[Buddierdl]

Ok, if your happy now, let's sweep for remnants. Computer speed is a hard thing to exactly "measure."


Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.

Please download Malwarebytes' Anti-Malware

• Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:

• SecurityCheck log
• MBAM log
• ESET log
• Any outstanding problems?

[Advertisements]

The log files you requested are below. The only problem I'm experiencing is every once in a while, when I restart the computer, I get this screen: . This has been happening even before I originally posted here. Other that that the computer seems to be acting better.


Results of screen317's Security Check version 0.99.73
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner (remove only)
Java 7 Update 40
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 23.0.1271.64
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.17.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
afishinguy :: LAPTOP [administrator]

9/17/2013 9:46:19 AM
mbam-log-2013-09-17 (09-46-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191539
Time elapsed: 14 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

[rockitout]

The log files you requested are below. The only problem I'm experiencing is every once in a while, when I restart the computer, I get this screen: . This has been happening even before I originally posted here. Other that that the computer seems to be acting better.


Results of screen317's Security Check version 0.99.73
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner (remove only)
Java 7 Update 40
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 23.0.1271.64
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.17.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
afishinguy :: LAPTOP [administrator]

9/17/2013 9:46:19 AM
mbam-log-2013-09-17 (09-46-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191539
Time elapsed: 14 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

[Buddierdl]

Can you go into your BIOS and tell me what the boot order is set to?

[rockitout]

This is my boot order:

[Buddierdl]

This could indicate a failing drive...maybe also causing your slowness. Let's check the drive:

Click the start orb and type "cmd" into the box. Right click on the command prompt icon and select "Run as Administrator." Type the following command and press enter:

chkdsk /r

Let the command run to completion. It may take a while.

After it finishes, download and run this script and the chkdsk log will open. Please post it in your next reply.

[rockitout]

ListChkdskResult by SleepyDude v0.1.6 Beta | 17-06-2013

------< Log generate on 9/17/2013 9:18:38 PM >------
Category: 0
Computer Name: laptop
Event Code: 1001
Record Number: 31226
Source Name: Microsoft-Windows-Wininit
Time Written: 20130913230631.000000-000
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is ACER.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
146560 file records processed.

777 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

194938 index entries processed.

0 unindexed files processed.

146560 security descriptors processed.

Cleaning up 43 unused index entries from index $SII of file 0x9.
Cleaning up 43 unused index entries from index $SDH of file 0x9.
Cleaning up 43 unused security descriptors.
24190 data files processed.

CHKDSK is verifying Usn Journal...
34435344 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

72900607 KB total disk space.
45955936 KB in 112743 files.
69852 KB in 24191 indexes.
0 KB in bad sectors.
258147 KB in use by the system.
65536 KB occupied by the log file.
26616672 KB available on disk.

4096 bytes in each allocation unit.
18225151 total allocation units on disk.
6654168 allocation units available on disk.

Internal Info:
80 3c 02 00 f2 16 02 00 ab ba 03 00 00 00 00 00 .<..............
da 02 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 ....,...........
80 1d 06 00 48 01 06 00 71 08 00 79 a8 e9 06 00 ....H...q..y....

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: laptop
Event Code: 1001
Record Number: 30895
Source Name: Microsoft-Windows-Wininit
Time Written: 20130911200729.000000-000
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is ACER.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
The USA check value, 0x0, at block 0x3 is incorrect.
The expected value is 0x5.
The USA check value, 0x39, at block 0x3 is incorrect.
The expected value is 0x5d.
The USA check value, 0x34, at block 0x3 is incorrect.
The expected value is 0x102.
The USA check value, 0x66, at block 0x3 is incorrect.
The expected value is 0x1a.
The USA check value, 0x0, at block 0x3 is incorrect.
The expected value is 0x26.
The USA check value, 0x66, at block 0x3 is incorrect.
The expected value is 0x1a.
146560 file records processed.

858 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

The USA check value, 0x0, at block 0x3 is incorrect.
The expected value is 0x5.
The USA check value, 0x39, at block 0x3 is incorrect.
The expected value is 0x5d.
The USA check value, 0x34, at block 0x3 is incorrect.
The expected value is 0x102.
The USA check value, 0x66, at block 0x3 is incorrect.
The expected value is 0x1a.
The USA check value, 0x0, at block 0x3 is incorrect.
The expected value is 0x26.
The USA check value, 0x66, at block 0x3 is incorrect.
The expected value is 0x1a.
194842 index entries processed.

CHKDSK is recovering lost files.
12 unindexed files processed.

The USA check value, 0x0, at block 0x3 is incorrect.
The expected value is 0x5.
The USA check value, 0x39, at block 0x3 is incorrect.
The expected value is 0x5d.
The USA check value, 0x34, at block 0x3 is incorrect.
The expected value is 0x102.
The USA check value, 0x66, at block 0x3 is incorrect.
The expected value is 0x1a.
The USA check value, 0x0, at block 0x3 is incorrect.
The expected value is 0x26.
The USA check value, 0x66, at block 0x3 is incorrect.
The expected value is 0x1a.
146560 security descriptors processed.

Cleaning up 469 unused index entries from index $SII of file 0x9.
Cleaning up 469 unused index entries from index $SDH of file 0x9.
Cleaning up 469 unused security descriptors.
24142 data files processed.

CHKDSK is verifying Usn Journal...
33956104 USN bytes processed.

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

72900607 KB total disk space.
52294904 KB in 113002 files.
70232 KB in 24145 indexes.
0 KB in bad sectors.
257619 KB in use by the system.
65536 KB occupied by the log file.
20277852 KB available on disk.

4096 bytes in each allocation unit.
18225151 total allocation units on disk.
5069463 allocation units available on disk.

Internal Info:
80 3c 02 00 c4 17 02 00 74 bb 03 00 00 00 00 00 .<......t.......
dc 02 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 ....,...........
80 1d 20 00 48 01 20 00 02 00 00 02 e0 e8 20 00 .. .H. ....... .

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------

[Buddierdl]

Are you sure you let the chkdsk finish before you ran the script to retrieve the log? It seems like the latest check was run on 9/13.

[rockitout]

I did let it finish. It took a long time, and found a few bad clusters. I'm not sure why it didn't pull the right log.

[rockitout]

One thing I noticed was every once in a while it does a chkdsk on it's own when I start the computer up. Even when I know that it was shut down properly.

[rockitout]

Sorry for the mult. posts. I just started it up again and it is doing a chkdsk on it's own. If you want, I will run the script when it is finished and post it. Let me know what you want me to do.

[Buddierdl]

Yes, try running the script again.

[rockitout]

OK, I did and it gave me the exact same log.

[Buddierdl]

Can you follow Option 2 at this link and see what log we get?

[rockitout]

I followed the instructions in the link and I got the following error. I tried it twice with the same results.

[Buddierdl]

Could you please try this command in the powershell. It should produce a Application.evtx on your desktop. Please zip it and attach it, or if it is too big, please use a file-sharing service like Dropbox.

wevtutil export-log Application "%UserProfile%\Desktop\Application.evtx"