Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow running desktop. Please help me to sort it out. [Solved]


  • This topic is locked This topic is locked
40 replies to this topic

#16 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 September 2014 - 07:35 PM

Hi sooty4,

bullseye_zpse9eaf36e.gif Re-run Security Check by screen317

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

  • checkup.txt
  • FRST.txt
  • Describe the symptoms you are experiencing.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#17 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 21 September 2014 - 03:33 AM

Hi OCD. AS before Farbar would not run.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by home (administrator) on YOUR-0XV8V0OEAP on 21-09-2014 10:23:07
Running from C:\Documents and Settings\home\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SlimWare Utilities, Inc.) C:\Program Files\DriverUpdate\DriverUpdate.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

 

 

 

Securitycheck log below. Computer still slow but not crashing so much. Thanks.

 

 

 

 

 

 Results of screen317's Security Check version 0.99.87 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Avira Free Antivirus   
 Avira     
 ESET Online Scanner v3  
 Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
  Adobe Flash Player  11.9.900.170 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 Results of screen317's Security Check version 0.99.87 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Avira Free Antivirus   
 Avira     
 ESET Online Scanner v3  
 Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Adobe Flash Player  15.0.0.152 
 Adobe Reader XI 
 Mozilla Firefox (32.0.2)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#18 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 September 2014 - 08:16 AM

Hi sooty4,

bullseye_zpse9eaf36e.gif ComboFix

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:
    • ComboFix.txt log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#19 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 22 September 2014 - 07:59 AM

Thanks. Have you found anything yet please?

 

ComboFix 14-09-22.01 - home 22/09/2014  13:56:14.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.2048.1528 [GMT 1:00]
Running from: c:\documents and settings\home\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\home\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\home\Local Settings\temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\system32\dllcache\wmpvis.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-22 to 2014-09-22  )))))))))))))))))))))))))))))))
.
.
2014-09-22 13:27 . 2014-09-22 13:28 -------- d-----w- c:\windows\LastGood
2014-09-20 13:33 . 2014-09-20 13:33 -------- d-----w- c:\program files\ESET
2014-09-17 09:33 . 2014-09-17 09:33 -------- dc----w- C:\_OTL
2014-09-13 16:35 . 2014-09-13 16:35 -------- d-----w- c:\windows\ERUNT
2014-09-13 11:27 . 2014-09-14 11:51 -------- d-----w- c:\documents and settings\home\Local Settings\Application Data\Adobe
2014-09-13 10:40 . 2014-09-21 09:23 -------- dc----w- C:\FRST
2014-09-05 12:37 . 2014-09-05 12:37 -------- d-----w- c:\documents and settings\home\Application Data\Oracle
2014-09-05 12:34 . 2014-09-05 12:34 -------- d-----w- c:\program files\Common Files\Java
2014-09-05 12:33 . 2014-07-25 11:26 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-09-05 12:33 . 2014-09-05 12:33 -------- dc----w- c:\documents and settings\All Users\Trusteer
2014-09-05 12:33 . 2014-09-05 12:33 -------- d-----w- c:\windows\system32\Trusteer
2014-09-05 12:33 . 2014-07-25 11:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-09-05 11:57 . 2014-09-05 11:57 -------- d-----w- c:\program files\Microsoft.NET
2014-09-05 11:45 . 2014-09-05 11:45 -------- d-----w- c:\program files\DriverUpdate
2014-08-25 10:09 . 2014-08-25 10:09 -------- d-----w- c:\program files\V Stuff Backup
2014-08-25 10:08 . 2014-08-25 10:08 -------- d-----w- c:\program files\35168026c4df6cfcf2e06eb27cb7
2014-08-25 10:08 . 2014-08-25 10:08 -------- d-----w- c:\program files\Advent
2014-08-25 10:06 . 2014-08-25 10:06 -------- d-----w- c:\program files\Coupon Printer
2014-08-25 09:57 . 2014-08-25 09:58 -------- d-----w- c:\program files\Hewlett-Packard
2014-08-25 09:57 . 2014-08-25 09:57 -------- d-----w- c:\program files\My Music
2014-08-25 09:55 . 2014-08-25 09:56 -------- d-----w- c:\program files\epson
2014-08-25 09:53 . 2014-08-25 09:53 -------- d-----w- c:\program files\0c38697bf01e02505c191eed2e
2014-08-24 14:20 . 2014-08-24 14:47 1024 -c-h--w- C:\AMTAG.BIN
2014-08-24 14:20 . 2014-08-07 09:26 1567856 ----a-w- c:\windows\ampa.exe
2014-08-24 14:20 . 2013-12-18 10:33 12656 ----a-w- c:\windows\system32\ampa.sys
2014-08-24 14:20 . 2014-08-24 14:44 -------- d-----w- c:\program files\AOMEI Partition Assistant Standard Edition 5.5
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 13:26 . 2013-08-08 12:16 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-09-20 12:30 . 2014-07-26 11:44 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-13 11:28 . 2012-07-14 19:44 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-13 11:28 . 2011-06-09 14:08 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-21 15:03 . 2014-08-21 15:03 206520 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-07-04 05:37 . 2013-02-24 12:17 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-29 12:25 . 2014-08-19 10:15 715038 ----a-w- c:\program files\unins000.exe
2012-04-23 10:24 . 2014-08-19 10:15 2395400 ----a-w- c:\program files\cpuz.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
@="{7E5951A0-8683-432A-9483-5F43168D6A8C}"
[HKEY_CLASSES_ROOT\CLSID\{7E5951A0-8683-432A-9483-5F43168D6A8C}]
2011-09-28 09:30 3219632 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
@="{15054241-49B4-4FA6-B4C7-A0071F118110}"
[HKEY_CLASSES_ROOT\CLSID\{15054241-49B4-4FA6-B4C7-A0071F118110}]
2011-09-28 09:30 3219632 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverUpdate"="c:\program files\DriverUpdate\DriverUpdate.exe" [2014-08-28 25868608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-12 751184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADAiO2StatusMonitor]
2010-10-18 11:41 2362880 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\ADAiO2MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 11:19 207360 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2014-08-12 11:28 751184 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray]
2014-07-14 15:49 190032 ----a-w- c:\program files\Avira\My Avira\Avira.OE.Systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Backup & Storage]
2011-09-28 09:31 12465840 ----a-w- c:\program files\VirginMedia\V Stuff Backup\Backup & Storage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 -c----w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Detector]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 -c--a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdate]
2014-08-28 13:18 25868608 ----a-w- c:\program files\DriverUpdate\DriverUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-13 15:38 39264 -c--a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C66 Series]
2004-01-13 02:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2S1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
2002-03-29 14:07 32768 -c--a-w- c:\windows\LTSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2007-12-10 15:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 11:22 86016 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 11:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 15:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-07-02 12:08 21648480 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 11:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"ServicepointService"=2 (0x2)
"RapportMgmtService"=2 (0x2)
"NVSvc"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"MatSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"HsdService"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"Advent AIO Network Discovery Service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ACDaemon"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"BthServ"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [21/08/2014 16:03 206520]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24/02/2013 13:17 37352]
R1 RapportCerberus_80049;RapportCerberus_80049;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys [02/09/2014 08:41 433240]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [21/08/2014 16:03 251928]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [21/08/2014 16:03 332792]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/02/2013 13:17 430160]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [29/04/2012 13:26 24328]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [21/08/2014 16:03 1919256]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [29/03/2002 15:34 807917]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/09/2013 12:08 23256]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [28/03/2002 11:08 175232]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [14/07/2014 16:49 141392]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [26/07/2014 12:42 860472]
S3 ampa;ampa;c:\windows\system32\ampa.sys [24/08/2014 15:20 12656]
S3 Imx5123;Imx5123;c:\windows\system32\drivers\Imx5123.sys [30/07/2013 13:00 79232]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [13/12/2010 18:00 618112]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [08/08/2013 13:16 13464]
S4 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\Advent\AIO\Center\ADAIOHostService.exe [19/08/2014 11:07 361904]
S4 HsdService;HsdService;"c:\program files\Virgin Media\Digital Home Support\HsdService.exe" --> c:\program files\Virgin Media\Digital Home Support\HsdService.exe [?]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [26/07/2014 12:42 1809720]
S4 ServicepointService;ServicepointService;"c:\program files\Virgin Media\Service Manager\ServicepointService.exe" --> c:\program files\Virgin Media\Service Manager\ServicepointService.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 11:28]
.
2014-09-12 c:\windows\Tasks\DriverUpdate Scan.job
- c:\program files\DriverUpdate\DriverUpdate.exe [2014-08-28 13:18]
.
2014-09-22 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-18 01:59]
.
2014-09-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-18 01:59]
.
2014-09-22 c:\windows\Tasks\User_Feed_Synchronization-{05259640-3FC6-4058-8291-C66DFD0DC59C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=DAT
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant =
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\7kmptneb.default-1408266975906\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DHSClient - c:\program files\Virgin Media\Digital Home Support\DHSClient.exe
MSConfigStartUp-ServiceManager - c:\program files\Virgin Media\Service Manager\ServiceManager.exe
AddRemove-CPUID CPU-Z_is1 - c:\program files\CPUID\CPU-Z\unins000.exe
AddRemove-RadialpointClientGateway_is1 - c:\program files\Virgin Media\Service Manager\unins000.exe
AddRemove-RadialpointHomeSecurityDashboard_is1 - c:\program files\Virgin Media\Digital Home Support\unins000.exe
AddRemove-RadialpointSecurityAdvisorService_is1 - c:\program files\Virgin Media\Security Advisor\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-22 14:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1808)
c:\windows\system32\WININET.dll
c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2014-09-22  14:46:36 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-22 13:46
.
Pre-Run: 13,644,189,696 bytes free
Post-Run: 13,605,601,280 bytes free
.
- - End Of File - - 81BAA698B1E06B9E547F810FF74EEEEE
8F558EB6672622401DA993E1E865C861
 



#20 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 September 2014 - 02:33 PM

Hi sooty4,
 

Have you found anything yet please?


Not really, that's why I requested the last scan.

=========================

bullseye_zpse9eaf36e.gif Disk Defragmenter for XP

  • Open My Computer.
  • Right-click the local disk volume that you want to defragment, and then click Properties.
  • On the Tools tab, click Defragment Now.
  • Click Defragment.

=========================

bullseye_zpse9eaf36e.gif System File Checker

  • Click Start, in the run box:
  • Type: sfc /scannow (There's a space between sfc and /scannow.)
  • Type: exit to close the command prompt window
  • Include the findings in your next reply

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#21 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 25 September 2014 - 03:28 AM

Hi. OCD. Defrag results below. The scannow would not run without I inserted the XP disc which I can not find. This is funny because I think I have run this before without this issue. Thanks.

 

Volume VAIO (C:)
    Volume size                                = 32.66 GB
    Cluster size                               = 4 KB
    Used space                                 = 20.11 GB
    Free space                                 = 12.55 GB
    Percent free space                         = 38 %

Volume fragmentation
    Total fragmentation                        = 10 %
    File fragmentation                         = 19 %
    Free space fragmentation                   = 1 %

File fragmentation
    Total files                                = 90,308
    Average file size                          = 385 KB
    Total fragmented files                     = 2
    Total excess fragments                     = 40,832
    Average fragments per file                 = 1.45

Pagefile fragmentation
    Pagefile size                              = 2.00 GB
    Total fragments                            = 25,206

Folder fragmentation
    Total folders                              = 6,746
    Fragmented folders                         = 1
    Excess folder fragments                    = 0

Master File Table (MFT) fragmentation
    Total MFT size                             = 138 MB
    MFT record count                           = 97,840
    Percent MFT in use                         = 69 %
    Total MFT fragments                        = 3

--------------------------------------------------------------------------------
Fragments       File Size       Files that cannot be defragmented
None



#22 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 September 2014 - 08:26 AM

Hi sooty4,

How to display Hidden Files & Folders XP
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a check mark in the check box labeled "Display the contents of system folders".
  • Under the Hidden files and folders section select the radio button labeled "Show hidden files and folders".
  • Remove the check mark from the check box labeled "Hide file extensions for known file types".
  • Remove the check mark from the check box labeled "Hide protected operating system files".
  • Press the Apply button and then the OK button and shutdown My Computer.
Next

Since you don't have the Windows disks to run the System File Checker, let's try and locate the following folder on your computer.
  • You'll have to search for a folder on your hard drive that's named "i386" (without the quotes).
  • Once you find that, copy it to your hard drive at the root (C:\i386).
  • Make sure that the directory is located at the root of your C: drive (C:\i386)
Next

Backing Up Your Registry with ERUNT
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Compatible with Windows NT, 2000, 2003, XP, Vista, 7, 32 & 64-bit versions.
**Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
  • Download ERUNT (save to your desktop)
  • Double-click erunt_setup.exe to run.
  • Follow the prompts and install using the default configuration:
  • Select your preferred Setup language.

    erunt-language.png
  • At the Setup screen click Next.

    erunt-confirm.png
  • Accept the default destination folder by clicking Next.

    erunt-folder.png
  • Accept the default Start Menu Folder.

    erunt-startmenu.png
  • Accept the default Additional Tasks by Clicking Next.

    erunt-tasks.png
  • Ready to Install. Click the Install button.

    erunt-ready.png
  • Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.

    erunt-setup.png
  • Setup has completed. Tick the check boxes to Show documentation, or Launch.

    erunt-finish.png
  • Start ERUNT

    erunt-start.png
  • Choose a location for the backup
    • The default location C:\WINDOWS\ERDNT\[today's date] is preferred
    • The first two check boxes are ticked by default (System registry and Current user registry).
  • Press OK

    erunt.png
  • When prompted, click YES to create a new folder.

    erunt-newfolder.png
  • Progress bars will show backup status.

    erunt-progress.png
  • A confirmation window will popup when complete.

    erunt-confirmation.png
  • Click OK to close.
Next

Open Notepad, and copy and paste the text below in the code box into Notepad. (do not copy the word code)



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
"Sourcepath"="C:\" 

Save the file to your desktop as sooty4.reg (be sure to name the file with the .reg extension)
Double click the file regfile-1.jpg to update the changes to the Registry.Next

Next

System File Checker
  • Click Start, in the run box:
  • Type: sfc /scannow (There's a space between sfc and /scannow.)
  • Type: exit to close the command prompt window
  • Include the findings in your next reply

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#23 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 27 September 2014 - 05:02 AM

Hi. There were 18 folders called i386 which came up when I searched. I tried to copy them to show to you but could not and when I tried  to post a screenshot it said I was not allowed to use that image extension in this community. When I tried to attach it, it was too big. How do I know which one to copy and how do I copy it to the C drive please? Thanks.


Edited by sooty4, 27 September 2014 - 05:43 AM.


#24 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 27 September 2014 - 07:27 PM

Hi sooty4 ,

Can you tell me the locations of the i386 folders you have on your machine?

C:\I386
C:\WINDOWS\Driver Cache\i386
C:\WINDOWS\inf\i386
etc...
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#25 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 28 September 2014 - 05:39 AM

They are listed below.  Sorry for all the dittos. The third one up was highlighted in blue. Thanks.

 

C:\ Documents and Settings\home...

C:\ Documents and Settings\home...

C:\ WINDOWS

C:\ Program Files \35168026c4df...

C:\ WINDOWS\ Driver Cache

      "                \ ServicePackFiles

      "                              "              \...

C:\ Program Files \ Java\ire6\lib...

             "                  "      ire7\lib...

C:\WINDOWS\SoftwareDistribut....

             "         System32\spool\x....

             "                 "        Reinst....

             "                 "             "

             "                 "       \spool\x...

C\Program Files\Advent\A10\Pr...

C:\WINDOWS\System32\DRVST...

D:\0ebdb0fbd39f6364f8734810

D:\35168026c4df6cfcf2e06eb27


    Advertisements

Register to Remove


#26 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 September 2014 - 08:49 AM

Hi sooty4,

You do not have one located in the root directory?

C:\i386

 

Can you borrow a copy of the XP disks from someone?

 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#27 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 30 September 2014 - 09:54 AM

I do have an XP disc but when I tried that it told me I had the wrong disc. It is an upgrade disc from windows 98 whereas this computer has XP home edition. I have Sony Viao recovery discs for this computer but it would not recognise them in this scan. I will try to borrow one but not sure where from.


Edited by sooty4, 30 September 2014 - 09:55 AM.


#28 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 01 October 2014 - 12:06 AM

Hi sooty4,

Let's put that step on hold for now.

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#29 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 02 October 2014 - 08:46 AM

Hi. Malware and Eset scan results below. No threats foung by malware. 2 found and quarantined by Eset. Thanks. I have a Windows98 disc. Would the file you were looking for be on that?

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/10/2014
Scan Time: 13:29:26
Logfile: malwarescan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.02.05
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: home

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321312
Time Elapsed: 41 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP73\A0248223.exe    a variant of Win32/PCCleaners potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{A951DEE8-8E0B-4CA4-BD50-B25E9F3900C9}\RP73\A0248224.exe    Win32/AdvancedSystemProtector.A potentially unwanted application    deleted - quarantined
 


Edited by sooty4, 02 October 2014 - 08:46 AM.


#30 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 October 2014 - 09:12 AM

Hi sooty4,
 

I have a Windows98 disc. Would the file you were looking for be on that?

Unfortunately no. You need the same version of Windows that is installed on the computer, but it doesn't have to be "your" disks. Any possibility of borrowing the disks from a friend or family member?

Please re-run FRST and post a new logs. Be sure to check the box next to "Addition.txt" in the Optional Scan section

In your next post please provide the following:

  • FRST.txt
  • Addition.txt
  • Describe how the computer is performing.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users