Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sluggish computer - Need help plz


  • This topic is locked This topic is locked
10 replies to this topic

#1 dbteepo

dbteepo

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 16 September 2011 - 05:58 PM

Hello! I've posted in the past and always recieved very helpful step by step instructions for how to fix problems I'm having trouble with and it so happens I'm in that position again.

I've been having computer performance issues as of the last 2 days and I'm not sure exactly what has taken hold of my computer: I became aware of an infection when I checked McAfee and it said it had removed a trojan and rootkit (unspecified name or type) so I ran a full scan with MBAM and came up with no infections. Then I ran McAfee once more and the only hint of an infection was a file that was named vhx0v0vm.txt, I searched on google for this and found nothing. I've also defragmented within the last 2 days prior to the sluggish computer problem.

Another oddity which may or may not be related is that McAfee is alerting me that a new connection has been made and asks me to select either Home, Work, or Public (how about refuse connection?) Afterward I'll pull up McAfee and delete the connection, but it has been reconnecting occasionally. I say this may be coincidence because I have a wireless router, so I think it may just be someone who is leeching my internet.

Thanks to anyone and everyone who is willing to help me by tackling this issue.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 16 September 2011 - 07:52 PM

Hello and not glad you're back :) (You know I am kidding)

There is no info on this,vhx0v0vm.txt,as it's a random malware name.

Let's see what else we can learn.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the [COLOR=blue]SUPERAntiSpyware Portable Scanner
instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dbteepo

dbteepo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 17 September 2011 - 11:45 AM

Thanks for the quick reply!

I recieved no errors or threats while running TDSSkiller so that log isn't posted, but also I couldn't find v2.5.9.0 only v2.5.22.0 so that is the version I used. Here's the logfiles for Mini toolbox and SAS:

MiniToolBox by Farbar
Ran by Compaq_Administrator (administrator) on 17-09-2011 at 08:34:43
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection" address=0.0.0.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JenniferLynn
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet #2
Physical Address. . . . . . . . . : 00-18-F3-95-23-B9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6564:ae42:8a4a:5ae2%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 15, 2011 7:27:48 PM
Lease Expires . . . . . . . . . . : Tuesday, October 24, 2147 3:03:01 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 369105139
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-D3-31-46-00-18-F3-95-23-B9
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection*:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.73.106
74.125.73.147
74.125.73.99
74.125.73.103
74.125.73.104
74.125.73.105

Pinging google.com [74.125.73.105] with 32 bytes of data:Reply from 74.125.73.105: bytes=32 time=53ms TTL=49Reply from 74.125.73.105: bytes=32 time=55ms TTL=49Ping statistics for 74.125.73.105: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 53ms, Maximum = 55ms, Average = 54msServer: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=46ms TTL=51Reply from 209.191.122.70: bytes=32 time=48ms TTL=51Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 46ms, Maximum = 48ms, Average = 47msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
17 ...00 18 f3 95 23 b9 ...... NVIDIA nForce 10/100 Mbps Ethernet #2
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18 ...00 00 00 00 00 00 00 e0 isatap.Belkin
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.5 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.5 276
192.168.2.5 255.255.255.255 On-link 192.168.2.5 276
192.168.2.255 255.255.255.255 On-link 192.168.2.5 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.5 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.5 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
17 276 fe80::/64 On-link
17 276 fe80::6564:ae42:8a4a:5ae2/128
On-link
1 306 ff00::/8 On-link
17 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/16/2011 07:35:28 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#HOME.MCAFEE.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/16/2011 07:35:28 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#HOME.MCAFEE.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/16/2011 07:11:25 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZU.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/16/2011 07:11:25 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZU.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/16/2011 07:10:55 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVLRPLK6\SECURE-US.IMRWORLDWIDE.COM\_GGMCVAR_1.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/16/2011 07:10:55 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVLRPLK6\SECURE-US.IMRWORLDWIDE.COM\_GGMCVAR_1.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/16/2011 07:10:53 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVLRPLK6\SECURE-US.IMRWORLDWIDE.COM\_GGMCVAR_1.SXX> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/16/2011 07:10:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#SECURE-US.IMRWORLDWIDE.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/16/2011 07:10:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#SECURE-US.IMRWORLDWIDE.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/16/2011 07:10:46 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#OBJECTS.TREMORMEDIA.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (09/16/2011 07:04:38 PM) (Source: Service Control Manager) (User: )
Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

Error: (09/15/2011 11:40:17 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/15/2011 11:40:06 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/15/2011 07:30:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Null

Error: (09/15/2011 07:30:20 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (09/15/2011 07:28:59 PM) (Source: DCOM) (User: )
Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.

Error: (09/15/2011 07:26:45 PM) (Source: nmserial) (User: )
Description:

Error: (09/14/2011 11:40:49 PM) (Source: Service Control Manager) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/14/2011 11:40:49 PM) (Source: Service Control Manager) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/14/2011 11:40:49 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (09/16/2011 07:35:28 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#HOME.MCAFEE.COM\SETTINGS.SOL

Error: (09/16/2011 07:35:28 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#HOME.MCAFEE.COM\SETTINGS.SOL

Error: (09/16/2011 07:11:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZU.COM\SETTINGS.SOL

Error: (09/16/2011 07:11:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZU.COM\SETTINGS.SOL

Error: (09/16/2011 07:10:55 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVLRPLK6\SECURE-US.IMRWORLDWIDE.COM\_GGMCVAR_1.SOL

Error: (09/16/2011 07:10:55 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVLRPLK6\SECURE-US.IMRWORLDWIDE.COM\_GGMCVAR_1.SOL

Error: (09/16/2011 07:10:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVLRPLK6\SECURE-US.IMRWORLDWIDE.COM\_GGMCVAR_1.SXX

Error: (09/16/2011 07:10:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#SECURE-US.IMRWORLDWIDE.COM\SETTINGS.SOL

Error: (09/16/2011 07:10:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#SECURE-US.IMRWORLDWIDE.COM\SETTINGS.SOL

Error: (09/16/2011 07:10:46 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#OBJECTS.TREMORMEDIA.COM\SETTINGS.SOL


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.5)
Ad-Aware (Version: 7.1.0.7)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AIM 6
AIO_CDA_ProductContext (Version: 82.0.233.000)
AIO_CDA_Software (Version: 82.0.233.000)
AIO_Scan (Version: 82.0.173.000)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Battlefield 1942
Bing Bar (Version: 6.3.2322.0)
Bing Bar Platform (Version: 6.3.2322.0)
Bonjour (Version: 3.0.0.2)
BufferChm (Version: 82.0.173.000)
C4100 (Version: 82.0.233.000)
c4100_Help (Version: 82.0.233.000)
Cake Mania Deluxe
CCleaner (Version: 3.10)
Compaq Connections (remove only)
Copy (Version: 120.0.214.000)
CSI-3 Dimensions of Murder 1.1 (Version: 1.1)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
CustomerResearchQFolder (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Web Player (Version: 1.4.3)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.14.00.802 (Version: 01.14.00.8025)
DVDneXtCOPY
EA Download Manager (Version: 4.0.0.396)
EA Download Manager (Version: 8.0.3.427)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680)
Enhanced Multimedia Keyboard Solution
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 120.0.194.000)
Game Booster 3 (Version: 3.0)
GameSpy Arcade
GemMaster Mystic
Grace's Quest: To Catch An Art Thief
HP Boot Optimizer (Version: 3.0.0)
HP Customer Participation Program 8.0 (Version: 8.0)
HP DVD Play 2.1
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Photosmart.All-In-One Driver Software 8.0 .A (Version: 8.0)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 4.0.0013)
HP Solution Center 8.0 (Version: 8.0)
HP Support Overview (Version: 1.0.0)
HP Update (Version: 4.000.012.001)
HP Web Helper
HPProductAssistant (Version: 82.0.173.000)
HpSdpAppCoreApp (Version: 3.00.0000)
HPSSupply (Version: 2.1.3.0000)
iTunes (Version: 10.4.1.10)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 15.4.3502.0922)
League of Legends (Version: 2.0)
LeapFrog Connect (Version: 2.1.8.7798)
LeapFrog Tag Plugin (Version: 2.1.8.7798)
LightScribe 1.4.105.1 (Version: 1.4.105.1)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 82.0.174.000)
McAfee SecurityCenter (Version: 10.5.240)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Money 2006 (Version: 15)
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 08.04.0623)
MobileMe Control Panel (Version: 3.1.6.0)
MosChip Multi-IO Controller
Mozilla Firefox (2.0) (Version: 2.0 (en-US))
MS Access 97 SP2
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My HP Games (Version: HPCMPQ1404)
Mystery Cruise
Netscape Browser (remove only)
NVIDIA 3D Vision Controller Driver (Version: 270.61)
NVIDIA 3D Vision Controller Driver 270.61 (Version: 270.61)
NVIDIA Control Panel 270.61 (Version: 270.61)
NVIDIA Drivers
NVIDIA Graphics Driver 270.61 (Version: 270.61)
NVIDIA Install Application (Version: 2.270.54.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA Update 1.1.34 (Version: 1.1.34)
NVIDIA Update Components (Version: 1.1.34)
Otto
Pando Media Booster (Version: 2.3.5.6)
PC-Doctor 5 for Windows (Version: 5.00.4060.15)
Pirates of the Caribbean - At Worlds End (Version: 1.0)
Pool Buddy - Yahoo Version Z 1.24
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2006 (Version: 15.1.4.5)
QuickTime (Version: 7.70.80.34)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
RealUpgrade 1.1 (Version: 1.1.0)
Rhapsody
Safari (Version: 5.34.50.0)
Scan (Version: 8.1.0.0)
Segoe UI (Version: 15.4.2271.0615)
Seven Kingdoms II
SigmaTel MSCN Audio Player (Version: )
SimCity 2000® CD Collection
SimCity 3000 Unlimited
SimCity 4
SimSafari
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SolutionCenter (Version: 82.0.188.000)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic RecordNow Audio (Version: 2.0.6)
Sonic RecordNow Copy (Version: 2.0.6)
Sonic RecordNow Data (Version: 2.0.6)
Sonic Update Manager (Version: 3.0.0)
SPORE™ (Version: 1.00.0000)
Status (Version: 110.0.180.000)
The Treasures of Mystery Island: The Gates of Fate
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 110.0.180.000)
Trillian
Undercover PI
UnloadSupport (Version: 1.00.0000)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Ventrilo Client (Version: 3.0.8)
Viewpoint Media Player
VTech® Photo Editor
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 82.0.173.000)
WildTangent Web Driver
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Script V5.6 Documentation
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 1981.82 MB
Available physical RAM: 989.84 MB
Total Pagefile: 4208.16 MB
Available Pagefile: 2811.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.2 MB

========================= Partitions: =====================================

1 Drive c: (PRESARIO) (Fixed) (Total:224.42 GB) (Free:105.47 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:8.44 GB) (Free:1.49 GB) FAT32
3 Drive e: (BF1942_2) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS
7 Drive k: (Old Drive) (Fixed) (Total:111.79 GB) (Free:106.45 GB) NTFS

========================= Users: ========================================

User accounts for \\JENNIFERLYNN

Administrator ASPNET Compaq_Administrator
Guest HelpAssistant Mcx1
SUPPORT_388945a0 SUPPORT_fddfa904 UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/17/2011 at 11:13 AM

Application Version : 5.0.1118

Core Rules Database Version : 7705
Trace Rules Database Version: 5517

Scan type : Complete Scan
Total Scan Time : 02:03:09

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 410
Memory threats detected : 0
Registry items scanned : 37319
Registry threats detected : 0
File items scanned : 241952
File threats detected : 28

Adware.Tracking Cookie
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\YGW2NMCI.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\SNRKUTNR.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\V3KFMJDB.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\S451JVOZ.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\QU0003IN.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\4U16BYL5.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\5MWZ5DUD.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\FZLIQZU4.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\DBQFLS9E.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\FYFG8D30.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\81CLFYN1.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\AHAWDA8Y.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\T9JMWLSS.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\LDLGCY14.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\QDAHMAQH.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\IQSX12WW.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\4887PEY2.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\1SOPP5XL.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\4HUKKIQL.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\0VGWH59N.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\DF9M58J5.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\RIUI4PCU.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\FJ8NL6V2.txt
C:\Users\Compaq_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\FZ21BS52.txt
objects.tremormedia.com [ C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVLRPLK6 ]
secure-us.imrworldwide.com [ C:\USERS\COMPAQ_ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GVLRPLK6 ]
.doubleclick.net [ C:\USERS\TINARINO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ISX7GQ0J.DEFAULT\COOKIES.TXT ]
www.googleadservices.com [ C:\USERS\TINARINO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ISX7GQ0J.DEFAULT\COOKIES.TXT ]

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 17 September 2011 - 09:45 PM

Hello. let's do one more scan and see how it is after.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dbteepo

dbteepo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 18 September 2011 - 07:40 AM

Alright, I finally have a name I can search for! Thank you sir, I'll post the log and let you know if I come up with anything.


ESET scan
==================================
C:\Users\Compaq_Administrator\Limewire\Limp Bizkit - show me what you got - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
D:\I386\APPS\APP24244\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application deleted - quarantined
D:\I386\APPS\APP24244\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application deleted - quarantined

#6 dbteepo

dbteepo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 18 September 2011 - 03:12 PM

Thanks for all of your help so far, I've done some searching and I've found other posts on this and other forums, but most of the helpers are diagnosing with HijackThis and I'd prefer not to play with things I don't understand ;) I was hoping to find an easy fix but I came across nothing, so I'm in your hands again.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 19 September 2011 - 03:23 PM

So, are you still sluggish ? Is that what you mean..

That was some infected Limewire dowmload.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Then do a rootkit scan.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 dbteepo

dbteepo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 19 September 2011 - 07:51 PM

Yeah, I'm still running pretty sluggish - MBAM came back with nothing and I've been having trouble with GMER. In normal mode and safe mode it would close due to unexpected error (McAfee was off) and then once in safe mode and normal mode with device unchecked I recieved the blue screen of death :S Any advice?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 19 September 2011 - 09:33 PM

I think we need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 dbteepo

dbteepo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 20 September 2011 - 06:40 PM

Thank you for your help on this matter, I've posted a new topic on the forum. I also was able to scan with GMER and I think my problem before was that I had added my K:\ to scan (secondary hard drive) Again, thanks for your help and I hope we never meet again :P (j/k)

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 20 September 2011 - 08:20 PM

Good luck and beat it :hysterical:
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users