Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running slowly - antivirus constantly scanning


  • This topic is locked This topic is locked
12 replies to this topic

#1 bige75

bige75

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 30 November 2014 - 02:58 PM

Hello everyone,

 

I am a first time poster who is trying to help my friend with his computer. I believe he has been infected with some sort of malware, spyware, etc.

 

He has Avast Antivirus on his system. When his system boots up and connects to the internet, the realtime shield activity goes crazy. It is constantly scanning even before I even open a browser to access a web page.

 

After the bootup process is complete, I then disconected his internet signal and opened the shield activity in Avast. It indicated that there were already 5,500 items scanned in the webshield and 3,700 in the file shield.

 

He had indicated to me that a few weeks ago, Avast started popping up some blocked messages but his system was still running at a good pace. Application now though have come to a crawl as the scanner runs non-stop. The computer runs fine when you disconnect from the internet.

 

I haven't done anything yet as I didn't want to do anything wrong to screw it up more.

 

Thanks for any help anyone can provide.

 

Eric

 

ps - His system is running Windows 7 Home Preimium



BC AdBot (Login to Remove)

 


#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 01 December 2014 - 04:53 PM

Hello there        :welcome:

 

I'm LighthouseParty and I'll be assisting you with your concern today. Please keep in mind that I have a few guidelines I need you to follow:
  • Don't run any other tools other than what I provide you with.
  • Don't install/remove any programs other than what I provide you with.
  • Don't perform a system restore unless I ask you to. 

:step1: Download MiniToolBox

  1. Click here to download MiniToolBox to your desktop.
  2. Double click MiniToolBox.
  3. Select the following and then press go.
  4. Post the log in your next reply.

Flush DNS

Reset IE Proxy Settings

Reset FF Proxy Settings

List Installed Programs

List Restore Points

 

:step2: Install and run a scan with Malwarebytes Anti-Malware
  1. Click here to download Malwarebytes to your desktop.
  2. Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  3. On the dashboard, click update now.
  4. After that, click scan now - the scan will now begin.
  5. When the scan's completed, select apply actions - make sure the action is quarantine.
  6. Restart your computer.

How to get the log.

  1. On the dashboard, select the history tab and click application logs.
  2. Select the log which has the time and date of when you did the scan.
  3. Click copy to clipboard and paste it into your reply.

:step3: Download Security Check

  1. Click here to download Security Check to your desktop.
  2. Double click SecurityCheck and follow the on-screen instructions.
  3. A log should open, called checkup.txt.
  4. Please post the contents of it in your next reply.

Thanks and good luck!



#3 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 01 December 2014 - 07:29 PM

LighthouseParty,

 

I have posted the results from the three things you told me to do below. 

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by mark (administrator) on 01-12-2014 at 18:05:27
Running from "C:\Users\mark\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
 
=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4500 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Fore! Reservations 2013 (x32 Version: 16.8.178.0 - Fore! Reservations Technology, LLC) Hidden
Fore! Reservations Install Helper (HKLM-x32\...\{db9e7c71-31c4-4136-a30f-aa96112dd4e2}) (Version: 16.8.178.0 - Fore! Reservations Technology, LLC)
Fore! Reservations Kick Start Installer (x32 Version: 16.8.178.0 - Fore! Reservations Technology, LLC) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{AA6F009F-0CCD-4DD6-A462-28419C101D54}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.5.1 - Sun Microsystems, Inc.) Hidden
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft POS for .NET 1.12 (HKLM-x32\...\{5B8A87B3-F137-48B4-9009-0A52C94828CB}) (Version: 1.12.1296.00 - Microsoft Corporation)
Microsoft POS for .NET bootstrapper (HKLM-x32\...\{87a9025c-f709-4c0f-8dea-d16bcffc275c}) (Version: 1.0.1.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
PS_AIO_04_C4500_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickBooks (x32 Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4001.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2380.0 - SAMSUNG Electronics Co., Ltd.)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (x32 Version: 13.0.1.220 - SAP) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.7.25293 - Blizzard Entertainment)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
V1 Home 2.0 (HKLM-x32\...\InstallShield_{E75594A0-B088-4635-B4F6-99654B5DDF96}) (Version: 2.02.49 - Interactive Frontiers)
V1 Home 2.0 (x32 Version: 2.02.49 - Interactive Frontiers) Hidden
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{FC4DE34E-DA9E-4F02-9837-2E65F73A0234}) (Version: 1.11.0305 - Samsung Electronics Co., Ltd.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
========================= Restore Points ==================================
 
14-11-2014 23:10:26 Windows Update
15-11-2014 18:36:15 Windows Update
15-11-2014 19:00:56 avast! antivirus system restore point
16-11-2014 15:19:56 Windows Update
17-11-2014 16:02:20 Windows Modules Installer
17-11-2014 19:51:30 Restore Operation
17-11-2014 22:30:18 Windows Modules Installer
18-11-2014 07:33:44 avast! antivirus system restore point
18-11-2014 18:25:49 Windows Update
18-11-2014 22:12:48 avast! antivirus system restore point
30-11-2014 19:29:01 avast! antivirus system restore point
 
**** End of log ****
-----------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/1/2014
Scan Time: 6:11:30 PM
Logfile: malwarebytes log.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.12.01.07
Rootkit Database: v2014.12.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mark
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375793
Time Elapsed: 17 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 6
Trojan.FakeMS, C:\ProgramData\OagyUjitc\OagyUjitc.dat, Quarantined, [62470855ee8e0e28933276771ae78779], 
Trojan.FakeMS, C:\ProgramData\HosoWinez\HosoWinez.dat, Quarantined, [e7c263fa7efe6fc7b510a14c629fa957], 
Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{2076CFD0-7C9E-43E1-8AFC-B07C6A6875BE}\msiexec.exe, Quarantined, [8821c994700c092dcc0b5793c140c53b], 
Spyware.Password, C:\ProgramData\Windows Genuine Advantage\{37840484-50BC-4C4D-94CA-518B446BA8A9}\msiexec.exe, Quarantined, [cfda2b32d5a77db9bc15ce1c51b06e92], 
Spyware.Password, C:\ProgramData\Windows Genuine Advantage\{B177A63D-BFF9-4450-B6E1-A1A3DD2ECB00}\msiexec.exe, Quarantined, [9e0b8ad3c2ba1323725f7278cb3621df], 
Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{B791CAE4-23FE-4E36-954C-23935FD8EC3E}\msiexec.exe, Quarantined, [c4e58fcebac2d85e8d4a2bbfac55a060], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
--------------------------------------------------------------------------------------------------------------------------------

 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Java™ 7 Update 5  
 Java version 32-bit out of Date! 
 Adobe Reader 10.1.3 Adobe Reader out of Date!  
 Google Chrome 37.0.2062.124 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 
 
I hope this is the info you need. Thanks for you help on this.
 
Eric


#4 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2014 - 01:55 AM

Hello there  :welcome:

 

TROJAN WARNING

 

In the Malwarebytes Anti-Malware scan you provided me with, it detected a trojan. This type of malware is used to steal passwords from your computer, most likely bank passwords. Some security experts have debated that the best way to deal with this, is a clean install.

 

However, if you would like to continue cleaning the infected computer, please let me know and I'll be happy to assist.

 

Thanks!



#5 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 02 December 2014 - 10:41 AM

LighthouseParty,

 

Thanks for the info. I would like to continue cleaning the infected computer. Please let me know the next steps.

 

Eric



#6 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2014 - 11:05 AM

Hello there,

 

:step1: Uninstall some programs

 

There's currently some programs on your PC that we need to remove, for the time-being at least. Click the start menu, type in Programs and Features and click Programs and Features. Navigate to each of the following below one-by-one and click uninstall:

  • Java Auto Updater
  • Java™ 7 Update 5

:step2: After that, to ensure Java is completely removed off your system, download JavaRa from here and once opened it, select 'remove JRE'. Adobe Reader is currently out-of-date, click here for instructions on how to update it. Google Chrome is also currently out-of-date, click here for instructions on how to update it.

 

:step3: Download and run AdwCleaner

  1. Click here to download AdwCleaner to your desktop.
  2. Double click adwcleaner_x.xxx.exe. If prompted, click I agree.
  3. Click scan. When it's finished, select clean.
  4. Allow AdwCleaner to restart your computer.
  5. Once you've restarted, a log should appear. Please post this in your next reply.

:step4: Download Junkware Removal Tool

  1. Click here to download Junkware Removal Tool to your desktop.
  2. Double click JRT.exe. (Win 7 and Vista users, right-click and select run as admin)
  3. Press any key and the scan will begin.
  4. At the end, a log will open. Please post this in your next reply.

Edited by LighthouseParty, 02 December 2014 - 11:06 AM.


#7 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 02 December 2014 - 02:13 PM

Lighthouse Party,

 

I removed Java 7 Update 5 as it was on the list, but did not see Java Auto Updater listed on the list. I ran JavaRa and selected remove JRE. I updated Adobe Reader and Google Chrome. Here are my logs below from the two tools.

 

# AdwCleaner v4.103 - Report created 02/12/2014 at 13:26:56
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : mark - MARKLAPTOP
# Running from : C:\Users\mark\Desktop\adwcleaner_4.103.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\pcdr
Folder Deleted : C:\Users\Gracie\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Gracie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeCandy
Folder Deleted : C:\Users\mark\AppData\Local\apn
Folder Deleted : C:\Users\mark\AppData\Roaming\pcdr
Folder Deleted : C:\Users\Gracie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Gracie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Gracie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{88B7D97F-4C79-40F2-B4F1-F84D82369F55}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v38.0.2125.111

[C:\Users\Gracie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Gracie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gracie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : nnfegheljpcijmdgonkecjpcaopjlpac
[C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PSI&o=15116&locale=en_US&apn_uid=94e13bd9-8c0d-4d65-80a4-9ceaa6ea8153&apn_ptnrs=L6&apn_sauid=BB79F808-DF71-4585-BA64-5266CAD23C09&apn_dtid=YYYYYYUWUS&q={searchTerms}
[C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PSI&o=15116&locale=en_US&apn_uid=94e13bd9-8c0d-4d65-80a4-9ceaa6ea8153&apn_ptnrs=L6&apn_sauid=BB79F808-DF71-4585-BA64-5266CAD23C09&apn_dtid=YYYYYYUWUS&q={searchTerms}
[C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PSI&o=15116&locale=en_US&apn_uid=94e13bd9-8c0d-4d65-80a4-9ceaa6ea8153&apn_ptnrs=L6&apn_sauid=BB79F808-DF71-4585-BA64-5266CAD23C09&apn_dtid=YYYYYYUWUS&q={searchTerms}
[C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=PSI&o=15116&locale=en_US&apn_uid=94e13bd9-8c0d-4d65-80a4-9ceaa6ea8153&apn_ptnrs=L6&apn_sauid=BB79F808-DF71-4585-BA64-5266CAD23C09&apn_dtid=YYYYYYUWUS&q={searchTerms}

*************************

AdwCleaner[R0].txt - [3769 octets] - [02/12/2014 13:20:29]
AdwCleaner[S0].txt - [3617 octets] - [02/12/2014 13:26:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3677 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by mark on Tue 12/02/2014 at 13:42:26.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\Tasks\CandyUpdater.job



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\mark\appdata\local\{468875A9-689E-41C8-B5B2-E264D469FE10}
Successfully deleted: [Empty Folder] C:\Users\mark\appdata\local\{E7156592-66D5-4487-AACF-2155C7077EF4}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/02/2014 at 14:01:53.22
End of JRT log



#8 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2014 - 02:35 PM

How is the computer running now?

Is there an improvement in the speed of it?



#9 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 02 December 2014 - 04:10 PM

Lighthouse Party,
 
There has not been any change in speed. When the system boots up and connects to an internet signal, even before I open a brower Avast is scanning 70 to 130 items at a time and then the shield says "threat has been dectected" and a bunch of these pop up message start appearing from the real time shield. Here is a few of the pop up messages
 
Infection details:
URL: hxxp://fff5ee.com/query?version=1.6&sid=7784&builddate=151014&q=running+knee+pain...
Infection: URL:Mal
Process: C:\windows\syswow64\dllhost.exe
 
Here is another that popped up:
 
URL: hxxp://fff5ee.com/query?version=1.6&sid=7784&builddate=151014&q=eye+creams&ua=Mo...
Infection: URL:Mal
Process: C:\windows\syswow64\dllhost.exe
 
Also, I thought I would give you a sample of the log from the realtime scan data from Avast so you can see what Advast is scanning even before I open a browser window. I don't know if this would help or not. I have also included today's realtime scan from the error messages above:

Edited by Queen-Evie, 02 December 2014 - 05:21 PM.
deleted malicious links. Renamed 2 of them to be nonclickable.


#10 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2014 - 04:26 PM

After checking through the log(s) you've provided me with, I'm going to have to recommend you post this issue in the Virus, Trojan, Spyware, and Malware Removal Logs section, because more advanced programs (such as ComboFix) can be used there for this issue. Please follow the steps on the link below.

 

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.



#11 bige75

bige75
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 02 December 2014 - 04:35 PM

Lighthouse Party,

 

Ok, I will. Thanks for your time. When I post in that section do I need to copy everything you and I have already talked about or just start from the beginning?

 

Eric



#12 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2014 - 04:53 PM

It would be a good idea to include a link back to this thread.  :thumbup2:



#13 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:22 AM

Posted 02 December 2014 - 05:25 PM

Now that you have posted a DDS log in Malware Removal Logs here http://www.bleepingcomputer.com/forums/t/558423/avast-realtime-shield-constantly-pops-up-infections-when-connected-to-internet/

Please refrain from asking for further help from other members or staff until the Malware Removal Team has checked your posted log. The Malware Removal Team work very hard to investigate a unique solution to your problem and you will receive individual expert assistance. This takes time and effort so we ask you to please be patient while waiting for assistance and NOT to make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member. Any modifications you make on your own can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

The Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean. If you followed any other advice already, please ensure you inform the Malware Removal Team Team Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.

This topic is closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users