[Active] Getting Internet Explorer popups while on Chrome & found a trojan last week

[Hiralarious]

So I recently noticed that my computer was a slower than usual. This may be because I just came back from vacation so I don't know the speed as well as I used to, but yeah. Today I also started getting internet explorer popups while on chrome, even though I don't even use explorer. Also, I just got the blue screen of death thing twice today. I tried doing the 6 steps things, but I ran into a few problems. I already had malwarebytes downloaded on my computer, but it won't update for me - I get an error 732. However, I did run a full scan a few days ago, but the last time my malwarebytes was updated was january 7 2010. Also, I had to go out for a bit while I was doing the GMER scan, but when I was back I had the blue screen of death issue. I'll try again in a bit if needed, but yeah. Before I left, I noticed that it had found one thing.
Oh, I have yet to run the DDS thing, but I will close my internet in just a second to do that.

& thanks in advance :]

I also have attached the old malwarebytes log & the two others.

Also, strangely enough, while I was running the DDS thing the first time something came up that restarted my computer - it wasn't the usual stuff from program updates either. It had like a 30 second countdown too. I tried taking a screen shot, but for some reason it wouldn't paste into paint. Might not be related, but thought I'd mention it anyway.

 

[crunchie]

Once you have posted all the logs, I will take a look .

 

[Hiralarious]

Done
And thanks for the lightning fast reply<3

 

[crunchie]

No worries. I'm on my lunch break .

Get the (almost) latest MBA_M-Rules here; http://malwarebytes.gt500.org/

 

[Hiralarious]

Uh, I just downloaded the malwarebytes rules part and now when I try opening the program, I get a error 730.
Should I just uninstall and reinstall the program?
And also, yumm.. food
But wow, where do you live? It's way past lunch time here. Hahha.

 

[crunchie]

Way past lunchtime yesterday (for me) no doubt. Tuesday 2.45PM here in the land of oz (Australia).
Try uninstalling the reinstalling and we will see what happens from there.
Before installing, run the tool from here: http://www.malwarebytes.org/mbam-clean.exe

 

[Hiralarious]

Oh schnap! malwarebytes found a lot of stuff O:
And I'm insanely jealous that you live in aus.

 

[crunchie]

Are you still getting the pop ups?

 

[Hiralarious]

Nopeee.
But do I have any other random viruses and stuff on there still? :/

 

[crunchie]

Not that I can see in your logs.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan​

• Trend Micro HouseCall​

• F-Secure Online Virus Scanner​

 

[Hiralarious]

Ohkay, sorry it took me so long to replyy.
The first scan wouldn't work for some reason & the second like, worked but then my internet died halfway through it so i was like, screw it.. and so I used the last one.
But of course, my net died RIGHT when the scan was done, so I dont think it saved on a notepad thing.. but I took a screenshot. Hopefully that's good enough, if not, I can rescan. :]
... ugh, it says that the file size is too big for the thing.
D:
I'll rerun the thing overnight, I suppose and update you then :]

 

[crunchie]

If it makes it easier, boot into safe mode with networking to do the scan.

 

[Hiralarious]

Yay, finally got around to doing the scan :]
My net likes dying on me at night which is when I generally do all the scanning stuff.. which is why I took so longg.
MY BAD.
But anyway, thank you again and here you go :]

 

[crunchie]

Looks ok to me. It is just flagging some of the tools you have used.

How are things going?

 

[Hiralarious]

I think my computer is still pretty slow. :/
I don't know if that's just because my computer is just slow & old or if it's my net, etc.
But the pop up thing is gone.
:3

 

[crunchie]

When was the last defrag done?

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Hiralarious]

Well, it won't let me paste it because it's too long, so I just saved it.

And I think I defragged my comp like, two weeks ago?

 

[crunchie]

Problem here likely started with all the P2P programs you have installed.
I see that utorrent is set to run at startup. You may want to disable it from the startup to be sure it is not using the bandwidth.
Set Windows updates to manual too.

==

Viewpoint Manager is considered to be foistware, rather than malware, since it is installed without users approval, but doesn't spy or do anything "bad". Please read this article: http://www.clickz.com/news/article.php/3561546
I suggest that you remove the program. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
Viewpoint
Viewpoint Manager
Viewpoint Media Player

=============

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\WINDOWS\WMSysPr9.prx

=============

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  C:\WINDOWS\tasks\zxnxgpof.job
  :OTL
  SRV - File not found [Disabled | Stopped] -- C:\Nexon\MapleStory\npkcmsvc.exe -- (npkcmsvc)
  SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
  SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Nexon\MapleStory\npkcusb.sys -- (npkcusb)
  DRV - File not found [Kernel | Auto | Stopped] -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
  DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ARSHIR~1\LOCALS~1\Temp\catchme.sys -- (catchme)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O4 - HKLM..\Run: [KernelFaultCheck]  File not found
  O20 - AppInit_DLLs: (zbotub.dll) -  File not found
  :Commands
  [emptyflash]
  [purity]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

[Hiralarious]

I can't seem to find viewpoint in the add/remove programs for some reason.

Also, how do I disable utorrent from starting at startup and send windows updates to manual?

& I only downloaded utorrent and the other p2p programs like, two days ago to download a program so nothing came from that.

For the scan:

Filename: WMSysPr9.prx
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Thu 5 Aug 2010 09:26:09 (CET) Permalink

Also, second link doesn't work.

 

[crunchie]

Start > Run and type in msconfig and hit ok. Go to startups and uncheck the utorrent box on the left.
Hit apply and ok out.
Next time you boot you will get a message that you have changed your startup. Tick the box on the lft and then OK.

==

Go to Control Panel and then Windows Updates. Select the 'notify me but do not download' option.

====

How is the pc now?

 

[Hiralarious]

The only updates I see are program and automatic updates.

And the pc is faster & less laggy, I think :3

 

[crunchie]

http://support.microsoft.com/kb/875349

Notify me but don't automatically download or install them
This option notifies you that there are updates available. It requires user interaction to download them and install them.

Thats the one you want.

 

[Hiralarious]

Mmks.
And actually, I don't think my comp speeded up that much.
):