ipepper Posted December 1, 2012 ID:618856 Share Posted December 1, 2012 My PC has been running slower and slower and hangs periodically for 3-10 minutes while the hard drive grinds away. I have removed several bugs in the past but I suspect my machine is still infected. I would wipe it and rebuild from scratch but the OS and MS Office has limited install rights. Any help you can provide would be appreciated. I'm just not sure where to start. Here is the most recent Malwarebytes log:Malwarebytes Anti-Malware 1.65.1.1000www.malwarebytes.orgDatabase version: v2012.10.27.06Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Admin :: DELL1 [administrator]10/28/2012 12:53:41 PMmbam-log-2012-10-28 (12-53-41).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 231904Time elapsed: 12 minute(s), 9 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maniac Posted December 2, 2012 ID:619062 Share Posted December 2, 2012 Hello ipepper and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and post the log files in your next reply:http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
ipepper Posted December 2, 2012 Author ID:619097 Share Posted December 2, 2012 Thanks for helping Maniac. Here are the logs.Malwarebytes Anti-Malware 1.65.1.1000www.malwarebytes.orgDatabase version: v2012.12.02.02Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Admin :: DELL1 [administrator]12/2/2012 8:54:48 AMmbam-log-2012-12-02 (08-54-48).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 236930Time elapsed: 11 minute(s), 34 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)===========================================DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702Run by Admin at 9:16:23 on 2012-12-02Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.180 [GMT -5:00].AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ================.C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\program files\real\realplayer\update\realsched.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\PrintKey2000\Printkey2000.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexploreuURLSearchHooks: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>BHO: AutorunsDisabled - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [KBD] c:\hp\kbd\KBD.EXEdRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///F:/LTOCX14N.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165807308463DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349019991182DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 75.75.76.76 75.75.75.75TCP: Interfaces\{228C18C5-7E2B-4AD9-9498-29C248E27831} : DHCPNameServer = 75.75.76.76 75.75.75.75Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: AutorunsDisabled - <no file>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"Hosts: 127.0.0.1 www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2006-12-9 148352]S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2009-6-15 61440]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2009-11-25 47360]S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2009-11-25 47360]S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2009-11-25 28032]S4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-28 14336].=============== File Associations ===============.ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1".=============== Created Last 30 ================.2012-12-02 13:06:53 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccb6beaf-5f89-4da7-b24f-30492c84e107}\mpengine.dll.==================== Find3M ====================.2012-11-11 11:10:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-11-11 11:10:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-12 19:32:08 88688 ----a-w- c:\windows\system32\cpwmon2k.dll2006-02-28 12:00:00 94784 --sh--w- c:\windows\twain.dll2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe.============= FINISH: 9:17:26.14 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 12/9/2006 7:46:24 PMSystem Uptime: 12/2/2012 7:55:50 AM (2 hours ago).Motherboard: Dell Computer Corporation | | OptiPlex GX400 Processor: Intel® Pentium® 4 CPU 1.70GHz | Microprocessor | 1694/100mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 98 GiB total, 18.317 GiB free.D: is FIXED (NTFS) - 135 GiB total, 14.085 GiB free.E: is CDROM ()F: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Cisco Systems VPN AdapterDevice ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco Systems VPN AdapterPNP Device ID: ROOT\NET\0000Service: CVirtA.==== System Restore Points ===================.RP1060: 9/28/2012 11:46:36 PM - Software Distribution Service 3.0RP1061: 9/29/2012 12:34:11 AM - Software Distribution Service 3.0RP1062: 9/30/2012 9:10:44 AM - Software Distribution Service 3.0RP1063: 9/30/2012 10:35:05 AM - Installed Multimedia / Internet Keyboard Driver VerR8.15RP1064: 9/30/2012 11:01:25 AM - Removed Multimedia / Internet Keyboard Driver VerR8.15RP1065: 9/30/2012 9:15:00 PM - Printer Driver CutePDF Writer InstalledRP1066: 10/1/2012 7:45:21 PM - Software Distribution Service 3.0RP1067: 10/2/2012 7:56:47 PM - System CheckpointRP1068: 10/3/2012 5:55:08 PM - Software Distribution Service 3.0RP1069: 10/4/2012 5:59:01 PM - System CheckpointRP1070: 10/6/2012 10:14:18 AM - Software Distribution Service 3.0RP1071: 10/7/2012 11:29:50 AM - Software Distribution Service 3.0RP1072: 10/8/2012 8:07:13 PM - Software Distribution Service 3.0RP1073: 10/9/2012 8:14:33 PM - System CheckpointRP1074: 10/9/2012 10:22:10 PM - Software Distribution Service 3.0RP1075: 10/10/2012 6:12:06 PM - Software Distribution Service 3.0RP1076: 10/11/2012 6:59:28 PM - Software Distribution Service 3.0RP1077: 10/12/2012 7:19:52 PM - System CheckpointRP1078: 10/13/2012 8:59:41 AM - Software Distribution Service 3.0RP1079: 10/14/2012 9:31:14 AM - Software Distribution Service 3.0RP1080: 10/15/2012 6:13:05 PM - Software Distribution Service 3.0RP1081: 10/17/2012 7:32:17 PM - Software Distribution Service 3.0RP1082: 10/18/2012 7:43:40 PM - System CheckpointRP1083: 10/19/2012 6:05:28 PM - Software Distribution Service 3.0RP1084: 10/20/2012 6:39:58 PM - System CheckpointRP1085: 10/21/2012 9:24:15 AM - Software Distribution Service 3.0RP1086: 10/22/2012 6:21:48 PM - Software Distribution Service 3.0RP1087: 10/23/2012 6:51:01 PM - System CheckpointRP1088: 10/24/2012 6:02:41 PM - Software Distribution Service 3.0RP1089: 10/26/2012 6:37:24 AM - Software Distribution Service 3.0RP1090: 10/27/2012 10:12:42 AM - Software Distribution Service 3.0RP1091: 10/28/2012 10:52:02 AM - Software Distribution Service 3.0RP1092: 10/28/2012 1:29:04 PM - Software Distribution Service 3.0RP1093: 10/29/2012 6:17:52 PM - Software Distribution Service 3.0RP1094: 10/30/2012 8:26:57 PM - System CheckpointRP1095: 10/31/2012 6:07:16 PM - Software Distribution Service 3.0RP1096: 11/1/2012 6:41:54 PM - System CheckpointRP1097: 11/2/2012 8:52:26 PM - Software Distribution Service 3.0RP1098: 11/3/2012 9:16:15 PM - System CheckpointRP1099: 11/4/2012 7:37:41 AM - Software Distribution Service 3.0RP1100: 11/5/2012 6:26:40 PM - Software Distribution Service 3.0RP1101: 11/7/2012 6:20:08 PM - Software Distribution Service 3.0RP1102: 11/8/2012 8:37:11 PM - System CheckpointRP1103: 11/9/2012 6:42:24 PM - Software Distribution Service 3.0RP1104: 11/10/2012 7:27:14 PM - System CheckpointRP1105: 11/11/2012 6:01:11 AM - Software Distribution Service 3.0RP1106: 11/12/2012 6:20:03 PM - Software Distribution Service 3.0RP1107: 11/13/2012 6:28:57 PM - System CheckpointRP1108: 11/13/2012 11:04:46 PM - Software Distribution Service 3.0RP1109: 11/15/2012 6:42:18 AM - Software Distribution Service 3.0RP1110: 11/17/2012 9:08:06 AM - Software Distribution Service 3.0RP1111: 11/18/2012 9:19:22 AM - System CheckpointRP1112: 11/20/2012 5:56:44 PM - Software Distribution Service 3.0RP1113: 11/21/2012 8:35:46 PM - System CheckpointRP1114: 11/22/2012 9:15:31 AM - Software Distribution Service 3.0RP1115: 11/23/2012 9:30:26 AM - System CheckpointRP1116: 11/24/2012 9:24:36 AM - Software Distribution Service 3.0RP1117: 11/25/2012 10:21:23 AM - System CheckpointRP1118: 11/25/2012 1:37:14 PM - Software Distribution Service 3.0RP1119: 11/26/2012 2:12:34 PM - System CheckpointRP1120: 11/27/2012 6:49:44 PM - Software Distribution Service 3.0RP1121: 11/28/2012 7:07:25 PM - System CheckpointRP1122: 11/30/2012 5:51:42 PM - Software Distribution Service 3.0RP1123: 12/1/2012 6:44:13 PM - System CheckpointRP1124: 12/2/2012 8:06:48 AM - Software Distribution Service 3.0.==== Installed Programs ======================.7-Zip 4.57ACDSeeAdobe AIRAdobe Download ManagerAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.4)Adobe® Photoshop® Album Starter Edition 3.0Apple Application SupportApple Software UpdateArcSoft PhotoFantasyArcSoft PhotoImpressionAT&T Yahoo! ApplicationsAT&T Yahoo! Music JukeboxAvi2Dvd 0.4.5 betaAviSynth 2.5BitTorrentBLM 2.7.7CCleanerCisco Systems VPN Client 5.0.06.0160Citrix XenApp Web PluginCritical Update for Windows Media Player 11 (KB959772)CutePDF Writer 3.0Dell Driver Download ManagerDivX Content UploaderDivX Web PlayerDVD Decrypter (Remove Only)DVD Shrink 3.2DVDStyler v1.8.1eFax Messenger PlusEfficient Address Book Free 1.66Enhanced Multimedia Keyboard SolutionGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHotfix for Microsoft .NET Framework 3.0 (KB932471)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)hp business inkjet 1100HP LaserJet P1000 seriesHP Photo Printing SoftwareHP Precisionscan Pro 3.1HP Share-to-WebHPCarePackCoreHPCarePackProductshppMSRedisthppusgP1000HPSSupplyImgBurnJ2SE Runtime Environment 5.0 Update 10J2SE Runtime Environment 5.0 Update 11Japanese Fonts Support For Adobe Reader 8Java 6 Update 2Java 6 Update 3Java 6 Update 5Java SE Runtime Environment 6 Update 1K-Lite Mega Codec Pack 6.2.0LightScribe System Software 1.14.17.1Malwarebytes Anti-Malware version 1.65.1.1000MarketResearchMediaMonkey 3.2Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft AntimalwareMicrosoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 Parser (KB933579)Nero 7 EssentialsneroxmlNetflix Movie ViewerOGA Notifier 2.0.0048.0PeerGuardian 2.0PrintKey2000QuickTimeRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealUpgrade 1.1RivaTuner v2.11Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687314) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687439) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2687315) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 7 (KB928090)Security Update for Windows Internet Explorer 7 (KB929969)Security Update for Windows Internet Explorer 7 (KB931768)Security Update for Windows Internet Explorer 7 (KB933566)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 7 (KB974455)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Signature995Spybot - Search & DestroySUPERAntiSpyware Free EditionSyncBackUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows Internet Explorer 8 (KB973874)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB976749)Update for Windows Internet Explorer 8 (KB978506)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2492386)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VC 9.0 RuntimeVC80CRTRedist - 8.0.50727.4053Visual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01VLC media player 1.1.8WebFldrs XPWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Internet Explorer 7Windows Internet Explorer 8Windows Live OneCare safety scannerWindows Media Format 11 runtimeWindows Media Format SDK Hotfix - KB891122Windows Media Player 11Windows Presentation FoundationWindows XP Service Pack 3XML Paper Specification Shared Components Pack 1.0Yahoo! Photos Easy Upload ToolYahoo! Photos Print-at-Home Tool.==== Event Viewer Messages From Past Week ========.12/1/2012 8:40:16 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00065B903DE3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).11/26/2012 6:03:47 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00065B903DE3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message)..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted December 2, 2012 ID:619277 Share Posted December 2, 2012 Step 1Please uninstall this application: BitTorrentStep 2Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txtCopy and paste that log as a reply to this topicStep 3Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply In your next reply, post the following log files:ESET Online Scanner logaswMBR log Link to post Share on other sites More sharing options...
ipepper Posted December 4, 2012 Author ID:619716 Share Posted December 4, 2012 Here are the logs:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OKesets_scanner_update returned -1 esets_gle=53251# version=7# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=badc5ec42a880742ba171922e0cd9fe6# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-12-04 01:01:21# local_time=2012-12-03 08:01:21 (-0500, Eastern Standard Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=768 16777215 100 0 82177391 82177391 0 0# compatibility_mode=5891 16776533 42 87 0 50514151 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=0# found=0# cleaned=0# scan_time=0# version=7# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=badc5ec42a880742ba171922e0cd9fe6# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-12-04 02:50:29# local_time=2012-12-03 09:50:29 (-0500, Eastern Standard Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=768 16777215 100 0 82177651 82177651 0 0# compatibility_mode=5891 16776869 42 87 0 50514411 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=93889# found=3# cleaned=3# scan_time=6291D:\Shared Drive\backup\Programs\Coupon Printers\Coupons Dot Com Printer\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CD:\Shared Drive\backup\Programs\DVD_Video\Players\VLCfree\VLC_32.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CD:\Shared Drive\backup\Programs\Utilities\PandoraRecovery Undelete\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++aswMBR version 0.9.9.1707 Copyright© 2011 AVAST SoftwareRun date: 2012-12-03 22:06:29-----------------------------22:06:29.359 OS Version: Windows 5.1.2600 Service Pack 322:06:29.359 Number of processors: 1 586 0x10222:06:29.359 ComputerName: DELL1 UserName: Admin22:06:30.481 Initialize success22:11:00.249 AVAST engine defs: 1212030122:11:12.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-322:11:12.737 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238475MB BusType: 322:11:12.747 Disk 0 MBR read successfully22:11:12.747 Disk 0 MBR scan22:11:12.827 Disk 0 Windows XP default MBR code22:11:12.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 6322:11:12.827 Disk 0 Partition - 00 0F Extended LBA 138466 MB offset 20479662022:11:12.857 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 138466 MB offset 20479668322:11:12.867 Disk 0 scanning sectors +48837600022:11:12.997 Disk 0 scanning C:\WINDOWS\system32\drivers22:11:25.735 Service scanning22:11:41.278 Modules scanning22:11:48.838 Disk 0 trace - called modules:22:11:49.169 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS22:11:49.169 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82382ab8]22:11:49.169 3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823a26d0]22:11:49.830 AVAST engine scan C:\WINDOWS22:12:03.309 AVAST engine scan C:\WINDOWS\system3222:15:44.818 AVAST engine scan C:\WINDOWS\system32\drivers22:16:09.193 AVAST engine scan C:\Documents and Settings\Admin22:23:00.965 AVAST engine scan C:\Documents and Settings\All Users22:24:05.648 Scan finished successfully22:36:04.151 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"22:36:04.161 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
Maniac Posted December 4, 2012 ID:619775 Share Posted December 4, 2012 Download AVPTool from Here to your desktop Run the programme you have just downloaded to your desktop (it will be randomly named) Click the cog in the upper right Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan Allow AVP to delete all infections foundOnce it has finished select report tab (last tab)Select Detected threads report from the left and press Save buttonSave it to your desktop and post it in your next reply. Link to post Share on other sites More sharing options...
ipepper Posted December 5, 2012 Author ID:620390 Share Posted December 5, 2012 Here's the Kaspersky log:Status: Disinfected (events: 2) 12/4/2012 10:16:04 PM Disinfected Trojan program Trojan.Win32.Oficla.eo UM_Exchange\Archive1\Top of Personal Folders\Inbox\[From:McConville, Amanda][subject:FW: Fedex Invoice copy N8894787][Time:2010/08/24 15:34:42]/FEDEXInvoiceEE572504OP.zip High 12/4/2012 10:16:03 PM Disinfected Trojan program Trojan.Win32.Oficla.eo UM_Exchange\Archive1\Top of Personal Folders\Inbox\[From:McConville, Amanda][subject:FW: Fedex Invoice copy N8894787][Time:2010/08/24 15:34:42]/FEDEXInvoiceEE572504OP.zip/FedexInvoice_EE776129.exe High Status: Deleted (events: 2) 12/5/2012 7:10:46 AM Deleted Trojan program Trojan.Win32.Swisyn.cnpe D:\Shared Drive\backup\Programs\Bleeping\OTL.exe High 12/5/2012 6:15:58 PM Deleted Trojan program Trojan.Win32.Swisyn.cnpe D:\System Volume Information\_restore{BBCB31A8-FC60-4E6F-83E1-FF8611C6E7DD}\RP1126\A0119895.exe High Link to post Share on other sites More sharing options...
Maniac Posted December 6, 2012 ID:620556 Share Posted December 6, 2012 How are things now? Link to post Share on other sites More sharing options...
ipepper Posted December 7, 2012 Author ID:620730 Share Posted December 7, 2012 Not noticing any difference in performance. Everything seems to work, it just takes 5 minutes for a web page to load (for example). It can take about 30 seconds to switch between windows. Not sure if this will help but here are some observations. I was curious and looked at the runnung processes in windows task manager and found multiple instancs of chrome.exe running when I only had 1 window and 1 tab open. I monitored the processes while trying to open the following web page (after googling for an answer). The web page took about 5 minutes to load and I.E. was hogging over 250MB memory. I tried opening the same web page in chrome which took just as long but chrome only used about 80MB. The strange thing is that the CPU usage is usually under 30% while I am waiting for it to complete a simple task.http://productforums.google.com/forum/#!topic/chrome/og-xdL55RJM Link to post Share on other sites More sharing options...
Maniac Posted December 8, 2012 ID:620965 Share Posted December 8, 2012 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Link to post Share on other sites More sharing options...
ipepper Posted December 8, 2012 Author ID:620989 Share Posted December 8, 2012 Here's the junkware log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 3.9.6 (12.07.2012:1)OS: Microsoft Windows XP x86Ran by Admin on Fri 12/07/2012 at 20:46:40.40Blog: http://thisisudax.blogspot.com~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] "hkey_local_machine\software\freeze.com"Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"Successfully deleted: [Registry Key] "hkey_current_user\software\pip"Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"~~~ Files~~~ Folders~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 12/07/2012 at 20:56:45.59End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Maniac Posted December 8, 2012 ID:621072 Share Posted December 8, 2012 Download TFC to your desktopOpen the file and close any other windows.It will close all programs itself when run, make sure to let it run uninterrupted.Click the Start button to begin the process. The program should not take long to finish its jobOnce its finished it should reboot your machine, if not, do this yourself to ensure a complete cleanLet me know how are things then. Link to post Share on other sites More sharing options...
ipepper Posted December 8, 2012 Author ID:621105 Share Posted December 8, 2012 Done - Performance is slightly better browser-wise. PC still hangs periodically. Link to post Share on other sites More sharing options...
Maniac Posted December 9, 2012 ID:621578 Share Posted December 9, 2012 In this case proceed with these instructions:http://forums.malwarebytes.org/index.php?showtopic=81990 Link to post Share on other sites More sharing options...
ipepper Posted December 13, 2012 Author ID:623079 Share Posted December 13, 2012 Done - I could not run defrag with "%systemdrive%" so I used C: instead. It seems slightly better than before but it still hangs frequently. Link to post Share on other sites More sharing options...
Maniac Posted December 14, 2012 ID:623188 Share Posted December 14, 2012 Download on the desktop RogueKiller Quit all programs Start RogueKiller.exe Wait until Prescan has finished ... Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply. Link to post Share on other sites More sharing options...
ipepper Posted December 18, 2012 Author ID:624741 Share Posted December 18, 2012 Here you go...RogueKiller V8.4.0 [Dec 18 2012] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Admin [Admin rights]Mode : Scan -- Date : 12/18/2012 18:42:40¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 5 ¤¤¤[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD2500JB-00REA0 +++++--- User ---[MBR] 1c1d3deb69840e93181e332dfa55fdd6[bSP] c192851ad45fabb46a2564533df54248 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 138466 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_12182012_02d1842.txt >>RKreport[1]_S_12182012_02d1842.txt Link to post Share on other sites More sharing options...
Maniac Posted December 20, 2012 ID:625266 Share Posted December 20, 2012 Please reset hosts file, reboot and let me know.http://support.microsoft.com/kb/972034 Link to post Share on other sites More sharing options...
ipepper Posted December 21, 2012 Author ID:625502 Share Posted December 21, 2012 better... file downloads don't seem to hangup anymore. The overall performance (browser-wise) is better. The overall system performance remains about 50% from where it used to be. Link to post Share on other sites More sharing options...
ipepper Posted December 21, 2012 Author ID:625509 Share Posted December 21, 2012 OK I take it back - when I turn the MS Security Essentials real time protection on things start hanging again. Link to post Share on other sites More sharing options...
Maniac Posted December 21, 2012 ID:625619 Share Posted December 21, 2012 I suggest you to ask for help Microsoft Support.http://support.microsoft.com/ph/15931Another suggestion is to change your AV software. Link to post Share on other sites More sharing options...
ipepper Posted December 24, 2012 Author ID:626683 Share Posted December 24, 2012 Ok, thanks for the help. Question... why did you have me uninstall bittorrent? Is there a reason I should'nt install it again? Link to post Share on other sites More sharing options...
Maniac Posted December 24, 2012 ID:626727 Share Posted December 24, 2012 Yes and you can read it here:http://forums.malwarebytes.org/index.php?showtopic=97700 Link to post Share on other sites More sharing options...
Staff screen317 Posted January 1, 2013 Staff ID:629371 Share Posted January 1, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts