Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected notebook needs your help with thanks in advance :(


  • This topic is locked This topic is locked
5 replies to this topic

#1 555kerim

555kerim

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 12 March 2013 - 07:16 AM

Hello BleepingComputer Team!

 

I'm contacting you from my laptop acer4315.
The problem is on my daughter's emachines notebook
and for wich I ask for your precious helps.

PROBLEM >
recently emachines notebook started to slow down considerably,

then couldn't go on the internet anymore and/or couldn't get to

logged/directed on sites.

WHAT I DID? >
1. scan&clean with SUPERAntiSpyware

2. scan&clean with Malwarebytes Anti-Malware

 

3. scan with DDS

 

Here's my dds.txt >>>

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.15.2
Run by ayca bahtoğlu at 13:56:13 on 2013-03-12
Microsoft Windows XP Home Edition  5.1.2600.3.1254.90.1055.18.1013.468 [GMT 2:00]
.
AV: avast! Internet Security *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
FW: avast! Internet Security *Disabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\dsiwmis.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\WebCam\S6000\S6000Mnt.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=041f&m=em350&r=0xph1110n655l0474wu05r46l2r95o
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DtCyEtCyDzy0E0F0FtAyDtN0D0TzutBtDtCtBtDyBtBzz&cr=850974943
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=041f&m=em350&r=0xph1110n655l0474wu05r46l2r95o
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Oturum Açma Yardım Aracı: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Microsoft Excel'e &Ver - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{36BFC670-98D4-456A-ABAD-1009749EC12D} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ayca bahtoğlu\application data\mozilla\firefox\profiles\3k3rf25w.default\
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-12-1 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-12-1 199320]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-12-1 106560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-12-1 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-19 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-19 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2013-3-11 22064]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-2-21 1236336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-19 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-12-1 133912]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-5-18 312400]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-12 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-12 682344]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2013-3-11 66344]
R2 Updater Service;Updater Service;c:\program files\emachines\emachines updater\UpdaterService.exe [2010-5-17 243232]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-3-11 35896]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-5-18 60456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-12 21104]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [2010-11-18 3221120]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-19 44808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-17 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-5-17 108752]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscvusb.sys [2011-7-11 103552]
.
=============== Created Last 30 ================
.
2013-03-12 09:51:32    --------    d-----w-    c:\documents and settings\ayca bahtoğlu\application data\Malwarebytes
2013-03-12 09:50:00    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-03-12 09:49:58    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-12 09:49:58    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-03-12 08:07:38    --------    d-----w-    c:\documents and settings\ayca bahtoğlu\application data\SUPERAntiSpyware.com
2013-03-12 08:06:51    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-03-12 08:06:51    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-03-11 21:40:16    --------    d-----w-    c:\program files\VS Revo Group
2013-03-11 18:17:15    35896    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-03-11 18:11:28    --------    d-----w-    c:\documents and settings\ayca bahtoğlu\application data\Ad-Aware Antivirus
2013-03-11 18:10:55    --------    d-----w-    c:\documents and settings\all users\application data\Ad-Aware Antivirus
2013-03-11 18:09:09    66344    ----a-w-    c:\windows\system32\drivers\sbapifs.sys
2013-03-11 18:09:09    22064    ----a-w-    c:\windows\system32\drivers\sbaphd.sys
2013-03-11 18:09:01    --------    d-----w-    c:\windows\system32\drivers\VDD
2013-03-11 18:09:01    --------    d-----w-    c:\program files\Ad-Aware Antivirus
2013-03-11 17:53:46    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-03-11 17:53:46    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-03-11 17:51:22    --------    d-----w-    c:\program files\Mozilla Firefox(2).bak
2013-03-10 08:35:25    --------    d-----w-    c:\program files\Pixia
2013-03-03 13:38:30    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-03-03 13:38:21    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-01 10:47:05    --------    d-----w-    c:\windows\pss
2013-02-18 16:10:12    --------    d--h--r-    c:\documents and settings\ayca bahtoğlu\Recent
2013-02-15 13:15:37    --------    d-----w-    c:\documents and settings\ayca bahtoğlu\application data\Funmoods
.
==================== Find3M  ====================
.
2013-03-03 13:38:00    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-03 13:38:00    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-02-27 06:32:21    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-27 06:32:19    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55:37    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-07 07:24:22    2150912    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 07:24:22    2029568    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:09:16    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:48:58    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:48:58    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-26 20:06:04    916480    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:06:03    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:06:02    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:42:08    385024    ----a-w-    c:\windows\system32\html.iec
2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
.
============= FINISH: 13:58:14,00 ===============
 

 

 

 

 

I hope I did everything wright to ease your work.
I thank you in advance and looking forward for your
advices.

Thanks,

555kerim

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,664 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:09 AM

Posted 14 March 2013 - 07:02 AM

Hello 555kerim and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

 IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
===================================================

Multiple antiviruses

You are running Avast and Ad-Aware, (Ad-Aware now includes antivirus protection).

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

I would suggest you uninstall Ad-Aware.

  • click on Start, Settings, Control Panel
  • double-click Add or Remove Programs
  • scroll down the list click on AdAware or Lavasoft AdAware and then on Remove.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

Logs to include in the next post:

AdwCleaner log
JRT.txt


Thanks

Satchfan

 


Edited by satchfan, 14 March 2013 - 07:19 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 555kerim

555kerim
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 14 March 2013 - 05:26 PM

I thank you very much Satchfan.

 

I'm afraid I have to start all over again before

executing your advices because when I put

on the notebook today some programs have

deleted themselves.

 

I work late, that's why I'm going to come back

continue this tomorrow evening.

 

I really regret I couldn't do it now.

Big thanks again.

See you tomorrow.

 

555kerim



#4 satchfan

satchfan

  • Malware Response Team
  • 2,664 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:09 AM

Posted 14 March 2013 - 06:18 PM

No problem and thank you for letting me know.

 

I'll wait to hear from you tomorrow.

 

Satchfan.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,664 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:09 AM

Posted 17 March 2013 - 05:16 AM

555kerim

 

It has been several days since I replied to your request for help.

 

Please let me know if you are having problems and still need help.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,664 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:09 AM

Posted 18 March 2013 - 04:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users