43 replies to this topic

[peachy_dar]

 

 

Looks like we have some work to do.  

 

Do you recognize these by chance???  

 

C:\sj588

C:\6in1ico

 

Jeff: - they don't sound famliar to me at all.  If you see SJ64gen and SJ645en - they are a patch from HP for a just as old scanner and the install software for the same.  The patch was to make this old scanner work with XP - now I can't get the scanner to be recognized by any of the 3 computers in the house!!  Not important tho!!

 

I did a "search" on this Xp and SJ588 looks like a setup for this old HP scanner it is:   HP scanjet 2200c

 

I searched for 6in1ico and it means nothing to me.

 

Do you see something bad?  I haven't had an antivirus, so I am not suprised!!

 

Let's get 'em!!

 

dar

 

 

 

 

 

About the 6in1ico folder...I did use a thumb drive to back up my embroidery designs...could it be from that?

 

dar

[jeffce]

I was just curious about those directories as I had not seen anything like them before.  If you recognize them that helps.  

 

Be sure to download and run FRST using the instructions I provided.  

[peachy_dar]

I was just curious about those directories as I had not seen anything like them before.  If you recognize them that helps.  

 

Be sure to download and run FRST using the instructions I provided.  

 

Good Evening Jeff!

 

I ran this tool, and all is wel!!  I have attached both logs.

 

dar

 Addition.txt   17.4KB   192 downloads  Addition.txt   17.4KB   192 downloads

Attached Files

•  FRST.txt   352.9KB   259 downloads

[jeffce]

 AdwCleaner

 

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.

AdwCleaner will begin to scan your computer like it did before.

After the scan has finished...

This time, click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.

Copy and paste the contents of that logfile in your next reply.

A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------

 

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt 

 

HKLM\...\Run: [AlcxMonitor] - C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
C:\WINDOWS\ALCXMNTR.EXE
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8a6d4632.exe
C:\Documents and Settings\Owner\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Owner\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\DPInst.exe
C:\Documents and Settings\Owner\Local Settings\Temp\install_reader11_en_mssa_aaa_aih.exe
C:\Documents and Settings\Owner\Local Settings\Temp\mpam-177a71c6.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl1362.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl2646.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl62516.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl66813.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl95747.exe
C:\Documents and Settings\Owner\Local Settings\Temp\VASInstallerWizard.exe
C:\Documents and Settings\Owner\Local Settings\Temp\vcredist_x86.exe

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

----------

 

Post the new logs and let me know how your system is running now.  

[peachy_dar]

Good Morning Jeff!!

 

Sorry I could not do this Friday - it's a busy night for us. I ran part 1 this morning - here is the log:

 

# AdwCleaner v3.023 - Report created 12/04/2014 at 10:49:35
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - EMBROIDERY
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : iSafeKrnl
[#] Service Deleted : iSafeNetFilter
[#] Service Deleted : iSafeService

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files\iSafe
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Documents and Settings\Owner\Application Data\eCyber
Folder Deleted : C:\Documents and Settings\Owner\Application Data\iSafe
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6nnb107u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1135 octets] - [08/04/2014 19:41:14]
AdwCleaner[R1].txt - [1196 octets] - [12/04/2014 09:54:23]
AdwCleaner[S0].txt - [1153 octets] - [12/04/2014 10:49:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1213 octets] ##########
 

 

Now on to the notepad part...

 

dar

[peachy_dar]

Jeff

 

Here is the other log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Owner at 2014-04-12 11:11:45 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [AlcxMonitor] - C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
C:\WINDOWS\ALCXMNTR.EXE
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8a6d4632.exe
C:\Documents and Settings\Owner\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Owner\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\DPInst.exe
C:\Documents and Settings\Owner\Local Settings\Temp\install_reader11_en_mssa_aaa_aih.exe
C:\Documents and Settings\Owner\Local Settings\Temp\mpam-177a71c6.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl1362.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl2646.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl62516.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl66813.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl95747.exe
C:\Documents and Settings\Owner\Local Settings\Temp\VASInstallerWizard.exe
C:\Documents and Settings\Owner\Local Settings\Temp\vcredist_x86.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor => Value deleted successfully.
C:\WINDOWS\ALCXMNTR.EXE => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8a6d4632.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\avgnt.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\BackupSetup.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\DPInst.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\install_reader11_en_mssa_aaa_aih.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\mpam-177a71c6.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl1362.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl2646.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl62516.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl66813.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ssdl95747.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\VASInstallerWizard.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\vcredist_x86.exe => Moved successfully.

==== End of Fixlog ====

[peachy_dar]

jeff

 

here is the next one

 

dar

Attached Files

•  FRST.txt   351.97KB   207 downloads

[jeffce]

How is your system running?  

[peachy_dar]

Jeff

 

So far all is well!!! 

 

Did you find any viruses?  Trojans?

 

Am I clean?

 

This old XP machine is running as good as it can I assume!

 

dar

[jeffce]

Let's be sure nothing else is hiding in there....
 
Malwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan, and let me know how things are now.

----------

[peachy_dar]

Jeff

 

I tried to run Malawarebytes today.  It does not contain an option for a quick scan.  Just has SCAN - I tried looking at the menu items - nothing.   I did try to run the SCAN twice.  I get a box that says "WARNING: UNRESPONSIVE SCRIPT" so I stop  the script, and malawarebytes crashes and burns.

 

I tried twice and this repeated.

 

I am stopping for the night.

 

I didn't want to continue until you gave me the OK!

 

cya after dinner tomorrow!

 

dar

[jeffce]

Ok.....go ahead and try to run Malwarebytes from Safe Mode and let me know what happens. 

[peachy_dar]

Jeff

 

Ok - it's running in safe mode upstairs...I'll go up later and see if it completes, if it does I shall post a log!!!

 

will let you know!

 

Dar

[peachy_dar]

Jeff

 

Ya know, this pc was doing OK until tonight.  Now it seems to take over 5 minutes just to boot up.....now the light just flickers non stop and the drive is just churning away..like it's making butter in there!!

 

I booted up in safe mood earlier and ran MB, but could not get hte screen small enough to get to the export button. So I had to reboot. Here it is.

 

Dar

 

Attached Files

•  MB_APRIL 14TH.txt   1.04KB   185 downloads

[jeffce]

What about ESET?  Was there a log made from that?

 

How is the boot up?  Still choppy?