Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC random freeze for few seconds and firefox slow


  • Please log in to reply
10 replies to this topic

#1 accacca

accacca

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 02 December 2013 - 04:10 PM

I have a problem with my PC is very slow and sometimes gets stuck for a few seconds
Even the internet browsing often freezes for a few seconds before opening a new page.

Initially I thought a cleaning problem I used ccleaner to clean up the disk but nothing has changed .
After reading  another forum I tried to do a scan with panda cloud antivirus but, after download, I start the scan program the PC always reset.

I have installed avira professional that is always updated and comodo firewall

The scan with Avira has detected a problem
C: \ Documents and Settings \ Compaq_Proprietario \ Application Data \ Thunderbird \ Profiles \ b1kh4bjy.default \ ImapMail \ in.alice.it \ INBOX
  
[ DETECTION ] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen2
  
[WARNING ] The file was ignored .

 

But the inbox file has the date of 2011 and never before been reported as a virus.

Sometimes after a long freeze ( 30/40seconds)appears a windows error message and tell me that a program will be closed ( I think it is avira web protection) but PC continues to run.

 

sorry for the bad explanation, but unfortunately I have not identified a specific problem only a random slowing.

 

My PC is Win XP SP3 with Avira Professional antivirus - Firefox Browser



BC AdBot (Login to Remove)

 


#2 accacca

accacca
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 14 December 2013 - 04:25 AM

Update:

 

Situation degenerate...

In all web page  some word appear in green and have a double underline When mouse pass on the word autmatically open a new small window with Spyware removal info

 

I have downloaded Adwcleaner but after restart PC always start a windows installer program (and always I press cancel for stopping it)

 

The avira mail service does not start and umbrella in tray icon is closed

 

thanks in advance  for help

 

 



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:38 AM

Posted 14 December 2013 - 05:48 AM

I have a problem with my PC is very slow and sometimes gets stuck for a few seconds
Even the internet browsing often freezes for a few seconds before opening a new page.

Initially I thought a cleaning problem I used ccleaner to clean up the disk but nothing has changed .

Trying to use any Registry Cleaner will make your problem worse than it already is.

CCleaner should only ever be used to remove Temp Files (not registry cleaning)

 

All XP operating systems are now operating slower, and this will continue over the next year ........

 

Re: Your Underlined pop-up advertising problems -

Are the double-underlined words that you are referring to like the example provided in This topic (Post #1)?
 If so, this is called In-text advertising and it is very common.

Kontera and Vibrant are two of the more popular advertising networks that provide in-text advertising and information services.

 

======= < This is a typical example of the lines (without the word and pop up)

See the full topic post HERE

 

 

 (Credit to quietman7 for the text)

----------------------------------------------------------------------------------------------------------------

Re : Your first mentioned problems -

Remove Firefox as it is an Add-on program, and use Internet Explorer first (your Default browser)

Uninstall Avira AntiVir for the moment and install Microsoft Security Essentials for now.

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox to desktop to run it.
Checkmark following boxes:
* List content of Hosts
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Click Go and post the result. (result.txt)

 

Last -

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions (only post the link)

 

Thank You -


Edited by noknojon, 14 December 2013 - 05:50 AM.


#4 accacca

accacca
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 14 December 2013 - 06:06 AM

Ok Thanks for reply I need time just ready I post the results)
thanks again



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:38 AM

Posted 14 December 2013 - 06:16 AM

No Problems -

Take your time, and always ask if you want help in any way, or have general questions -

 

Thank You -



#6 accacca

accacca
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 14 December 2013 - 08:31 AM

I followed the instructions below logs
Before I have to make a short introduction: (I hope this elp you to understand the problem)
This morning I wanted to remove the annoying in-text advertising
I have read a few posts on the bleeping forum and I decided to do a scan with ADWCleaner.

By choosing the link I got to the download page but unfortunately I downloaded (...and executed) a wrong program
Is name ADWCleaner__(random string I think).exe

 

The system event list report an error near this time:

....

Path Found: file:C:\WINDOWS\tasks\AmiUpdXp.job;file:C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\SwvUpdater\Updater.exe;taskscheduler:C:\WINDOWS\tasks\AmiUpdXp.job
  Alert Type: Unclassified software
  Detection Type:
....

 

Same thing happened using the links in post # 3 I have downloaded
SecuirtyCheck__2594_il9979442.exe
as indicated in the instructions I removed firefox and Avira and insalled microsoft essential

 

Downloaded the correct programs I have the logs:

 

 

Checkup.txt

Results of screen317's Security Check version 0.99.77 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 ESET Online Scanner v3  
 Microsoft Security Essentials   
`````````Anti-malware/Other Utilities Check:`````````
 Windows Defender   
 CCleaner    
 Java 7 Update 40 
 Java™ 6 Update 5 
 Java 2 Runtime Environment, SE v1.4.2_03
 Java version out of Date!
 Adobe Flash Player  11.9.900.152 
 Mozilla Thunderbird (3.1.19) Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 23% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Result.txt

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Compaq_Proprietario (administrator) on 14-12-2013 at 14:06:25
Running from "C:\Documents and Settings\Compaq_Proprietario\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

127.0.0.1       localhost

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/14/2013 09:41:58 AM) (Source: Application Error) (User: )
Description: Applicazione che ha provocato l'errore avgnt.exe, versione 14.0.1.645, modulo che ha provocato l'errore avgnt.exe, versione 14.0.1.645, indirizzo errore 0x0000badc.
Elaborazione evento specifico al supporto per [avgnt.exe!ws!] in corso

Error: (12/12/2013 08:05:40 PM) (Source: crypt32) (User: )
Description: Impossibile eseguire il recupero con aggiornamento automatico del numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> a causa del seguente errore: Il server specificato non può effettuare l'operazione richiesta.

Error: (12/12/2013 08:05:40 PM) (Source: crypt32) (User: )
Description: Impossibile eseguire il recupero con aggiornamento automatico del numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> a causa del seguente errore: Timeout. Operazione non riuscita.

Error: (12/12/2013 08:05:04 PM) (Source: crypt32) (User: )
Description: Impossibile eseguire il recupero con aggiornamento automatico del numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> a causa del seguente errore: Il server specificato non può effettuare l'operazione richiesta.

Error: (12/12/2013 08:05:04 PM) (Source: crypt32) (User: )
Description: Impossibile eseguire il recupero con aggiornamento automatico del numero di sequenza dell'elenco principale di altri produttori da: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> a causa del seguente errore: Timeout. Operazione non riuscita.

Error: (12/11/2013 08:25:49 PM) (Source: WmiAdapter) (User: BUILTIN)
Description: Impossibile aprire il servizio.

Error: (12/11/2013 11:04:44 AM) (Source: Application Error) (User: )
Description: Applicazione che ha provocato l'errore avwebgrd.exe, versione 14.0.0.383, modulo che ha provocato l'errore avwebgrd.exe, versione 14.0.0.383, indirizzo errore 0x0008a4dd.
Elaborazione evento specifico al supporto per [avwebgrd.exe!ws!] in corso

Error: (12/10/2013 02:40:29 PM) (Source: Application Error) (User: )
Description: Applicazione che ha provocato l'errore iaridepm.exe, versione 6.6.5.2892, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055, indirizzo errore 0x00011129.
Elaborazione evento specifico al supporto per [iaridepm.exe!ws!] in corso

Error: (12/09/2013 02:42:24 PM) (Source: Avira Antivirus) (User: NT AUTHORITY)
Description: UB0011 (192.168.1.54)Si è verificato un errore durante il download.

Error: (12/09/2013 01:42:23 PM) (Source: Avira Antivirus) (User: NT AUTHORITY)
Description: UB0011 (192.168.1.54)Si è verificato un errore durante il download.

System errors:
=============
Error: (12/14/2013 02:05:04 PM) (Source: Dhcp) (User: )
Description: Il lease 192.168.1.54 dell'indirizzo IP della scheda di rete con indirizzo 0011D8DEECCF è stato
negato dal server DHCP 0.0.0.0. Il server DHCP ha inviato un messaggio DHCPNACK.

Error: (12/14/2013 00:19:07 PM) (Source: 0) (User: )
Description:

Error: (12/14/2013 00:15:45 PM) (Source: Service Control Manager) (User: )
Description: Servizio Gestione applicazione terminato con l'errore:
%%126

Error: (12/14/2013 00:15:45 PM) (Source: Service Control Manager) (User: )
Description: Servizio Gestione applicazione terminato con l'errore:
%%126

Error: (12/14/2013 00:15:45 PM) (Source: Service Control Manager) (User: )
Description: Servizio Gestione applicazione terminato con l'errore:
%%126

Error: (12/14/2013 00:15:44 PM) (Source: Service Control Manager) (User: )
Description: Servizio Gestione applicazione terminato con l'errore:
%%126

Error: (12/14/2013 00:15:44 PM) (Source: Service Control Manager) (User: )
Description: Servizio Gestione applicazione terminato con l'errore:
%%126

Error: (12/14/2013 00:15:44 PM) (Source: Service Control Manager) (User: )
Description: Servizio Gestione applicazione terminato con l'errore:
%%126

Error: (12/14/2013 00:15:44 PM) (Source: Service Control Manager) (User: )
Description: Servizio Gestione applicazione terminato con l'errore:
%%126

Error: (12/14/2013 00:15:44 PM) (Source: Service Control Manager) (User: )
Description: Servizio Gestione applicazione terminato con l'errore:
%%126

Microsoft Office Sessions:
=========================
Error: (12/14/2013 09:41:58 AM) (Source: Application Error)(User: )
Description: avgnt.exe14.0.1.645avgnt.exe14.0.1.6450000badc

Error: (12/12/2013 08:05:40 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtIl server specificato non può effettuare l'operazione richiesta.

Error: (12/12/2013 08:05:40 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtTimeout. Operazione non riuscita.

Error: (12/12/2013 08:05:04 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtIl server specificato non può effettuare l'operazione richiesta.

Error: (12/12/2013 08:05:04 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtTimeout. Operazione non riuscita.

Error: (12/11/2013 08:25:49 PM) (Source: WmiAdapter)(User: BUILTIN)
Description:

Error: (12/11/2013 11:04:44 AM) (Source: Application Error)(User: )
Description: avwebgrd.exe14.0.0.383avwebgrd.exe14.0.0.3830008a4dd

Error: (12/10/2013 02:40:29 PM) (Source: Application Error)(User: )
Description: iaridepm.exe6.6.5.2892ntdll.dll5.1.2600.605500011129

Error: (12/09/2013 02:42:24 PM) (Source: Avira Antivirus)(User: NT AUTHORITY)
Description: UB0011 (192.168.1.54)Si è verificato un errore durante il download.

Error: (12/09/2013 01:42:23 PM) (Source: Avira Antivirus)(User: NT AUTHORITY)
Description: UB0011 (192.168.1.54)Si è verificato un errore durante il download.

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
7500_7600_7700_Help1 (Version: 1.00.0000)
7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Actalis Kit v. 5.1.9
ActiveState ActiveTcl 8.5.9.2 (Version: 8.5.9.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Agere Systems PCI Soft Modem
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2482017) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2497640) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2530548) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2559049) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2647516) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2699988) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2722913) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2761465) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2792100) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2797052) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2829530) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2838727) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2846071) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2847204) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2862772) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2870699) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2879017) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2888505) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2898785) (Version: 1)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381) (Version: 1)
Aggiornamento per Windows Internet Explorer 8 (KB2447568) (Version: 1)
Altium Designer Summer 09 (Version: 9.3.1.19182)
Alt-N ComAgent (Version: 13.0.4)
Amelie SDK v1.6.0.54
Bit4id - Universal MW 2011 1.2.16.1 (Version: 1.2.16.1)
Bonjour (Version: 2.0.4.0)
bpd_scan_Carrier (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
Brother P-touch Editor 4.2 (Version: 4.2.012)
BufferChm (Version: 140.0.213.000)
CCleaner (Version: 4.07)
CloudReading (Version: 1.0.31.1111)
Cobian Backup 10
Cobian Backup 11 Gravity
CPUID CPU-Z 1.57.1
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 140.0.213.000)
DiKe Util 2.2.1 (Version: 2.2.1)
DocProc (Version: 140.0.100.000)
doxygen 1.8.0 (Version: 1.8.0)
Driver di Logitech® Camera
Echelon Interoperable Self-Installation Developer's Kit (Version: 4.00.11)
Echelon LNS Server (Version: 3.27.014)
Echelon LonMaker Turbo Edition (Version: 3.24.12)
Echelon LonPoint Software
Echelon LonScanner FX Protocol Analyzer (Version: 4.00.22)
Echelon Mini FX Evaluation Kit (Version: 4.01.02)
Echelon Multi-Port Router (Version: 1.00.16)
Echelon NodeBuilder Resource Editor (Version: 4.01.07)
Echelon OpenLDV 3.4 (Version: 3.40.016)
Embedded Resource Editor GUI (Version: 2.0.0)
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.2.0.0)
EPSON Event Manager (Version: 1.80.00)
EPSON File Manager (Version: 1.3.0.0)
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
ESET Online Scanner v3
Fax (Version: 140.0.213.000)
FDRTools Basic 2.6.1 (Version: 2.6.1)
FileZilla Client 3.5.3 (Version: 3.5.3)
FileZilla Server (Version: beta 0.9.41)
FinePrint
FirmaVerifica 2.2 (Version: 2.2.0.0)
Foxit Creator (Version: 3,0,2,0506)
Foxit PDF Editor (Version: 2.2.0.0205)
Foxit PDF IFilter (Version: 2.1.1.1503)
Foxit Reader (Version: 6.1.1.1031)
FreeFileSync v5.0 (Version: 5.0)
Glary Undelete 1.6.0.262
Google Earth (Version: 7.1.2.2041)
Google Talk Plugin (Version: 4.9.1.16010)
Google Update Helper (Version: 1.3.22.3)
GPBaseService2 (Version: 140.0.212.000)
GPL Ghostscript (Version: 9.06)
Help and Support Additions
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HHD Software Free Hex Editor Neo 5.01 (Version: 5.1.1.4391)
HHD Software Free Serial Port Monitor 3.31 (Version: 3.31.0.0000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet 3050 J610 series Software di base dispositivo (Version: 28.0.1315.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP OfficeJet L7300/L7500/7600/7700 (Version: 14.0)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 140.0.213.000)
HpSdpAppCoreApp (Version: 3.00.0000)
HPSSupply (Version: 140.0.212.000)
HTML Executable IERuntime (Version: 3.2.2.2)
IAR Embedded Workbench for ARM - Library Source (Version: 6.60.1)
IAR Embedded Workbench for ARM - Library Source (Version: 6.70.1)
IAR Embedded Workbench for ARM (Version: 6.10.1)
IAR Embedded Workbench for ARM (Version: 6.40.1)
IAR Embedded Workbench for ARM (Version: 6.60.1)
IAR Embedded Workbench for ARM_2 (C:\Programmi\IAR Systems\Embedded Workbench 6.0_2) (Version: 6.20.2)
IAR Embedded Workbench for ARM_2 (C:\Programmi\IAR Systems\Embedded Workbench 6.5_2) (Version: 6.70.1)
IDProtect Client 5.35 (Version: 105.35)
InterVideo DiscLabel
InterVideo WinDVD Creator (Version: 2.5.14.426)
InterVideo WinDVD Player (Version: 5.0-B11.752)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 5 (Version: 1.6.0.50)
J-Link ARM V4.24f (Version: V4.24f)
J-Link ARM V4.36e (Version: V4.36e)
KBD
L7500 (Version: 140.0.000.000)
LibreOffice 4.1.2.3 (Version: 4.1.2.3)
Logitech Audio Echo Cancellation Component (Version: 10.00.1439)
Logitech QuickCam (Version: 10.00.1439)
Logitech Video Enumerator (Version: 10.00.1439)
LonMark Resource Files 13.00 (Version: 13.00.14)
LonWorks® SLTA-10
Lua for Windows 5.1.4-46 (Version: 5.1.4.46)
MailStore Home 7.1.0.7815 (Version: 7.1.0.7815)
MarketResearch (Version: 140.0.214.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Italian Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP2 ITA (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Modbus Slave (Version: 1.0.0)
MozBackup 1.5.1
Mozilla Thunderbird (3.1.19) (Version: 3.1.19 (it))
MPM (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 140.0.215.000)
NVIDIA Drivers
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
OLYMPUS CAMEDIA Master 4.2
OpenSSL 1.0.1e Light (32-bit)
Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)
Pacchetto driver Windows - IAR Systems (IJET) IARUSB  (05/23/2012 2.05) (Version: 05/23/2012 2.05)
Pacchetto provider Microsoft servizio crittografia smart card di base
PC-Doctor for Windows (Version: 1.06.002)
PDFCreator (Version: 1.6.2)
PerfV350 Guida utente
PL-2303 USB-to-Serial (Version: 1.8.0)
ProductContext (Version: 140.0.000.000)
PS2
QModBus (Version: 0.2.1)
QuickTime
RTX EAI Port Server 1.46.0.1 (Version: 1.46.0.1)
Scan (Version: 140.0.167.000)
Scribus 1.4.1 (Version: 1.4.1)
Sentinel Protection Installer 7.6.3 (Version: 7.6.3)
Sentinel System Driver Installer 7.5.0 (Version: 7.5.0)
Shop for HP Supplies (Version: 14.0)
Simplicity Studio (Version: 1.08.0000)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.9 (Version: 6.9.106)
SmartWebPrinting (Version: 140.0.213.000)
Software per stampante EPSON
SolidWorks eDrawings 2012 (Version: 12.3.113)
SolutionCenter (Version: 140.0.214.000)
Sonic Express Labeler (Version: 1.0.0)
Sonic RecordNow! (Version: 7.22)
Sony Mobile Update Service (Version: 2.13.12.201310171455)
Sourcery CodeBench Lite for ARM EABI (Version: 2012.3.0.56)
Spansion LLD 13.1.1 (Version: 1.00.0000)
Speccy (Version: 1.24)
Status (Version: 140.0.256.000)
STP Viewer 2.3
TCP/IP Builder 1.9 (Version: 1.9)
TeamViewer 8 (Version: 8.0.19617)
Tera Term Pro
Texas Instruments SimpliciTI-IAR-1.2.0 (Version: 1.2.0)
TextPad 5 (Version: 5.4.2)
TFTPUtil GUI Installer
Toolbox (Version: 140.0.428.000)
TortoiseSVN 1.7.11.23600 (32 bit) (Version: 1.7.23600)
TrayApp (Version: 140.0.213.000)
UMVPLStandalone (Version: 10.00.1439)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VLC media player 2.0.8 (Version: 2.0.8)
WBFS Manager 3.0 (Version: 3.0)
Web Pages Converter (Version: 1.0.0)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.213.017)
Windows Defender (Version: 1.1.1593.0)
Windows Driver Package - Segger (jlink) USB  (01/09/2007 2.6.5.0) (Version: 01/09/2007 2.6.5.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows XP Service Pack 3 (Version: 20080413.144514)
WinMerge 2.12.4 (Version: 2.12.4)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinSCP 4.3.8 (Version: 4.3.8)
Wireshark 1.4.4 (Version: 1.4.4)

========================= Devices: ================================

Name: L7500,192.168.1.84
Description: Officejet Pro L7500
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro L7500
Description: Officejet Pro L7500
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 2047.29 MB
Available physical RAM: 1205.08 MB
Total Pagefile: 3430.28 MB
Available Pagefile: 2531.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.26 MB

========================= Partitions: =====================================

1 Drive c: (UB011sys) (Fixed) (Total:195.31 GB) (Free:123.04 GB) NTFS
2 Drive d: (UB011data) (Fixed) (Total:267.32 GB) (Free:235.57 GB) NTFS
3 Drive e: (DVD_STM32_EN) (CDROM) (Total:4.35 GB) (Free:0 GB) UDF
8 Drive z: (PRESARIO_RP) (Fixed) (Total:3.12 GB) (Free:0.37 GB) FAT32

========================= Users: ========================================

Account utente per \\UB0011

Administrator            ASPNET                   Compaq_Proprietario     
Guest                    HelpAssistant            SUPPORT_388945a0        
SUPPORT_fddfa904        
Esecuzione comando riuscita.

**** End of log ****

 

 

Speccy screenshot

 

http://speccy.piriform.com/results/YyrHd4NqJguFd6ARRnmoEOQ

 

Thanks Noknojon

 

 

 



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:38 AM

Posted 14 December 2013 - 04:34 PM

Your Thunderbird program is way behind in version (currently 24.2.0) British version and US Version. I do not know if there is an Italian version, but I could not find one.

 

Current Java is Version7 Update45
Do not accept any add-ons offered with the download as they are only advertising.
Java 7 Update 40
Java™ 6 Update 5
<< Uninstall all other versions from Add / Remove
Java 2 Runtime Environment, SE v1.4.2_03

 

NOTE :Total Fragmentation on Drive C:: 23% Defragment your hard drive soon! (Do NOT defrag if SSD!)
 

 

 

These are all direct links to genuine Bleeping Computer downloads -

 

First -

Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and shut down any protection/security software now to avoid potential conflicts.
* Double-click on JRT.exe to run the tool.
* Vista / Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys)

 

Next -

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully. At worst the tool will run for about 2 minutes

Important: Do not reboot your computer until you complete the next step.

 

Your computer will be rebooted after this scan, this is very normal

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista / Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* NOW - Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 Since you have Malwarebytes Anti-Malware listed as installed, open the program,

Please go to Update and check for the latest updates (very important)

Now perform a Full Scan and post the results back -

 

Clear Cache / Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

NOTE : No log is produced for the Temp File Cleaner.

 

Thank You -



#8 accacca

accacca
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 15 December 2013 - 03:49 PM

I followed the instructions with some strange problems

 

   1.- JRT ->OK
  
   2.- RKILL ->OK
  
   3.- ADwCleaner - automatically reboot but after restart appear a small installer windows

       (I think it has installed something related to the webcam)
  
   4.- Malwarebytes found two (known) problems and others but I think they are false positives

  
   5.- TFC at startup i see for a moment a popup from tray area but but too fast to read it
        After the restart required by TFC appears again wndow an installer setup program for SolutionCenter
        (HP Printer Control Program)

 

   6.- I rebooted the PC again and this time I did not see more installation programs at startup

 

Logs:

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Compaq_Proprietario on 15/12/2013 at  7.39.38,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2F36BAF3-7B46-4C29-93CC-868733032C47}

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/12/2013 at  7.52.16,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

RKill

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/15/2013 07:54:49 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\windows\system\hpsysdrv.exe (PID: 440) [WD-HEUR]
 * C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (PID: 1504) [WD-HEUR]
 * C:\WINDOWS\system32\crypserv.exe (PID: 2900) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 12/15/2013 07:55:50 AM
Execution time: 0 hours(s), 1 minute(s), and 1 seconds(s)

 

 

AdwCleaner:

# AdwCleaner v3.015 - Report created 15/12/2013 at 07:58:34
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Compaq_Proprietario - UB0011
# Running from : C:\Documents and Settings\Compaq_Proprietario\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\yy81djfq.default-1374494402421\prefs.js ]

[ File : C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\fliizym2.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [3305 octets] - [14/12/2013 09:25:31]
AdwCleaner[R1].txt - [1357 octets] - [15/12/2013 07:56:51]
AdwCleaner[S0].txt - [3426 octets] - [14/12/2013 09:28:18]
AdwCleaner[S1].txt - [1282 octets] - [15/12/2013 07:58:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1342 octets] ##########

 

 

MalwareByte

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versione database: v2013.12.15.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Proprietario :: UB0011 [amministratore]

15/12/2013 8.05.28
mbam-log-2013-12-15 (08-05-28).txt

Tipo di scansione: Scansione completa (C:\|D:\|Z:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 998547
Tempo impiegato: 11 ore, 3 minuti, 8 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 11
D:\Diego\docs\SW-DRL-6852.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
D:\Diego\Stellaris_sw\archivio\LUG2012\SW-DRL-8555.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
D:\Diego\Stellaris_sw\archivio\LUG2012\SW-GRL-8555.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
D:\Diego\Stellaris_sw\archivio\LUG2012\SW-IQMATH-8555.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
D:\Diego\Stellaris_sw\archivio\LUG2012\SW-USBL-8555.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
D:\Diego\TIVA\v10_2013\download\SW-TM4C-DRL-2.0.1.11577.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
D:\Diego\TIVA\v10_2013\download\SW-TM4C-GRL-2.0.1.11577.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
D:\Diego\TIVA\v10_2013\download\SW-TM4C-SENSORLIB-2.0.1.11577.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
D:\Diego\TIVA\v10_2013\download\SW-TM4C-USBL-2.0.1.11577.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Compaq_Proprietario\Dati applicazioni\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Compaq_Proprietario\Documenti\Download\Nuova cartella\SecurityCheck__2594_il9979442.exe (PUP.Optional.InstallMonetizer) -> Spostato in quarantena ed eliminato con successo.

(fine)

 

 

...I forgot
I have installed latest version of java I have to delete the other?


Edited by accacca, 15 December 2013 - 03:55 PM.


#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:38 AM

Posted 16 December 2013 - 12:17 AM

From  RKill - I am looking for stopped processes, as these are usually infection related.

 * C:\windows\system\hpsysdrv.exe (PID: 440) [WD-HEUR]
  * C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (PID: 1504) [WD-HEUR]
  * C:\WINDOWS\system32\crypserv.exe (PID: 2900) [WD-HEUR]
3 proccesses terminated!

 

"I have installed latest version of java I have to delete the other ? "
Go Programs and Features > Right click > Delete any old versions -

 

Tempo impiegato: 11 ore, 3 minuti, 8 secondi ??
Normally a Full Scan from Malwarebytes takes about 1 hour, not 11 hours ??

 

What are these from Malwarebytes scan, do you know ??
D:\Diego\TIVA\v10_2013\download\SW-TM4C-DRL-2.0.1.11577.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
D:\Diego\Stellaris_sw\archivio\LUG2012\SW-USBL-8555.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.

 

I know these 2 are minor infections -
PUP.Optional.InstallMonetizer
PUP.Optional.Amonetize

 

 

How bad is the problem, and is it still the same ??

 

Thanks -



#10 accacca

accacca
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 17 December 2013 - 04:55 AM

Sorry for reply  delay but I have checked my PC for one day..... seems to work
 

 

    From  RKill - I am looking for stopped processes, as these are usually infection related.

     * C:\windows\system\hpsysdrv.exe (PID: 440) [WD-HEUR]
      * C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (PID: 1504) [WD-HEUR]
      * C:\WINDOWS\system32\crypserv.exe (PID: 2900) [WD-HEUR]
    3 proccesses terminated!

hpsysdrv.exe may refer to the management of network printers (I have one)

fpdisp5a.exe is a process related to fineprint program for printing management
crypserv.exe (I don't known)
(processes are still active)

Java removed all old versions

Malwarebyte ... I do not know what to say

 

 

   What are these from Malwarebytes scan, do you know ??
    D:\Diego\TIVA\v10_2013\download\SW-TM4C-DRL-2.0.1.11577.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.
    D:\Diego\Stellaris_sw\archivio\LUG2012\SW-USBL-8555.exe (Trojan.Downloader.Ri) -> Nessuna azione intrapresa.

I know these files are provided as support for a product I work from (www.ti.com) they are compressed archives provided as support to TI products and contain documentation files (pdf) examples text files etc. . I am using various versions for long time and have never had a problem.

I've also updated to the latest version of Thunderbird mail client and run the defrag on drive C:

After installing firefox I can not see the underlined words

Thanks noknojon do you have a "donate button" for one beer?
 

 



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:38 AM

Posted 17 December 2013 - 03:54 PM

Hi -

OK, all sounds good, just be sure to Update and run Malwarebytes every week, make sure your Antivirus is updated and working, do Not click on any programs without reading the conditions first, and Never accept any Add-ons with downloads, these are what 75% of the problems here are about -

Reinstall Avira Professional antivirus if you  wish to keep it, but it sounds like it is not doing a very good job.

 

Right Click > Delete most tools we downloaded (they can not be updated), Open AdwCleaner and hit Uninstall to remove the program and anything in the Quarantine area (reinstall only from here if you need the real version again) .....

 

 

 

Just to see your problem solved (I hope) is all I ask for.

 

If you wish to say "Thank You", donate a $ or so to Red Cross for Christmas time -

 

 

Regards -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users