Hello

The last week this PC has started playing up, It’s currently infected. The problems gradually have gotten worse especially today. The latest / worse problems include:

*Slower on start up
*Not shutting down (Had to hard reset/shutdown for the system to shut down)
*Some games not running (Like Battlefield 3, and then there be a BF3 process in the background using low memory which would not close with task manager)
*Origin crashing and then not closing in task manager (Even after a reinstall)

I have done some scans and got logs for you. There was some problems though. Malwarebytes kept crashing. aswMBR got stuck for over 30 minutes so I had to save the log and exit the program. Combofix could not restart the system automatically so I had to hard reset the system (Luckily Combo fixed still run as it should upon start up and I got the log) The reason I run combofix already was due to the programs getting much worse as time went on so I needed to get the badboy running to at least fix some of the problems.

After the Combofix scan, I had to restart the system (Due the problem that comes up with Combofix sometimes when you’re not able to run programs due to illegal registry etc) The system this time shut down straight away (Combofix seemed to have fixed something?) However I have not tried to shut down again to see if it’s still okay. On startup it was quicker than before but it’s still not perfect and how it was before the problems started to come up. Also now origin and battlefield 3 work normally again (Combofix at work again I guess!)

So in summary I’d like you to check the logs and help me clean out the system throughly if there are still issues with it.

However I cannot post the logs as it says I have exceeded the maximum allowed letters in each post (Even doing one log at a time in each post) how shall I get the logs to you?

I wait patiently for your help.

JJ

This is the only log I can get into one post.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-25 23:50:56

23:50:56.891 OS Version: Windows x64 6.1.7601 Service Pack 1
23:50:56.891 Number of processors: 4 586 0x2A07
23:50:56.891 ComputerName: DAINHUMAIN-PC UserName: Dainhumain
23:50:57.562 Initialize success
23:50:57.858 AVAST engine defs: 12072501
23:51:08.023 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
23:51:08.023 Disk 0 Vendor: SAMSUNG_HD322GJ 1AR10002 Size: 305245MB BusType: 3
23:51:08.023 Disk 1 \Device\Harddisk1\DR1 → \Device\Ide\IdeDeviceP1T0L0-1
23:51:08.023 Disk 1 Vendor: SAMSUNG_HD502HJ 1AJ100E4 Size: 476940MB BusType: 3
23:51:08.039 Disk 0 MBR read successfully
23:51:08.039 Disk 0 MBR scan
23:51:08.039 Disk 0 Windows 7 default MBR code
23:51:08.054 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 92160 MB offset 206848
23:51:08.054 Disk 0 Partition - 00 0F Extended LBA 212983 MB offset 188950528
23:51:08.086 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10239 MB offset 188952576
23:51:08.086 Disk 0 Partition - 00 05 Extended 202743 MB offset 209922048
23:51:08.101 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 163830 MB offset 209924096
23:51:08.101 Disk 0 Partition - 00 05 Extended 38912 MB offset 566419456
23:51:08.132 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38911 MB offset 545449984
23:51:08.164 Disk 0 scanning C:\Windows\system32\drivers
23:51:14.166 Service scanning
23:51:22.271 Service sptd C:\Windows\System32\Drivers\sptd.sys LOCKED 32
23:51:25.290 Modules scanning
23:51:25.290 Disk 0 trace - called modules:
23:51:25.306 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800770e2c0]<<sppm.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:51:25.306 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8007b59060]
23:51:25.306 3 CLASSPNP.SYS[fffff880018a643f] → nt!IofCallDriver → [0xfffffa800786b4d0]
23:51:25.322 5 ACPI.sys[fffff8800100b7a1] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007880060]
23:51:25.322 \Driver\atapi[0xfffffa8007868410] → IRP_MJ_CREATE → 0xfffffa800770e2c0
23:51:25.618 AVAST engine scan C:\Windows
23:51:26.757 AVAST engine scan C:\Windows\system32
23:52:44.292 AVAST engine scan C:\Windows\system32\drivers
23:52:50.700 AVAST engine scan C:\Users\Dainhumain
23:56:24.786 Disk 0 MBR has been saved successfully to “C:\Users\Dainhumain\Desktop\MBR.dat”
23:56:24.786 The log file has been saved successfully to “C:\Users\Dainhumain\Desktop\aswMBR-1.txt”

Okay now I can attached files (Could not before) so I have attached the other logs in this and the other post below (Very sorry for all the posts but I could not attach file before)

Final log (It would not let me add it to last post due to file size limit reached)

Sorry again. :-*

Hi,

It’s been 3 days now, I respect that time is limited and you guys are busy but in the meantime there have been people post problems and they get help on the same day they make their topic.

What did I do wrong exactly? I had no choice but to make the reply responses due to the problems I add showing you the logs, it was the only way I was able to post the logs (Due to the reasons already explained)

For all I know the virus’s could be getting worse and they getting my personal data and I don’t want to be the victim of identity theft etc so I’d really really appreciate your help, I am calling out for it. (The PC system still has problems shutting down again and is slower on start up etc)

Sorry it looks like your topic has been missed, you are right these guys (all volunteers) are pretty busy, if it doesn’t get seen early it drops down the chronological list of topics so might not be of the first page.

Do you have MalwareBytes AntiMalware (MBAM) installed if so have you run it and did it find anything, if so if you can copy and paste or attach the log to your next post.

A malware removal specialist has been informed of your topic.

Hi there sorry that you were missed

I see you have run Combofix could you attach that log

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

http://dl.dropbox.com/u/73555776/TDSSFront.JPG

[*]Then click on Change parameters.

http://dl.dropbox.com/u/73555776/TDSSConfig.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://dl.dropbox.com/u/73555776/TDSSFound.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

http://dl.dropbox.com/u/73555776/TDSSEnd.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

I believe it has been attached in the cfl-1.txt attachment.

Ah yes now I have had my coffee I can see it ;D

Thank you, and no problem about the delay. I fully understand and respect that time is limited and it’s easy to miss some topics. It’s a great job you guys do to help out in your free time (As a voluntary) and you deserve all the good karma / medals and everything else you can get for your kind work.

Anyway, I run the scan, and I got the option to skip etc and then pressed continue, but after that it went back to the start of the program and there is no option for cure etc so I just left it on skip and continued. However there is a report and I’ve attached that log. Please bare in mind also that this is a shared PC used by a few different house members to go online (I try my best to keep it clean but it’s hard)

Hi I will need to work outside of windows I feel on this one… Do you have any of the following

Windows CD
USB drive

Could you reboot to safe mode:

Restart the computer
Immediately press and hold F8
On the menu that appears is there the following option :

Repair my Computer

Hi,

I have a usb drive yes and windows CD. I’m quite sure I’ll have the repair my computer option on start up I’ll have alook as soon as I can.

Ok I have repair windows option (Process on this machine is F12 to select Boot device > CD/DVD drive > boot from CD > Repair Computer with Windows)

[*]Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Reboot using the CD

When you reboot you will see this although yours will say windows 7. Click repair my computer

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg

Select your operating system

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg

Select Command prompt

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg

Insert the flash drive with FRST64

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

All went okay, log attached.

This now appears to be a system rather than malware problem I am afraid

Download Windows Repair (all in one) from this site

Install the programme then run

https://dl.dropbox.com/u/73555776/waio%20start.JPG

Go to step 3 and allow it to run SFC

https://dl.dropbox.com/u/73555776/waio%20step3.JPG

On the start repairs tab click start

https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG

Select the following items and tick restart system when finished

https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG

Thanks for the program run it and it went okay, but still a bit slow at start. But it’s caused a problem, the other PC that is connected to this to go online won’t go online anymore.

What error do you get on the other computer ?

Is the home network part working ?

Managed to sort it by doing home network setup etc, it just reset the whole network setup so had to set it up again.

From the logs does this system seem clean from malware? and the latest scan’s only found error’s with windows files? If so I am considering doing a reinstall on this PC which is quite straight forward due to the partitions etc.

There is no sign of malware ;D

From the problems it would appear to be corruptions within the windows system itself, so a clean copy would do no harm and plenty of good