Jump to content

Recommended Posts

I have been suspicipous   that my computer may be infected.  it boots slowly, but not real slow.  repeated scans with malwarebytes repeatedly finds  one  pup.    what ever a pup is, i don't know.   I find that  with every boot up   that malwarebytes protection has been disambled and I have to click on the little squares to have the green arrws apear in them and the system to say I m protected agin. ... odd?   Malwarebytes logs show no infections,  and there are no logs in the color red, so how can I have an infection??? 

My virus protection Comodo ISP, never finds any issues until  yesterday , when it did find some errors in system.  And it reports that I am dangerously low on virtual memory.   I ran hitman and it found no infections.  rkill found nothing to report iether. 

  today I fired up anti root kit and discovered  that it will not  function becasue:  after the updates finished  and i proceeded to start the scan,  a message appeared on the screen saying, " scan failed,  a DLL driver will not install, and this could be becasue there is an infection, Would i like to  install the driver and reboot? " ..... of course I would,  so i click on yes. but then a mesage appears announcing the  scan failed and the install failed.   I tried three times with the same results.  

below is a screen print i made of the  anti root kit error.  other screen prints of issues are also attached. 

  I am using windows XP pro. version 2002 with service pack 3 and  the last windows update was last week.  

The virus protection i am using is  Comodo internet security premium, which repetedly reports that my computer is booting slowly, and that I have a lot of junk files, and that I am dangerously low on virtual memory..... but I don't find any junk files as I am using  regulalry,  (once a week.)  Ccleaner and its registry repair tool.  and Glarys utilities 3 and it's tools.

 

I am no expert at battleing malware,  I am just a simple home owner with a computer  yet, from my researching the internet so far I have learned that:   

The registry files are coming up as corrupted.

The host file is also corrupted.

the event track shows I have got an email from someone whose system was infected.

I suspect the download has caused The erroneous prompt from Comodo  that my system is slow.

comodo has locked up a couple of files and quarantined. But the major virus that has come up, is a root kit in the master boot record  ..thus is why anti root kit wil not start,  .... When this happened, I came immedietly to malwarebytes forum for help.

HELP   please!  ....thank you to all!

 

Anti root kit DDA driver issue 12-31-2013.bmp2.bmp

Anti root kit DDA driver issue 12-31-2013.bmp

 

infection 12-30-2013.bmp

infection 12-30-2013.bmp2.bmp

Link to post
Share on other sites

  • Replies 117
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Hello flywelder

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif

    Download DDS and save it to your desktop

    Link1

    Link2

    Link3

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
Link to post
Share on other sites

  • Staff

Hello flywelder

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Here are the logs.  and attached is a screen print I made of Malwarebytes  quarantine list.  Malwarebytes is set up to run auotmaticlly.  It repeatedly finds these  pups ....what ever they are.   I thought you might want to see the screen print.   these pups are still in quarantine,  I don't know what to do with them?

 

The computer is booting fine.  i don't recognize any issues or trouble. and malwarebytes is  continuing to stay fully activated, where before it was not.  AdwCleaner recogmendedI have my anti virus  scan for pups....I would however i don;t know how to  make that happen  with  the comodo internet security premuim. that I have?....any suggestions  of how I wcould make comodo  scan for pups??

 

and the Junk file scanner found bad sectors or blocks or something and had to reboot to correct these???? Im not sure what  this means.

 

 

 

# AdwCleaner v3.016 - Report created 10/01/2014 at 00:34:08
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - OWNER
# Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQ Games\QQGamesD.exe]
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKLM\Software\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n597sfrd.default-1361116853953\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w4iq22vu.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1351 octets] - [10/01/2014 00:31:53]
AdwCleaner[s0].txt - [1282 octets] - [10/01/2014 00:34:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1342 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by User on Thu 01/09/2014 at 23:26:25.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bhoclass.dll.bhoclass.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F671C1B3-9776-426D-A350-55FB2D9B53F7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\giant savings extension-internalinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{206a7328-437f-4bd9-b53e-12bfee24d588}



~~~ Files

Successfully disinfected: [shortcut] C:\Documents and Settings\All Users\start menu\Programs\Administrative Tools\Performance.lnk



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\adtrustmedia"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files\adtrustmedia"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\n597sfrd.default-1361116853953\prefs.js

user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"i\":\"1\",\"s\":[\"display.clickpoint.com\",\"www.africawi





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/10/2014 at  0:20:41.79
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v3.016 - Report created 10/01/2014 at 00:51:15
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - OWNER
# Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n597sfrd.default-1361116853953\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w4iq22vu.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1351 octets] - [10/01/2014 00:31:53]
AdwCleaner[R1].txt - [1070 octets] - [10/01/2014 00:49:15]
AdwCleaner[s0].txt - [1422 octets] - [10/01/2014 00:34:08]
AdwCleaner[s1].txt - [993 octets] - [10/01/2014 00:51:15]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1052 octets] ##########

 

 

 

Malwarebytes Quarantine list 1-10-2014.bmp

Link to post
Share on other sites

  • Staff

Hello flywelder

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Hello,

 here are the results you asked for.   The computer seems to work  fine...to me.  Comodo's Geek Buddy says the computer has too many junk files, and that it boots slow.  Im not sure how fast it should boot up, but it seems fast to me.   In my humble opinion geek buddy is attempting to excite worry in my mind,  all unessessarily.  I would like to turn off geek buddy, but I don't know how. ...would you tell me please?

 During the combofix  'scan'  I did have to  install  the recovery console.   I never recieved any  illegal operation attempted.  warnings.  I did recieve a different error, and should it be important  I have made a screen print of it and attached it to this reply.

 

 

 

ComboFix 14-01-08.03 - User 01/11/2014   1:17.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1262 [GMT -5:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\documents and settings\User\err.log
c:\documents and settings\User\ResErrors.log
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-11 to 2014-01-11  )))))))))))))))))))))))))))))))
.
.
2014-01-10 21:26 . 2014-01-10 21:26    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2014-01-10 05:47 . 2014-01-10 05:47    --------    d-----w-    c:\program files\Hosts_Anti_Adwares_PUPs
2014-01-10 05:31 . 2014-01-10 05:51    --------    dc----w-    C:\AdwCleaner
2014-01-10 04:39 . 2014-01-10 04:39    48392    ----a-w-    c:\windows\system32\certsentry.dll
2013-12-31 18:20 . 2013-12-31 18:20    --------    dcsh--w-    c:\documents and settings\Administrator\PrivacIE
2013-12-31 16:53 . 2013-12-31 17:00    51416    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-14 16:15 . 2013-12-14 16:15    --------    d-----w-    c:\program files\Common Files\COMODO
2013-12-13 06:05 . 2014-01-03 15:13    --------    d-----w-    c:\program files\CCleaner
2013-12-12 16:17 . 2013-12-12 16:17    --------    dc----w-    c:\documents and settings\All Users\Application Data\ATI
2013-12-12 16:17 . 2013-12-12 16:17    --------    d-----w-    c:\documents and settings\User\Local Settings\Application Data\ATI
2013-12-12 16:17 . 2013-12-12 16:17    --------    d-----w-    c:\documents and settings\User\Application Data\ATI
2013-12-12 16:17 . 2013-12-12 16:17    0    ----a-w-    c:\windows\ativpsrm.bin
2013-12-12 14:49 . 2003-11-10 23:14    729088    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-12-12 14:49 . 2003-11-10 23:13    69715    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-12-12 14:49 . 2003-11-10 23:12    266240    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-12-12 14:49 . 2003-11-10 23:12    192512    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-12-12 14:49 . 2003-11-10 23:11    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-12-12 14:49 . 2013-12-12 14:49    311428    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-12-12 14:49 . 2013-12-12 14:49    188548    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 04:23 . 2012-09-16 18:45    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-12 04:23 . 2011-08-19 02:21    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-14 11:38 . 2013-09-24 16:54    587864    ----a-w-    c:\windows\system32\drivers\cmdGuard.sys
2013-11-14 11:38 . 2013-09-24 16:53    36000    ----a-w-    c:\windows\system32\cmdcsr.dll
2013-11-13 02:59 . 2004-08-03 22:56    150528    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-03 22:56    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-04-17 14:29    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2004-08-03 21:17    1879040    ----a-w-    c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-03 22:56    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-03 22:56    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2004-08-03 22:56    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-03 22:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-29 00:45 . 2004-08-03 20:59    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-28 08:38 . 2013-08-13 13:15    101664    ----a-w-    c:\windows\system32\BootDefrag.exe
2013-10-24 02:30 . 2013-11-18 03:55    13056    ----a-w-    c:\windows\system32\drivers\BootDefragDriver.sys
2013-10-23 23:45 . 2004-08-03 22:56    172032    ----a-w-    c:\windows\system32\scrrun.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-20 5625624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1576152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"tvncontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-12-13 2327248]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2013-12-13 49360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^EvernoteClipper.lnk]
backup=c:\windows\pss\EvernoteClipper.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe"
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe -r "c:\documents and settings\All Users\Application Data\Nuance\NaturallySpeaking11\Ereg.ini
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"38886:TCP"= 38886:TCP:*:Disabled:SolidNetworkManager
"38886:UDP"= 38886:UDP:*:Disabled:SolidNetworkManager
"20278:TCP"= 20278:TCP:*:Disabled:SolidNetworkManager
"20278:UDP"= 20278:UDP:*:Disabled:SolidNetworkManager
"9847:TCP"= 9847:TCP:*:Disabled:SolidNetworkManager
"9847:UDP"= 9847:UDP:*:Disabled:SolidNetworkManager
"28040:TCP"= 28040:TCP:*:Disabled:SolidNetworkManager
"28040:UDP"= 28040:UDP:*:Disabled:SolidNetworkManager
"20857:TCP"= 20857:TCP:*:Disabled:SolidNetworkManager
"20857:UDP"= 20857:UDP:*:Disabled:SolidNetworkManager
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [11/17/2013 10:55 PM 13056]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [5/7/2013 2:00 AM 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/24/2013 11:54 AM 15704]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [9/24/2013 11:54 AM 587864]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/24/2013 11:54 AM 30552]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [10/7/2013 12:17 AM 14272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [12/13/2013 11:50 AM 70352]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [7/23/2010 1:19 PM 296808]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\COMODO\Dragon\dragon_updater.exe [1/8/2014 6:22 AM 2098880]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [12/13/2013 4:13 PM 2327248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/11/2013 7:44 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/11/2013 7:44 PM 701512]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 4:10 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [7/25/2012 3:46 AM 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [7/25/2012 3:46 AM 681056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/11/2013 7:44 PM 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> c:\program files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [9/24/2013 11:53 AM 131288]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [9/23/2012 9:45 PM 166720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32    128512    ----a-w-    c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 04:23]
.
2014-01-11 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24 14:58]
.
2014-01-11 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24 14:58]
.
2014-01-11 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24 14:58]
.
2014-01-11 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24 14:58]
.
2013-10-13 c:\windows\Tasks\Defrag.job
- c:\program files\Glarysoft\Disk SpeedUp\Defrag.exe [2011-06-02 05:50]
.
2014-01-03 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-03 00:12]
.
2014-01-11 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-10-28 08:36]
.
2014-01-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-08-19 19:39]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 02:25]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 02:25]
.
2014-01-11 c:\windows\Tasks\User_Feed_Synchronization-{CFDB052C-AF21-4A2C-9F1B-FC9C87FFA4C5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EDAE720E-10F3-491F-8C93-AB0803E16410}: NameServer = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\n597sfrd.default-1361116853953\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HOSTS Anti-Adware_PUPs - c:\program files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
AddRemove-PrivDog - c:\program files\AdTrustMedia\PrivDog\UninstallTrustedAds.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-11 02:23
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,37,44,27,45,19,ff,47,b2,f9,51,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,37,44,27,45,19,ff,47,b2,f9,51,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(7020)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\RTHDCPL.EXE
c:\program files\COMODO\GeekBuddy\unit_manager.exe
c:\program files\COMODO\GeekBuddy\unit.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-01-11  02:44:48 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-11 07:44
.
Pre-Run: 93,111,123,968 bytes free
Post-Run: 93,298,688,000 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\ = "Unidentified operating system on drive H."
.
- - End Of File - - 263B553A036B50DDD7321BDFB2C4083C
8F558EB6672622401DA993E1E865C861
 

combo fix issue.bmp

recovery console issue.bmp

Link to post
Share on other sites

I recall that before  I came to this forum with computer issues, this computer was having issues with microsoft updating. specifficlly of my always getting  notices that an update for 'networking'  and for  'office'  will not 'update' .   Have these issues been resolved now too?        Also, just out of curiosity,  when I  looked over the results from  these  'scans' you have me do,   i can't interpret what im reading, except for  a few words hee and there,  so  i wonder,  are you seeing actual infections?     and then, I wonder how could they have taken root in my computer when I  have  comodo and malwarebytes and i am running scans often, sometimes daily and for sure weekly. .....could the settings be too low?     Plus,  i am gratefull  for your assistance. and so glad you are giving of your time to help me and others, I can't say thank you enough!

Link to post
Share on other sites

Hello....  I ve been checking once a day so I don't miss  your replies.  :)   Hoping your ok  and not taken ill.          I do want to let you know that  sudenly now, this computer  for some reason,  has a spell check  problem,  with every document I make, is now appearing with underlining under every word, in red,  just like would appear  in spell checking,  regardeless if the word is spelled correclty or incorectly.   this is happening  in every document , regardless if  I previously made it months ago  or those made yesterday and today.??????      

 

and spell check  at this forum is now off for some reason???   

  

Plus, appache open office 3 , which i use exclusivly on this computer,  takes  25 secs. to open......  and  me not knowing if this is a normal amount of time or not is unknown to me,  can you tell me yes or no it is not?.. and could this be an infection problem? 

 

other than that Ive not noticed any issues. 

Plus,  MAlwarebytes  has run on schedule and I took the inititive to check  the protection level, and  yes the green check marks are staying put ... and protection is up fully and staying so...so hurah!  :)  and the log reports from malwarebytes says there are no infections found, and non in memory flash.    yet quarinteine  still is holding to pups.   that is the latest report.  WOuld you like me to  attach any malwarebyte reports or a screen print?

Link to post
Share on other sites

  • Staff

Hello flywelder

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

Your intructions are great!  and your animated instruction examples that you include, are a big help! thank you for them!

 

Should I run malwarebytes anti root kit tool soon, to see if it works now?.... seeing how it not wanting to start is, what brought me here in the first place.

 

With every text I type in open office 3, every word is now underlined for spell checking.  but spell checking will not work now?  I did not have this trouble before we started making these scans.   Spell check is not working as I type this reply iether. Nor will it work when I type at other web sites, and it did before.   I depend on spell check.  I attached  a scren print of  such a doc.  that i created on my computer so that you can better understand what I am describing.  Titled: my resume, issue with underlining.

 

I share with you that My mind is a bit cluttered and so I hope I have not skipped a step you have asked for. Please let me know if I have, and reinstruct me, please.

During the start of combo fix scan, there were several errors  related to these:  c:\32788R22FWJFW\ASSOC.cmd     ;   c:\32788R22FWJFW\auto-RC.cmd.    Thus I took a guess at determining the casue and decided to completly disable COMODO dragon, and afterwords the Combo fix  ran with no more error reports.

Like before, I was again asked to  once again install the Recovery Console, I agreed and it was installed. Did it stick this time? I don't know, do you know ? are you able to detemine if it did?  How do I use it to help my computer?    

During  the combo fix scan The computer rebooted atleast twice that I know of before I fell asleep.  I never saw a dark screen on reboot that I was aware of.

I hear the hard drive on theis computer clicking away all the time, now,  if that is of importance.

Malwarbytes  'quarentine' is stil holding onto  the two pups,  what shall I do with them?

 

 

Combofix report below:

 

ComboFix 14-01-14.02 - User 01/16/2014   0:44.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1262 [GMT -5:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\User\My Documents\Downloads\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-10 21:26 . 2014-01-10 21:26    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2014-01-10 05:47 . 2014-01-10 05:47    --------    d-----w-    c:\program files\Hosts_Anti_Adwares_PUPs
2014-01-10 05:31 . 2014-01-10 05:51    --------    dc----w-    C:\AdwCleaner
2014-01-10 04:39 . 2014-01-10 04:39    48392    ----a-w-    c:\windows\system32\certsentry.dll
2013-12-31 18:20 . 2013-12-31 18:20    --------    dcsh--w-    c:\documents and settings\Administrator\PrivacIE
2013-12-31 16:53 . 2013-12-31 17:00    51416    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 04:23 . 2012-09-16 18:45    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-12 04:23 . 2011-08-19 02:21    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-27 20:21 . 2001-08-23 11:00    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2013-11-14 11:38 . 2013-09-24 16:54    587864    ----a-w-    c:\windows\system32\drivers\cmdGuard.sys
2013-11-14 11:38 . 2013-09-24 16:53    36000    ----a-w-    c:\windows\system32\cmdcsr.dll
2013-11-13 02:59 . 2004-08-03 22:56    150528    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-03 22:56    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-04-17 14:29    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2004-08-03 21:17    1879040    ----a-w-    c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-03 22:56    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-03 22:56    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2004-08-03 22:56    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-03 22:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-29 00:45 . 2004-08-03 20:59    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-28 08:38 . 2013-08-13 13:15    101664    ----a-w-    c:\windows\system32\BootDefrag.exe
2013-10-24 02:30 . 2013-11-18 03:55    13056    ----a-w-    c:\windows\system32\drivers\BootDefragDriver.sys
2013-10-23 23:45 . 2004-08-03 22:56    172032    ----a-w-    c:\windows\system32\scrrun.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-15 5625624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1576152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"tvncontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-12-13 2327248]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2013-12-13 49360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^EvernoteClipper.lnk]
backup=c:\windows\pss\EvernoteClipper.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe"
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe -r "c:\documents and settings\All Users\Application Data\Nuance\NaturallySpeaking11\Ereg.ini
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"38886:TCP"= 38886:TCP:*:Disabled:SolidNetworkManager
"38886:UDP"= 38886:UDP:*:Disabled:SolidNetworkManager
"20278:TCP"= 20278:TCP:*:Disabled:SolidNetworkManager
"20278:UDP"= 20278:UDP:*:Disabled:SolidNetworkManager
"9847:TCP"= 9847:TCP:*:Disabled:SolidNetworkManager
"9847:UDP"= 9847:UDP:*:Disabled:SolidNetworkManager
"28040:TCP"= 28040:TCP:*:Disabled:SolidNetworkManager
"28040:UDP"= 28040:UDP:*:Disabled:SolidNetworkManager
"20857:TCP"= 20857:TCP:*:Disabled:SolidNetworkManager
"20857:UDP"= 20857:UDP:*:Disabled:SolidNetworkManager
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [11/17/2013 10:55 PM 13056]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [5/7/2013 2:00 AM 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/24/2013 11:54 AM 15704]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [9/24/2013 11:54 AM 587864]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/24/2013 11:54 AM 30552]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [10/7/2013 12:17 AM 14272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [12/13/2013 11:50 AM 70352]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [7/23/2010 1:19 PM 296808]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\COMODO\Dragon\dragon_updater.exe [1/8/2014 6:22 AM 2098880]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [12/13/2013 4:13 PM 2327248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/11/2013 7:44 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/11/2013 7:44 PM 701512]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 4:10 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [7/25/2012 3:46 AM 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [7/25/2012 3:46 AM 681056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/11/2013 7:44 PM 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> c:\program files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [9/24/2013 11:53 AM 131288]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [9/23/2012 9:45 PM 166720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32    128512    ----a-w-    c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 04:23]
.
2014-01-16 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24 14:58]
.
2014-01-16 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24 14:58]
.
2014-01-16 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24 14:58]
.
2014-01-16 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24 14:58]
.
2014-01-12 c:\windows\Tasks\Defrag.job
- c:\program files\Glarysoft\Disk SpeedUp\Defrag.exe [2011-06-02 05:50]
.
2014-01-03 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-03 00:12]
.
2014-01-16 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-10-28 08:36]
.
2014-01-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-08-19 19:39]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 02:25]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 02:25]
.
2014-01-16 c:\windows\Tasks\User_Feed_Synchronization-{CFDB052C-AF21-4A2C-9F1B-FC9C87FFA4C5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EDAE720E-10F3-491F-8C93-AB0803E16410}: NameServer = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\n597sfrd.default-1361116853953\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-16 01:42
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,37,44,27,45,19,ff,47,b2,f9,51,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,37,44,27,45,19,ff,47,b2,f9,51,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(7664)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\COMODO\GeekBuddy\unit_manager.exe
c:\program files\COMODO\GeekBuddy\unit.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\COMODO\COMODO Internet Security\cis.exe
c:\program files\COMODO\COMODO Internet Security\cis.exe
.
**************************************************************************
.
Completion time: 2014-01-16  02:06:18 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-16 07:06
ComboFix2.txt  2014-01-11 07:44
.
Pre-Run: 92,409,614,336 bytes free
Post-Run: 92,352,966,656 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\ = "Unidentified operating system on drive H."
.
- - End Of File - - 5755D495CEB6B42EB04277D50AEEBDF3
8F558EB6672622401DA993E1E865C861
 

My resume, issues with underlining.bmp

log.txt from combofix 1-16-2014.txt

Combo fix error 1-15-2014.bmp

Link to post
Share on other sites

I should probably add that the computer is opening pages and docs.  just fine.  and it surfs the web fine.   it updates programs.  and malwarebytes is staying on full alert. Im not being redirected to other web pages that I am aware of.  if there is anythign else I can  inform you of,  please just ask.  :)

Link to post
Share on other sites

  • Staff

Hi,  sorry  Ive been dealing with  the spell check issue and making no head way. So  I'm so glad you asked!  

I followed your links ( thanks for those)   and ended up reading this  and following it  for solutions :  Tutorial Spell check and Language configuration.  and was told:  If that doesn't work, Reset your user profile. Click here for help how to do that.

 

and to try:     You have to use the file explorer for your OS to navigate to the user profile described in the post. Not AOO. The path for WIN 7 is C:\Users\username\AppData\Roaming\LibreOffice\4\user

 

Which I do not understand at all how to do  or to follow these.   SO I have made no further progress.   HELP!  Can u understand what  these are  instructing me to to do , and then could  translate and guide  me?... thank you!    Help!

 

Then  about  the anti root kit not working....    did our tests find anything broken, or infected etc?   I don't know if  the anti root kit will start up?  should I try it?

Link to post
Share on other sites

Yes I did check. and it was set to English, USA.   I did install a English, USA  dictionary from the Open office web site, but that has not helped either.   Spell check  does works when I visit  web sites., and works  here as I type this.      But does not work when I work on my own  open office doc.(s)... frustrating.  what does this indicate?  ........ computer programs,  are great only when they work properly!

Link to post
Share on other sites

  • Staff

Hello

I really have no idea what is causing and I do not think it is from Malware or a virus, I am going to finish us up here and when we are done I want you to go here and ask about that problem

https://forums.malwarebytes.org/index.php?showforum=6

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • Java 7 Update 13

      Java 6 Update 33

      Java 6 Update 35

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
Link to post
Share on other sites

Hi,  I need more time.   Busy weekend and I am sad to report  that I just started with your instructions.   I will report  now that,  every program is    s  l  o  w   to start for some reason.  When the computer is idol the HDD stops.  but when i move the mouse or touch a key it comes to life..( it has always done this, I'm ok with the computer going quite when not in use)  but it has never been so slow to  go to the internet, or open an word doc. or to go to my documents; or  to open  'paint'  or to use a hyperlink and go to a web page.. it is taking 2-3 minutes now, and the HDD is just ticking ( making  the normal noise a Hard drive makes I guess)  away like mad!   is that noise ok?  but why is it so slow?   

 

meanwhile while you read this I will be working on your list,  by the way....the java items u requested be removed have just finished uninstalling.   

 

oh, and I wonder if there are too many programs loading at start up?     can u tell me how to send u a list of those programs to look at? ....I think I would use task manager to gain access to the list??? 

talk to ya later friend!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.