Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow running compter


  • This topic is locked This topic is locked
14 replies to this topic

#1 adek

adek

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 18 August 2012 - 12:02 PM

Hi,I need some help with my slow running computer.
Programs are slow to start and respond slowly,somtimes the screen freezes.
I have done a scan with avg, malwarebytes but the problems are still happening
Thanks

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 22 August 2012 - 04:51 AM

Hello and welcome to BleepingComputer! :)



I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce.


As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us.

If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature).
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.



Please generate another DDS log (download it from http://download.bleepingcomputer.com/sUBs/dds.com'>here if you haven't already) and post it in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.



Thank you very much for your patience.




Regards,

Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 adek

adek
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 23 August 2012 - 01:41 AM

Hi,
Thanks here is the dds log




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Ade at 7:17:01 on 2012-08-23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1526 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Google Update] "c:\documents and settings\ade\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A994C2D7-745D-4B1C-8EE0-E22681EF1E5A} : DhcpNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ade\application data\mozilla\firefox\profiles\lgathce1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
FF - plugin: c:\documents and settings\ade\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 31704]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-12-12 116368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-12-12 41424]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1983232]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2010-9-20 149376]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-16 135664]
S2 PIEUsb;Single Frame Film Scanner;c:\windows\system32\drivers\usbscan.sys [2011-12-1 15104]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-17 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-16 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-12 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-10-29 103888]
.
=============== Created Last 30 ================
.
2012-08-20 03:40:01 -------- d-----w- c:\program files\Ask.com
2012-08-20 03:39:29 -------- d-----w- c:\program files\BitTorrent
2012-08-19 08:53:54 40960 ----a-w- c:\windows\system32\F5D7051.dll
2012-08-19 08:53:54 29184 ----a-w- c:\windows\system32\drivers\RNDISMPK.sys
2012-08-19 08:53:54 13824 ----a-w- c:\windows\system32\drivers\usb8023k.sys
2012-08-19 08:53:41 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2012-08-19 08:53:41 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2012-08-19 08:53:41 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2012-08-19 08:53:33 -------- d-----w- c:\program files\Belkin
2012-08-19 08:22:03 -------- dc----w- C:\TDSSKiller_Quarantine
2012-08-05 07:40:14 580608 ----a-w- c:\program files\microsoft games\flight simulator 9\uk2000 scenery\uk2000 east midlands free\uninstall.exe
2012-08-05 07:35:26 580608 ----a-w- c:\program files\microsoft games\flight simulator 9\uk2000 scenery\uk2000 heathrow xtreme free\uninstall.exe
2012-07-29 17:24:27 -------- d-----w- c:\windows\{16D3778B-2A5E-481D-B7DC-FA4A68496C97}
.
==================== Find3M ====================
.
2012-08-14 23:42:32 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 23:42:31 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 12:46:44 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 02:38:19 90112 -c--a-w- c:\windows\DUMP3747.tmp
.
============= FINISH: 7:20:34.10 ===============

#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 24 August 2012 - 03:31 AM

Did you try running a scan with GMER? :)

EDIT: DDS should have produced a second long, Attach.txt. If you can find it, please post it within your next reply.



Elle

Edited by Blind Faith, 24 August 2012 - 03:46 AM.

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 adek

adek
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 27 August 2012 - 04:36 PM

Here are the logs,Thanks


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Ade at 9:00:08 on 2012-08-26
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1585 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Google Update] "c:\documents and settings\ade\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B375E377-B657-4491-9081-B0D97F65613B} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ade\application data\mozilla\firefox\profiles\lgathce1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
FF - plugin: c:\documents and settings\ade\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 31704]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-12-12 116368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-12-12 41424]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1983232]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2010-9-20 149376]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-16 135664]
S2 PIEUsb;Single Frame Film Scanner;c:\windows\system32\drivers\usbscan.sys [2011-12-1 15104]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-17 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-16 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 1139040]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-12 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-10-29 103888]
.
=============== Created Last 30 ================
.
2012-08-25 11:42:10 -------- d-----w- c:\windows\system32\NtmsData
2012-08-25 11:37:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-08-25 10:11:09 -------- d-----w- c:\documents and settings\all users\application data\Ralink Driver
2012-08-20 03:40:01 -------- d-----w- c:\program files\Ask.com
2012-08-20 03:39:29 -------- d-----w- c:\program files\BitTorrent
2012-08-19 08:53:54 40960 ----a-w- c:\windows\system32\F5D7051.dll
2012-08-19 08:53:54 29184 ----a-w- c:\windows\system32\drivers\RNDISMPK.sys
2012-08-19 08:53:54 13824 ----a-w- c:\windows\system32\drivers\usb8023k.sys
2012-08-19 08:53:41 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2012-08-19 08:53:41 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2012-08-19 08:53:41 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2012-08-19 08:53:33 -------- d-----w- c:\program files\Belkin
2012-08-19 08:22:03 -------- dc----w- C:\TDSSKiller_Quarantine
2012-07-29 17:24:27 -------- d-----w- c:\windows\{16D3778B-2A5E-481D-B7DC-FA4A68496C97}
.
==================== Find3M ====================
.
2012-08-14 23:42:32 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 23:42:31 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 12:46:44 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 02:38:19 90112 -c--a-w- c:\windows\DUMP3747.tmp
.
============= FINISH: 9:04:47.02 ===============











.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 01/10/2009 01:34:30
System Uptime: 26/08/2012 07:12:23 (2 hours ago)
.
Motherboard: FUJITSU SIEMENS | | D1381
Processor: Intel® Pentium® 4 CPU 2.00GHz | CPU | 1994/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 1.504 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 0.688 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_10011734&REV_81\4&25296D99&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_10011734&REV_81\4&25296D99&0&40F0
Service:
.
Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
Description: M-Systems DiskOnChip 2000
Device ID: ROOT\MTD\0000
Manufacturer: M-Systems Flash Disk Pioneers
Name: M-Systems DiskOnChip 2000
PNP Device ID: ROOT\MTD\0000
Service: tffsport
.
==== System Restore Points ===================
.
RP863: 10/08/2012 08:25:20 - System Checkpoint
RP864: 14/08/2012 02:20:56 - System Checkpoint
RP865: 15/08/2012 02:36:16 - System Checkpoint
RP866: 17/08/2012 22:12:30 - System Checkpoint
RP867: 18/08/2012 22:59:14 - Removed Belkin High-Speed Mode Wireless G USB Network Adapter
RP868: 18/08/2012 23:01:22 - Installed Belkin High-Speed Mode Wireless G USB Network Adapter
RP869: 19/08/2012 07:52:39 - Configured Belkin F5D8053 N Wireless USB Adapter
RP870: 19/08/2012 07:55:54 - Removed Belkin High-Speed Mode Wireless G USB Network Adapter
RP871: 19/08/2012 07:57:39 - Removed Ralink Wireless LAN
RP872: 19/08/2012 08:24:45 - Installed Belkin High-Speed Mode Wireless G USB Network Adapter
RP873: 19/08/2012 08:52:45 - Removed Belkin High-Speed Mode Wireless G USB Network Adapter
RP874: 19/08/2012 08:55:25 - Installed Belkin High-Speed Mode Wireless G USB Network Adapter
RP875: 19/08/2012 09:16:08 - Removed Belkin High-Speed Mode Wireless G USB Network Adapter
RP876: 19/08/2012 09:53:33 - Installed Belkin High-Speed Mode Wireless G USB Network Adapter
RP877: 19/08/2012 10:08:20 - Installed Belkin F5D8053 N Wireless USB Adapter
RP878: 21/08/2012 02:14:51 - System Checkpoint
RP879: 22/08/2012 02:18:05 - System Checkpoint
RP880: 23/08/2012 05:42:31 - System Checkpoint
RP881: 24/08/2012 06:17:03 - System Checkpoint
RP882: 25/08/2012 06:51:04 - System Checkpoint
RP883: 25/08/2012 11:11:05 - Installed Ralink Wireless LAN
.
==== Installed Programs ======================
.
.
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Antilles 2004 v1.1 Int
Ask Toolbar
Audacity 1.2.6
AVG 2012
Belkin High-Speed Mode Wireless G USB Network Adapter
Belkin F5D8053 N Wireless USB Adapter
Ben Gurion Airport 2006
BitTorrent
BlackBerry App World Browser Plugin
BlackBerry Device Software v5.0.0 for the BlackBerry 8900 smartphone
BlackBerry Device Software v5.0.0 for the BlackBerry 9500 smartphone
BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
BufferChm
Burn4Free CD and DVD
CCleaner
COMODO Internet Security
CustomerResearchQFolder
CyberView X - SF v1.17k
D1300
D1300_Help
DeviceManagementQFolder
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
EditVoicepack
eFax Messenger
eSupportQFolder
Free Mp3 Wma Converter V 1.8.0
FS9 Configurator
Game Booster
Google Chrome
Google Earth Plug-in
Google Update Helper
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
IFSD Irish Scenery
Intel® Extreme Graphics Driver
ISD PROJECT LIML2004
Java Auto Updater
Java™ 6 Update 31
Java™ 6 Update 6
Java™ 7 Update 5
JavaFX 2.1.1
KPHL FS9
LAME v3.98.2 for Audacity
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
MediaMonkey 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Motorola Phone Tools
Mozilla Firefox 14.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSXML 6.0 Parser (KB933579)
OpenOffice.org 3.3
PC Connectivity Solution
PowerISO
Ralink RT2870 Wireless LAN Card
RealUpgrade 1.0
Remove UK2000 Edinburgh FREE files
Remove UK2000 Gatwick FREE files
SA22xx Device Manager
Samsung Mobile Modem Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem Software
Shareaza 2.6.0.0
Simmer's Sky - Japanese Airports vol.1
Simmer's Sky - Japanese Airports vol.2
Simmer's Sky - Japanese Airports vol.3
Simmer's Sky - Japanese Airports vol.4
Simmer's Sky - Japanese Airports vol.5
Simmer's Sky - Japanese Airports vol.6
Simmer's Sky - Japanese Airports vol.7
Simmer's Sky - Japanese Airports vol.8
Simmer's Sky - Japanese Airports vol.9
SolutionCenter
Sophos Virus Removal Tool
SoundMAX
Status
Sun VirtualBox
TAXI2GATE MMMX FS2004 ALEXBANDA
TBPB v1.1.1 for FS9
TJSJ v1.1.1 for FS9
Toolbox
TrayApp
UK2000 East Midlands FREE FS9
UK2000 Heathrow Xtreme Free FS9
UK2000 Manchester FREE FS2004 Uninstall
UK2000 Manchester Xtreme FS9
Ulead Photo Express 5 SE
Unload
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.4
WebFldrs XP
WebReg
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Driver Package - PIE Image 10/22/2002 1.1.1
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 2
WinRAR archiver
XP TCP/IP Repair 2.1
.
==== Event Viewer Messages From Past Week ========
.
26/08/2012 07:37:56, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001150C27F95. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
26/08/2012 07:28:16, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
26/08/2012 07:19:36, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
26/08/2012 07:17:52, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: kl1 tffsport
26/08/2012 07:17:51, error: Service Control Manager [7000] - The Single Frame Film Scanner service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
26/08/2012 07:17:51, error: Service Control Manager [7000] - The Scutum50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================



















GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-26 09:11:53
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c SAMSUNG_SP40A2H rev.RR100-06
Running: gmer.exe; Driver: C:\DOCUME~1\Ade\LOCALS~1\Temp\pgliapoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 61
Disk \Device\Harddisk0\DR0 PE file @ sector 78220485

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xAFA67830]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xAFA67A86]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

Edited by adek, 27 August 2012 - 04:37 PM.


#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 28 August 2012 - 03:36 PM

Hi there,



Please open Malwarebytes' Anti-Malware and update it from the Update tab.

  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.[/list]




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 02 September 2012 - 06:18 AM

Hi there,



Do you still need help? It's been a while since we got a reply from you.





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#8 adek

adek
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 03 September 2012 - 11:30 PM

Hi
Yes I do still need help
Here is the Malwarebytes log
Thanks

#9 adek

adek
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 04 September 2012 - 12:00 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.04.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Ade :: COMPUTER1 [administrator]

04/09/2012 05:35:39
mbam-log-2012-09-04 (05-35-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223377
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 04 September 2012 - 02:13 PM

Hi there,



Your Microsoft Windows installation is out of date. Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure. Out-of-date Windows installations represent a risk to your system and are also a conduit for the spread of malware.

You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.





==============================================================================================



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.




How is your system behaving now?





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#11 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 08 September 2012 - 11:09 AM

Hi,




Do you still need help? Please let us know, it's been a while since you last replied.





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#12 adek

adek
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 10 September 2012 - 02:50 PM

Hi,
Yes I still need help, here is the eset scan report,
Thanks




D:\FSAddons\Misc\gamebooster.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\UTILITIES\Media.Player.Codec.Pack.V3.3.1.Setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
D:\UTILITIES\Setup_FreeConverter.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
D:\UTILITIES\SmileyCentralPFSetup2.3.69.8.NoSA.NoHP.ZNfox000.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
D:\UTILITIES\Unlocker1.9.0.exe multiple threats cleaned by deleting - quarantined
D:\UTILITIES\Dell OptiPlex GX270\Security\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
D:\UTILITIES\Dell OptiPlex GX270\Utilities\Media.Player.Codec.Pack.V3.3.1.Setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
D:\UTILITIES\Dell OptiPlex GX270\Utilities\Setup_FreeConverter.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
D:\UTILITIES\PowerISO.v4.1.Incl.Keymaker-AGAiN\ag-3427a.zip a variant of Win32/Keygen.AF application deleted - quarantined



Thanks

#13 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 10 September 2012 - 02:51 PM

How is your system behaving now?




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#14 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:19 AM

Posted 13 September 2012 - 01:44 PM

Hi,



Do you still need help? It's been a while since you last replied.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:19 AM

Posted 16 September 2012 - 03:47 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users