TechSpot

Computer running a bit strangely

By Darrenbilly
May 30, 2008
  1. A few ads are slipping through and pop ups, it is a bit laggy also. Please check the attached combofix, by golly, it's a long one. Hmm infact, its way too big for the forum, i'll try it in two sections View attachment 33009
     
  2. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I looked at the first log. You are badly infected with malware. For starters:
    Adzgalore Games Collection: known to have adware. Labeled as PUA> potentially unwanted application.

    You need to run the full malware cleanup on:
    http://www.techspot.com/vb/topic58138.html

    This will include a hijackthis log to post.
     
  4. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

    .

    And the second log?
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    One thing I note is that you are starting up into BitTorrent. That give you a potential for malware. You need to go through the malware cleaning as mentioned.
     
  6. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

    .

    Not been able to get SAS log, that scan takes a long time and was unable to complete. But please check this hjt and combofix just for my security.
    this log was only 25kb A hell of a lot smaller eh?!
    View attachment 33037
    View attachment 33038
    Thanks for your help so far ;)
     
  7. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Run HJT with no other programs open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to:

    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following :

    Please note any other programs that you don't recognize in that list in your next response.

    Open SuperAntiSpyware and have it remove:

    Do NOT use your System Restore. It is infected. We will drop off the old points when you're clean.

    Update the Java to v6u6:
    http://www.java.com/en/download/manual.jsp

    Run HijackThis and post new log.
     
  9. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

    Follow up

    View attachment 33081

    I removed all of the items in hijackthis.

    When i started in safe mode and went to control panel > add/remove i could not find what you were asking for so i searched for it and deleted it.

    I have the java update.

    These are the programs im not too sure about:
    Openmg limited patch 4.1-05-13-31-01
    Openmg limited secure module 4.1.00
    Metaframe presentation server
    Web client for win32
    Mvision
    Microsoft IEAK
    Winpcap

    Also how can i arrange the programs in my all programs list, there are way too many?

    Thanks
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I'm just answering that single part

    Download Tidy Start Menu
    I've used this a few times myself
     
  11. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

    :D

    Thanks kimsland
     
  12. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

    Any update?

    Hey Bobbye i've had a few ads slip through, Is there still any sign of infection?
     
  13. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Looks like a left over from norton -> run the removal tool

    I don't see a firewall ->
    Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:
    Comodo (Vista Compatible)
    Kerio
    Online Armor
    Zonealarm (Vista Compatible)


    Please run an online scan to look in more locations and to verify what's been done so far.
    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply

    Also attach a new hijackthis log after the above is done
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Well, I no longer see the Live Messenger process- usnsvc.exe-that's good. Blind Dragon will take you through the rest of the scans.

    I'd like to make a comment for you to keep in mind> you have a lot of game sites on the system. It's not unusual for those types of sites to send a little extra by way of ads and possible bundled spyware. So beware of that.
     
  15. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I didn't mean to cut you off if you would like to continue with the fix. I just hadn't seen a reply
     
  16. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

    Thanks

    Thankyou for all of your help bobbye. Blinddragon i will do all of those instructions by the end of today hopefully, thanks.
     
  17. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Same thing, and good job finding the correct one. :grinthumb
     
  19. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Blind Dragon, I appreciate your help. You are able to take users though subsequent cleaning programs after HijackThis, better than I. Thank you. Please continue.

    But I did look at the latest log and see C:\Program Files\Windows Live\Messenger\usnsvc.exe is back! I thought you removed this.
     
  21. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

    :eek:

    So did i? I removed windows live messenger which i always use.. But it auto reinstalls

    I forgot to mention, i downloaded comodo firewall, but it says: "comodo firewall pro is being initialized" and then says: "the network firewall is not functioning properly, please run the diagnostics utility to fix the problem" which i do, but to no avail, please help?
     
  22. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Remove Comodo Firewall to get your Internet back
     
  23. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

    ?

    My internet works fine, just the firewall is not, i will get one of the other ones blind dragon suggested. Please look at the attached ad aware log, i did the scan and it found 4 infections, im not sure if they are still on here and one of them mentions comodo firewall. Thanks

    View attachment 33189
     
  24. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    After removing Comodo Firewall, run CCleaner
    Those infections will then be confirmed gone (seeming they're in temp folders)
     
  25. Darrenbilly

    Darrenbilly TS Enthusiast Topic Starter Posts: 161

    :D

    Ok i've uninstalled it and run cleaner. Now im installing kerio ( sunbelt personal firewall) hopefully it works! In a previous post bobbye said to list any programs i was unsure of, i did but he did not respond to it, anyone else able to? Thanks

    These are the programs im not too sure about:
    Openmg limited patch 4.1-05-13-31-01
    Openmg limited secure module 4.1.00
    Metaframe presentation server
    Web client for win32
    Mvision
    Microsoft IEAK
    Winpcap

    Also, can you donate to the forum?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...