Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fujitsu Siemens laptop with virus(s) or failing HDD or both


  • Please log in to reply
13 replies to this topic

#1 duffsparky

duffsparky

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 PM

Posted 29 November 2014 - 12:51 PM

I recently inherited a Fujitsu Siemens Amilo M3438G laptop that appears to have several issues including a virus and or a failing hard disk.

 

The laptop specs are:-

  • 1.73Ghz Intel Pentium M, 800Mhz (FSB?)
  • 512MB ram
  • 80Gb Samsung HM080JI SATA hard disk
  • VIA VT6421 VT6421 RAID Controller
  • BIOS 10/05/05 ver 1.10c
  • IDE DVD RW
  • No Floppy
  • 3 x USB
  • 1 x Flash card reader
  • XP Home SP2

Anti virus/malware:-

  • Avast AV
  • Malware Bytes (latest update)

The Recovery Disk I was given with the laptop is for a Fujitsu Siemens desktop and does not load the SATA drivers. Slipstreaming the VIA VT6421 SATA drivers with the Recovery Disk does not produce a working solution for an XP repair.

 

I'm not sure where to start with my request for help but I'll start by listing the problems.

 

  • The laptop suffered a graphics card (Nvidia GeForce Go 6800?) failure some years ago, w hich was replaced with an Nvidia ???? and since then it had not really worked properly. The refresh rate is really slow and one frequently has to wait several seconds for the screen to build. The drivers loaded for the card are the default XP ones and I have not been able to ID the card in order the install the correct Nvidia ones. Nvidia auto update  GeForce Experience downloads GeForce 307.83 02/26/2013 driver which appears to be for a 64bit OS.
  • In order to use a 3rd party graphics card identifier I tried to update the laptop with XP SP3 but this lead to a new entry in the Boot.ini relating to the update. Selecting this boot option caused blue screen error followed by auto reboot.
  • Although BIOS is set to boot from Removable Dev the laptop will not normally boot from a USB flash drive. I tried booting from a flash drive with the HDD removed and it worked the first time, failed the second and third times then worked several more time both with and without the HDD connected. It now only boots from a flash drive if the HDD is disconnected. USB flash drive loaded with Falconfour's Ultimate Boot CD ver 4.6 (F4UBCD).
  • Running Samsung hard disk utility 'Hutils' from the usb flash drive (F4UBCD), Hutils reports the HDD as having errors. Running Spinrite level 5 from the F4UBCD does not report any errors.
  • After getting some success from USB booting I edited the Boot.ini file to remove the SP3 update option and was able to update the OS with SP3 as normal.
  • Avast now reports rootkit infection Win32:Rootkit-gen [Rtk] in C:\windows\system32\spool\driver\w32x86\3\HPZIPM12.exe  and  C:\windows\system32\HPZIPM12.exe. Avast offers to remove it but it keeps coming back even after a boot time scan.

I've tried many ways to overcome the problems but with Avast now reporting a rootkit virus I need help.

 

Many thanks,

 

duffsparky.


Edited by hamluis, 29 November 2014 - 02:43 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 29 November 2014 - 01:53 PM

Have you tried running TDSS killer?  I would also do a scan with HitmanPro if you have internet access.



#3 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 29 November 2014 - 03:30 PM

Hello there    :welcome:

 

I'm LighthouseParty and I'll be assisting you with your concern today. Please keep in mind that I have a few guidelines I need you to follow:
  • Don't run any other tools other than what I provide you with.
  • Don't install/remove any programs other than what I provide you with.
  • Don't perform a system restore unless I ask you to.

:step1: Download MiniToolBox

  1. Click here to download MiniToolBox to your desktop.
  2. Double click MiniToolBox.
  3. Select the following and then press go.
  4. Post the log in your next reply.

Flush DNS

Reset IE Proxy Settings

Reset FF Proxy Settings

List Installed Programs

List Restore Points

 

:step2: Install and run a scan with Malwarebytes Anti-Malware
  1. Click here to download Malwarebytes to your desktop.
  2. Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  3. On the dashboard, click update now.
  4. After that, click scan now - the scan will now begin.
  5. When the scan's completed, select apply actions - make sure the action is quarantine.
  6. Restart your computer.

How to get the log.

  1. On the dashboard, select the history tab and click application logs.
  2. Select the log which has the time and date of when you did the scan.
  3. Click copy to clipboard and paste it into your reply.

:step3: Download Security Check

  1. Click here to download Security Check to your desktop.
  2. Double click SecurityCheck and follow the on-screen instructions.
  3. A log should open, called checkup.txt.
  4. Please post the contents of it in your next reply.

Thanks and good luck!



#4 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 01 December 2014 - 08:50 AM

Hi Thanks for the assistance,

 

Apologies for the delay i n replying, but my posting shows no views or replies so i didn't realise you had replied until I went to edit my OP.

 

I realised I left out some info in my OP that may be relevant, which is:-

  • I installed and ran Spuhunter 4 which found some 500 threats. However, after reading comments linked from BleepingComputer about the software's aggressive marketing I did not allow it to remove any of the threats but uninstalled it.
  • I installed and ran Emsisoft Anti-malware which found and removed 15 threats. I've added the quarantine log at the end of this reply. Please ignore the date stamp, for some reason the date on the lappy was set wrong.
  • The reason for running HDD diagnostics was because of several 'Delayed Write Failed' errors and auto-initated 'Chkdsk' runs at bootup (these mostly following shutting down the lappy from the off switch after it had frozen.
  • For the time being I am having to use a rather flakey mobile internet connection which means I may not be able to reply in a timely manner, in part because the connection keeps dropping.
  • Because the laptop is slow and difficult to use I installed Sysinternal's Autoruns program which shows there are a lot of processes/services running. Some of these I recognise as being unnecessary so I have disabled them in an attempt to reduce the load on the machine and hopefully lesson the slow performance and freezing. Any assistance with switching off unnecessary items would be much appreciated. I am using an external high gain USB network adapter ( the only way to pick up the mobile ISP) hence, I'm not using the onboard Intel network adapter, however, I'm not sure which Intel services/processes I can switch off (again to reduce load) whilst trying to sort the problems.

In addition, due to the problem laptop being difficult to use i've been using a friend's laptop to assist with repairs, which possibly because of swapping USB flash drives, now also appears to have issues, so I may also need assistance with sorting this out.

 

Below is the info requested:-

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Brian (administrator) on 14-12-2014 at 03:58:38
Running from "C:\Documents and Settings\Brian\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.


=========================== Installed Programs ============================
4oD (Version: 2.0.23.0 - Channel 4 Television Corporation and 4 Ventures Limited) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.85.3 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (Version: 1.3.23.0 - PriceMeter) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}) (Version: 10.0.1.22 - Apple Inc.)
J2SE Runtime Environment 5.0 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
LimeWire 4.14.10 (HKLM\...\LimeWire) (Version: 4.14.10 - Lime Wire, LLC)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
mCore (Version: 1.31.0000 - Intel Corporation) Hidden
mDriver (Version: 1.31.0000 - Intel) Hidden
mDrWiFi (Version: 1.31.0000 - Intel Corporation) Hidden
mEoU.msi (Version: 1.31.0000 - Intel Corporation) Hidden
mHelp (Version: 1.31.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works (HKLM\...\{B9966F27-9678-4620-9579-925E3084647E}) (Version: 07.03.0719 - Microsoft Corporation)
Microsoft Works 2004 Setup Launcher (HKLM\...\Works2004Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{33BEE6F3-9987-4F98-A069-97A64EC8321A}) (Version: 7.0.0.0000 - Microsoft Corporation)
mIWA (Version: 1.31.0000 - Intel Corporation) Hidden
mIWCA (Version: 1.31.0000 - Intel Corporation) Hidden
mLogView (Version: 1.31.0000 - Intel Corporation) Hidden
mMHouse (Version: 1.31.0000 - Intel Corporation) Hidden
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version:  - )
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
mPfMgr (Version: 1.31.0000 - Intel Corporation) Hidden
mPfWiz (Version: 1.31.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mXML (Version: 1.31.0000 - Intel Corporation) Hidden
mZConfig (Version: 1.31.0000 - Intel Corporation) Hidden
nLite 1.4.9.3 (HKLM\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.56 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.6.0 - Ralink)
REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.60 - REALTEK Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version:  - Seagate Technology)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 5.0 (HKLM\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.0.152 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.0.0.0 - )
Sysadm (HKLM\...\SysadmV10) (Version:  - )
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Ubuntu (HKLM\...\Wubi) (Version: 14.04-rev286 - Ubuntu)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - )
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
========================= Restore Points ==================================


**** End of log ****

---------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/11/2014
Scan Time: 11:46:23
Logfile: MalwareBytesScanLog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.12.01.02
Rootkit Database: v2014.11.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Brian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341603
Time Elapsed: 51 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

---------------------------------------------------------------------------------

 

Results of screen317's Security Check version 0.99.91  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Avast Free Antivirus    
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 2.0.3.1025  
 CCleaner     
 Java 7 Update 67  
 Java™ 6 Update 35  
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player     11.8.800.94 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 31.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Emsisoft Anti-Malware a2service.exe   
 emsisoft anti-malware a2guard.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

--------------------------------------------------------------------------------------------------------------------------------------------------------

 

Emsisoft Anti-Malware v. 9.0.0.4570
© 2003-2014 Emsisoft - www.emsisoft.com

ID   Object
0    Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK detected: Application.InstallAd (A)
1    Key: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} detected: Application.Win32.WSearch (A)
2    Key: HKEY_USERS\S-1-5-21-583907252-1788223648-682003330-1008\SOFTWARE\YAHOOPARTNERTOOLBAR detected: Application.Win32.YTool (A)
3    Key: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} detected: Application.Win32.WSearch (A)
4    Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} detected: Application.InstallAd (A)
5    C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml detected: Clean
6    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CONDUIT detected: Application.InstallAd (A)
7    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} detected: Application.Win32.WebApp (A)
8    Key: HKEY_USERS\S-1-5-21-583907252-1788223648-682003330-1008\SOFTWARE\CONDUIT detected: Application.InstallAd (A)
9    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} detected: Application.Win32.WSearch (A)
10   C:\Documents and Settings\All Users\Application Data\PriceMeterLiveUpdate\Update\Log\PriceMeterLiveUpdate.log detected: Trojan.Script.618429 ( B)
11   Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0} detected: Application.Win32.WSearch (A)
12   Key: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} detected: Application.Win32.WSearch (A)
13   Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESRV.EXE detected: Application.Win32.WSearch (A)

-----------------------------------------------------------------------------------------------------------------------------------------------------

 

Many thanks.


Edited by duffsparky, 01 December 2014 - 09:52 AM.


#5 JohnC_21

JohnC_21

  • Members
  • 24,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:24 PM

Posted 01 December 2014 - 09:43 AM

Emisoft looks like it got rid of some Adware 

Did you run TDSS killer, I see you have HitmanPro installed so I assume that was run.

 

I would do the following.

 

Run Adwcleaner.

 

Uninstall Java, Firefox, and Flash. Those are out of data and have security issues.

If you do not run many Silverlight videos, I would uninstall that too.

You have Chrome installed along with Firefox. Pick one but I would not have both installed on this XP computer.

LimeWire does not exist. Uninstall that.

You are running Ubuntu through Wubi on this computer? That's uses a lot of resources. I would get rid of that also. If you want to use a linux disto, try Mint Xfce Live CD.

Adobe Reader XI. Uninstall and use PDFXchange Viewer. It's a lot smaller and can do more things than Reader.

 

defrag the HDD first.

 

You can look here to see which services can be disabled. Use only the Safe column.



#6 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 01 December 2014 - 12:15 PM

  • Just run TDSKiller in Normal mode and it found nothing.
  • Just run AdwCleaner in Normal Mode but without intermnet connection (not sure if one is needed) & Safe Mode in an unsuccessful attempt to get internet connection. No threats found in either mode.
  • I ran Hitman pro before running Emsisoft, although I can't remember the result.

I see you asked about Emisoft rather than Emsisoft, was this a typo or did I use the wrong software?

 

*** I just found the power inlet is faulty.*** The power/battery indicator was flashing intermitently and the battery low warning kept showing. Closer inspection by disassembling the laptop shows the power inlet connection onto the circuit board within the laptop is broken and burnt. I have no idea if this is part of the original problem, fluctuation power etc, but i'm sure it won't help and will ultimately fail completely sooner or later; so i'll have to try to replace/repair it before continuing 'coz the battery is about to go flat.

 

Many thanks.



#7 JohnC_21

JohnC_21

  • Members
  • 24,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:24 PM

Posted 01 December 2014 - 01:13 PM

Yea, that was a typo, sorry.

 

Good luck with the repair.


Edited by JohnC_21, 01 December 2014 - 01:13 PM.


#8 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 14 December 2014 - 12:17 PM

I've replaced the power jack module and the lappy is working again albeit with malware/software and possibly hard disk issues. Where do I go from here? If I had access to my XP Pro disks I'd low level format the hard drive and start again but I haven't and as I said earlier the Fujitsu XP SP2 Home recovery disk I have is for a Fujitsu desktop and also doesn't appear to have the necessary drivers for the SATA side of thingsanyway thus, in it's current state. is no good. Do you think it would be possible to make a new recovery disk with nLite or something similar and slipstream the SATA drivers in. I've already tried this with a USB flash drive and a CD but both were unsuccessful, although the laptop I used to create both seemed to have malware problems, see here.


Edited by duffsparky, 14 December 2014 - 12:19 PM.


#9 JohnC_21

JohnC_21

  • Members
  • 24,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:24 PM

Posted 15 December 2014 - 12:06 PM

Using nlite to slipstream the SATA drivers would be your best option. BIOS may have setting from AHCI to IDE mode where your install disk would boot and find the drive. When doing the slipstream download the SATA driver here. The files you need are in the drvdisk folder within the main zipfile. Unzip the contents of NT5 along with textsetup.oem. Here is a good guide in PDF format. You can use Rufus to create a bootable USB from the iso file created by nlite.



#10 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 16 December 2014 - 01:23 PM

I'll try again to make a bootable slipstreamed USB stick but before I do, can you advise what would be the best way to ensure the USB drive used is free from malware/viruses both before and after it.is created.

 

One slight problem is that the laptop I'll be using may still have malware/virus problems of its own, see here



#11 JohnC_21

JohnC_21

  • Members
  • 24,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:24 PM

Posted 16 December 2014 - 02:08 PM

If your laptop that is creating the bootable USB is infected, then I can't guarantee that the bootable USB will not be infected. You would need to do this on a clean computer or have a bleeping computer malware removal expert look at the Fujitsu. It looks like the Acer laptop has been cleaned. Can you use that to create the slipstreamed USB?



#12 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 16 December 2014 - 03:12 PM

I intended to use the Acer to create the bootable Vista slipstreamed install USB (and/or CD if the Fujitsu won't boot from the USB). The Fujitsu sometimes boots from USB but not always.

 

Because my USB sticks have been used in the Fujitsu (and in the Acer, which I think is how it [Acer] got infected) I'm reluctant to put them back in the Acer unless I can be reasonably certain it/they are clean; which is why I asked the best way to ensure the USB stick(s) is/are free from malware/viruses.

 

Thanks.



#13 JohnC_21

JohnC_21

  • Members
  • 24,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:24 PM

Posted 16 December 2014 - 07:19 PM

You can boot the computer with a bootable iso like Partition Wizard and then Wipe the disk. This is linux based and runs in RAM so the hard drive is not touched. I am pretty sure Partition Wizard will see the USB flash drive.

 

You can also use a linux live disk like Puppy. Burn the iso file and boot Puppy. Attach your USB flash drive. Do not click on the USB icon as that will mount the drive and the drive should not be mounted when doing the following wipe. Open a terminal prompt (ROX) and type

lsblk

This will give a list of attached devices.

 

Then you would type the following

dd if=/dev/zero of=/dev/sdX bs=1M

Where X is the device letter of the USB flash drive you found using lsblk. Your USB flash drive would probably be sdb1 so you would use sdb in the above command. Warning. Make sure you have the correct device as the drive will be zeroed out.



#14 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 18 December 2014 - 04:44 PM

I've just realised that if I low level format the hard drive (as per the Samsung HDD Utility suggests) then reinstall the OS I might have a working laptop but I won't have MS Office anymore as I don't have the recovery disks. Therefore, if it is OK with you I'd like to try and continue with the malware/virus removal and possibly OS repair if needed.

 

Many thanks,

 

duffsparky.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users