TechSpot

Very slow computer possibly virus or malware

By kgraf
Sep 23, 2010
  1. Hello, This is my first attempted post please bare with me if format is not correct.
    For the last couple of months my machine has been very slow, up to 50 process actively running at one time. I have conducted AVG and Malware scans and nothing shows up in the logs? If you can help me I would really appreciate it thank you for your time.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, never zip any logs.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Wow You Guys Are Awsome!Thank You.

    Hi Broni,
    Thank you for your help. I tell you what for the life of me can't figure out what it was hopefully just a 24 hr virus :D. Anyway thank you very much I hope you guys can use my information below to help other folks out there. If it was malware or a virus please let me know for my knowledge thank you.
    :approve:
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    MBRCheck log looks good :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\EED76035D3.sys
    
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  5. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Hope this helps

    Thank you.:wave:
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good :)

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    OTL Extras logfile created on: 9/24/2010 9:56:14 AM - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\King\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    990.00 Mb Total Physical Memory | 564.00 Mb Available Physical Memory | 57.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 52.17 Gb Total Space | 23.44 Gb Free Space | 44.93% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: OWNER-416EDF0C7
    Current User Name: King
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! 9.x/2007 -- (Sage Software SB, Inc)
    "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Business Plan Pro\bppenu11\Pas.Bppenu11.exe" = C:\Program Files\Business Plan Pro\bppenu11\Pas.Bppenu11.exe:*:Enabled:pas.Bppenu11 -- (Palo Alto Software)
    "C:\Program Files\Business Plan Pro\bppenu11\Pas.Bppenu11.SampleBrowser.exe" = C:\Program Files\Business Plan Pro\bppenu11\Pas.Bppenu11.SampleBrowser.exe:*:Enabled:pas.Bppenu11.SampleBrowser -- (Palo Alto Software)
    "C:\Program Files\Business Plan Pro\bppenu11\Pas.Bppenu11.AppResources.exe" = C:\Program Files\Business Plan Pro\bppenu11\Pas.Bppenu11.AppResources.exe:*:Enabled:pas.Bppenu11.AppResources -- (Palo Alto Software)
    "C:\Program Files\Business Plan Pro\bppenu11\Pas.Bppenu11.Help.exe" = C:\Program Files\Business Plan Pro\bppenu11\Pas.Bppenu11.Help.exe:*:Enabled:pas.Bppenu11.Help -- (Palo Alto Software)
    "C:\Program Files\Business Plan Pro\bppenu11\Pas.VentureCapitalBrowser.US.exe" = C:\Program Files\Business Plan Pro\bppenu11\Pas.VentureCapitalBrowser.US.exe:*:Enabled:pas.VentureCapitalBrowser.US -- (Palo Alto Software)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{28C7F7AB-B6D7-4092-B2BC-746CE171D493}" = ACT!
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E9E68FB-49FA-410A-8787-424F2A506E0F}" = Business Plan Pro 15th Anniversary Edition
    "{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Atheros Client Installation Program
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
    "{E7269FD6-34EA-4617-8752-6739AA384080}" = V CAST Media Manager
    "{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = AVC Finger-sensing PAD Driver
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AVG8Uninstall" = AVG 8.5
    "CCleaner" = CCleaner
    "Chrome9HC" = VIA Chrome9 HC IGP Family Display Driver
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001" = HDAUDIO Soft Data Fax Modem with SmartCP
    "HijackThis" = HijackThis 2.0.2
    "HP PrecisionScan Pro" = HP PrecisionScan Pro
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{28C7F7AB-B6D7-4092-B2BC-746CE171D493}" = ACT! by Sage
    "InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "Mozilla Sunbird (0.3.1)" = Mozilla Sunbird (0.3.1)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "ProShow Gold" = ProShow Gold
    "TerraExplorer" = TerraExplorer
    "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/22/2010 7:14:26 PM | Computer Name = OWNER-416EDF0C7 | Source = Application Error | ID = 1000
    Description = Faulting application rbhtoxcl.exe, version 1.0.15.15281, faulting
    module rbhtoxcl.exe, version 1.0.15.15281, fault address 0x0000c4b1.

    Error - 9/22/2010 10:11:06 PM | Computer Name = OWNER-416EDF0C7 | Source = Google Update | ID = 20
    Description =

    Error - 9/22/2010 11:11:10 PM | Computer Name = OWNER-416EDF0C7 | Source = Google Update | ID = 20
    Description =

    Error - 9/23/2010 12:11:11 AM | Computer Name = OWNER-416EDF0C7 | Source = Google Update | ID = 20
    Description =

    Error - 9/23/2010 1:09:54 AM | Computer Name = OWNER-416EDF0C7 | Source = Application Error | ID = 1000
    Description = Faulting application acs.exe, version 0.0.0.0, faulting module athcfg11.dll,
    version 4.1.0.132, fault address 0x000227ca.

    Error - 9/23/2010 12:44:54 PM | Computer Name = OWNER-416EDF0C7 | Source = Application Hang | ID = 1002
    Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/23/2010 1:07:56 PM | Computer Name = OWNER-416EDF0C7 | Source = Application Error | ID = 1000
    Description = Faulting application acs.exe, version 0.0.0.0, faulting module athcfg11.dll,
    version 4.1.0.132, fault address 0x000227ca.

    Error - 9/23/2010 9:52:26 PM | Computer Name = OWNER-416EDF0C7 | Source = Application Hang | ID = 1002
    Description = Hanging application avgui.exe, version 8.5.0.440, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 9/23/2010 9:52:26 PM | Computer Name = OWNER-416EDF0C7 | Source = Application Hang | ID = 1002
    Description = Hanging application avgui.exe, version 8.5.0.440, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 9/23/2010 9:55:25 PM | Computer Name = OWNER-416EDF0C7 | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    [ System Events ]
    Error - 9/23/2010 12:42:00 PM | Computer Name = OWNER-416EDF0C7 | Source = Service Control Manager | ID = 7031
    Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    Restart the service.

    Error - 9/23/2010 12:54:00 PM | Computer Name = OWNER-416EDF0C7 | Source = Service Control Manager | ID = 7031
    Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    Restart the service.

    Error - 9/23/2010 12:55:59 PM | Computer Name = OWNER-416EDF0C7 | Source = Service Control Manager | ID = 7031
    Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    Restart the service.

    Error - 9/23/2010 1:11:41 PM | Computer Name = OWNER-416EDF0C7 | Source = Service Control Manager | ID = 7000
    Description = The XAudioService service failed to start due to the following error:
    %%2

    Error - 9/23/2010 10:14:09 PM | Computer Name = OWNER-416EDF0C7 | Source = Service Control Manager | ID = 7000
    Description = The XAudioService service failed to start due to the following error:
    %%2

    Error - 9/23/2010 10:28:12 PM | Computer Name = OWNER-416EDF0C7 | Source = Service Control Manager | ID = 7031
    Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    Restart the service.

    Error - 9/23/2010 10:39:40 PM | Computer Name = OWNER-416EDF0C7 | Source = Service Control Manager | ID = 7034
    Description = The Atheros Configuration Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/23/2010 11:02:07 PM | Computer Name = OWNER-416EDF0C7 | Source = Service Control Manager | ID = 7000
    Description = The XAudioService service failed to start due to the following error:
    %%2

    Error - 9/23/2010 11:48:32 PM | Computer Name = OWNER-416EDF0C7 | Source = Service Control Manager | ID = 7034
    Description = The Atheros Configuration Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/24/2010 10:48:50 AM | Computer Name = OWNER-416EDF0C7 | Source = Service Control Manager | ID = 7000
    Description = The XAudioService service failed to start due to the following error:
    %%2


    < End of report >
     
  8. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Here is the OTL text

    Thank you again.
     

    Attached Files:

    • OTL.Txt
      File size:
      159.2 KB
      Views:
      1
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O4 - HKLM..\Run: [VTTimer]  File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
      [91 C:\Documents and Settings\King\My Documents\*.tmp files -> C:\Documents and Settings\King\My Documents\*.tmp -> ]
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  10. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Can you please give me the steps to this.
    *Note 1*: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Thank you
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Start Java installation and when you see any pre-checked option/toolbar, which is not named Java, UN-check it.
    I believe, the current version tries to sneak in Ask Toolbar.
     
  12. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Hi

    You asked me to start the Java installation how do I do that?:confused:
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  14. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Update

    Hi,
    I ran the ESET scan there were no known threats and no log to post? Also did the other tasks as well. What about older versions of applications in the Add/Remove window do they need to be removed, just a thought?
    Thank you for your continued help:)
     

    Attached Files:

  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    What programs do you have in mind?

    =========================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  16. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Hi Broni,
    Here is the OTL file you requested. Thank you so much for all your time and help I really appreciate it. I willlet you know how things are going.:wave:
     

    Attached Files:

  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please do......
     
  18. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Hi Broni,
    After booting computer today, which took for ever, and when trying to start an application the application either did not start at all or it took a avery long time for it to boot. Also the icons at the bottom right are never consistent ie; volume control, s3 tray, hdeck etc. Do you have any suggestions?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Did you try to restart one more time?

    Your computer is clean, so you may have some other issues....
     
  20. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Yes I did a restart and same things are going on?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
  22. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Hi Broni

    I have posted to the Windows section with no response. I don't know if I am in the correct area. Can you please direct me to the correct link and posting area. Thank you.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    If it's been couple of days with no reply, try to bump your topic.
     
  24. kgraf

    kgraf TS Rookie Topic Starter Posts: 20

    Hi

    What is bumping a topic?
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Post something there, like...

    "Any help with my issue?"

    It'll bump your topic to the top.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...