Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
1) Odd spikes in CPU usage when my browser is open
2) I can't open some simple web pages that I go to on a regular basis, but new web pages load right away. I've tried disabling NoScript and AdBlock add-ons in Firefox with no change, so I cleared history, cache etc. manually as well as running that portion of System Suite, helps for about 5 minutes, then right back to the problem. ***EDIT*** After still using my computer to get online this whole time, because it's the ONLY PC that goes online in my household, I have noticed that on some websites, if I turn NoScript off it actually ends up making things worse, the page actually NEVER loading and NEVER saying 'try again' just sitting there trying to load with nothing happening, but if I turn it back on sometimes it helps to make the page load, or at least tell me 'try again'. I don't know if that is at all pertinent. ***EDIT***
3) My internet connection looks like it's in idle mode 90% of the time even, even while attempting to load a common web page, although if I decide to open a web page that I don't normally go to, it snaps right back to life to load the page almost faster than it should.
4) Firefox has been blocking redirects when at Google and Facebook, never allowing them until the mouse slipped the other day, they stopped redirecting for a few hours, and now it's a crap shute wheather or not there will an attempt at redirecting the page, but it's never successful, because Firefox doesn't allow.
5) Computer has been acting all around sluggish when trying to open things like Process Explorer, or System Suite, or even just the settings to System Suite and it's Firewall. While every now and then, maybe once out of 5 startups, MXTask (System Suite's background task) will error out right from the start up of the computer and I get a message that says: "MXTask has encountered a problem and needs to quit. Would you like to send an error report to Microsoft?" to which I click either yes or no and either way the reporting errors out too.
6) A strange folder called YTDSETUP, with the file trafficspace.exe showed up in my Program files, I didn't see either in Add/Remove Programs so I deleted the folder.
7) My brand new install of System Suite Professional 12 errored out after finding Trojan.clicker.html.remotescript, and the file dissapeared, after running scan again, this time finishing, SS found and quarantined a trojan simply called 'A0008315' inside D:\System Volume Information\_restore{157219FE-5843-4129-BB48-54E732573546}\RP19\A0008315.exe the D drive is my secondary Hard drive where I keep my important files instead of on C in My Documents, but it did not find the same file as the first scan.
8) Just to see what SS couldn't get before it quit working, I broke out MalwareBytes, updated, and ran a quick scan to see what's up, where it found this file:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
I did a full scan next and found these infected files:
c:\system volume information\_restore{157219fe-5843-4129-bb48-54e732573546}\RP18\A0007991.exe (PUP.Zugo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{157219fe-5843-4129-bb48-54e732573546}\RP18\A0007992.exe (PUP.Zugo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{157219fe-5843-4129-bb48-54e732573546}\RP19\A0008219.exe (PUP.Zugo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{157219fe-5843-4129-bb48-54e732573546}\RP19\A0008221.exe (PUP.Zugo) -> Quarantined and deleted successfully.
9) I also ran MiniToolBox, because I was having connection issues, it didn't help because obviously I didn't know what I was doing with it, just simply doing what someone had told someone else to do with it, though I did save the log file. I ran TDSSKILLER with all four peramiters selected, and found:
AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
macnr ( UnsignedFile.Multi.Generic ) - skipped by user
Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
I didn't actually do anything about these results, just found out what I could and left it be, because I am not familiar with the program. The scans weren't done in safe mode and I plan on running them all again in whatever order is correct to make the actual changes.
I should mention, I am very careful about what I download, only taking recommendation from someone I know very well, and even then they have to show me exactly why it's worth my while to risk downloading and running an executable file that I have never personally heard of before. The only questionable file I have downloaded since the reinstall was a program called "SIW - System Information for Windows" which I was only looking into because with such an ancient computer, it's difficult to find all the drivers that I need to reinstall, and I completely forgot to back them up before taking the plunge. So a site that had never steered me wrong in the past when it came to good quality freeware programs to keep your computer going, recommended it to scan your computer and find out what exactly everything was right down to make and model
Well, they finally sent me in the wrong direction, because it wouldn't finish its install until I agreed to "Finish The Free YouTube Downloader.exe" I hit cancel and properly disposed of SIW, having never opened it, and never even starting the download or install of "Finish The Free YouTube Downloader.exe"Pasted below is the dds.txt file the guide instructed to be pasted in the post and attached are attach.txt from DDS and GMER.log by GMER, hope they help, although I am slightly concerned something might get missed if we continue to not scan my second drive as I use that for all my personal files and would hate to lose them to an unknown corruption.
Thanks in advance,
Mary
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by KiKi at 3:49:46 on 2011-12-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1131 [GMT -6:00]
.
AV: Avanquest SystemSuite *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Avanquest Net Defense Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avanquest\SystemSuite\AVQWinMonEngine.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask2.exe
C:\Program Files\Mozilla\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla\plugin-container.exe
C:\Program Files\Common Files\Antivirus\SBAMSvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\kiki\application data\flashgetbho\FlashGetBHO3.dll
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoStrCmpLogical = 01000000
IE: Download all by FlashGet3 - c:\documents and settings\kiki\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\kiki\application data\flashgetbho\GetUrl.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1323082525921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1323082651671
TCP: DhcpNameServer = 74.60.80.5 75.95.21.12
TCP: Interfaces\{4E5E618C-089B-4B15-93F9-7781EA5D8A4A} : DhcpNameServer = 74.60.80.5 75.95.21.12
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kiki\application data\mozilla\firefox\profiles\vc3vcfra.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0&hl=en
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-12-6 21464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R2 .AVQWindowsMonitorService;SystemSuite Process Monitor;c:\program files\avanquest\systemsuite\AVQWinMonEngine.exe [2011-10-13 293680]
R2 SBAMSvc;SystemSuite;c:\program files\common files\antivirus\SBAMSvc.exe [2010-10-11 2763080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-12-6 69976]
R3 KFilter;KFilter;c:\progra~1\avanqu~1\system~1\KFilter.sys [2011-10-12 62120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 22216]
R3 TFilter;TFilter;c:\progra~1\avanqu~1\system~1\TFilter.sys [2011-10-12 26960]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\AQFileRestore.sys [2011-10-12 15376]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S4 AQFileRestoreSrv;AQFileRestoreSrv;c:\program files\avanquest\systemsuite\AQFileRestoreSrv.exe [2011-10-13 84760]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-10 366152]
.
=============== Created Last 30 ================
.
2011-12-10 14:19:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 14:02:59 -------- d-----w- c:\documents and settings\kiki\application data\Malwarebytes
2011-12-10 14:02:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-10 14:02:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-10 14:01:07 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-10 12:31:28 -------- d-sh--w- c:\documents and settings\kiki\IECompatCache
2011-12-07 01:09:10 -------- d-----w- c:\windows\system32\NtmsData
2011-12-06 23:30:09 -------- d-----w- c:\documents and settings\kiki\application data\WinBatch
2011-12-06 23:26:42 -------- d-----w- c:\program files\ATI Technologies
2011-12-06 23:25:56 516096 ------w- c:\windows\system32\ati2sgag.exe
2011-12-06 23:25:31 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-12-06 23:25:31 221184 ------w- c:\program files\common files\installshield\iscript\IScript.dll
2011-12-06 23:25:31 221184 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-12-06 23:25:30 77824 ------w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-12-06 23:25:29 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-12-06 23:23:57 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2011-12-06 20:16:18 -------- d-----w- c:\documents and settings\kiki\local settings\application data\Temp
2011-12-06 19:34:58 -------- d-sh--r- C:\_Backup.RC
2011-12-06 19:33:03 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-12-06 19:31:46 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-12-06 19:31:18 -------- d--h--w- C:\_Backup
2011-12-06 19:29:47 -------- d-----w- c:\program files\common files\Antivirus
2011-12-06 15:06:21 -------- d-----w- c:\windows\ie8updates
2011-12-06 14:57:19 -------- d-----w- c:\windows\system32\winrm
2011-12-06 14:57:15 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-12-06 14:46:21 -------- d-----w- c:\documents and settings\kiki\local settings\application data\ApplicationHistory
2011-12-06 14:42:51 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-12-06 14:42:45 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-12-06 14:42:44 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-12-06 14:42:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-12-06 14:42:43 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-12-06 14:42:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-12-06 14:42:42 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-12-06 14:03:47 -------- d-sh--w- c:\documents and settings\kiki\PrivacIE
2011-12-06 14:00:34 -------- d-sh--w- c:\documents and settings\kiki\IETldCache
2011-12-06 13:07:05 -------- d-----w- c:\documents and settings\kiki\application data\BITS
2011-12-06 13:07:02 -------- d-----w- c:\documents and settings\kiki\application data\FlashGet
2011-12-06 13:06:53 -------- d-----w- c:\documents and settings\kiki\application data\FlashGetBHO
2011-12-06 13:06:46 -------- d-----w- c:\program files\FlashGet Network
2011-12-06 12:56:22 -------- d-----w- c:\program files\FlashGet
2011-12-06 12:24:40 -------- dc-h--w- c:\windows\ie8
2011-12-06 12:18:54 -------- d--h--w- c:\windows\PIF
2011-12-06 12:15:45 -------- d-----w- c:\windows\system32\XPSViewer
2011-12-06 12:15:10 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-12-06 12:15:10 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-12-06 12:15:10 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-12-06 12:15:10 117760 ------w- c:\windows\system32\prntvpt.dll
2011-12-06 12:15:09 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-12-06 12:15:09 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-12-06 12:15:09 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-12-06 12:15:09 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-12-06 12:15:08 -------- d-----w- C:\a7cb62255ed9242e1aac4f1bdd46b8ef
2011-12-06 12:09:48 -------- d-----w- c:\documents and settings\kiki\local settings\application data\Identities
2011-12-06 12:09:09 -------- d-----w- c:\windows\system32\GroupPolicy
2011-12-06 12:09:09 -------- d-----w- c:\program files\Windows Desktop Search
2011-12-06 12:08:45 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-12-06 12:08:45 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-12-06 12:08:45 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-12-06 12:07:33 -------- d-----w- c:\program files\Windows Media Connect 2
2011-12-06 12:06:16 -------- d-----w- c:\windows\system32\LogFiles
2011-12-06 12:05:39 -------- d-----w- c:\program files\CONEXANT
2011-12-06 12:04:56 -------- d-----w- c:\windows\system32\URTTEMP
2011-12-06 11:44:48 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-12-06 11:44:33 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-12-06 11:43:12 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-12-06 11:36:34 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-12-06 11:31:09 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-12-06 11:30:52 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-12-06 11:30:36 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-12-06 11:30:15 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-12-06 11:30:15 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-12-06 11:27:42 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-12-06 11:23:01 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-12-06 11:22:12 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-12-06 11:18:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-12-06 11:18:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-12-06 11:18:17 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-12-06 11:16:44 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-12-06 11:15:03 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-12-06 11:00:18 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-12-06 11:00:18 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-12-06 11:00:18 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-12-06 11:00:18 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-12-06 11:00:18 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-12-06 11:00:18 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-12-06 11:00:17 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-12-06 11:00:17 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-12-06 11:00:17 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-12-06 11:00:16 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-12-06 11:00:16 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-12-06 11:00:15 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-12-06 10:59:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-12-06 10:59:47 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-12-06 10:59:20 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-12-06 10:59:13 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-12-06 10:57:55 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-12-06 10:57:50 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-12-05 11:18:39 -------- d-----w- c:\windows\ServicePackFiles
2011-12-05 11:18:30 294912 ------w- c:\program files\windows media player\dlimport.exe
2011-12-05 11:18:27 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-12-05 11:16:59 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2011-12-05 11:15:55 19569 ----a-w- c:\windows\002771_.tmp
2011-12-05 11:15:52 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-12-05 11:12:42 -------- d-----w- c:\windows\EHome
2011-12-05 11:06:41 -------- d-----w- c:\windows\system32\PreInstall
2011-12-05 10:59:27 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-12-05 10:59:27 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-12-05 10:56:47 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-12-05 10:56:46 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-12-05 10:56:46 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-12-05 10:56:46 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-12-05 10:56:46 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-12-05 10:54:27 -------- d-sh--w- c:\documents and settings\kiki\UserData
2011-12-05 10:20:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-05 10:10:14 -------- d-----w- c:\documents and settings\kiki\local settings\application data\Avanquest_Software
2011-12-05 09:55:00 -------- d-----w- c:\documents and settings\kiki\application data\Avanquest
2011-12-05 09:54:43 -------- d-----w- c:\documents and settings\all users\application data\Avanquest
2011-12-05 09:54:21 -------- d-----w- c:\program files\Avanquest
2011-12-05 09:25:03 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-12-05 09:20:52 -------- d-----w- c:\documents and settings\kiki\local settings\application data\Adobe
2011-12-05 09:04:04 -------- d-----w- c:\documents and settings\kiki\local settings\application data\Mozilla
2011-12-05 09:03:59 -------- d-----w- c:\program files\Mozilla
.
==================== Find3M ====================
.
2011-12-05 08:52:29 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-10-12 23:13:03 15376 ----a-w- c:\windows\system32\drivers\AQFileRestore.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 3:50:28.92 ===============
Attached File(s)
-
attach.txt (13.66K)
Number of downloads: 0 -
GMER.log (2.84K)
Number of downloads: 2
This post has been edited by KiKiDiKi: 11 December 2011 - 09:46 PM
Back to top
In order to continue receiving help at BleepingComputer.com, 
If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:
