Ran Malwarebytes, now applications not working properly unless admin.

[chaoscomplete]

I was experiencing some issues with things loading slow and ran Malwarebytes. It found 4 registry keys and a registry value, all labled as Trojan.Zaccess and quarantined them. Upon the first restart after running Malwarebytes, dropbox would not start and was giving an error, Avid error popped up, Thunderbird would not send or save anything to drafts, and Firefox would not download a file (immediately fail every one). Cockos reaper, my main music program would start, but would not display properly - sections of the UI would be blank white space, and many grey lines marking time were neon green instead.

I had my friend who does IT for a local laboratory (mostly networking these days) look at it for a few hours, and he discovered that there were some elevation issues, and if we ran things as administrator, or on the administrator account, they ran fine - the graphical issues in Reaper even disappeared. He's stumped and I barely know about this stuff. I read some of these forum posts and attached two of the files other people were asked to run and attach. Hope you can help. Will definitely tip well! Thanks in advance!

 

[TwinHeadedEagle]

Hello,


You're missing Addition.txt report.

 

[chaoscomplete]

here it is

 

[TwinHeadedEagle]

I want you to uninstall both Antivirus products along with MalwareBytes.

Step 1.

Uninstall Microsoft Security Essentials from Control Panel

Step 2.

Uninstall Avast Antivirus from Control Panel
Then follow these instructions to remove its remnants from Safe Mode

1. Download avastclear.exe on your desktop
2. Start Windows in Safe Mode
3. Open (execute) the uninstall utility
4. If you installed Avast in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
5. Click REMOVE
6. Restart your computer

Step 3.

Uninstall MalwareBytes using mbam-clean.exe

To use the utility:

1. Download and run mbam-clean.exe
2. Restart your computer when prompted.

Let me know when you're done.

 

[chaoscomplete]

Done.

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[chaoscomplete]

here you go

 

[TwinHeadedEagle]

I was playing some game. Will respond in few minutes.

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.




Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

How is your PC performing now?

 

[chaoscomplete]

All problems are still there.

 

[TwinHeadedEagle]

Let's try this:


Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

• Click the "Windows Orb" Start button, then click Computer.
• Right-click on the drive that you wish to check > Properties > Tools tab
• In the "Error checking" section, click on Check now.
• Place a checkmark in both boxes > Start.
• If the disk you have chosen is the Windows system disk:
• A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
• Click Schedule disk check > OK and close all windows.
• Re-start the computer. The disk will be checked when the system boots.
• This will take some time to run and at times may appear stalled but just let it run.
• When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

• Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
• The Event Viewer window will open.
• In the left pane, expand "Windows Logs" and then click on Application.
• In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
• Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
• Click on that Wininit entry to select it.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

 

[chaoscomplete]

It's been running this whole time and only about 1/5 of the way done. I'll have to come back to this later. Thanks for the help so far. Will check in later today.

 

[chaoscomplete]

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 5/30/2015 8:17:37 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: RedScoutStudios
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
264960 file records processed.

File verification completed.
1290 large file records processed.

0 bad file records processed.

4 EA records processed.

47 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
333508 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
264960 file SDs/SIDs processed.

Cleaning up 688 unused index entries from index $SII of file 0x9.
Cleaning up 688 unused index entries from index $SDH of file 0x9.
Cleaning up 688 unused security descriptors.
Security descriptor verification completed.
34275 data files processed.

CHKDSK is verifying Usn Journal...
34690800 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
264944 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
10721933 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

117218303 KB total disk space.
73851548 KB in 183566 files.
108616 KB in 34276 indexes.
0 KB in bad sectors.
370407 KB in use by the system.
65536 KB occupied by the log file.
42887732 KB available on disk.

4096 bytes in each allocation unit.
29304575 total allocation units on disk.
10721933 allocation units available on disk.

Internal Info:
00 0b 04 00 ed 52 03 00 89 3d 06 00 00 00 00 00 .....R...=......
ee 02 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 ..../...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-05-31T00:17:37.000000000Z" />
<EventRecordID>263957</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>RedScoutStudios</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
264960 file records processed.

File verification completed.
1290 large file records processed.

0 bad file records processed.

4 EA records processed.

47 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
333508 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
264960 file SDs/SIDs processed.

Cleaning up 688 unused index entries from index $SII of file 0x9.
Cleaning up 688 unused index entries from index $SDH of file 0x9.
Cleaning up 688 unused security descriptors.
Security descriptor verification completed.
34275 data files processed.

CHKDSK is verifying Usn Journal...
34690800 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
264944 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
10721933 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

117218303 KB total disk space.
73851548 KB in 183566 files.
108616 KB in 34276 indexes.
0 KB in bad sectors.
370407 KB in use by the system.
65536 KB occupied by the log file.
42887732 KB available on disk.

4096 bytes in each allocation unit.
29304575 total allocation units on disk.
10721933 allocation units available on disk.

Internal Info:
00 0b 04 00 ed 52 03 00 89 3d 06 00 00 00 00 00 .....R...=......
ee 02 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 ..../...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

 

[chaoscomplete]

All problems still exist, but now Firefox is worse, as soon as I load it, it's "not respoding" so I had to briefly run chrome as admin in order for this site to take my password so i could post the log.

 

[TwinHeadedEagle]

Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[chaoscomplete]

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.05.30.06
rootkit: v2015.05.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Mike :: REDSCOUTSTUDIOS [administrator]

5/31/2015 4:49:07 AM
mbar-log-2015-05-31 (04-49-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 631615
Time elapsed: 24 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[TwinHeadedEagle]

Do you remember exact day when this happened?

 

[chaoscomplete]

Thursday the 28th was when I ran malwarebytes and started having the major problems. A few days before that, I was having image heavy web pages like Amazon loading very slowly, and noticed general, but subtle, slowness elsewhere for a few weeks before.

 

[TwinHeadedEagle]

Can you perform system restore to date before 28th?

 

[chaoscomplete]

Yes although it will be my first time doing that. I have the original windows disc though.