Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

is it just the computer or can I do something


  • Please log in to reply
15 replies to this topic

#1 oldandconfused

oldandconfused

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 01 October 2010 - 06:04 PM

I have no clue if I'm infected or not and do not how to check anything. My grandson says every time he comes over my computer seems slower but I would not notice if it is. He said "It took seventy seven seconds after windows launch to open an internet browser." Could someone lead me through how to help my computer if there is anything that can be done.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 AM

Posted 01 October 2010 - 08:00 PM

Sure, hello and welcome.
First is this XP or another?
What is the installed Antivirus?

Lets' run a couple tools and look at the scan logs.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 oldandconfused

oldandconfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 03 October 2010 - 08:25 PM

It has a logo that says "XP". My grandson is helping me get your programs working. I am not sure of what Antiviruses my computer has if it does the computer came with it.

#4 oldandconfused

oldandconfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 03 October 2010 - 08:53 PM

I don't understand what it says but my grandson says this is what you asked to see

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4736

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10/3/2010 8:57:59 PM
mbam-log-2010-10-03 (20-57-59).txt

Scan type: Quick scan
Objects scanned: 182787
Time elapsed: 19 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 AM

Posted 03 October 2010 - 09:01 PM

Good so far. We Removed one infection, (Trojan.Agent) . It was put in a quarantine where it can no longer affect the PC.
The infected value, UpdatesDisableNotify (Disabled.SecurityCenter) found by MBAM is not really a threat but more of a possible threat. The value was set so that you were not notified if automatic updates were disabled. You probably set this yourself but some Anti-Virus or Anti-Malware programs do not like that.

Now we'll see what SAS found.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 oldandconfused

oldandconfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 03 October 2010 - 10:47 PM

Something doesn't seem right. SAS ran in safe mode but there isnt a log now. Also with ATF when I click clean it seems to freeze.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 AM

Posted 03 October 2010 - 11:28 PM

Hello. Sometimes this happens and it comes back after a shut down and reboot. Also it sometimes shows up in the Admin or other user account.


Lert's also do an Online scan as it may be easier.
ESET
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 oldandconfused

oldandconfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 04 October 2010 - 07:01 AM

It didn't find anything so I guess there is no log.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 AM

Posted 04 October 2010 - 09:15 AM

Yes, that's correct. How are things now?

BTW: you aer running Windows XP, SP2.. you should update to SP3 (Service Pack 3)
You use Internet Explorer 8 as your web browser.

If you would like to know what is on the PC.. run LookInMyPC
LookInMyPC generates a complete, comprehensive system profile that includes information on all installed hardware and software.

If you would like to see what needs updates,run Secunia Personal Software Inspector
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 oldandconfused

oldandconfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 05 October 2010 - 02:33 PM

My computer actually seems slower. Also it randomly seems to complain that it is "running low on virtual memory".
I am working through the secunia updates but it seems like its going to take days.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 AM

Posted 05 October 2010 - 07:15 PM

There are several possibilities for the slowness, Part may be from us as we cleared all you Temp files and cookies. This should come back as you revisit your favorites and these re populate.

Go to Start then My Computer
Hold the mouse over the C;\ drive icon. Tell me the numbers there for size and free space.

How much RAM is installed...
Start/Run...type msinfo32 and hit Enter.
Total Physical Memory is the last line in the right window. That's how much physical RAM is installed.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 oldandconfused

oldandconfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 05 October 2010 - 09:36 PM

my computer says 14.5 out of 33 and system information says 256.00 MB.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 AM

Posted 05 October 2010 - 09:47 PM

Ok, we have the bare minimum of Ram for XP that will cause some slowness.. Now we should see what is running at startup. I'll look at that tomorrow as I am leaving soon.

Use Process Explorer to see what's running at startup.


Please download and run Process Explorer v11.33
Click on File then Save As, create a log.
Copy and paste it into your next reply.

EDIT: look at the icons in the system tray (by the clock). Mouse ove then and see if one is SUPERAntispyware. If so right click it and select Close ,end ,stop or disable... I forgot what it is . But whatever sound like stop so we close it if it is running there.

Edited by boopme, 05 October 2010 - 09:51 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 oldandconfused

oldandconfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 06 October 2010 - 05:36 AM

I have the process explorer Super AntiSpyware was exited and here is the MBAM you asked for a little while earlier

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4750

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/5/2010 10:53:15 PM
mbam-log-2010-10-05 (22-53-15).txt

Scan type: Quick scan
Objects scanned: 165609
Time elapsed: 28 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 oldandconfused

oldandconfused
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 08 October 2010 - 02:59 PM

Here is the Process explorer log

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 97.73 0 K 16 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 0 K 0 K Deferred Procedure Calls
System 4 0 K 40 K
smss.exe 584 180 K 60 K Windows NT Session Manager Microsoft Corporation
csrss.exe 632 1,740 K 1,932 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 656 6,840 K 568 K Windows NT Logon Application Microsoft Corporation
services.exe 700 0.76 1,732 K 1,240 K Services and Controller app Microsoft Corporation
svchost.exe 884 3,028 K 572 K Generic Host Process for Win32 Services Microsoft Corporation
SCServer.exe 3680 3,040 K 2,876 K Microsoft Search Client Server Microsoft Corporation
svchost.exe 968 1,824 K 1,156 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1068 16,052 K 3,884 K Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 2536 2,200 K 196 K Windows Update Microsoft Corporation
svchost.exe 1156 1,344 K 820 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1292 1,412 K 92 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1524 3,320 K 692 K Spooler SubSystem App Microsoft Corporation
svchost.exe 336 1,288 K 348 K Generic Host Process for Win32 Services Microsoft Corporation
avgwdsvc.exe 512 5,156 K 2,480 K AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgnsx.exe 1644 9,656 K 164 K AVG Network scanner Service AVG Technologies CZ, s.r.o.
jqs.exe 604 2,120 K 1,788 K Java™ Quick Starter Service Sun Microsystems, Inc.
netfxupdate.exe 1136 296 K 60 K NetFxUpdate Application Microsoft
SeaPort.exe 1216 5,984 K 2,744 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
svchost.exe 2032 2,332 K 68 K Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 392 1,520 K 72 K Windows User Mode Driver Manager Microsoft Corporation
WLIDSVC.EXE 360 5,592 K 520 K Microsoft® Windows Live ID Service Microsoft Corporation
WLIDSVCM.EXE 2756 572 K 56 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
avgemc.exe 1012 4,504 K 520 K AVG E-Mail Scanner AVG Technologies CZ, s.r.o.
avgcsrvx.exe 2168 2,884 K 68 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
fxssvc.exe 1264 1,192 K 204 K Fax Service Microsoft Corporation
alg.exe 3172 1,160 K 212 K Application Layer Gateway Service Microsoft Corporation
lsass.exe 712 3,836 K 944 K LSA Shell (Export Version) Microsoft Corporation
avgchsvx.exe 1320 0.76 3,264 K 3,856 K AVG Cache Server AVG Technologies CZ, s.r.o.
avgrsx.exe 1328 1,612 K 512 K AVG Resident Shield Service AVG Technologies CZ, s.r.o.
avgcsrvx.exe 1460 10,564 K 1,696 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
explorer.exe 1236 15,160 K 2,776 K Windows Explorer Microsoft Corporation
IntelMEM.exe 3176 960 K 388 K Modem Event Monitor Application Intel Corporation
PCMService.exe 3424 5,860 K 1,660 K PowerCinema Resident Program for Dell CyberLink Corp.
iexplore.exe 3440 10,084 K 3,296 K Internet Explorer Microsoft Corporation
iexplore.exe 3920 52,776 K 35,564 K Internet Explorer Microsoft Corporation
hkcmd.exe 3456 692 K 312 K hkcmd Module Intel Corporation
igfxpers.exe 3468 668 K 280 K persistence Module Intel Corporation
E_FATI9AA.EXE 3492 668 K 596 K EPSON Status Monitor 3 SEIKO EPSON CORPORATION
avgtray.exe 3500 4,536 K 904 K AVG Tray Monitor AVG Technologies CZ, s.r.o.
mswinext.exe 3520 50,396 K 35,400 K MSN® Toolbar Microsoft Corp.
CarbonitePreinstaller.exe 3852 976 K 332 K Carbonite Setup Lite Carbonite, Inc.
jusched.exe 3916 1,660 K 136 K Java™ Update Scheduler Sun Microsystems, Inc.
jucheck.exe 2996 4,292 K 904 K Java™ Update Checker Sun Microsystems, Inc.
DSAgnt.exe 3992 9,692 K 2,988 K Dell Support Gteko Ltd.
ctfmon.exe 384 856 K 528 K CTF Loader Microsoft Corporation
SUPERAntiSpyware.exe 624 78,092 K 512 K SUPERAntiSpyware Application SUPERAntiSpyware.com
psi.exe 1396 31,484 K 23,572 K Secunia PSI Secunia
procexp.exe 3452 0.76 8,304 K 13,040 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users