpecsSystem Spec
Reply

 Malware detected, clean now but comp still running poorly.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Comp not running good, want to do a clean install
I have worked on my computer for a week or so running Spinrite, deleting stuff, ......now I want to wipe everything out and install Win 7 from scratch. I have all my stuff backed up. What's the best way to do it?
Installation & Setup
Malware.Trace detected
SuperAntiSpyware detected a threat called Malware.Trace in the registry. The locations is: HKEY_USERS\S-1-5-21-2727477870-1681592241-1705532872-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL Several google results were saying that it's something that appears to be a...
System Security
I put comp on sleep, came back to screensaver running
I put my computer to sleep by doing start button > sleep. When i came back 1.5 hours later my screensaver was running. How in the HELL could this of happened? My screensaver and power options setup is: screen saver on after 10 minutes > display off after 20 minutes > sleep mode after 30 minutes ...
General Discussion
Comp will not re boot after ccleaner registry clean
Hi everyone, I have a dell inspiron mini 1110. I run c cleaner registry cleaner last night, which i have done b4 with no problems. Shut down computer and tried to start up. will not start. it runs through the automatic repair process but it says unable to fix. Tried system restore back as far as...
BSOD Help and Support
Plz Help..Comp crashes on running games
Hey Everybody, plz help! my comp keeps crashing whenever i run a high ram using game or application(runs smooth when idle or just playing itunes!)..It also Doesn't boot correctly and keeps getting restarted while booting and after half a dozen times(or more) it starts..i have...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:51.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App