|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
Virus? Pc Is Running a bit slow I think
Hello all =)
I trust all have been well. I seem to have a bit of a quandry. I thought I had a virus based on the inability to run MalwareBytes. I'm running Superantispware, Spyware Terminator and IOBIT Security 360 which has found 5 infections. I will attach logs as soon as the scans finish, but upon trying to run MalwareBytes I get an error of "An error has Occured" MBAM_ERROR_EXPANDING VARIBLES (0,9) Any Ideas? (The logs will be in my next post) Matt |
#2
|
|||
|
|||
The IOBIT Scan has come back with 4 BHO Crawler Toolbars and a tracking cookie. All were removed. I'll post the SuperAntispyware log and the Spyware Terminator log when it is complete.
By the way, I'm running Avast 5 Free. (MSE was dragging on my system before) Matt |
#3
|
|||
|
|||
Virus? Pc Is Running a bit slow I think
No threats from the Superantispyware or Spyware Terminator scans.
|
#4
|
||||
|
||||
Hello
![]() Let´s see what´s it all about. Download Ccleaner: Here Click on -> “Download Latest Version” Once installed, run CCleaner click the Windows tab Select the following: Internet Explorer: Temp Internet History Recently Typed URLs Delete Index.dat files System: Empty Recycle Bin Temporary Files Memory Dumps Chkdsk File Fragments Then click Run Cleaner (bottom right) then Exit We need to get a comprehensive report of what is present in your system. Please download DDS: Here If you are using Firefox, go to the toolbar and click File. Then go down to Save As & click. Then save it on the desktop. Save as dds.scr Save as Type : All files to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Torrent software, before we clean your computer. |
#5
|
|||
|
|||
Virus? Pc Is Running a bit slow I think
I have tried to download DDS and a whole bunch of text & characters have appeared but not the download. Could I try to get this download in safe mode??
|
#6
|
|||
|
|||
Virus? Pc Is Running a bit slow I think
"this program cannot be run in DOS mode".
|
#7
|
||||
|
||||
Ok. Are you using Firefox ?
"If you are using Firefox, go to the toolbar and click File. Then go down to Save As & click. Then save it on the desktop. Save as dds.scr Save as Type : All files" |
#8
|
|||
|
|||
I am indeed and will try this.
|
#9
|
|||
|
|||
Virus? Pc Is Running a bit slow I think Part 1
DDS (Ver_10-10-21.02) - NTFSx86 NETWORK
Run by office at 10:04:43.73 on Thu 10/28/2010 Internet Explorer: 9.0.7930.16406 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1513 [GMT -5:00] SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\office\Downloads\dds.pif C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.e xe" -quiet mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\office\appdata\roaming\mozilla\firefox\pr ofiles\bvw85qi3.default\ FF - prefs.js: browser.startup.homepage - www.google.com ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox 4.0 beta 6\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGI DSEH.sys [2010-9-13 25680] R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-28 165584] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2010-10-28 17744] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-10-28 50768] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-28 40384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-28 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-28 40384] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-9-15 21504] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2010-9-15 21504] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV 3.SYS [2006-11-2 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTB S23.SYS [2006-11-2 251904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2010-10-28 14:00:43 -------- d-----w- c:\program files\CCleaner 2010-10-28 13:54:52 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-10-28 13:54:47 38848 ----a-w- c:\windows\avastSS.scr 2010-10-27 18:08:23 -------- d-----w- c:\program files\Yahoo! 2010-10-27 12:57:55 -------- d-----w- c:\users\office\appdata\roaming\Panda Security 2010-10-27 12:56:32 -------- d-----w- c:\program files\Panda Security 2010-10-27 12:31:06 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e388abfd-7f14-4877-a611-a4b979b78bf3}\mpengine.dll 2010-10-27 01:22:16 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 6 2010-10-26 21:26:56 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com 2010-10-26 21:24:10 -------- d-----w- c:\progra~2\IObit 2010-10-26 19:44:39 -------- d-----w- c:\users\office\appdata\local\Apple 2010-10-26 18:01:47 -------- d-----w- c:\program files\VS Revo Group 2010-10-26 16:46:59 -------- d-----w- c:\users\office\appdata\local\Yahoo 2010-10-26 16:20:22 -------- d-----w- c:\users\office\appdata\roaming\Auslogics 2010-10-24 18:28:34 -------- d-----w- c:\program files\MSECache 2010-10-24 00:46:20 -------- d-----w- c:\progra~2\Alwil Software 2010-10-22 22:56:45 -------- d-----w- c:\users\office\appdata\local\CrashDumps 2010-10-22 22:49:38 -------- d-----w- c:\program files\common files\Filseclab 2010-10-22 00:28:29 -------- d-----w- c:\users\office\appdata\local\Microsoft Help 2010-10-20 15:50:51 -------- d-----w- c:\progra~2\HF_PCA_1.01.01.0003 2010-10-13 12:39:26 168960 ----a-w- c:\program files\windows media player\wmplayer.exe 2010-10-13 12:39:25 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-13 12:39:05 304128 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-13 12:39:05 145408 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-13 12:39:05 125952 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-13 12:39:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-13 12:39:04 17920 ----a-w- c:\windows\system32\netevent.dll 2010-10-13 12:38:51 274944 ----a-w- c:\windows\system32\schannel.dll 2010-10-13 12:38:49 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe 2010-10-13 12:38:49 1316864 ----a-w- c:\windows\system32\ole32.dll 2010-10-13 12:38:46 157184 ----a-w- c:\windows\system32\t2embed.dll 2010-10-13 12:38:43 954752 ----a-w- c:\windows\system32\mfc40.dll 2010-10-13 12:38:43 954288 ----a-w- c:\windows\system32\mfc40u.dll 2010-10-13 12:38:41 2038272 ----a-w- c:\windows\system32\win32k.sys 2010-10-13 12:38:38 231424 ----a-w- c:\windows\system32\msshsq.dll 2010-10-13 12:38:37 867328 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-13 12:38:33 531968 ----a-w- c:\windows\system32\comctl32.dll 2010-10-08 21:00:23 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files 2010-10-06 01:22:39 -------- d-----w- c:\users\office\appdata\roaming\.purple 2010-10-06 01:22:07 -------- d-----w- c:\program files\Pidgin 2010-10-02 20:28:51 -------- d-----w- c:\windows\system32\drivers\nav\1201000.025 2010-10-02 20:28:51 -------- d-----w- c:\windows\system32\drivers\NAV 2010-10-01 23:40:01 -------- d-----w- c:\progra~2\TuneUp Software 2010-10-01 23:39:54 -------- d-sh--w- c:\progra~2\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-09-30 21:53:16 -------- d-----w- c:\users\office\appdata\local\Thunderbird 2010-09-30 19:27:59 -------- d-----w- c:\progra~2\Norton 2010-09-30 19:27:47 -------- d-----w- c:\progra~2\NortonInstaller 2010-09-30 16:36:04 -------- d-----w- c:\windows\system32\RTCOM 2010-09-30 01:16:03 -------- d-----w- c:\progra~2\Spybot - Search & Destroy 2010-09-28 20:31:05 -------- d-----w- c:\progra~2\Returnil 2010-09-28 18:49:05 2048 ----a-w- c:\windows\system32\tzres.dll 2010-09-28 17:28:18 -------- d--h--w- c:\progra~2\Common Files |
#10
|
|||
|
|||
Virus? Pc Is Running a bit slow I think DDS Part 2
==================== Find3M ====================
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-30 16:35:57 319456 ----a-w- c:\windows\DIFxAPI.dll 2010-09-30 16:35:55 315392 ----a-w- c:\windows\HideWin.exe 2010-09-15 18:29:06 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll 2010-09-15 18:28:42 249872 ----a-w- c:\windows\system32\prgiso.dll 2010-09-15 14:57:38 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-09-15 14:57:36 82432 ----a-w- c:\windows\system32\axaltocm.dll 2010-09-15 13:13:39 377344 ----a-w- c:\windows\system32\winhttp.dll 2010-09-15 08:00:37 98304 ----a-w- c:\windows\system32\cabview.dll 2010-09-15 05:20:08 98816 ----a-w- c:\windows\system32\mfps.dll 2010-09-15 05:20:08 53248 ----a-w- c:\windows\system32\rrinstaller.exe 2010-09-15 05:20:08 2868224 ----a-w- c:\windows\system32\mf.dll 2010-09-15 05:20:08 24576 ----a-w- c:\windows\system32\mfpmp.exe 2010-09-15 05:20:08 2048 ----a-w- c:\windows\system32\mferror.dll 2010-09-15 05:16:43 37888 ----a-w- c:\windows\system32\printcom.dll 2010-09-15 05:16:33 14848 ----a-w- c:\windows\system32\wshrm.dll 2010-09-15 05:16:17 43520 ----a-w- c:\windows\system32\msdxm.tlb 2010-09-15 05:16:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2010-09-15 05:16:17 18432 ----a-w- c:\windows\system32\amcompat.tlb 2010-09-15 05:15:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-09-15 05:15:45 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-09-15 05:15:45 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-09-15 05:15:44 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-09-15 05:15:44 471552 ----a-w- c:\windows\system32\secproc.dll 2010-09-15 05:15:44 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-09-15 05:15:44 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-09-15 05:15:43 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-09-15 05:15:43 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-09-15 04:26:34 23552 ----a-w- c:\windows\system32\lpk.dll 2010-09-15 04:26:33 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-09-15 04:26:33 10240 ----a-w- c:\windows\system32\dciman32.dll 2010-09-15 04:22:21 61440 ----a-w- c:\windows\system32\winipsec.dll 2010-09-15 04:22:20 272896 ----a-w- c:\windows\system32\polstore.dll 2010-09-15 04:17:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2010-09-15 04:17:02 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2010-09-15 04:17:02 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2010-09-15 04:17:02 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2010-09-15 04:17:02 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2010-09-15 04:17:02 105984 ----a-w- c:\windows\system32\netiohlp.dll 2010-09-15 04:17:02 10240 ----a-w- c:\windows\system32\finger.exe 2010-09-15 04:17:01 19968 ----a-w- c:\windows\system32\ARP.EXE 2010-09-15 03:43:51 68096 ----a-w- c:\windows\system32\wlanhlp.dll 2010-09-15 03:43:51 65024 ----a-w- c:\windows\system32\wlanapi.dll 2010-09-15 03:43:51 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2010-09-15 03:43:51 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2010-09-15 03:43:50 513536 ----a-w- c:\windows\system32\wlansvc.dll 2010-09-15 03:43:50 302592 ----a-w- c:\windows\system32\wlansec.dll 2010-09-15 03:43:48 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs 2010-09-15 03:42:51 1401856 ----a-w- c:\windows\system32\msxml6.dll 2010-09-15 03:42:50 2048 ----a-w- c:\windows\system32\msxml3r.dll 2010-09-15 03:42:49 2048 ----a-w- c:\windows\system32\msxml6r.dll 2010-09-15 03:41:55 218624 ----a-w- c:\windows\system32\msv1_0.dll 2010-09-15 03:35:10 71680 ----a-w- c:\windows\system32\atl.dll 2010-09-15 03:29:28 160256 ----a-w- c:\windows\system32\wkssvc.dll 2010-09-15 03:28:37 53248 ----a-w- c:\windows\system32\tsgqec.dll 2010-09-15 03:28:37 2066432 ----a-w- c:\windows\system32\mstscax.dll 2010-09-15 03:28:37 136192 ----a-w- c:\windows\system32\aaclient.dll 2010-09-15 03:25:23 714240 ----a-w- c:\windows\system32\timedate.cpl 2010-09-15 03:20:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2010-09-15 03:17:02 623616 ----a-w- c:\windows\system32\localspl.dll 2010-09-15 03:12:05 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-09-15 03:11:15 9728 ----a-w- c:\windows\system32\lsass.exe 2010-09-15 03:11:15 72704 ----a-w- c:\windows\system32\secur32.dll 2010-09-15 03:11:15 499712 ----a-w- c:\windows\system32\kerberos.dll 2010-09-15 03:11:15 175104 ----a-w- c:\windows\system32\wdigest.dll 2010-09-15 03:11:15 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2010-09-15 03:08:59 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll 2010-09-15 03:06:11 6656 ----a-w- c:\windows\system32\kbd106n.dll 2010-09-15 03:04:07 62464 ----a-w- c:\windows\system32\l3codeca.acm 2010-09-15 03:04:07 220672 ----a-w- c:\windows\system32\l3codecp.acm 2010-09-15 03:02:58 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-09-15 02:32:26 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2010-09-15 02:31:23 84480 ----a-w- c:\windows\system32\INETRES.dll 2010-09-15 02:31:07 60928 ----a-w- c:\windows\system32\msasn1.dll 2010-09-15 02:30:26 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2010-09-15 02:29:52 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-09-15 02:29:52 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-09-15 02:28:26 243712 ----a-w- c:\windows\system32\rastls.dll 2010-09-15 02:28:14 355328 ----a-w- c:\windows\system32\WSDApi.dll 2010-09-15 02:26:58 65024 ----a-w- c:\windows\system32\avicap32.dll 2010-09-15 02:26:57 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-09-15 02:26:57 82944 ----a-w- c:\windows\system32\mciavi32.dll 2010-09-15 02:26:57 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-09-15 02:26:57 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-09-15 02:26:57 123904 ----a-w- c:\windows\system32\msvfw32.dll 2010-09-15 02:26:56 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-09-15 02:26:56 22528 ----a-w- c:\windows\system32\msyuv.dll 2010-09-15 02:26:56 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-09-15 02:26:56 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2010-09-15 02:26:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2010-09-15 02:25:52 310784 ----a-w- c:\windows\system32\unregmp2.exe 2010-09-15 02:25:51 7680 ----a-w- c:\windows\system32\spwmp.dll 2010-09-15 02:25:50 4096 ----a-w- c:\windows\system32\msdxm.ocx 2010-09-15 02:25:50 4096 ----a-w- c:\windows\system32\dxmasf.dll 2010-09-15 01:22:07 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-09-15 01:21:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-09-15 01:21:29 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-09-15 01:21:29 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-09-01 05:46:36 1355264 ----a-w- c:\windows\system32\jscript9.dll 2010-09-01 05:44:32 367104 ----a-w- c:\windows\system32\html.iec ============= FINISH: 10:05:13.93 =============== |
#11
|
|||
|
|||
Virus? Pc Is Running a bit slow I think Attach LOG:
DDS (Ver_10-10-21.02)
Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 9/14/2010 7:49:15 PM System Uptime: 10/28/2010 9:53:05 AM (1 hours ago) Motherboard: LENOVO | | LENOVO Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU 1 | 1995/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 466 GiB total, 449.176 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin avast! Free Antivirus CCleaner DJ_AIO_06_F2400_SW_Min Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HSF2014 56K Data Fax Modem Intel(R) Graphics Media Accelerator Driver Intel(R) PRO Network Connections Drivers Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.6.12) Mozilla Thunderbird (3.1.4) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OGA Notifier 2.0.0048.0 Pidgin Realtek High Definition Audio Driver Revo Uninstaller 1.90 Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Toolbox Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Yahoo! Messenger ==== Event Viewer Messages From Past Week ======== 10/28/2010 9:55:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi spldr Wanarpv6 10/28/2010 9:55:06 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/28/2010 9:53:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/28/2010 9:53:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/28/2010 9:53:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 10/28/2010 9:53:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/28/2010 9:53:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/28/2010 9:53:22 AM, Error: volmgr [46] - Crash dump initialization failed! 10/27/2010 7:56:40 AM, Error: Service Control Manager [7030] - The Panda Cloud Antivirus Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/26/2010 6:21:11 PM, Error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s). 10/26/2010 4:37:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi SASDIFSV SASKUTIL spldr sp_rsdrv2 Wanarpv6 10/26/2010 1:54:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} ==== End Of File =========================== |
#12
|
||||
|
||||
Download Ccleaner: Here
Click on -> “Download Latest Version” Once installed, run CCleaner click the Windows tab Select the following: Internet Explorer: Temp Internet History Recently Typed URLs Delete Index.dat files System: Empty Recycle Bin Temporary Files Memory Dumps Chkdsk File Fragments Then click Run Cleaner (bottom right) then Exit Please download Malwarebytes' Anti-Malware: Here to your desktop. Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location. NB. If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Click: Here to download HJTinstall.exe Save HJTinstall.exe to your desktop. Double click on the HJTinstall.exe icon on your desktop. By default it will install to C:\Program Files\Trend Micro\Hijack This. Click I accept Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. Click Save to save the log file and then the log will open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ? |
#13
|
|||
|
|||
I can't seem to run mbam (even though it downloads ok). The errors are still present. I cannot actually run a scan with it because the above errors prevent the running of MBAM, even in safe mode.
Once the program has loaded, select Perform full scan, then click Scan, I cannot seem to do based on MBAM_ERROR_EXPANDING VARIBLES (0,9) and other errors. Will post the HJT log in my next report. |
#14
|
|||
|
|||
Virus? Pc Is Running a bit slow I think
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:43 AM, on 10/29/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.7930.16406) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.e xe" -quiet O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- End of file - 3320 bytes |
#15
|
|||
|
|||
Virus? Pc Is Running a bit slow I think
I am out of town until Tuesday, I'll pick this back up when I return, and sorry for the inconvenience.
|
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Virus? Browser Running too slow! | melodysue | Malware Removal | 1 | February 20th, 2016 12:42 PM |
laptop running very slow - virus? HJT log | lbowman | Malware Removal | 18 | June 20th, 2009 05:19 AM |
After virus clean XP running Slow Please Help | btti123 | Windows XP | 2 | December 31st, 2007 04:44 PM |
Not sure if its a virus - PC running very slow | karlosio | Malware Removal | 1 | September 17th, 2006 03:52 AM |
Virus?? I'm running really slow; can someone check my HJT log | terrier | Malware Removal | 1 | September 28th, 2004 08:06 AM |
All times are GMT +1. The time now is 10:20 PM.