Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have I been hijacked or turned into a Bot? Or Both?


  • Please log in to reply
24 replies to this topic

#1 swens

swens

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 09 June 2013 - 01:00 PM

I have a Toshiba Satellite running Windows XP Home Edition Version 2002, Service Pack 3.  It has 1.60GHz processor and 2GB or RAM.  I've not had this problem before but the system is unresponsive and slow.  I recently upgraded my media player to version 11 and it was working but now when I try to play from various websites the player tells me I don't have enough memory and should close some programs to try again.  Curiously there are no other programs running except my virus software.  I shut that down and the problems persists.  I did run a virus scan and something else that has never happened before shows up.  It tells me that no threats are found but it gives me a list of files that could not be scanned because they are password protected.  However, I don't have any passwords on this machine?  How do I determine if there is a problem and then what to do?

 

Thanks for your support!



BC AdBot (Login to Remove)

 


#2 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 AM

Posted 09 June 2013 - 01:09 PM

You have scanned with which software? If you already haven't scanned with Malwarebytes Anti Malware then do that. Also give me a screenshot of your startup and processes. 


3dsig_zpsd150d538.png

 


#3 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 09 June 2013 - 01:15 PM

Thanks for responding! I am using Avast Free.  I'm doing the Anti malware scan as soon as I write this.  Please tell me how to find the startup and processes screens so I can get you the screenshots you're wanting.



#4 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 AM

Posted 09 June 2013 - 02:00 PM



Thanks for responding! I am using Avast Free.  I'm doing the Anti malware scan as soon as I write this.  Please tell me how to find the startup and processes screens so I can get you the screenshots you're wanting.

To get the processes tab open, right click on the taskbar and click on 'Start Task Manager'. Next, click on the processes tab and take a screenshot of every process listed. 

To get a screenshot of the startup, do the following: 

 
  • Go to run and type 'Msconfig'. 

  • Go to the startup tab, and print screen all that you find within it and post it here.

Also, post the Malwarebytes log, once the scanning is done. 
Regards,
Abcd. 

Edited by im abcd, 09 June 2013 - 02:00 PM.

3dsig_zpsd150d538.png

 


#5 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 09 June 2013 - 07:57 PM

Here is the Malwarebytes log however, I am unable to take a screenshot.  I'm using windows XP and according to everything I've read, I've tried both pressing the Alt+Print Screen as well as print screen by itself and when I go to paste there are no choices.  It will not paste.  I've even tried to paste in a notepad window without success.  Any suggestions?

 

 

 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Robert Swensen :: SWENSEN [administrator]

Protection: Enabled

6/9/2013 7:13:54 PM
mbam-log-2013-06-09 (19-13-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208250
Time elapsed: 15 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#6 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 AM

Posted 10 June 2013 - 05:12 AM

You could download this utility to grab a screenshot and instantly upload it. 


3dsig_zpsd150d538.png

 


#7 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 10 June 2013 - 11:28 AM

Thanks! I will do so as soon as I get home from work tonight! Wish I could figure out why I can't do it the way it's supposed to but whatever gets you the information. I'm thinking it might have something to do with the memory message I've been getting, maybe? We'll see. Talk at you later.

#8 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 10 June 2013 - 07:45 PM

Well, bad news.  This isn't working either.  It lets me take the shot but in no way will it let me paste it anywhere. It doesn't even give me a paste command.  I am totally at a loss as to what to do or how to complete this task.



#9 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 10 June 2013 - 07:56 PM

OK, sorry for all that, I think I've got this figured out.  Here are the links for the related screenshots and you already have the malwarebytes log.  Let me know what else I must do.

 

 

Task Manager #1:  http://prntscr.com/19bew4

Task Manager #2: http://prntscr.com/19bf4d

msconfig #1: http://prntscr.com/19bf8j

msconfig #2: http://prntscr.com/19bfcr

msconfig #3: http://prntscr.com/19bfgj



#10 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 AM

Posted 11 June 2013 - 12:29 PM

The processes seem fine to me, but lets take a look at the blank entry in the start up.If you do not use Windows messenger every time you boot up, disable the msmsgs. Before looking into the blank entry, lets run through the following: 

Post the log of JRT. After doing so, do the following: 

  • Press Windows + R and the run prompt will pop up. Type in, 'regedit'. 

  • Browse to Hkey_Local_Machine - Software -  Microsoft - Windows - Current Version - Run. 

  • Take a screen shot and post here. 


3dsig_zpsd150d538.png

 


#11 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 12 June 2013 - 08:22 PM

Sorry it took me so long to respond but I could not get the TFC to work at all.  It kept freezing and "not responding".  Finally I started the computer in safe mode and then it worked.  I only just finished so I'm posting the requested information here now.  Thanks!

 

Junkware Removal Log;

 

http://prntscr.com/19o16l

 

■Hkey_Local_Machine - Software -  Microsoft - Windows - Current Version - Run;

 

http://prntscr.com/19o1y0



#12 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 AM

Posted 13 June 2013 - 04:07 AM



Sorry it took me so long to respond but I could not get the TFC to work at all.  It kept freezing and "not responding".  Finally I started the computer in safe mode and then it worked.  I only just finished so I'm posting the requested information here now.  Thanks!

 

Junkware Removal Log;

 

http://prntscr.com/19o16l

 

■Hkey_Local_Machine - Software -  Microsoft - Windows - Current Version - Run;

 

http://prntscr.com/19o1y0

You seem have a variant of Freeze.com. Lets run through Adw Cleaner.Post its logs too. 

Regards,

Abcd. 


3dsig_zpsd150d538.png

 


#13 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 13 June 2013 - 07:32 PM

Here is the log for adw cleaner.  You did not mention if you wanted me to run the delete option so I only did the search.  Should I now do the delete?

 

 

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 19:29:42
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Robert Swensen - SWENSEN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Robert Swensen\Local Settings\Temporary Internet Files\Content.IE5\REKQZE5Z\AdwCleaner[1].exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1767 octets] - [13/06/2013 19:29:42]

########## EOF - C:\AdwCleaner[R1].txt - [1827 octets] ##########



#14 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 AM

Posted 14 June 2013 - 07:53 AM

Here is the log for adw cleaner.  You did not mention if you wanted me to run the delete option so I only did the search.  Should I now do the delete?

 

 

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 19:29:42
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Robert Swensen - SWENSEN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Robert Swensen\Local Settings\Temporary Internet Files\Content.IE5\REKQZE5Z\AdwCleaner[1].exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1767 octets] - [13/06/2013 19:29:42]

########## EOF - C:\AdwCleaner[R1].txt - [1827 octets] ##########

Yes delete those entries. Also, have you noticed any performance increase or is the problem still persisting? 


3dsig_zpsd150d538.png

 


#15 swens

swens
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 14 June 2013 - 09:50 AM

So, to be clear. I run the search again and then hit the delete button or do I start with the delete button?

By the way, I have notice better performance as well.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users