Infection date and initial symptoms
Gradually getting slower over the last 2-3 months. Accidentally downloaded Reimage and since then Google won't load.
Current issues and symptoms
I can only access the internet in safe mode and even then it runs very slowly. The physical memory runs from 86-99% but drops to 16% without being on the internet. Chrome.exe*32 has 5 programmes running, one of which is using over 1,000,000 of memory.
Steps taken in order to remove the infection
Have used Malwarebytes anti-Malware, Avast, Microsoft Security essentials, Eset and TDSS killer.

Jandy

New Member
Well, after trying unsuccessfully to save my bookmarks I bit the bullet and deleted Google before reinstalling it again but the same thing has happened.
I did notice that Google updates were still working in the processes in task manager - even after I deleted Google.
Any ideas?
 

TwinHeadedEagle

Removal Expert
Staff member
Verified
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 

TwinHeadedEagle

Removal Expert
Staff member
Verified
Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
 

Jandy

New Member
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 17/03/2015 16:04:39
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Jan-TOSH
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is WINDOWS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
203776 file records processed.

File verification completed.
1013 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
271560 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
203776 file SDs/SIDs processed.

CHKDSK is compacting the security descriptor stream
Cleaning up 368 unused security descriptors.
33893 data files processed.

CHKDSK is verifying Usn Journal...
34774128 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
203760 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
26970984 free clusters processed.

Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

156671999 KB total disk space.
48374052 KB in 139017 files.
103524 KB in 33896 indexes.
0 KB in bad sectors.
310487 KB in use by the system.
65536 KB occupied by the log file.
107883936 KB available on disk.

4096 bytes in each allocation unit.
39167999 total allocation units on disk.
26970984 allocation units available on disk.

Internal Info:
00 1c 03 00 7b a3 02 00 0e ef 04 00 00 00 00 00 ....{...........
54 78 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 Tx..,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-03-17T16:04:39.000000000Z" />
<EventRecordID>103082</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Jan-TOSH</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is WINDOWS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
203776 file records processed.

File verification completed.
1013 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
271560 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
203776 file SDs/SIDs processed.

CHKDSK is compacting the security descriptor stream
Cleaning up 368 unused security descriptors.
33893 data files processed.

CHKDSK is verifying Usn Journal...
34774128 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
203760 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
26970984 free clusters processed.

Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

156671999 KB total disk space.
48374052 KB in 139017 files.
103524 KB in 33896 indexes.
0 KB in bad sectors.
310487 KB in use by the system.
65536 KB occupied by the log file.
107883936 KB available on disk.

4096 bytes in each allocation unit.
39167999 total allocation units on disk.
26970984 allocation units available on disk.

Internal Info:
00 1c 03 00 7b a3 02 00 0e ef 04 00 00 00 00 00 ....{...........
54 78 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 Tx..,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
 

Jandy

New Member
The computer is responding and I can get the internet up on Explorer but Google won't load.

Scrap that last post - IE has frozen now as well so I'm back to safe mode
 
Last edited:

TwinHeadedEagle

Removal Expert
Staff member
Verified
Let's try with this tool:


Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
 

Jandy

New Member
I've looked into this and I will also loose my email accounts and I will not be able to restore them so as much as it pains me, I might have to buy a new laptop as I need these accounts for work.
 

Jandy

New Member
Ok, I'll give it a go and let you know in the morning - that's when Google is always at its most temperamental
 

Jandy

New Member
I uninstalled Chrome and my PC has been working fine plus I could still access my emails but as soon as I downloaded Google again it was the same problem as before. I might just have to carry on using IE

IE is not responding as well now so back to safe mode. If you can get rid of whatever it is that's doing this (Combofix?) then I will not use Google Chrome on my PC again and have done with it.
 
Last edited: