Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

slow and turns off at random times

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
misskiwii
Junior Member


Joined: 30 Jul 2011
Last Visit: 13 Mar 2013
Posts: 12

PostPosted: Wed Jan 11, 2012 8:54 am    Post subject: slow and turns off at random times Reply with quote

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Fernandez at 17:36:33 on 2012-01-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.67 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=101706
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Soda PDF Helper: {5cfcaff6-5bb0-4864-b626-021c99ed82e5} - c:\program files\soda pdf\PDFIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111031161330.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: Soda PDF Toolbar: {980eb9ec-6eb5-4258-bddb-efe25c5f99ef} - c:\program files\soda pdf\PDFIEPlugin.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
mRun: [EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O5 "LPT1:" /M "Stylus C88"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000336&p=ZRxdm985YYUS&a=omFFCABM2MwtQiOSXfxaDg&n=2010100614
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{2EE82C1F-A23B-4984-B5F0-C1170D16349E} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9F224094-10F5-4979-BBB2-A3A5775DF6E4} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B2CDDEA5-F420-41E5-9B17-4ACFAB69E28B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CF23D566-419F-41E6-88F8-C5C92B4F6584} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fernandez\application data\mozilla\firefox\profiles\wabegm1s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101703&locale=en_US&apn_uid=6c5e2c0f-12ae-44ae-a024-7e440686d25a&apn_ptnrs=F3&apn_sauid=5DF3D38C-5C58-44E3-81B3-D5DBB34D6FDC&apn_dtid=YYYYYYYYUS&&q=
FF - component: c:\documents and settings\fernandez\application data\mozilla\firefox\profiles\wabegm1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\fernandez\application data\mozilla\firefox\profiles\wabegm1s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - component: c:\program files\relevantknowledge\components\rlxg.dll
FF - plugin: c:\documents and settings\fernandez\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\fernandez\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\funwebproducts\installr\4.bin\NPFUNWEB.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: My Web Search: m3ffxtbr@mywebsearch.com - %profile%\extensions\m3ffxtbr@mywebsearch.com
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: My Web Search: m3ffxtbr@mywebsearch.com - c:\program files\mywebsearch\bar\2.bin
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - c:\program files\autocompletepro\support@predictad.com
FF - Ext: RelevantKnowledge: {3C5F0F00-683D-4847-89C8-E7AF64FD1CFB} - c:\program files\RelevantKnowledge
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-1-16 77312]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-31 84200]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-31 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-31 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-31 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-10-31 88736]
S1 ensqio;ensqio;c:\windows\system32\drivers\ensqio.sys --> c:\windows\system32\drivers\ensqio.sys [?]
S1 sbpcint4;Creative Ensoniq AudioPCI;c:\windows\system32\drivers\sbpcint4.sys --> c:\windows\system32\drivers\sbpcint4.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-31 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-10-31 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-31 84488]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?]
.
=============== Created Last 30 ================
.
2012-01-07 17:48:06 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9493eac4-17f5-446d-836e-d56587e22a9c}\offreg.dll
2012-01-07 17:48:00 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9493eac4-17f5-446d-836e-d56587e22a9c}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-29 18:05:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-29 18:05:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 17:43:20.86 ===============
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Mon Jan 16, 2012 8:09 am    Post subject: Reply with quote

Hi misskiwii,

Firstly, welcome to the Spyware Warrior Forum. Smile
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
    !

  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic "Help with Spyware removal Forum Guidelines (PLEASE READ) where the conditions for receiving help here are explained.

Quote:
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


If you follow these guidelines, things should proceed smoothly. Smile
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Mon Jan 16, 2012 9:34 am    Post subject: Reply with quote

Hi misskiwii

Thank you again for your patience. Smile

Please Note: One of the reasons your PC is struggling is due to lack of RAM.
Your logs indicate that your PC only has a total of 512Mb usable RAM of which 67Mb was free at the time of the logs!
I strongly advise you to upgrade the RAM in your PC to at least 1Gb - better still 2Gb, if possible - as this will almost certainly resolve a number of performance issues you will already be experiencing. You can use the online scanning tool at Crucial by clicking on the Scan My Computer button to find the right RAM for your PC.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
ERUNT - Emergency Recovery Utility NT

First we will try to back up the Registry with ERUNT:

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
ERUNT (Emergency Recovery Utility NT) by Lars Hederer is a free program that allows you to create a complete backup of your registry and restore it when needed.

  1. Please download ERUNT and save it to your Desktop.
  2. Double-click on erunt-setup-exe to run the installation process.
    Note: If the Open File - Security Warning window pops up, click on the Run button.
  3. Install ERUNT by following the prompts using the default installation settings.
  4. Make sure the first two check boxes Create ERUNT desktop icon and Create NTREGOPT desktop icon are checked.
  5. When you reach the section that asks you to add ERUNT to the Start-Up folder click on the No button. This later can be enabled later, if required.
  6. In the final screen make sure the Show documentation option is unchecked. Then click on the Finish button.
  7. Click on the OK button in the Welcome! screen.
  8. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT\DD-MM-YYYY (where DD-MM-YYYY is the date of the backup) which is fine.
  9. under Backup options make sure both of the first two options: System registry and Current user registry are checked.
  10. Click on the Yes button to allow the folder to be created.
    After a short duration the Registry backup is complete! pop-up message will appear.
  11. Now click on OK. A registry backup has now been created.

< STOP > If you are unable to complete this step successfully, < STOP > do not continue with any fix steps, let me know immediately in your next post!

Step 2:
OTL - Scan

  1. Please download OTL by Old Timer. Save it to your Desktop.
  2. Double click on OTL.exe to run the program.
    Vista - W7 users: Right-click on OTL.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. Under Output, ensure that the Minimal Output option is selected.
  4. Click the Scan All Users checkbox.
    Note: Please leave the remaining selections on the default settings.
  5. Click on Run Scan at the top left hand corner.
  6. When done, two Notepad files will automatically open:
    • OTL.txt <-- Will be opened, maximized.
    • Extras.txt <-- Will be minimized on task bar.

  7. Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.

Step 3:
GMER

The downloaded file will have a random filename. This prevents malware from detecting and blocking it.

Please download GMER ... random named.exe by GMER. An alternative (zip file) download is available here.
IMPORTANT: Do not run any programs while GMER is running.
CAUTION: Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

  1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
  2. If it gives you a warning about rootkit activity and asks if you want to run a scan click on NO. <--- Important!
  3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (See image below.)
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All <-- don't miss this one


    Click on image to enlarge

  4. If you don't get a warning, then click on the Rootkit/Malware tab at the top of the GMER window.
  5. Click on the Scan button.
  6. Once the scan has finished, click on Save. The Save window will open.
  7. Save the scan results as ark.txt to your Desktop.
  8. Double-click on the ark.txt file on the Desktop to open it in Notepad.
  9. Copy and Paste the entire contents of ark.txt into your next reply.

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. OTL.txt.
  3. Extras.txt.
  4. ark.txt.
  5. Do you have the original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
misskiwii
Junior Member


Joined: 30 Jul 2011
Last Visit: 13 Mar 2013
Posts: 12

PostPosted: Wed Jan 18, 2012 7:19 am    Post subject: Reply with quote

I plan to purchase and instal more ram asap....should I do this before going forward w/ the rest of your instructions?
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Wed Jan 18, 2012 9:07 am    Post subject: Reply with quote

Hi misskiwii,

Thank you for the update. Smile

It would be advisable to try to resolve your malware issues before installing the new RAM.

It will be fine to continue. It will just mean that the tools will take a little longer to run. Providing you are patient with the scans, there should be no problem.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Fri Jan 20, 2012 10:51 am    Post subject: Reply with quote

Hi misskiwii,

It has been over 48 hours since my last post.
  1. Do you still need help?
  2. Do you need more time?
  3. Are you having problems following my instructions?
  4. In line with Spyware Warrior's forum policy, topics will be closed after 3 days without a response.
  5. If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 21 Dec 2014
Posts: 4767
Location: Land Of The Leprechauns

PostPosted: Sun Jan 22, 2012 2:43 am    Post subject: Reply with quote

Quote:
Due to a lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with spyware removal forum, post a new set of DDS logs, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group