13 replies to this topic

[jolo71]

Hello to all, My computer is running extremely slow and i ran Hijack This and it came back with a huge log of things that are running on my system. Ive posted it so anyone could help me out, it would be very much appreciated! Thank you

Attached Files

•  Hijack_Analysis_Report.txt   9.21KB   223 downloads

[JonTom]

Hello jolo71 and

My name is JonTom.

• Malware Logs can sometimes take a lot of time to research and interpret.
  
• Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  
• Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  
• PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
  
• I am looking over your log and will reply back shortly with instructions.

[JonTom]

Hello jolo71

Thank you for the log.

Before we begin I would like to take a closer look at your system. Please work your way through the following steps. If you encounter any difficulties come back and let me know.

• Download and run OTL by Oldtimer
  
  
  
  • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
  • Close all open windows on your computer then Double click on the OTL.exe icon to run the program.
  • Check the boxes beside "LOP Check" and "Purity Check".
  • Under Custom Scan paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  CREATERESTOREPOINT
  
  
  
  • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
  
  
  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
  • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.
  
  
• Please scan your system with GMER
  
  
  
  Download GMER Rootkit Scanner from here or here.
  
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    
    
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
• Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please provide the OTL logs and the GMER log in your next reply.

[jolo71]

Hello Jontom Here are the logs for OTL and GMER, Gmer would not let me save it as anything other than a .log file, I dont know if this will be a problem or not.

Attached Files

•  Gmer.txt   7.68KB   166 downloads
•  Extras.Txt   82.47KB   164 downloads
•  OTL.Txt   99.99KB   184 downloads

[JonTom]

Hello jolo71

Thank you for the logs.

Lets start with the following:

• Please open OTL
  
  
  
  • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
    
    

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265431718171 (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]

  • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
  • Allow the program to run unhindered.
  • Your machine will re-start itself. This is normal.
  • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
  
  
• Security Check
  
  
  
  • Please download Security Check by screen317 from here or here and save the file (called securitycheck.exe) to your desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.
  
  Please post the OTL log and the Security Check log in your next reply.
  
  Also, please let me know how your machine is behaving now. Is it still slow?

[jolo71]

Hello Jontom, It seems better, a little sluggish but definitely better.. Can u suggest a utility program? Do you think that would help? I posted the logs. Did you find something? I had someone that was trying to put tracking programs on my comp at one point, is that wha tthis was from??John

Attached Files

•  06302010_213625otl.txt   14.31KB   255 downloads

[jolo71]

sorry, forgot this

Attached Files

•  checkup.txt   774bytes   163 downloads

[JonTom]

Hello jolo71

Thank you for the logs.

• Security programs
  
  
  
  • I cannot see any evidence of a real-time antivirus installed on your machine.
  • You are strongly advised to install an AV. Using your computer without one is just asking for trouble.
  • I have provided links to three trusted programs (just choose 1).
  
  
  • Avira AntiVir
  • Avast!
  • MicroSoft Security Essentials
  
  
  • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system.
  
  
• Combofix
  
  
  
  • Download ComboFix from one of the following locations:
    
    Link 1
    Link 2
  
  
  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  
  
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Double click on ComboFix.exe & follow the prompts.
  
  
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  
  
  
  
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
  
  
  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

[jolo71]

Hello JonTom, Here is the combo fix log.

Attached Files

•  locombog.txt   11.16KB   150 downloads

[JonTom]

Hello jolo71

Thank you for the log.

Please work your way through the following steps:

• IOBIT Products
  
  
  
  • We note you are using one or more products from IOBit.
  • IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.
  • Please see this for additional information on these allegations: http://www.malwareby...showtopic=29681.
  • Additionally, both WOT and SiteAdvisor have flagged IOBit’s site.
  • A thread in the IOBit’s forum responded to the accusations from MalwareBytes. It is noteworthy that several responses from users raising specific questions about IOBit’s response and finding it unsatisfactory were deleted and the thread was closed. The bottom line from IOBit was: “No hard proof shows that IObit stole the database of Malwarebytes.”
  • From what is said above, at least until the issues of possible database theft and spyware packaging is resolved, I do not recommend the use of IOBit products.
  • You can remove IOBit products by clicking on "Start" and then on "Control Panel" and then on "Add or Remove Programs".
  
  
• Foistware
  
  
  
  • I can see from your log that you have Viewpoint Manager installed.
  • Viewpoint Manager is considered as foistware rather than malware since it is installed without user's approval but doesn't spy or do anything "bad".
  • It is recommended that you remove Viewpoint products. However, this choice is up to you.
  • To remove these programs, click "Start" and then on "Control Panel" and then on "Add or Remove Programs".
  • Select Viewpoint Manager and click on "Remove".
  
  
• MalwareBytes AntiMalware
  
  
  
  • I can see that you have MBAM installed.
  • Double click on your MalwareBytes AntiMalware icon to launch the program.
  • Click on the "Update" tab and then on "Check for Updates".
  • The program will now install the latest Malware definition files.
  • Once complete, click on the "Scanner" tab, select "Perform full scan"and then click on "Scan".
  • Once the program has scanned your computer, a log file will be created in Notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  
  
  
  • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
  • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
  • Come back here to this thread and Paste the log in your next reply.
  
  
• Please update your Java
  
  
  
  • To update your Java, Click on "Start" then on "Control Panel" and then on the Java icon (looks like a coffee cup).
  • In the window that opens, click on the "Update" tab, and then on "Update Now".
  • Your Java should begin to update. Please follow any prompts that you receive.
  
  
• Please perform the following scan:
  
  
  
  • This is a very deep scan that can take many hours. In some instances you may need to let it run overnight. Please be patient.
  
  
  
  • It is recommended that you disable your onboard antivirus program and antispyware programs while performing scans to eliminate software conflicts and to speed up scan time.
  • DO NOT surf the net while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your resident antivirus protection along with whatever antispyware applications you use.
  
  
  
  • Please perform a Kaspersky Online Scan of your computer by clicking here or here.
  
  
  
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run (at times it may appear to stall).
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
  
  • Once the scan is complete, click on View scan report. To obtain the report:
  • Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop
  • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:Text file [*.txt]
  • Then, click: Save
  • Please post the Kaspersky Online Scanner Report in your reply.
  • If you need help performing the above steps, an animated tutorial can be found here.
  
  Please provide the MBAM log and the Kaspersky Online Scan log in your next reply.
  
  Also, please describe how your machine is behaving now. Are you still having problems?

[jolo71]

Thanks jontom, i will get to this immediately

[JonTom]

[JonTom]

Are you still with me?

[JonTom]

Due to inactivity, this topic has been closed. If you are the topic starter and need this topic reopened, please PM a staff member (include the address of this thread in your request). Everyone else please start a new topic.