Malware detected, clean now but comp still running poorly.

Page 1 of 4 123 ... LastLast

  1. Posts : 15
    Windows 7 Home Premium 64 bit
       #1

    Malware detected, clean now but comp still running poorly.


    Good day everyone,
    I'm not sure how it happened but last week I noticed my comp running incredibly slow, freezing up, programs malfunctioning, etc... I ran Anti-Malwarebytes and sure enough I had some Malware. Here is the initial Scan:

    Malwarebytes Anti-Malware
    Scan Date: 5/21/2015
    Scan Time: 11:16:19 PM
    Logfile:
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.05.21.04
    Rootkit Database: v2015.05.16.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: bob

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 415725
    Time Elapsed: 1 hr, 42 min, 2 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [e563d4c25c2e46f0ff700907986ce31d],

    Registry Values: 1
    PUP.Vulnerable.DellSystemDetect, HKU\S-1-5-21-3829630863-2373432100-1501377825-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DellSystemDetect, C:\Users\bob\AppData\Local\Apps\2.0\R36N6J7H.EL7\N5PKC76J.RMW\dell..tion_0f612f649c4a10af_0005.0008_ a4204ff54ae5d3ac\DellSystemDetect.exe, No Action By User, [88c05442ff8bca6c72a4da03cb38827e]

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.Delta.A, C:\Users\bob\AppData\LocalLow\Delta\delta, Quarantined, [ec5c4f478a00ef47271c36a3be45b14f],

    Files: 4
    PUP.Optional.Somoto.A, C:\Users\bob\AppData\Local\Temp\nswC086.tmp, Quarantined, [4305cec8b0da5dd9572692f07b8607f9],
    PUP.Optional.Somoto, C:\Users\bob\AppData\Local\Temp\bitool.dll, Quarantined, [ea5e22743d4d88aeeb728c7fd82bce32],
    Rogue.Link, C:\Users\bob\Favorites\MP3 download MyFreeMp3.eu.url, Quarantined, [86c276201f6bec4a64b81c4583817789],
    PUP.Optional.GoForFiles.A, C:\Windows\System32\Tasks\GoforFilesUpdate, Quarantined, [311744526a20a294e9cb4b188a7b6d93],

    Physical Sectors: 0
    (No malicious items detected)

    (end)
    --------------------------------------------------------------------

    I then ran CCleaner, Dr. Web Cureit and Anti Malware again. It came up clean but comp still running badly. Then ran AdwCleaner with these results:

    # AdwCleaner v4.205 - Logfile created 23/05/2015 at 12:52:09
    # Updated 21/05/2015 by Xplode
    # Database : 2015-05-21.2 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : bob - BOB-PC
    # Running from : G:\Bob\Programs from other Computer\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Found : C:\Device
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\bob\AppData\Local\PackageAware
    Folder Found : C:\Users\bob\AppData\LocalLow\Delta
    Folder Found : C:\Users\bob\AppData\Roaming\goforfiles
    Folder Found : C:\Users\bob\Documents\Updater

    ***** [ Scheduled tasks ] *****

    Task Found : GoforFilesUpdate

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\928cdebd35bd49
    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\GoforFiles
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : [x64] HKCU\Software\APN PIP
    Key Found : [x64] HKCU\Software\GoforFiles
    Key Found : [x64] HKCU\Software\Softonic
    Key Found : [x64] HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Babylon
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\GoforFiles
    Key Found : HKLM\SOFTWARE\PIP
    Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v38.0.1 (x86 en-US)


    *************************

    I then ran Junkware Removal Tool. It found some things as well. Sorry I didn't save the log. Then ran AntiMalwarebytes again, then Hitman Pro. Did all of the above again and was coming up clean. Comp was still running badly. Ran Emsisoft Anti-Malware and came up clean. Then ran RKill, here's the log:

    Rkill 2.7.0 by Lawrence Abrams (Grinler)

    Program started at: 05/26/2015 02:38:43 PM in x64 mode. (Safe Mode)
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * NetBT (NetBT) is not Running.
    Startup Type set to: System

    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System

    * NetIO Legacy TDI Support Driver (tdx) is not Running.
    Startup Type set to: System

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 05/26/2015 02:44:39 PM
    Execution time: 0 hours(s), 5 minute(s), and 55 seconds(s)
    ------------------------------------------------------

    Then ran FixExec and SuperAntiSpyware. Came up clean. Ran TDSS Killer, I have the log but it is VERY long. Should I post the whole thing? I then ran RogueKiller, here is that log:

    RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : bob [Administrator]
    Started from : C:\Users\bob\Desktop\RogueKiller.exe
    Mode : Scan -- Date : 05/27/2015 14:21:22

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 40 ¤¤¤
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Found
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> Found
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> Found
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Found
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> Found
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910} -> Found
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Found
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077} -> Found
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} : Canon Easy-WebPrint EX -> Found
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {47833539-D0C5-4125-9FA8-0819E2EAAC93} : -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStart Menu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStart Menu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStart Menu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStart Menu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPane l | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPane l | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPane l | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPane l | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3829630863-2373432100-1501377825-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \\4488 -- wscript.exe (C:\Users\bob\AppData\Local\Temp\launchie.vbs //B) -> Found

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 +++++
    --- User ---
    [MBR] a4d23e1f3c9f6ab870ac71a947ecc07a
    [BSP] dea9defa67a18cc486b8c709b2ee22f0 : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 208845 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30928845 | Size: 290142 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    ============================================


    I then ran OTL by Oldtimer, again the log is extremely long so I was not sure how to proceed. All of this was done in Safe Mode by the way. For the most part it seems to be coming up clean but it's still not running correctly. Browser freezes up, programs randomly freeze up, simply right clicking on something will take 3 minutes to go through. Then randomly it'll run fine for an hour or so. Any help on how to proceed would be extremely appreciated. Thank you so much
      My Computer


  2. Posts : 1,102
    OEM Windows 7 Ult (x64) SP1
       #2

    JstRelax said:
    Good day everyone,
    <snip>
    All of this was done in Safe Mode by the way.

    Hi:

    I'll defer to jacee and/or cottonball, who are formally trained in malware removal.

    However, just to note:

    Malwarebytes Anti-Malware (MBAM) should not be routinely run in Windows Safe Mode.
    In order to work properly, it should be run in Normal Mode.
    If it is does not run that way -- perhaps because of heavy infection -- then there are other strategies to get it to run, such as Chameleon.

    More info about v2.1.6 HERE - User Guide ONLINE - User Guide PDF - FAQ: Common Questions, Issues, and their Solutions

    Cheers,
      My Computer


  3. Posts : 15
    Windows 7 Home Premium 64 bit
    Thread Starter
       #3

    Thanks for the reply moxiemamma. Yes I have ran Anti-malwarebytes in Safe Mode as well as Normal mode. Nothing is prevention it from running.
      My Computer


  4. Posts : 1,102
    OEM Windows 7 Ult (x64) SP1
       #4

    Hi:

    Sorry for the misunderstanding.
    I only saw mention of Safe Mode in your post:
    All of this was done in Safe Mode by the way...
    Cheers,
      My Computer


  5. Posts : 2,470
    Windows 7 Home Premium
       #5

    JstRelax,

    There are problems in the services area. Let's see if the following helps...

    Please start the computer in: Safe Mode with Networking

    Next, use the Windows Repair (All in One)
    Download > Windows Repair (All In One) Download
    Save to the Desktop

    Right-click the tweaking.com program icon on the Desktop, and select: Run as Administrator
    Click Next at the Setup, and follow the prompts.

    Make sure to temporarily disable your AntiVirus program before the repairs are done.

    At the program's console...
    Go to Step 5 Backup, and under System Restore click on: Create

    Next, go to Repairs tab and click: Automatically do a Registry Backup
    Also click: Open Repairs

    In the next prompt, press: Unselect all
    (The items seen are checked by default, and you do not need all of them.)

    Under Repair Options (on the left side) only check/select:
    03 - Reset Service Permissions
    26 - Restore Important Windows Services
    27 - Set Windows Services to Default Startup

    On the right side, check: Restart/Shutdown system when finished

    Press: Start Repairs

    When the program finishes, restart the computer.

    Please post Windows the Repair log in your reply. It is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

    Also, please run RKill once again, like you did before, and post the new RKill report in your reply.

    Thanks!
      My Computer


  6. Posts : 15
    Windows 7 Home Premium 64 bit
    Thread Starter
       #6

    Hi Cottonball, Thanks for your help. Here's the Tweaking report:

    Tweaking.com - Windows Repair v3.0.0
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    OS: Windows 7 Home Premium
    OS Architecture: 64-bit
    OS Version: 6.1.7601
    OS Service Pack: Service Pack 1
    Computer Name: BOB-PC
    Windows Drive: C:\
    Windows Path: C:\Windows
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile: C:\Users\bob
    Current Profile SID: S-1-5-21-3829630863-2373432100-1501377825-1000
    Current Profile Classes: S-1-5-21-3829630863-2373432100-1501377825-1000_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\Windows\ServiceProfiles
    Local Settings AppData: C:\Users\bob\AppData\Local
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 00:09:54

    Process Count: 26
    Commit Total: 855.96 MB
    Commit Limit: 12.68 GB
    Commit Peak: 1.59 GB
    Handle Count: 6331
    Kernel Total: 216.35 MB
    Kernel Paged: 169.82 MB
    Kernel Non Paged: 46.53 MB
    System Cache: 482.96 MB
    Thread Count: 287
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 7.80 GB
    Memory Used: 903.23 MB(11.3066%)
    Memory Avail.: 6.92 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 7.80 GB
    Memory Used: 773.69 MB(9.685%)
    Memory Avail.: 7.05 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (5/27/2015 8:57:25 PM)

    03 - Reset Service Permissions
    Start (5/27/2015 8:57:27 PM)

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/27/2015 8:57:36 PM)

    26 - Restore Important Windows Services
    Start (5/27/2015 8:57:36 PM)
    Running Repair Under Current User Account

    Decompressing & Updating Windows Permission File services.txt
    Done, 0.16 seconds.

    Running Repair Under System Account
    Done (5/27/2015 8:57:50 PM)

    27 - Set Windows Services To Default Startup
    Start (5/27/2015 8:57:50 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/27/2015 8:57:58 PM)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done at (5/27/2015 8:57:58 PM)
    Total Repair Time: 00:00:34


    ...YOU MUST RESTART YOUR SYSTEM...
    -------------------------------------------------

    Here is the Rkill report:

    Rkill 2.7.0 by Lawrence Abrams (Grinler)
    Bleeping Computer - Technical Support and Computer Help
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesn&#39;t - A brief introduction to the program - Anti-Virus and Anti-Malware Software

    Program started at: 05/27/2015 09:24:13 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 05/27/2015 09:51:04 PM
    Execution time: 0 hours(s), 26 minute(s), and 50 seconds(s)



    Thank You!
      My Computer


  7. Posts : 2,470
    Windows 7 Home Premium
       #7

    Checking Windows Service Integrity:
    * No issues found.


    Any improvement?
      My Computer


  8. Posts : 15
    Windows 7 Home Premium 64 bit
    Thread Starter
       #8

    No not yet. After I ran the tweaking repair it froze while loading up in normal mode. Had to reboot then run Rkill. After that still no improvement. My windows live mail client locked up for about 5 mins. Even just opening the folders to get to the tweaking log took forever. There'd be a delay after each click.
      My Computer


  9. Posts : 1,102
    OEM Windows 7 Ult (x64) SP1
       #9

    Hi, again:

    Sorry to interrupt -- JstRelax, please continue to work with cottonball.

    However, upon re-reading your original post I noticed that you had MBAM configured only to "warn" for PUPs, not to remove them.

    Malwarebytes Anti-Malware
    Scan Date: 5/21/2015
    Scan Time: 11:16:19 PM
    Logfile:
    Administrator: Yes

    Version: 2.01.6.1022

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled
    When you are finished cleaning and repairing your system, you might want to change the MBAM Settings for PUPs and PUMs to "Treat Detections as Malware".

    Cheers,
    Attached Thumbnails Attached Thumbnails Malware detected, clean now but comp still running poorly.-pup-pum-2015-05-28_5-37-35.png  
      My Computer


  10. Posts : 2,470
    Windows 7 Home Premium
       #10

    @MoxieMomma,

    Thanks!!!!
    That one went right over my head.

    @JstRelax,

    Please run MBAM once again, and do as MoxieMomma suggested.

    Also, are there any other MBAM reports prior to the one you posted above?
    If so, please post or attach.


    In addition to the above, open Windows Repair once again, and go to the Step 4 tab, and run System File Check by clicking on: Do It

    When done, please look for the new Windows Repair log, and post it in your reply.
      My Computer


 
Page 1 of 4 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:17.
Find Us