Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs keep freezing


  • Please log in to reply
10 replies to this topic

#1 Brian Butler

Brian Butler

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 03:53 PM

We are having numerous problems with our PC. Outlook Express and Windows Mail keep freezing and everything is very slow. I've run adware and AV progams but they haven't helped. Can you?

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 05 November 2011 - 04:03 PM

Hello and welcome to Bleeping Computer
Download CCLEANER the link below:

http://www.piriform.com/ccleaner


Just DONT us the registry cleaner function of CCleaner unless you know what you are deleting exactly!!

Then open ccleaner hit the tools button then startup second one down below uninstall then in the bottom right hand corner of ccleaner hit save to text file.Save it to your desktop and post the startup.txt here in your next reply.Also hit start run then type msconfig then hit the services tab then hit put a check mark in hide microsoft services what is listed there,after hiding microsoft services? Also post to me the uninstall list from ccleaner please.

#3 Brian Butler

Brian Butler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 November 2011 - 05:00 PM

I didn't manage to follow your instructions properly.

The start up text is below but I couldn't find start run so hit run cleaner instead. I also can't find the services tab or follow the last instructions.

Yes HKCU:Run Sidebar C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKCU:Run swg "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKCU:Run PC Suite Tray "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
No HKCU:Run HPADVISOR C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
No HKCU:Run PC Suite Tray "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
No HKCU:Run swg "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
No HKCU:Run TomTomHOME.exe "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
No HKCU:Run WMPNSCFG C:\Program Files\Windows Media Player\WMPNSCFG.exe
Yes HKLM:Run Ad-Watch C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Yes HKLM:Run NvCplDaemon RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Yes HKLM:Run ZoneAlarm Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Yes HKLM:Run AppleSyncNotifier C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Yes HKLM:Run Malwarebytes' Anti-Malware (reboot) "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Yes HKLM:Run QuickTime Task "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
No HKLM:Run Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
No HKLM:Run DVDAgent "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
No HKLM:Run HP Health Check Scheduler c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
No HKLM:Run HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
No HKLM:Run hpqSRMon C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
No HKLM:Run SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
No HKLM:Run TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
No Startup Common C:\PROGRA~1\FINEPI~1\QUICKD~1.EXE
No Startup Common HP Digital Imaging Monitor.lnk C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 05 November 2011 - 05:05 PM

do you run vista if so then hit the start button in the lower left hand corner and type services.msc when the window pops up right click and run as admin then follow these instructions: hit the services tab then hit put a check mark in hide microsoft services what is listed there,after hiding microsoft services? Also post to me the uninstall list from ccleaner please.

#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 05 November 2011 - 05:10 PM

Hello you can disable these from starting up with windows they can be started at any time by double clicking the icon for the program if need be.
to do that open ccleaner hit tools startup left click on selected item and disable.

Yes HKLM:Run AppleSyncNotifier C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Yes HKLM:Run Malwarebytes' Anti-Malware (reboot) "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Yes HKLM:Run QuickTime Task "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Yes HKLM:Run iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run Ad-Watch C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (uninstall Ad-Aware) (useless)
Yes HKLM:Run NvCplDaemon RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Yes HKCU:Run Sidebar C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (optional)
Yes HKCU:Run swg "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Reboot the machine after completing instructions above.

I noticed you dont have an antivirus installed complete the task above then run a quick scan with either avast or mse just dont install both.
After the computer restarts then install avast or microsoft security essentials links below
http://download.cnet.com/3001-2239_4-10019223.html?spi=c8a732b8fc3505ac3a6e927ebbbe467b&part=dl-85737
http://windows.microsoft.com/en-US/windows/products/security-essentials

Edited by InadequateInfirmity, 05 November 2011 - 05:12 PM.


#6 Brian Butler

Brian Butler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 13 November 2011 - 12:00 PM

I'm still having problems with the instructions.

I hit start, type services.msc, and a dialogue box opens and asks me for permission to continue. I can't right click at this stage so I hit continue. Then the main services box opens, but the only tab is services (local). I can right click but I don't get the admin option. I also don't see a check box for 'hide microsoft services'.

Uninstall list below:-

Ad-Aware Lavasoft 08/12/2010 102.5 MB
Adobe AIR Adobe Systems Inc. 05/02/2011 29.4 MB 2.5.1.17730
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 02/07/2011 10.3.181.26
Adobe Reader 8.1.3 Adobe Systems Incorporated 09/12/2008 84.9 MB 8.1.3
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 12/03/2011 8.82 MB 11.5.9.620
Advanced Registry Optimizer Sammsoft 15/05/2009 10.2 MB 5.3
albelli photo book creator Extra 17/11/2010 6.55 MB
Amazon MP3 Downloader 1.0.4 25/12/2008 1.57 MB
AOL Toolbar 5.0 AOL LLC 13/10/2008 2.83 MB 5.2.69.1
Apple Application Support Apple Inc. 12/09/2011 60.2 MB 2.0.1
Apple Mobile Device Support Apple Inc. 12/09/2011 22.1 MB 3.4.1.2
Apple Software Update Apple Inc. 12/09/2011 2.38 MB 2.1.3.127
BBC iPlayer Desktop British Broadcasting Corp. 02/02/2010 1.70 MB 1.4.13222.14125
Bonjour Apple Inc. 12/09/2011 0.73 MB 3.0.0.2
CCleaner Piriform 05/11/2011 4.13 MB 3.12
Compatibility Pack for the 2007 Office system Microsoft Corporation 16/09/2011 134.8 MB 12.0.6425.1000
Coupon Printer Couponstar 14/07/2009 1.03 MB 2.0
CyberLink DVD Suite Deluxe CyberLink Corp. 13/10/2008 49.4 MB .1707
DivX Codec DivX, Inc. 01/09/2009 1.30 MB 6.8.5
DivX Converter DivX, Inc. 01/09/2009 45.3 MB 7.1.0
DivX Player DivX, Inc. 01/09/2009 8.26 MB 7.2.0
DivX Plus DirectShow Filters DivX, Inc. 01/09/2009 1.58 MB
DivX Web Player DivX,Inc. 01/09/2009 2.83 MB 1.5.0
eMusic Download Manager 4.1.4 eMusic, Inc. 14/09/2010 18.2 MB 4.1.4
Enhanced Multimedia Keyboard Solution Hewlett-Packard 13/10/2008 6.85 MB
ESET Online Scanner v3 05/05/2011 105.7 MB
FUJIFILM FinePixViewer S Ver.2.1 FUJIFILM Corporation 04/01/2010 164.6 MB 2.1.0.3
Google Chrome Google Inc. 24/12/2008 52.5 MB 15.0.874.106
Google Earth Google 03/06/2011 84.7 MB 6.0.3.2197
Google Toolbar for Internet Explorer Google Inc. 22/08/2011 9.78 MB 7.1.2003.1856
Google Updater Google Inc. 24/03/2009 3.43 MB 2.4.1536.6592
Hardware Diagnostic Tools PC-Doctor, Inc. 13/10/2008 88.0 MB 5.1.4861.15
HP Advisor Hewlett-Packard 15/08/2010 48.8 MB 3.3.12286.3436
HP Customer Experience Enhancements Hewlett-Packard 03/10/2008 0.98 MB 5.6.0.2510
HP Customer Participation Program 10.0 HP 13/11/2008 167.1 MB 10.0
HP Demo Hewlett-Packard 03/10/2008 44.6 MB 1.00.0000
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 HP 13/11/2008 19.9 MB 10.0
HP Easy Setup - Frontend Hewlett-Packard 03/10/2008 2.18 MB 5.7.0.2693
HP Imaging Device Functions 10.0 HP 13/11/2008 3.22 MB 10.0
HP MediaSmart DVD Hewlett-Packard 17/11/2009 48.4 MB 2.2.3309
HP Photosmart Essential 3.0 HP 13/10/2008 3.32 MB 3.0
HP Smart Web Printing 4.60 HP 17/01/2010 8.28 MB 4.60
HP Solution Center 13.0 HP 17/11/2009 3.21 MB 13.0
HP Update Hewlett-Packard 03/10/2008 3.72 MB 4.000.010.008
iPhone Configuration Utility Apple Inc. 14/09/2009 22.4 MB 2.1.0.163
iTunes Apple Inc. 12/09/2011 141.2 MB 10.4.1.10
Java™ 6 Update 24 Sun Microsystems, Inc. 26/08/2009 95.0 MB 6.0.240
Java™ SE Runtime Environment 6 Update 1 Sun Microsystems, Inc. 03/10/2008 167.3 MB 1.6.0.10
LabelPrint CyberLink Corp. 13/10/2008 205 MB 2.2.2913
LightScribe System Software LightScribe 12/10/2009 21.6 MB 1.18.3.2
Malwarebytes' Anti-Malware Malwarebytes Corporation 21/04/2011 4.80 MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 26/02/2009 27.8 MB
Microsoft Office File Validation Add-In Microsoft Corporation 17/10/2011 7.95 MB 14.0.5130.5003
Microsoft Office Home and Student 60 day trial 13/11/2008 1,077 MB
Microsoft Office Live Add-in 1.4 Microsoft Corporation 14/05/2010 0.49 MB 2.0.3008.0
Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 16/09/2011 76.2 MB 12.0.6425.1000
Microsoft Office Standard 2007 Microsoft Corporation 04/09/2009 307 MB 12.0.6425.1000
Microsoft Silverlight Microsoft Corporation 14/10/2011 94.0 MB 4.0.60831.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30/07/2009 0.25 MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18/06/2011 0.29 MB 8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 30/07/2009 0.19 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 15/04/2011 0.58 MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 03/10/2008 2.06 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21/05/2011 0.22 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18/06/2011 0.58 MB 9.0.30729.6161
Microsoft Works Microsoft Corporation 16/12/2010 9.7.0621
MobileMe Control Panel Apple Inc. 06/05/2011 11.3 MB 3.1.6.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16/11/2008 1.28 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26/11/2009 1.34 MB 4.20.9876.0
muvee autoProducer 6.1 muvee Technologies 03/10/2008 148.8 MB 6.10.050
My HP Games WildTangent 13/10/2008 322 MB 1.0.0.52
Nokia Connectivity Cable Driver Nokia 09/01/2009 2.30 MB 6.86.11.0
Nokia PC Suite Nokia 09/01/2009 34.6 MB 6.86.9.4
Norton Security Scan Symantec Corporation 13/03/2011 14.8 MB 3.0.0.103
NVIDIA Drivers NVIDIA Corporation 14/05/2010 1.4
NVIDIA PhysX NVIDIA Corporation 28/02/2009 119.9 MB 9.09.0203
PC Connectivity Solution Nokia 09/01/2009 9.38 MB 8.15.1.0
Power2Go CyberLink Corp. 13/10/2008 136.5 MB 5.6.4109
PowerDirector CyberLink Corp. 03/10/2008 325 MB 6.5.2926
QuickTime Apple Inc. 12/09/2011 73.2 MB 7.70.80.34
Rapport Trusteer 13/11/2011 74.5 MB 3.5.1108.55
RealPlayer RealNetworks 18/11/2008 41.6 MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 03/10/2008 21.1 MB 6.0.1.5789
Safari Apple Inc. 12/09/2011 43.4 MB 5.34.50.0
Shop for HP Supplies HP 13/11/2008 167.1 MB 10.0
Sonos Desktop Controller http://www.sonos.com 06/11/2011 10.9 MB 15.4.44250
Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 09/12/2008 32.5 MB 8.0.0
SPORE Creature Creator Trial Edition Electronic Arts 13/10/2008 2.01 MB 1.00.0000
Spotify 16/08/2011 5.11 MB 0.5.2
System Requirements Lab 28/02/2009 0.73 MB
TomTom HOME 2.7.5.2014 TomTom 24/07/2010 48.9 MB 2.7.5.2014
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 29/08/2009 1.88 MB 1.0.2
Trojan Killer 2.0 GridinSoft, Inc. 21/05/2011 27.8 MB
Windows Driver Package - Nokia Modem (03/05/2008 3.7) Nokia 09/01/2009 03/05/2008 3.7
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) Nokia 09/01/2009 03/13/2008 6.86.0.1
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) Nokia 09/01/2009 10/12/2007 6.85.4.0
Windows Live ID Sign-in Assistant Microsoft Corporation 14/05/2010 4.69 MB 6.500.3146.0
ZoneAlarm Extreme Security Check Point, Inc 30/11/2010 45.1 MB 9.1.603.000

I have Zone Alarm Extreme and it says that I'm running its anti-virus module. Isn't this correct?

Thanks for your help, B

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 21 November 2011 - 03:14 PM

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Brian Butler

Brian Butler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 21 November 2011 - 04:41 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8211

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

21/11/2011 21:33:52
mbam-log-2011-11-21 (21-33-52).txt

Scan type: Quick scan
Objects scanned: 232708
Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\siehu73.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\su71u73.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Brian\AppData\Local\Temp\wpbt0.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Users\Brian\AppData\Local\Temp\0.7424303532785349.exe (Backdoor.Agent) -> Quarantined and deleted successfully.


MiniToolBox by Farbar
Ran by Brian (administrator) on 21-11-2011 at 21:37:23
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : The-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-1F-C6-DB-8F-03
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 18 November 2011 22:06:01
Lease Expires . . . . . . . . . . : 22 November 2011 18:23:25
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.67.103
173.194.67.104
173.194.67.105
173.194.67.106
173.194.67.147
173.194.67.99



Pinging google.com [173.194.67.99] with 32 bytes of data:

Reply from 173.194.67.99: bytes=32 time=50ms TTL=49

Reply from 173.194.67.99: bytes=32 time=51ms TTL=49



Ping statistics for 173.194.67.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 51ms, Average = 50ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=158ms TTL=47

Reply from 209.191.122.70: bytes=32 time=164ms TTL=47



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 158ms, Maximum = 164ms, Average = 161ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=2508ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 2508ms, Average = 1254ms

===========================================================================
Interface List
10 ...00 1f c6 db 8f 03 ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.3 276
192.168.0.3 255.255.255.255 On-link 192.168.0.3 276
192.168.0.255 255.255.255.255 On-link 192.168.0.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/21/2011 07:18:04 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{6D865D9A-155D-4AF8-9F60-AF60FD1C45EF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (11/21/2011 00:19:48 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module NVCPL.DLL, version 8.15.11.8627, time stamp 0x4a4556b6, exception code 0xc0000005, fault offset 0x0020e040,
process id 0x19b0, application start time 0xrundll32.exe0.

Error: (11/20/2011 07:00:11 PM) (Source: Windows Backup) (User: )
Description: File backup failed due to an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check your hardware configuration. (0x81000006).

Error: (11/20/2011 11:28:49 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module NVCPL.DLL, version 8.15.11.8627, time stamp 0x4a4556b6, exception code 0xc0000005, fault offset 0x00215df1,
process id 0x130, application start time 0xrundll32.exe0.

Error: (11/20/2011 11:28:43 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module NVCPL.DLL, version 8.15.11.8627, time stamp 0x4a4556b6, exception code 0xc0000005, fault offset 0x0020e040,
process id 0x1ca8, application start time 0xrundll32.exe0.

Error: (11/20/2011 09:43:14 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module NVCPL.DLL, version 8.15.11.8627, time stamp 0x4a4556b6, exception code 0xc0000005, fault offset 0x0020e040,
process id 0x1368, application start time 0xrundll32.exe0.

Error: (11/20/2011 09:43:13 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module NVCPL.DLL, version 8.15.11.8627, time stamp 0x4a4556b6, exception code 0xc0000005, fault offset 0x0020e040,
process id 0x1ecc, application start time 0xrundll32.exe0.

Error: (11/19/2011 09:04:24 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module NVCPL.DLL, version 8.15.11.8627, time stamp 0x4a4556b6, exception code 0xc0000005, fault offset 0x0020e040,
process id 0x16f8, application start time 0xrundll32.exe0.

Error: (11/18/2011 11:02:18 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (11/18/2011 05:33:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (07/05/2011 10:53:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16184 seconds with 420 seconds of active time. This session ended with a crash.

Error: (05/24/2011 07:20:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 76850 seconds with 3480 seconds of active time. This session ended with a crash.

Error: (04/25/2011 07:55:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 37524 seconds with 420 seconds of active time. This session ended with a crash.

Error: (02/09/2011 10:08:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7738 seconds with 1320 seconds of active time. This session ended with a crash.

Error: (11/24/2010 07:47:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 43388 seconds with 1980 seconds of active time. This session ended with a crash.

Error: (07/06/2010 10:37:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6215 seconds with 240 seconds of active time. This session ended with a crash.

Error: (06/01/2010 02:59:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.5)
AAC Decoder (Version: 7.1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Ad-Aware
Ad-Aware (Version: 9.0.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Reader 8.1.3 (Version: 8.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Advanced Registry Optimizer (Version: 5.3)
albelli photo book creator Extra
Amazon MP3 Downloader 1.0.4
AOL Toolbar 5.0 (Version: 5.2.69.1)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AutoUpdate (Version: 1.1)
BBC iPlayer Desktop (Version: 1.4.13222)
BBC iPlayer Desktop (Version: 1.4.13222.14125)
Bonjour (Version: 3.0.0.2)
BTOffer (Version: 1.00.0000)
BufferChm (Version: 100.0.170.000)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
CCleaner (Version: 3.12)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Copy (Version: 100.0.170.000)
Coupon Printer (Version: 2.0)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink DVD Suite Deluxe (Version: .1707)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.2)
DivX Web Player (Version: 1.5.0)
DJ_AIO_03_F4200_ProductContext (Version: 100.0.215.000)
DJ_AIO_03_F4200_Software (Version: 100.0.206.000)
DJ_AIO_03_F4200_Software_Min (Version: 100.0.213.000)
eMusic Download Manager 4.1.4 (Version: 4.1.4)
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
F4200 (Version: 100.0.206.000)
F4200_Help (Version: 100.0.206.000)
FUJIFILM FinePixViewer S Ver.2.1 (Version: 2.1.0.3)
Google Chrome (Version: 15.0.874.121)
Google Earth (Version: 6.0.3.2197)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.1536.6592)
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 130.0.371.000)
H.264 Decoder (Version: 1.1.0)
Hardware Diagnostic Tools (Version: 5.1.4861.15)
HP Active Support Library (Version: 3.1.6.1)
HP Advisor (Version: 3.3.12286.3436)
HP Customer Experience Enhancements (Version: 5.6.0.2510)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Demo (Version: 1.00.0000)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Easy Setup - Frontend (Version: 5.7.0.2693)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP MediaSmart DVD (Version: 2.2.3309)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Photosmart Essential 3.0 (Version: 3.0)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Recovery Manager RSS (Version: 84.0.0.7)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.010.008)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 100.0.170.000)
iPhone Configuration Utility (Version: 2.1.0.163)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
LabelPrint (Version: 2.2.2913)
LightScribe System Software (Version: 1.18.3.2)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 60 day trial
Microsoft Office Live Add-in 1.4 (Version: 2.0.3008.0)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MKV Splitter (Version: 1.0.1)
MobileMe Control Panel (Version: 3.1.6.0)
MSVC80_x86 (Version: 1.0.1.0)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: 1.0.0.52)
Nokia Connectivity Cable Driver (Version: 6.86.11.0)
Nokia PC Suite (Version: 6.86.9.4)
Norton Security Scan (Version: 3.0.0.103)
NVIDIA Drivers (Version: 1.4)
NVIDIA PhysX (Version: 9.09.0203)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PC Connectivity Solution (Version: 8.15.1.0)
Power2Go (Version: 5.6.4109)
PowerDirector (Version: 6.5.2926)
PSSWCORE (Version: 2.03.0000)
Python 2.5.2 (Version: 2.5.2150)
QuickTime (Version: 7.70.80.34)
Rapport (Version: 3.5.1108.55)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
Safari (Version: 5.34.50.0)
Scan (Version: 10.0.0.0)
Shop for HP Supplies (Version: 10.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sonos Desktop Controller (Version: 15.4.44250)
sp41119
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
SPORE Creature Creator Trial Edition (Version: 1.00.0000)
Spotify (Version: 0.5.2)
Status (Version: 110.0.180.000)
System Requirements Lab
TomTom HOME 2.7.5.2014 (Version: 2.7.5.2014)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 110.0.180.000)
Trojan Killer 2.0
UnloadSupport (Version: 10.0.0)
VC 9.0 Runtime (Version: 1.0.0)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VideoToolkit01 (Version: 110.0.171.000)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebReg (Version: 100.0.170.000)
Windows Driver Package - Nokia Modem (03/05/2008 3.7) (Version: 03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) (Version: 03/13/2008 6.86.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3146.0)
ZoneAlarm Extreme Security (Version: 9.1.603.000)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 3069.77 MB
Available physical RAM: 1442.07 MB
Total Pagefile: 6355.88 MB
Available Pagefile: 3284.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.24 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:583.7 GB) (Free:419.83 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.47 GB) (Free:1.18 GB) NTFS

========================= Users: ========================================

User accounts for \\THE-PC

Administrator Brian Guest
Jessa Katy Rachael

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 21 November 2011 - 09:50 PM

Looks like your NVidia driver needs updating.. If you need help with that ask in Vista upp top.


ZoneAlarm Extreme Security (Version: 9.1.603.000) is installed.


You have some Backdoor infections. So at this point I feel it's important to say this.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Brian Butler

Brian Butler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 22 November 2011 - 05:13 AM

While I was running Malwarebytes last night, a Microsoft Essentials message flashed up saying that it had detected and suspended a severe threat - a backdoor Trojan. At first I wondered if it had just picked up Malwarebytes, but it had a different name so I let ME delete it. Could the Trojan have piggybacked on Malwarebytes or is the timing likely to have been coincidence?

I've just run Malwarebytes again and it hasn't detected any threats this time. I hear what you're saying about the future trustworthiness of the PC, and I've spoken to Amex but they're saying it's entirely up to me whether I cancel my cards etc and that they don't have any set procedures.

I can check my bank and credit card accounts using my mobile phone at any time. I'm considering just keeping an eye on expenditure to save the hassle of reformating etc.

How could the Trojan have got through my firewall and anti-virus?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 22 November 2011 - 04:41 PM

There are many ways to get infections from infected sites to email attachments and Old applications.

How did I get infected

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users