Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop running really slow and sometimes freezing up


  • Please log in to reply
15 replies to this topic

#1 WILD RACING

WILD RACING

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 28 June 2015 - 07:28 PM

I have a Compaq Presario R3000 using XP w/ SP3.

 

Lately anything I try to open, be it a browser, web page or any other program from my desktop, it tends to load very slowly and more and more often lately the computer will just freeze up until I get so frustrated all I can do is hold the power button untill it shuts down and try again.

 

Sometimes it works better for a little while but inevitably I'm always left in the same boat.

 

 



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 28 June 2015 - 07:56 PM

Download and run wipe.

 

https://privacyroot.com/software/www/en/wipe.php

 

Under details make sure the highlighted button is ticked prior to cleaning.

v9cPNDN.jpg?1

 

Then System ninja

https://singularlabs.com/software/system-ninja/

 

Scan for junk then delete.

 

r5APpdC.jpg

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 28 June 2015 - 08:10 PM

I couldn't down load WIpe.  It gave me an error message the something failed to initialize.]]should I still go with the rest?



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 28 June 2015 - 08:18 PM

Yeah just use this instead to clean up useless files. Privazer http://privazer.com/


If you have issues with any program then skip and go to the next, when you come to the end of the instructions then try and run any tool you could not previously.



#5 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 29 June 2015 - 06:35 PM

Ok,  Privazer worked.  I'll work through the rest although with as long as that one took it may be some time before I get them completed so please bear with me.

 

Thank You.



#6 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 29 June 2015 - 09:19 PM

system nija wont load

eScanAV Anti-Virus Toolkit (MWAV) can not open

 Zemana Web page not found

 

JRT LOG

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.2 (06.29.2015:1)
OS: Microsoft Windows XP x86
Ran by User on Mon 06/29/2015 at 21:56:39.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

 

~~~ Files

 

~~~ Informational

C:\WINDOWS\system32\tasklist.exe doesn't exist [Process check skipped . Windows XP Home Edition?]

 

~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\User\Application Data\tuneup software
Successfully deleted: [Folder] C:\Program Files\viewpoint

 

~~~ FireFox

 

~~~ Chrome

[C:\Documents and Settings\User\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\User\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\User\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\User\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/29/2015 at 22:03:23.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner Log

 

# AdwCleaner v4.207 - Logfile created 29/06/2015 at 22:14:23
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : User - USER-DRXYHZGBOO
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
File Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [3815 bytes] - [22/12/2013 17:09:06]
AdwCleaner[R1].txt - [3172 bytes] - [16/05/2014 20:44:12]
AdwCleaner[R2].txt - [2514 bytes] - [29/06/2015 22:08:26]
AdwCleaner[S0].txt - [3954 bytes] - [22/12/2013 17:11:12]
AdwCleaner[S1].txt - [3295 bytes] - [16/05/2014 21:15:27]
AdwCleaner[S2].txt - [2475 bytes] - [29/06/2015 22:14:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2534  bytes] ##########



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 30 June 2015 - 09:16 AM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Also Zemana can be found here.

http://www.bleepingcomputer.com/download/zemana-anti-malware/



#8 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 01 July 2015 - 05:46 AM

Adware could not run.  Said application failed to initialize properly 0xc0000135

Page to download ZHP loads in french and won translate.

 

Results of screen317's Security Check version 1.004 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
 ESET Online Scanner v3  
 Microsoft Security Essentials   
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java™ 6 Update 30 
 Java version 32-bit out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 28% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

MiniToolBox by Farbar  Version: 22-06-2015
Ran by User (administrator) on 30-06-2015 at 20:38:15
Running from "C:\Documents and Settings\User\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Model: Presario R3000 (DZ354U#ABA) Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom 802.11b/g WLAN = Wireless Network Connection 3 (Connected)
1394 Net Adapter = 1394 Connection 3 (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection 3 (Media disconnected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : user-drxyhzgboo

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : wowway.com

 

Ethernet adapter Local Area Connection 3:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-02-3F-6F-98-DE

 

Ethernet adapter Wireless Network Connection 3:

 

        Connection-specific DNS Suffix  . : wowway.com

        Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

        Physical Address. . . . . . . . . : 00-90-4B-4E-4C-FA

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.131

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 64.233.214.34

                                            64.233.214.41

                                            192.168.1.1

        Lease Obtained. . . . . . . . . . : Tuesday, June 30, 2015 6:20:21 PM

        Lease Expires . . . . . . . . . . : Wednesday, July 01, 2015 6:20:21 PM

Server:  clv11-dns1.clv.wideopenwest.com
Address:  64.233.214.34

Name:    google.com
Addresses:  74.125.226.78, 74.125.226.70, 74.125.226.65, 74.125.226.71
   74.125.226.73, 74.125.226.68, 74.125.226.66, 74.125.226.72, 74.125.226.67
   74.125.226.69, 74.125.226.64

 

Pinging google.com [74.125.226.73] with 32 bytes of data:

 

Reply from 74.125.226.73: bytes=32 time=31ms TTL=56

Reply from 74.125.226.73: bytes=32 time=44ms TTL=56

 

Ping statistics for 74.125.226.73:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 31ms, Maximum = 44ms, Average = 37ms

Server:  clv11-dns1.clv.wideopenwest.com
Address:  64.233.214.34

Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109

 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

 

Reply from 98.139.183.24: bytes=32 time=55ms TTL=51

Reply from 98.139.183.24: bytes=32 time=60ms TTL=51

 

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 55ms, Maximum = 60ms, Average = 57ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 02 3f 6f 98 de ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 90 4b 4e 4c fa ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.131   25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      192.168.1.0    255.255.255.0    192.168.1.131   192.168.1.131   25
    192.168.1.131  255.255.255.255        127.0.0.1       127.0.0.1   25
    192.168.1.255  255.255.255.255    192.168.1.131   192.168.1.131   25
        224.0.0.0        240.0.0.0    192.168.1.131   192.168.1.131   25
  255.255.255.255  255.255.255.255    192.168.1.131   192.168.1.131   1
  255.255.255.255  255.255.255.255    192.168.1.131               2   1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/29/2015 09:27:46 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.5.216.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/29/2015 07:35:02 PM) (Source: Application Hang) (User: )
Description: Hanging application PrivaZer.exe, version 2.32.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (06/30/2015 07:50:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (06/30/2015 07:47:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/30/2015 06:50:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (06/30/2015 06:47:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/30/2015 06:30:23 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (06/30/2015 06:20:26 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (06/29/2015 11:50:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (06/29/2015 11:47:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (06/29/2015 11:39:18 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (06/29/2015 11:29:20 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Microsoft Office Sessions:
=========================
Error: (06/29/2015 09:27:46 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.5.216.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (06/29/2015 07:35:02 PM) (Source: Application Hang)(User: )
Description: PrivaZer.exe2.32.0.0hungapp0.0.0.000000000

=========================== Installed Programs ============================

Acrobat.com (HKLM\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\{A2BCA9F1-566C-4805-97D1-7FDC93386723}) (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems AC'97 Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version:  - )
AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version:  - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dragster Suite (HKLM\...\{8BA2BF97-005C-4231-8B90-3DC7BDAEC35B}) (Version:  - AIM)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DynoLog (HKLM\...\ST5UNST #1) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FastStone Image Viewer 4.1 (HKLM\...\FastStone Image Viewer) (Version: 4.1 - FastStone Soft)
Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS ) (HKLM\...\Rocket Division Software Grab & Burn_is1) (Version:  - Rocket Division Software)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
HP Integrated Wireless LAN W400-W500 Driver (HKLM\...\{5C3DA2A1-03B2-44BD-B5AA-A44BD6E0C0C1}) (Version:  - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InterVideo DVD Check (HKLM\...\{5D97A4A7-C274-4B63-86D9-07A33435F505}) (Version:  - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.662 - InterVideo Inc.)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM\...\{DA846E79-1C13-4AB0-8DEB-77935469CD9A}) (Version: 2.03.06.002.14 - Novatel Wireless) Hidden
Mobile Broadband Generic Drivers (HKLM\...\Mobile Broadband Generic Drivers) (Version: 2.03.06.002.14 - Novatel Wireless)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA nForce Drivers (HKLM\...\NVIDIA nForce Drivers) (Version:  - )
PCI 1620 Cardbus Controller and Software (HKLM\...\InstallShield_{B1E8784B-A465-4A00-8D5D-E694A1D34A98}) (Version: 1.02.0008 - Texas Instruments Inc)
PrivaZer (HKLM\...\PrivaZer) (Version: 2.32.0.0 - Goversoft LLC)
Quick Launch Buttons 5.10 B5 (HKLM\...\{CEB326EC-8F40-47B2-BA22-BB092565D66F}) (Version: 5.10 B5 - Hewlett-Packard Company)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealDownloader (HKLM\...\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}) (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup (HKLM\...\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}) (Version:  - )
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.4 - Hewlett-Packard)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.4010 - Analog Devices)
TI1620/1520 (HKLM\...\{B1E8784B-A465-4A00-8D5D-E694A1D34A98}) (Version: 1.02.0008 - Texas Instruments Inc) Hidden
Verizon Wireless MiFi-2200 Firmware Updates (HKLM\...\{6BC271BA-C4ED-4BDA-8D80-437C0919F3E6}) (Version: 1.0.0 - Smith Micro Software, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VZAccess Manager (HKLM\...\{195F69A5-A4A0-421C-AC4B-2B2471C34037}) (Version: 7.0.10.1 - Smith Micro Software Inc.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Xvid 1.2.1 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 766.98 MB
Available physical RAM: 379.59 MB
Total Pagefile: 2768.5 MB
Available Pagefile: 2384.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.4 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.25 GB) (Free:12.77 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-DRXYHZGBOO

Administrator            Guest                    HelpAssistant           
SUPPORT_388945a0         User                    

**** End of log ****

 

C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting - quarantined
 



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 01 July 2015 - 06:12 AM

Uninstall the following, leave the AOL stuff if you actually use it.

 

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version:  - )
AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version:  - )

 

MSE does not support your operating system anymore.

 

I suggest you replace MSE with one of the following, then run a full scan with it.

 

360 Total Security http://www.360totalsecurity.com/en/

http://tiranium-antivirus.com/products.html

 

Also from the reports your firewall is down, not a good idea. I suggest you enable it.

https://support.microsoft.com/en-us/kb/283673

 

Now you have a huge need to defrag your machine, I suggest that you do so with this great defrag tool. Smart Defrag Toolwhiz

http://www.toolwiz.com/en/products/toolwiz-smart-defrag/

 

Now for ZHP cleaner the download is in french but the program is in english when you go to the site click on the image below, this means download.

cSBp8Vr.png

 

Now back to business....

 

Run a full scan with Reason Core Security

 

pd9wnxI.jpg

Remove infections reboot.

 

 

Run an advanced scan with  Crystal Security.

 

YwB0fU0.jpg

Remove infections reboot.

 

 

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

 

 

7RdkPsQ.png

Now go to the scanner tab and select Full Scan.



Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

Edited by InadequateInfirmity, 01 July 2015 - 06:14 AM.


#10 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 03 July 2015 - 10:44 AM

I'm still working on those scans.

#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 03 July 2015 - 10:46 AM

:thumbup2:



#12 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 04 July 2015 - 02:13 PM

Ok, I think I got through that list although not without some trouble. I do Use Google toolbar so I left that.

360 security gave a warning about a trojan when I tried downloading ZHP Cleaner. It doesn't appear that it downloaded to my computer as I couldn't find any trace of it.

Reason Core would scan to 99% the I get a window that popped up asking which user I want to run the program. No matter what I clicked, the scan wouldn't finish and that message would reappear.


Crystal found 0 suspicious or unsafe items

After getting through the rest, My laptop froze up and when I tried to restart i kept getting the large blue warning screen and it would shut down and restart.

It wasn't untill I booted in safe mode and removed Malwarebytes that I was able to get may computer to biit back up.

Here's the logs I have now......

360 Full Check log

Start time: 2015-07-01 22:25:32 (UTC-04:00)
Time taken: 02:41:19

Full Check result:
======================

Bootup speed scan result
----------------------
NVIDIA Control Panel NVIDIA graphics card is used to adjust the parameters set. Recommend Off
Error Reporting Service Allow error reporting. Booting not required. Recommend Off
Help and Support Help and Support Center. Booting not required. Recommend Off
IPsec Policy Agent Support custom security rules, such as data from shielded ports 135 and 139. Booting not required. Recommend Off
Distributed Link Tracking Client Track and maintain associated files in an NTFS file system guaranteeing shortcuts remain valid when moving files. Not required during boot time. Recommend Off
At2.job(Invalid) Should Delete
A notification about Windows XP support's end. Show the notification for user monthly to remind for the end support to the Windows XP system. Recommend Off
A notification about Windows XP support's end. Show the notification for user monthly to remind for the end support to the Windows XP system. Recommend Off
RealPlayer Update Automatically check for updates Realplayer related applications. Recommend Off
RealUpgradeScheduledTaskS-1-5-18.job Recommend Off
RealPlayer Update Automatically check for updates Realplayer related applications. Recommend Off

Virus scan result
----------------------
c:\documents and settings\administrator\desktop\sdsetup.exe -min Invalid registry startup item
c:\documents and settings\user\desktop\tfc.exe HEUR/QVM17.0.Malware.Gen
c:\program files\java\jre6\bin\jp2ssv.dll Invalid registry startup item

Junk file scan result
----------------------
Found 418.3 MB junk file(s)

WiFi security check result
----------------------
Safe

Repair result:
======================

Bootup speed optimization items
----------------------
NVIDIA Control Panel NVIDIA graphics card is used to adjust the parameters set. Recommend Off
Error Reporting Service Allow error reporting. Booting not required. Recommend Off
Help and Support Help and Support Center. Booting not required. Recommend Off
IPsec Policy Agent Support custom security rules, such as data from shielded ports 135 and 139. Booting not required. Recommend Off
Distributed Link Tracking Client Track and maintain associated files in an NTFS file system guaranteeing shortcuts remain valid when moving files. Not required during boot time. Recommend Off
At2.job(Invalid) Should Delete
A notification about Windows XP support's end. Show the notification for user monthly to remind for the end support to the Windows XP system. Recommend Off
A notification about Windows XP support's end. Show the notification for user monthly to remind for the end support to the Windows XP system. Recommend Off
RealPlayer Update Automatically check for updates Realplayer related applications. Recommend Off
RealUpgradeScheduledTaskS-1-5-18.job Recommend Off
RealPlayer Update Automatically check for updates Realplayer related applications. Recommend Off

Virus processing result
----------------------
c:\documents and settings\administrator\desktop\sdsetup.exe -min Invalid registry startup item
c:\documents and settings\user\desktop\tfc.exe HEUR/QVM17.0.Malware.Gen
c:\program files\java\jre6\bin\jp2ssv.dll Invalid registry startup item

Junk file Cleanup result
----------------------
Cleaned up 418.3 MB junk file(s)

WiFi fixing result
----------------------
Safe

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/3/2015
Scan Time: 3:35:27 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.03.06
Rootkit Database: v2015.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352424
Time Elapsed: 1 hr, 10 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Rogue.MultipleAV, HKU\S-1-5-21-484763869-573735546-839522115-500_Classes\AH, Quarantined, [bca6efee66241422ac4a3f1f60a454ac],

Registry Values: 2
Hijack.ExeFile, HKU\S-1-5-21-484763869-573735546-839522115-500_Classes\.EXE\SHELL\OPEN\COMMAND, "C:\Documents and Settings\User\Local Settings\Application Data\pbx.exe" -a "Quarantined" %*, [3d25944993f78aaca717b03d9d6724dc], %5
Rogue.MultipleAV, HKU\S-1-5-21-484763869-573735546-839522115-500_Classes\AH|Content Type, application/x-msdownload, Quarantined, [bca6efee66241422ac4a3f1f60a454ac]

Registry Data: 2
Hijacked.exeFile, HKU\S-1-5-21-484763869-573735546-839522115-500_Classes\.EXE, ah, Good: (exefile), Bad: (ah),Replaced,[5c060fce1179e155c0b361ea4cbac13f]
PUM.HijackExefiles, HKU\S-1-5-21-484763869-573735546-839522115-500_Classes\.EXE, ah, Good: (exefile), Bad: (ah),Replaced,[eb77825b6723e94d3bbc86c666a0a858]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

9-lab Removal Tool 1.0.0.19 BETA
9-lab.com

Database version: <none>.10959

Windows XP Service Pack 3 (Version 5.1, Build 2600, 32-bit Edition)
Internet Explorer 8.0.6001.18702
User :: USER-DRXYHZGBOO not implemented yet

7/3/2015 5:18:45 PM
9lab-log-2015-07-03 (17-18-45).txt

Scan type:
Objects scanned: 20150
Time Elapsed: 2 h 44 m

Files detected: 8
Adware.Generic.325504.vp [C:\Program Files\Xvid\OGMCalc.exe]
Adware.Generic.325504.vp [C:\Documents and Settings\All Users\Start Menu\Programs\Xvid\Koepi's OGMCalc.lnk]
Adware.Generic.325504.vp [C:\Program Files\Xvid\MiniCalc.exe]
Adware.Generic.325504.vp [C:\Documents and Settings\All Users\Start Menu\Programs\Xvid\Nic's MiniCalc.lnk]
Adware.Generic.325504.vp [C:\Program Files\Xvid\vidccleaner.exe]
Adware.Generic.325504.vp [C:\Documents and Settings\All Users\Start Menu\Programs\Xvid\Vidc.Cleaner.lnk]
Trojan.Win32.HighRisk.sm.xr [C:\Documents and Settings\User\My Documents\Downloads\ImgBurn_Setup.exe]
TROJ_GEN.R0C1H01FU13.an [C:\MiniToolBox.exe]


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 804241408, free: 278282240

Downloaded database version: v2015.07.03.08
Downloaded database version: v2015.07.03.01
Downloaded database version: v2015.07.01.02
=======================================
Initializing...
------------ Kernel report ------------
07/03/2015 21:01:36
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\System32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
nv_agp.sys
Mup.sys
tiumflt.sys
\SystemRoot\System32\DRIVERS\processr.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\CmBatt.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\Apfiltr.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\System32\DRIVERS\AGRSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\System32\DRIVERS\R8139n51.SYS
\SystemRoot\System32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\drivers\tiumfwl.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\wanatw4.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\??\C:\WINDOWS\System32\drivers\EABFiltr.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\360AvFlt.sys
\SystemRoot\system32\drivers\hookport.sys
\SystemRoot\System32\Drivers\Efimon.sys
\??\C:\WINDOWS\system32\drivers\qutmdrv.sys
\??\C:\WINDOWS\system32\drivers\BAPIDRV.SYS
\SystemRoot\System32\Drivers\360AntiHacker.sys
\SystemRoot\system32\DRIVERS\360Box.sys
\SystemRoot\system32\drivers\360SelfProtection.sys
\??\C:\WINDOWS\system32\drivers\qutmipc.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.07.03.08
rootkit: v2015.07.03.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff83cd51f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff83cd3900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff83cd51f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff83d5f9e8, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff83dd5940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3940393F

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 78124032
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 40007761920 bytes
Sector size: 512 bytes

Done!
File "C:\Documents and Settings\All Users\Application Data\360safe\LogInfo\New360_tmp_1435887920_3560.log2" is compressed (flags = 1)
File "C:\Documents and Settings\All Users\Application Data\360safe\LogInfo\New360_tmp_1435897995_168.log2" is compressed (flags = 1)
File "C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt" is compressed (flags = 1)
File "C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock" is compressed (flags = 1)
File "C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock" is compressed (flags = 1)
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat" is compressed (flags = 1)
File "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat" is compressed (flags = 1)
File "C:\Documents and Settings\User\Application Data\360WD\wdch.dat" is compressed (flags = 1)
File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
File "C:\Documents and Settings\User\Local Settings\temp\~DF2E6C.tmp" is compressed (flags = 1)
File "C:\Documents and Settings\User\Local Settings\temp\~DF80BA.tmp" is compressed (flags = 1)
File "C:\Documents and Settings\User\Local Settings\temp\~DFA960.tmp" is compressed (flags = 1)
File "C:\Documents and Settings\NetworkService\Cookies\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\User\Cookies\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\User\IECompatCache\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\User\PrivacIE\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat" is compressed (flags = 1)
Scan Interrupted
Scan was aborted.

#13 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 04 July 2015 - 05:29 PM

Also, everytime I've started my computer after this I get a pop up window that looks like this......

8aJUu.png

kind of annyoing. Any way to disable it?

#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 05 July 2015 - 09:27 PM

Create a new thread to get more advanced help/

 

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

Provide a link to this thread in the topic, also post a link to the new topic here so that I can follow the thread.



#15 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 05 July 2015 - 10:42 PM

New thread started.

http://www.bleepingcomputer.com/forums/t/581957/laptop-running-really-slow-and-sometimes-freezing-up-frst-log-included/

Thanks for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users