Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is very slow and hangs up often


  • Please log in to reply
32 replies to this topic

#1 lugnuts9

lugnuts9

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 03 June 2011 - 08:46 PM

Dell desktop computer on Windows XP. Using Firefox normally (typing this on IE in Safe mode. I have AVG 2011 and Malwarebytes, updated and scanned several times weekly.

The computer is very slow all of the sudden. It will boot normally, but clicking on Firefox will do nothing, and it will not shut down or restart without hanging up, I will have to eventually use the button. Safe mode allowed me to go online.

AVG and MBAM detected no problems.

ESET online scanner detected and removed 12 threats, but the computer runs about the same.


Thanks in advance!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 PM

Posted 03 June 2011 - 09:01 PM

Hello, I am hoping we can see the ESET log.
he ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 03 June 2011 - 09:05 PM

Thanks.

Running MBAM full scan now. I will run TDSS when finished.

Here is the eset log:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=b1c019e27ab4ae4caee8593fe84e7a31
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-03 08:40:22
# local_time=2011-06-03 04:40:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 15499630 15499630 0 0
# compatibility_mode=1032 16777174 100 96 0 50185510 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=87180
# found=12
# cleaned=12
# scan_time=4260
C:\Documents and Settings\Computer User\Application Data\Sun\Java\Deployment\cache\6.0\25\7582ed99-67f9f58f multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Computer User\Application Data\Sun\Java\Deployment\cache\6.0\3\27b75903-7c80dad4 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Computer User\Application Data\Sun\Java\Deployment\cache\6.0\63\420dadbf-1c034f17 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Computer User\Application Data\Sun\Java\Deployment\cache\6.0\7\3c30cc87-3cfcd201 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\InternationalPrimoPDF.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\KManager\KManager.exe a variant of Win32/Injector.DQS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\SManager\SManager.exe a variant of Win32/Injector.DQS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Olmarik.AJL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{AAE145AD-8D3A-4FCB-BEFD-87991F8C2314}\RP817\A0158670.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{AAE145AD-8D3A-4FCB-BEFD-87991F8C2314}\RP817\A0158671.exe a variant of Win32/Injector.DQS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{AAE145AD-8D3A-4FCB-BEFD-87991F8C2314}\RP817\A0158672.exe a variant of Win32/Injector.DQS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\535.js JS/TrojanDownloader.Agent.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok

Edited by lugnuts9, 03 June 2011 - 09:06 PM.


#4 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 03 June 2011 - 09:14 PM

TDSS Killer found nothing:

2011/06/03 22:10:05.0875 1716 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/03 22:10:06.0312 1716 ================================================================================
2011/06/03 22:10:06.0312 1716 SystemInfo:
2011/06/03 22:10:06.0312 1716
2011/06/03 22:10:06.0312 1716 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/03 22:10:06.0312 1716 Product type: Workstation
2011/06/03 22:10:06.0312 1716 ComputerName: GX280
2011/06/03 22:10:06.0312 1716 UserName: Computer User
2011/06/03 22:10:06.0312 1716 Windows directory: C:\WINDOWS
2011/06/03 22:10:06.0312 1716 System windows directory: C:\WINDOWS
2011/06/03 22:10:06.0312 1716 Processor architecture: Intel x86
2011/06/03 22:10:06.0312 1716 Number of processors: 1
2011/06/03 22:10:06.0312 1716 Page size: 0x1000
2011/06/03 22:10:06.0312 1716 Boot type: Safe boot with network
2011/06/03 22:10:06.0312 1716 ================================================================================
2011/06/03 22:10:07.0312 1716 Initialize success
2011/06/03 22:10:19.0609 0912 ================================================================================
2011/06/03 22:10:19.0609 0912 Scan started
2011/06/03 22:10:19.0609 0912 Mode: Manual;
2011/06/03 22:10:19.0609 0912 ================================================================================
2011/06/03 22:10:21.0375 0912 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/03 22:10:21.0500 0912 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/03 22:10:21.0687 0912 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/03 22:10:21.0859 0912 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/03 22:10:22.0562 0912 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/03 22:10:22.0687 0912 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/03 22:10:22.0875 0912 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/03 22:10:23.0031 0912 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/03 22:10:23.0187 0912 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/03 22:10:23.0328 0912 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/06/03 22:10:23.0468 0912 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/03 22:10:23.0593 0912 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/06/03 22:10:23.0750 0912 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/06/03 22:10:23.0906 0912 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/06/03 22:10:24.0046 0912 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/06/03 22:10:24.0187 0912 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/06/03 22:10:24.0328 0912 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/03 22:10:24.0468 0912 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/03 22:10:24.0625 0912 CAN300 (c558bb843a49afaa871e766fe42dacfb) C:\WINDOWS\system32\drivers\CAN300.SYS
2011/06/03 22:10:24.0921 0912 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/03 22:10:25.0125 0912 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/03 22:10:25.0281 0912 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/03 22:10:25.0406 0912 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/03 22:10:25.0515 0912 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/06/03 22:10:26.0125 0912 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/03 22:10:26.0296 0912 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/03 22:10:26.0437 0912 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/03 22:10:26.0531 0912 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/03 22:10:26.0687 0912 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/03 22:10:26.0937 0912 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/03 22:10:27.0109 0912 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/03 22:10:27.0250 0912 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/03 22:10:27.0375 0912 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/03 22:10:27.0500 0912 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/03 22:10:27.0609 0912 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/03 22:10:27.0750 0912 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/03 22:10:27.0890 0912 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/03 22:10:28.0015 0912 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/03 22:10:28.0171 0912 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/03 22:10:28.0390 0912 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/03 22:10:28.0500 0912 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/03 22:10:28.0640 0912 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/03 22:10:28.0781 0912 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/03 22:10:29.0046 0912 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/06/03 22:10:29.0234 0912 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/03 22:10:29.0390 0912 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/03 22:10:29.0609 0912 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/03 22:10:29.0734 0912 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/03 22:10:29.0890 0912 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/03 22:10:29.0984 0912 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/03 22:10:30.0093 0912 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/03 22:10:30.0234 0912 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/03 22:10:30.0375 0912 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/03 22:10:30.0500 0912 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/03 22:10:30.0625 0912 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/03 22:10:30.0765 0912 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/03 22:10:30.0921 0912 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/03 22:10:31.0046 0912 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/03 22:10:31.0140 0912 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/03 22:10:31.0390 0912 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/03 22:10:31.0546 0912 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/03 22:10:31.0671 0912 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/03 22:10:31.0812 0912 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/03 22:10:31.0921 0912 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/03 22:10:32.0031 0912 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/03 22:10:32.0515 0912 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/03 22:10:32.0656 0912 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/03 22:10:32.0796 0912 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/03 22:10:32.0921 0912 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/03 22:10:33.0031 0912 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/03 22:10:33.0156 0912 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/03 22:10:33.0296 0912 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/03 22:10:33.0421 0912 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/03 22:10:33.0546 0912 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/03 22:10:33.0671 0912 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/03 22:10:33.0781 0912 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/03 22:10:33.0906 0912 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/03 22:10:34.0046 0912 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/03 22:10:34.0171 0912 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/03 22:10:34.0312 0912 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/03 22:10:34.0500 0912 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/03 22:10:34.0640 0912 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/03 22:10:34.0796 0912 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/03 22:10:34.0906 0912 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/03 22:10:35.0031 0912 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/03 22:10:35.0156 0912 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/03 22:10:35.0281 0912 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/03 22:10:35.0390 0912 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/03 22:10:35.0531 0912 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/03 22:10:35.0718 0912 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/06/03 22:10:35.0859 0912 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/03 22:10:36.0500 0912 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/03 22:10:36.0640 0912 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/03 22:10:36.0765 0912 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/03 22:10:37.0187 0912 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/03 22:10:37.0343 0912 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/03 22:10:37.0484 0912 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/03 22:10:37.0609 0912 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/03 22:10:37.0703 0912 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/03 22:10:37.0828 0912 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/03 22:10:37.0968 0912 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/03 22:10:38.0078 0912 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/03 22:10:38.0234 0912 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/03 22:10:38.0421 0912 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/03 22:10:38.0531 0912 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/03 22:10:38.0640 0912 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/06/03 22:10:38.0796 0912 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/03 22:10:38.0953 0912 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/06/03 22:10:39.0093 0912 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/03 22:10:39.0203 0912 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/03 22:10:39.0343 0912 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/03 22:10:39.0578 0912 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/03 22:10:39.0781 0912 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/03 22:10:39.0921 0912 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/03 22:10:40.0078 0912 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/03 22:10:40.0203 0912 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/03 22:10:40.0343 0912 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/03 22:10:40.0750 0912 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/03 22:10:40.0890 0912 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/03 22:10:40.0984 0912 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/03 22:10:41.0109 0912 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/03 22:10:41.0296 0912 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/03 22:10:41.0562 0912 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/03 22:10:41.0796 0912 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/03 22:10:41.0968 0912 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/03 22:10:42.0078 0912 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/03 22:10:42.0187 0912 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/03 22:10:42.0312 0912 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/03 22:10:42.0406 0912 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/03 22:10:42.0515 0912 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/03 22:10:42.0656 0912 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/03 22:10:42.0750 0912 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/03 22:10:42.0953 0912 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/03 22:10:43.0140 0912 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/03 22:10:43.0312 0912 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/03 22:10:43.0656 0912 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/03 22:10:43.0781 0912 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/03 22:10:43.0906 0912 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/03 22:10:44.0109 0912 ================================================================================
2011/06/03 22:10:44.0109 0912 Scan finished
2011/06/03 22:10:44.0109 0912 ================================================================================
2011/06/03 22:10:44.0156 1744 Detected object count: 0
2011/06/03 22:10:44.0156 1744 Actual detected object count: 0
2011/06/03 22:12:20.0703 1672 Deinitialize success

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 PM

Posted 03 June 2011 - 09:28 PM

What version of JAVA,if any, is running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).


Win32/Injector.
Capability to send out email message(s) with the built-in SMTP client engine.

Threat characteristics of Vundo (aka VirtuMonde/VirtuMundo), a trojan horse that cause popups and advertises rogue antispyware programs. Vundo can be installed by visiting a Web site link contained in a spammed email. It is known to create a DLL file in the Windows system32 directory and inject it into system processes winlogon.exe and explorer.exe.

Communication with a remote SMTP server and sending out email.
Mass-mailer that sends out email to the email addresses harvested from the local computer.
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a Winlogon notification package so that the installed module is loaded into the address space of winlogon.exe.
Registers a 32-bit in-process server DLL.


I would advise you to disconnect this PC from the Internet, and then go to
a known clean computer and change any passwords or security information held
on the infected computer. In particular, check whatever relates to online
banking financial transactions, shopping, credit cards, or sensitive
personal information. It is also wise to contact your financial institutions
to apprise them of your situation.


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Edited by boopme, 03 June 2011 - 09:29 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 03 June 2011 - 09:39 PM

Java6 update 24

The GooredFix scan only took 10 seconds, is this normal? Thanks again.



GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:36 on 03/06/2011 (Computer User)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:38 24/03/2011]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [03:27 23/10/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [04:51 15/12/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [09:14 28/04/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [12:10 09/06/2004]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [04:09 03/03/2011]

C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\69aucfaz.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [00:37 28/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:43 20/03/2009]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02:30 28/05/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:26 23/10/2009]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4\" [14:06 30/03/2011]

-=E.O.F=-

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 PM

Posted 03 June 2011 - 09:51 PM

Yes its quick as it only has to look for a ew things. Are you still redirecting?

You are only one Update back. But I'll post the fix any way as you should.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 03 June 2011 - 10:04 PM

Downloaded new java ok.

But I couldn't remove the old Jave in Safe Mode.

Reboot to normal mode - I can't get into control panel - computer hangs up.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 PM

Posted 03 June 2011 - 10:11 PM

I have to leave now. But try running SFC

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 04 June 2011 - 09:11 AM

I don't have a windows disk. Is there anything else I can do?

Also, I was eventually able to remove the Java and install the new version.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 PM

Posted 04 June 2011 - 09:31 AM

Try it anyway,it may look on the hard drive if it needs something.

Edited by boopme, 04 June 2011 - 09:32 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 04 June 2011 - 09:37 AM

Sorry, I should have mentioned, I did try it anyway. It would just keep asking me for the CD.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 PM

Posted 04 June 2011 - 09:50 AM

Also try Start >Run.. type CONTROL.EXE >hit Enter .........see if it opens.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 04 June 2011 - 10:29 AM

OK, that opens the Control panel. Is it supposed to do something after?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 PM

Posted 04 June 2011 - 10:32 PM

I take it that it only opened it and it still not normal.

Lets see if you can restore the PC to a date befor this all started. See is Control panel is normal.
Windows XP System Restore Guide

If so then update and rerun am MBAM FULL scan to be sure we did not re infect.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users