Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Jeffce - 2003 HP with Xp needs help [Solved]


  • This topic is locked This topic is locked
43 replies to this topic

#16 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 341 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 10 April 2014 - 05:36 AM

 

 

Looks like we have some work to do.   :)

 

Do you recognize these by chance???  

 

C:\sj588
C:\6in1ico

 

Jeff: - they don't sound famliar to me at all.  If you see SJ64gen and SJ645en - they are a patch from HP for a just as old scanner and the install software for the same.  The patch was to make this old scanner work with XP - now I can't get the scanner to be recognized by any of the 3 computers in the house!!  Not important tho!!

 

I did a "search" on this Xp and SJ588 looks like a setup for this old HP scanner it is:   HP scanjet 2200c

 

I searched for 6in1ico and it means nothing to me.

 

Do you see something bad?  I haven't had an antivirus, so I am not suprised!!

 

Let's get 'em!!

 

dar

 

 
 

 

 

About the 6in1ico folder...I did use a thumb drive to back up my embroidery designs...could it be from that?

 

dar


Darlene

    Advertisements

Register to Remove


#17 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 10 April 2014 - 05:38 AM

I was just curious about those directories as I had not seen anything like them before.  If you recognize them that helps.  

 

Be sure to download and run FRST using the instructions I provided.  :)


Posted Image
 
 

#18 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 341 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 10 April 2014 - 05:13 PM

I was just curious about those directories as I had not seen anything like them before.  If you recognize them that helps.  

 

Be sure to download and run FRST using the instructions I provided.   :)

 

Good Evening Jeff!

 

I ran this tool, and all is wel!!  I have attached both logs.

 

dar

Attached File  Addition.txt   17.4KB   66 downloadsAttached File  Addition.txt   17.4KB   66 downloads

Attached Files

  • Attached File  FRST.txt   352.9KB   122 downloads

Darlene

#19 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 10 April 2014 - 06:38 PM


81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • ------------
     
    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt 
     
    HKLM\...\Run: [AlcxMonitor] - C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8a6d4632.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\avgnt.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\BackupSetup.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\DPInst.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\install_reader11_en_mssa_aaa_aih.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\mpam-177a71c6.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl1362.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl2646.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl62516.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl66813.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl95747.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\VASInstallerWizard.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\vcredist_x86.exe
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
    ----------
     
    Post the new logs and let me know how your system is running now.  :)

    Posted Image
     
     

    #20 peachy_dar

    peachy_dar

      Silver Member

    • Authentic Member
    • PipPipPip
    • 341 posts
    • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

    Posted 12 April 2014 - 08:55 AM

    Good Morning Jeff!!

     

    Sorry I could not do this Friday - it's a busy night for us. I ran part 1 this morning - here is the log:

     

    # AdwCleaner v3.023 - Report created 12/04/2014 at 10:49:35
    # Updated 01/04/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Owner - EMBROIDERY
    # Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : iSafeKrnl
    [#] Service Deleted : iSafeNetFilter
    [#] Service Deleted : iSafeService

    ***** [ Files / Folders ] *****

    [!] Folder Deleted : C:\Program Files\iSafe
    Folder Deleted : C:\Program Files\MyPC Backup
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\eCyber
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\iSafe
    File Deleted : C:\END

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6nnb107u.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [1135 octets] - [08/04/2014 19:41:14]
    AdwCleaner[R1].txt - [1196 octets] - [12/04/2014 09:54:23]
    AdwCleaner[S0].txt - [1153 octets] - [12/04/2014 10:49:35]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1213 octets] ##########
     

     

    Now on to the notepad part...

     

    dar


    Darlene

    #21 peachy_dar

    peachy_dar

      Silver Member

    • Authentic Member
    • PipPipPip
    • 341 posts
    • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

    Posted 12 April 2014 - 09:12 AM

    Jeff

     

    Here is the other log:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
    Ran by Owner at 2014-04-12 11:11:45 Run:1
    Running from C:\Documents and Settings\Owner\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKLM\...\Run: [AlcxMonitor] - C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8a6d4632.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\avgnt.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\BackupSetup.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\DPInst.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\install_reader11_en_mssa_aaa_aih.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\mpam-177a71c6.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl1362.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl2646.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl62516.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl66813.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl95747.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\VASInstallerWizard.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\vcredist_x86.exe
    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor => Value deleted successfully.
    C:\WINDOWS\ALCXMNTR.EXE => Moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8a6d4632.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\avgnt.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\BackupSetup.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\DPInst.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\install_reader11_en_mssa_aaa_aih.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\mpam-177a71c6.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl1362.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl2646.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl62516.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl66813.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\ssdl95747.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\VASInstallerWizard.exe => Moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\vcredist_x86.exe => Moved successfully.

    ==== End of Fixlog ====


    Darlene

    #22 peachy_dar

    peachy_dar

      Silver Member

    • Authentic Member
    • PipPipPip
    • 341 posts
    • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

    Posted 12 April 2014 - 09:15 AM

    jeff

     

    here is the next one

     

    dar

    Attached Files

    • Attached File  FRST.txt   351.97KB   86 downloads

    Darlene

    #23 jeffce

    jeffce

      Malware Guy

    • Authentic Member
    • PipPipPipPipPipPip
    • 8,693 posts

    Posted 13 April 2014 - 09:51 AM

    How is your system running?  :)


    Posted Image
     
     

    #24 peachy_dar

    peachy_dar

      Silver Member

    • Authentic Member
    • PipPipPip
    • 341 posts
    • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

    Posted 13 April 2014 - 11:18 AM

    Jeff

     

    So far all is well!!! 

     

    Did you find any viruses?  Trojans?

     

    Am I clean?

     

    This old XP machine is running as good as it can I assume!

     

    dar


    Darlene

    #25 jeffce

    jeffce

      Malware Guy

    • Authentic Member
    • PipPipPipPipPipPip
    • 8,693 posts

    Posted 13 April 2014 - 02:03 PM

    Let's be sure nothing else is hiding in there....
     
    GUZVCQN.jpgMalwarebytes
     
    Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
    ----------
     

    ESET Online Scanner
     
    Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan, and let me know how things are now.

    ----------


    Posted Image
     
     

      Advertisements

    Register to Remove


    #26 peachy_dar

    peachy_dar

      Silver Member

    • Authentic Member
    • PipPipPip
    • 341 posts
    • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

    Posted 13 April 2014 - 06:05 PM

    Jeff

     

    I tried to run Malawarebytes today.  It does not contain an option for a quick scan.  Just has SCAN - I tried looking at the menu items - nothing.   I did try to run the SCAN twice.  I get a box that says "WARNING: UNRESPONSIVE SCRIPT" so I stop  the script, and malawarebytes crashes and burns.

     

    I tried twice and this repeated.

     

    I am stopping for the night.

     

    I didn't want to continue until you gave me the OK!

     

    cya after dinner tomorrow!

     

    dar


    Darlene

    #27 jeffce

    jeffce

      Malware Guy

    • Authentic Member
    • PipPipPipPipPipPip
    • 8,693 posts

    Posted 14 April 2014 - 12:20 PM

    Ok.....go ahead and try to run Malwarebytes from Safe Mode and let me know what happens.  :)


    Posted Image
     
     

    #28 peachy_dar

    peachy_dar

      Silver Member

    • Authentic Member
    • PipPipPip
    • 341 posts
    • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

    Posted 14 April 2014 - 05:53 PM

    Jeff

     

    Ok - it's running in safe mode upstairs...I'll go up later and see if it completes, if it does I shall post a log!!!

     

    will let you know!

     

    Dar


    Darlene

    #29 peachy_dar

    peachy_dar

      Silver Member

    • Authentic Member
    • PipPipPip
    • 341 posts
    • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

    Posted 14 April 2014 - 06:52 PM

    Jeff

     

    Ya know, this pc was doing OK until tonight.  Now it seems to take over 5 minutes just to boot up.....now the light just flickers non stop and the drive is just churning away..like it's making butter in there!!

     

    I booted up in safe mood earlier and ran MB, but could not get hte screen small enough to get to the export button. So I had to reboot. Here it is.

     

    Dar

     

    Attached Files


    Darlene

    #30 jeffce

    jeffce

      Malware Guy

    • Authentic Member
    • PipPipPipPipPipPip
    • 8,693 posts

    Posted 14 April 2014 - 08:19 PM

    What about ESET?  Was there a log made from that?

     

    How is the boot up?  Still choppy?


    Posted Image
     
     

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users