Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i have a Trojan and freezing up computer


  • This topic is locked This topic is locked
14 replies to this topic

#1 dreamangel49801

dreamangel49801

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 24 September 2011 - 01:09 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic418380.html ~ OB

I have a dell Computer and am running windows xp..For about the last month it has been freezing up alot, running slower, losing internet connection. I have tried downloading Internet explorer 8 which is supposedly newest browser and it downloaded but somehow i cant run it?? I have avast anti-virus which keeps having alot of pop-ups saying it has found malware...1 time was a Trojan and the name of it was within the file i'm also attaching altho it wasnt asked for from my Super anti-spyware log...the main pop-up I get from avast says infection from C:Windows/System 32/svshost.exe....I pray somone on here can help me get rid of this virus and help me restore some speed and not have my system freezing and crashing all the time...thanks so much! I did run Malwarebytes Anti malware and it detected nothing...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Dell at 10:48:00 on 2011-09-24
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANwAxADMANQAyADgANQA2ADEALQBCAEEAKwAxAC0AVAA0AC0ARgBQADkAKwA1AC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0AMQArADEALQBYAE8AOQArADEALQBEAEQAVAArADUAMwA2ADQANgAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAC0AUwA5ADAARgBEAEQARgArADEA"&"prod=90"&"ver=9.0.894
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: download.com
Trusted Zone: kuaiche.com\software
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208965169375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4F70A980-0F55-4D5B-85B9-B58F6F92AB82} : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{87FE9E3F-3D5C-4252-8F40-9D1146014C4B} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? ASFIPmon;Broadcom ASF IP Monitor
R? ATNICm5;Allied Telesis PCI Ethernet Adapter NDIS 5.1 Driver
R? srvBB8;srvBB8
S? !SASCORE;SAS Core Service
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? pavboot;pavboot
S? RalinkRegistryWriter;Ralink Registry Writer
S? RT80x86;Ralink 802.11n Wireless Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Scutum50;Scutum50 NDIS Protocol Driver
S? stmtpm;STM TPM Service
.
=============== Created Last 30 ================
.
2011-09-20 04:08:34 -------- d-----w- c:\documents and settings\dell\application data\SUPERAntiSpyware.com
2011-09-20 04:06:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-20 04:06:58 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-12 01:46:54 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-12 01:46:44 41184 ----a-w- c:\windows\avastSS.scr
2011-09-12 01:46:33 -------- d-----w- c:\program files\AVAST Software
2011-09-12 01:46:33 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-09-10 18:49:01 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-09-09 22:52:56 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-09-08 03:18:42 -------- d-----w- c:\documents and settings\dell\application data\Malwarebytes
2011-09-08 03:17:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-08 03:17:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-08 03:17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-05 22:51:06 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-09-05 22:51:06 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-09-05 22:51:06 152064 ----a-w- c:\windows\system32\xvid.ax
2011-09-04 15:45:15 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-02 23:06:41 796032 ----a-w- c:\windows\system32\Scutum.dll
2011-09-02 23:06:41 200704 ----a-w- c:\windows\system32\ssleay32.dll
2011-09-02 23:06:41 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2011-09-02 23:06:41 180224 ----a-w- c:\windows\system32\W32N55.dll
2011-09-02 23:06:41 152968 ----a-w- c:\windows\system32\RalinkGina.dll
2011-09-02 23:06:41 147456 ----a-w- c:\windows\system32\DiagFunc.dll
2011-09-02 23:06:41 1085440 ----a-w- c:\windows\system32\libeay32.dll
2011-09-02 23:06:08 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2011-09-02 23:06:08 1136128 ----a-w- c:\windows\system32\drivers\rt2860.sys
2011-09-02 23:06:04 -------- d-----w- c:\program files\Ralink
2011-09-02 23:06:04 -------- d-----w- c:\documents and settings\all users\application data\Ralink Driver
.
==================== Find3M ====================
.
2011-09-05 22:40:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-05 22:40:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 10:54:10.94 ===============

i am also attaching the gamer log which only got as far as it shows then it also froze up...Thanks in advance for any and all help received :(


sorry i forgot to attach the file geesh feel like a dumb blonde ...

this attachment. shows the name of the trojan thatSUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/22/2011 at 06:26 PM

Application Version : 5.0.1118

Core Rules Database Version : 7709
Trace Rules Database Version: 5521

Scan type : Complete Scan
Total Scan Time : 01:08:20

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 517
Memory threats detected : 0
Registry items scanned : 36197
Registry threats detected : 1
File items scanned : 39238
File threats detected : 66

Adware.Tracking Cookie
C:\Documents and Settings\Dell\Cookies\M2Z2P15H.txt
C:\Documents and Settings\Dell\Cookies\JQ6OHQ86.txt
C:\Documents and Settings\Dell\Cookies\OI0WPNYB.txt
C:\Documents and Settings\Dell\Cookies\ZIW7TOZD.txt
C:\Documents and Settings\Dell\Cookies\95V9NI9U.txt
C:\Documents and Settings\Dell\Cookies\21U87NVF.txt
C:\Documents and Settings\Dell\Cookies\QECZT1IX.txt
C:\Documents and Settings\Dell\Cookies\GPJ1JE4X.txt
C:\Documents and Settings\Dell\Cookies\RS26F4LK.txt
C:\Documents and Settings\Dell\Cookies\5TM0WQ1Q.txt
C:\Documents and Settings\Dell\Cookies\HCBNZ0MC.txt
C:\Documents and Settings\Dell\Cookies\TJXY5ORX.txt
C:\Documents and Settings\Dell\Cookies\NU5IL6CZ.txt
C:\Documents and Settings\Dell\Cookies\8T6O9VSM.txt
C:\Documents and Settings\Dell\Cookies\HMFF2KVI.txt
C:\Documents and Settings\Dell\Cookies\M1KLAQO8.txt
C:\Documents and Settings\Dell\Cookies\KEK7GS53.txt
C:\Documents and Settings\Dell\Cookies\0Z8M7SCX.txt
C:\Documents and Settings\Dell\Cookies\CCH0YFY9.txt
C:\Documents and Settings\Dell\Cookies\1DY8Y5SD.txt
C:\Documents and Settings\Dell\Cookies\78T8LXY9.txt
C:\Documents and Settings\Dell\Cookies\173B8E6D.txt
C:\Documents and Settings\Dell\Cookies\S4ZW0XY2.txt
C:\Documents and Settings\Dell\Cookies\VUPLRE1W.txt
C:\Documents and Settings\Dell\Cookies\2D0YZ4MP.txt
C:\Documents and Settings\Dell\Cookies\DW3X4I3Q.txt
C:\Documents and Settings\Dell\Cookies\2Y8ZUKKD.txt
C:\Documents and Settings\Dell\Cookies\O0L97058.txt
C:\Documents and Settings\Dell\Cookies\T9SO826A.txt
C:\Documents and Settings\Dell\Cookies\XSMMMW17.txt
C:\Documents and Settings\Dell\Cookies\Z607HP2L.txt
C:\Documents and Settings\Dell\Cookies\9XQF8AWF.txt
C:\Documents and Settings\Dell\Cookies\B1KDTJSY.txt
C:\Documents and Settings\Dell\Cookies\4I0NOGYO.txt
C:\Documents and Settings\Dell\Cookies\061R4S9V.txt
C:\Documents and Settings\Dell\Cookies\OD2CPQJS.txt
C:\Documents and Settings\Dell\Cookies\JUHS0DGH.txt
C:\Documents and Settings\Dell\Cookies\SNB09NFW.txt
C:\Documents and Settings\Dell\Cookies\YFB4PYYY.txt
C:\Documents and Settings\Dell\Cookies\0F4M7AGQ.txt
C:\Documents and Settings\Dell\Cookies\SOZHBC6U.txt
C:\Documents and Settings\Dell\Cookies\YBRYX4S7.txt
C:\Documents and Settings\Dell\Cookies\FNQN24TB.txt
C:\Documents and Settings\Dell\Cookies\6Q6JN79T.txt
C:\Documents and Settings\Dell\Cookies\OQFGEZKJ.txt
C:\Documents and Settings\Dell\Cookies\V3N7717S.txt
C:\Documents and Settings\Dell\Cookies\TZBXO1GX.txt
C:\Documents and Settings\Dell\Cookies\Z6CJAE36.txt
C:\Documents and Settings\Dell\Cookies\6AAB2CKP.txt
C:\Documents and Settings\Dell\Cookies\YX8B5GJT.txt
C:\Documents and Settings\Dell\Cookies\AVDBS86Q.txt
C:\Documents and Settings\Dell\Cookies\SM9LT5VQ.txt
C:\Documents and Settings\Dell\Cookies\704L82IQ.txt
C:\Documents and Settings\Dell\Cookies\3J0U3GNY.txt
C:\Documents and Settings\Dell\Cookies\6UBM37EF.txt
C:\Documents and Settings\Dell\Cookies\7EQB17Q2.txt
C:\Documents and Settings\Dell\Cookies\5KP71JD8.txt
C:\Documents and Settings\Dell\Cookies\LV75DIV0.txt
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ELQRNF6E ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ELQRNF6E ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ELQRNF6E ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ELQRNF6E ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ELQRNF6E ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ELQRNF6E ]
spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ELQRNF6E ]

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{09B29BA3-8137-493F-9BF8-A5FA18690E6C}\RP276\A0076412.EXE

System.BrokenFileAssociation
HKCR\.exe
Super anti Spyware found..

Merged 3 posts. ~ OB

Attached Files


Edited by Orange Blossom, 24 September 2011 - 02:40 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 29 September 2011 - 01:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420297 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 04 October 2011 - 01:15 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:50 PM

Posted 13 October 2011 - 10:18 AM

Topic reopened by request.

Please post fresh DDS and GMER logs and post them as a reply to this topic.

~ OB

Edited by Orange Blossom, 13 October 2011 - 10:18 AM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 dreamangel49801

dreamangel49801
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 13 October 2011 - 05:49 PM

ok Orange ..I am back online finally am am headed to make new DDs and Gmer logs for u and ty :)

#6 dreamangel49801

dreamangel49801
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 13 October 2011 - 08:22 PM

here is dds and hope i zipped the attach file right ...nm i just sent as a text didnt understand how to turn into a zip file ..

Attached Files



#7 dreamangel49801

dreamangel49801
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 13 October 2011 - 09:55 PM

here is the gmer text

Attached Files



#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:50 PM

Posted 14 October 2011 - 06:03 AM

Greetings dreamangel49801 and Welcome back!
I'm looking over your logs and will have some suggestions for you in a short while. Thanks for your patience!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#9 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:50 PM

Posted 14 October 2011 - 06:53 AM

I'm not seeing much in the way of malicious software but I do see some service drivers running that are unique to your system alone. Most often, that's not good...but not always. With the number and kind of various security applications that you have on board, and have run recently, I can imagine one of them is the owner.

Your trojan issue with Avast might be related to the google tool bar registry entry here:
2318C2B1-4965-11D4-9B18-009027A5CD4F
...and although it's associated file is missing, avast may just not care about that since the registry entry is still present. It's not malicious...just not necessary.

I can suggest, if you don't use the Dell EMBASSY Security Center, you should uninstall it. As well, your installed java component, Java™ 6 Update 4 isn't needed either since you have a more updated version. Please uninstall the 6 update 4, then update the remaining version of java this way:
Please click start-->run
...type, or copy and paste the following into the run box:
javacpl.cpl
...then click "OK". When the Java Control Panel opens, click on the Update tab then click the "Update Now" button at the bottom. Your update should start. When it completes, please reboot the computer. When the system comes back up, please open the Java Control Panel again. From the "General" tab, under the "Temporary Internet Files" (at the bottom), please click the Settings button. When the "Temporary Files Settings" box opens, please remove the check from the option box to "Keep temporary files on my computer". Please click "OK", then "Apply" to close the Java Control Panel. Reboot the system again to properly record those changes to the hard disk.

Next, please remove these from your trusted zone:
download.com
kuaiche.com\software

...to do that, open "Internet Options" from within the control panel. Click the "Security" tab-->Trusted sites-->Sites button. Remove everything you find there inside the "Websites" window. Apply those changes and "OK" your way out to close the properties window...then close the control panel.

Next, let's remove some of those conflicting service drivers left over from some of your uninstalled security programs:

To get rid of those unwanted drivers, devices, or services:
1) Open the "Start" menu and choose "Run..."
2) Type cmd in the run box and click "ok".
3) At the cmd prompt, type or copy and paste:
set devmgr_show_nonpresent_devices=1
...and press enter. (Note that nothing seems to happen--this is expected. We are actually setting an environment variable which is going to help us to see hidden devices)
4) On the next cmd prompt line, type in:
devmgmt.msc
...and press enter. This will launch the Windows Device Manager Console.
5) In the Device Manager Console, from the "View" menu, select "Show Hidden Devices".

Note:
This is NOT the same as just selecting 'Show Hidden Devices' from within the menu of the normal default view in device manager. This method exposes the super hidden drivers/devices from having changed the environment variable.

Now, scroll down to and click "Non-Plug and Play Drivers" in the listing. You will see not only the items that Windows currently detects as installed on your pc (these are the usual items displayed), but you will also see drivers, devices, and services which have been loaded in the past but were not uninstalled or are not currently started.

These are identified by those drivers listed which are grayed out...

You can find your errant security service driver(s) (or no longer installed) device driver(s), right-click, and choose "uninstall" to remove it/them from the system completely.

Be careful though; you should note that although the non-loaded devices, drivers, and services which are "grayed" out, can be removed by a simple right-click "uninstall" but that doesn't necessarily mean that you should delete all of them (or any of them). Investigate first whether or not you actually DO need them.

Only remove items you know with certainty that you don't need. And, be careful that you don't change too many devices or you might need to re-activate your Windows installation.

Last thing, if you accidentally exit the Device Manager Console before you finish, you will need to start over again at the cmd prompt in order to re-set the environment variable. To close the cmd prompt window, type exit then press the "Enter" key.

If you are uncertain as to which device drivers you don't need, then please make note of those which are grayed out and post them here...I will research them for you.

On your next reply, let us know if you've completed the above and if you had any issues with these instructions...also, how the system is behaving now. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#10 dreamangel49801

dreamangel49801
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 14 October 2011 - 05:35 PM

Hi and thank you very much 1972 vet for all your help ...I did everything you asked except i didnt uninstall any of the drivers cause i dont wanna mess anything up so I'm sending a list of the ones that showed up that were greyed out ..they showed like a diamond shape by them and some were almost white but the ones im sending were a dark gray so hope its the right ones...

Attached Files



#11 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:50 PM

Posted 14 October 2011 - 09:01 PM

From the list of installed software you provided, it appears you no longer have Roxio installed so you should be able to uninstall the dvd_2k driver. I'd leave the rest of them alone. How's the system behaving now?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#12 dreamangel49801

dreamangel49801
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 15 October 2011 - 10:24 AM

ty its actually running pretty smoothly so far besides the fact i am always losing my dsl connection but thats just ATT i feel and we are considering going to cable since we can get a bundle package..again Thanks so much for everything..i really like the AVAST better than other anti viruses and how often would you suggest i use the malwarebytes and super ant spyware? at least once a week? :mellow:

#13 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:50 PM

Posted 15 October 2011 - 03:25 PM

I also have AT&T DSL. My experience may just be anecdotal, but I recall having a connection issue while using Avast. In my case, my browser would connect just fine but after a few minuets while connected to some news web site for example, I would lose the connection and couldn't view any other news pages. If I were to attempt to reconnect, I would get a message that said I was connected. As frustrating as that could get, I would eventually reboot and it would go away again...for a while. This was several years ago mind you so things could have changed, but as I googled that issue, I discovered others with the issue using AT&T DSL with Avast.

I uninstalled Avast and my issue disappeared. This was back when AT&T was actually bundling AVG with it's security suite if that gives you any idea as to actually how long that's been. Anyway, if you're using Avast's free version, it would do no harm to uninstall it and try using Microsoft's Security Essentials instead. See if it makes a difference. MSE has every bit of what Avast has and it's also fully automated so you might just be delighted with it. I CAN say, it is much less resource intensive.

As to MBAM and SAS, although both are good, it's really not necessary to keep using both for malware scans. MalwareBytes is my choice for a good second opinion if that's what you use it for. I'd say you should use MBAM's flash scan feature once a day, preferably at the end of each log on session. The feature is designed so that a flash scan should reveal any problems you might have picked up. If that scan does find something, then I would use the full system scan immediately afterward. For that matter, Microsoft Security Essentials is not just an antivirus scanner...it also has the malware scan engine incorporated with it from the Windows Defender software, so you see...MSE does it all, but a second opinion is never harmful.

Let us know how things turn out. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#14 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:50 PM

Posted 17 October 2011 - 05:11 AM

Still with us dreamangel49801?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#15 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:50 PM

Posted 21 October 2011 - 08:37 AM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to anyone of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users