User Tag List

Emachine Freezing Up

This is a discussion on Emachine Freezing Up within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have an Emachines prebuilt computer, version 2002, Service pack 3, Intel Celeron CPU 420 @ 1.60 Ghz, 504 MB,


 
 
Thread Tools Search this Thread
Old 05-09-2016, 11:14 AM   #1
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



I have an Emachines prebuilt computer, version 2002, Service pack 3, Intel Celeron CPU 420 @ 1.60 Ghz, 504 MB, running Windows XP. I usually use Firefox, but it has gotten so bad I usually run in Firefox safe mode just to be able to do anything. I use CCleaner a lot, Spybot, Herd Protect, defrag. Nothing helps much. I try Chrome, no good, Opera works a little, Pale Moon works a little. I don't know if I have an infection of some kind, or if my computer is just worn out. Any help will be appreciated.
Ron032 is offline  
Sponsored Links
Advertisement
 
Old 05-10-2016, 02:01 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Ron032,

We need to see some information about what is happening in your machine. Therefore, We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
__________________
tekir06 is offline  
Old 05-10-2016, 12:35 PM   #3
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



I am unable to access that page. I get the message that I am not allowed.
Ron032 is offline  
Sponsored Links
Advertisement
 
Old 05-10-2016, 12:39 PM   #4
Team Manager
Microsoft Support
 
Corday's Avatar
 
Join Date: Mar 2010
Location: Midlands of South Carolina
Posts: 26,072
OS: Windows10. In the past CP/M, DOS, Windows 95, 2000, 98SE, ME, Vista & Windows 7

My System


Hang loose. Should be running soon.
__________________

The stability of an OS is in direct proportion to the stability of the user.
Corday is offline  
Old 05-10-2016, 02:16 PM   #5
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.91.2
Run by Owner at 15:08:04 on 2016-05-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.114 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.arccosine.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_91\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_91\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_19_0_0_185_pepper.exe -update pepperplugin
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: MaxGPOScriptWait = dword:600
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Clip bookmark - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.8.0_91\bin\jp2iexp.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1380481865109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxps://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1416171240234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{83BBC2B2-F19B-4C16-95CE-BBB570AA8C52} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\keycry~1\KEYCRY~3.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 spywareinfo.com¬*-¬*This website is for sale!¬*-¬*spywareinfo Resources and Information.
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\hq7zpcoj.default-1456078756515\
FF - plugin: c:\documents and settings\owner\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\epic privacy browser\installer\1.3.27.13\npEpicUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_21_0_0_213.dll
.
============= SERVICES / DRIVERS ===============
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-3-24 23840]
R3 keycrypt;keycrypt;c:\windows\system32\drivers\KeyCrypt32.sys [2015-7-8 127936]
S1 SASDIFSV;SASDIFSV; [x]
S1 SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2016-3-23 327808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-11-1 1693456]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-9-28 1738168]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-9-28 2088408]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-9-28 171928]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-05-09 19:14:11 29760 -c--a-w- c:\windows\system32\dllcache\OLD688.tmp
2016-05-09 19:14:11 13894 -c--a-w- c:\windows\system32\dllcache\OLD68E.tmp
2016-05-09 19:14:11 113222 -c--a-w- c:\windows\system32\dllcache\OLD68B.tmp
2016-05-09 19:14:10 4677 -c--a-w- c:\windows\system32\dllcache\OLD685.tmp
2016-05-09 19:14:10 41029 -c--a-w- c:\windows\system32\dllcache\OLD682.tmp
2016-05-09 19:14:10 36937 -c--a-w- c:\windows\system32\dllcache\OLD67F.tmp
2016-05-09 19:14:09 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2016-05-09 19:14:05 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2016-05-09 19:14:04 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2016-05-09 19:14:00 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2016-05-09 19:12:59 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2016-05-09 19:11:58 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2016-05-09 19:10:56 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2016-05-09 19:09:57 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2016-05-09 19:08:57 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2016-05-09 19:07:59 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2016-05-09 1959 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2016-05-09 19:05:56 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2016-05-09 19:04:59 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2016-05-09 19:03:56 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2016-05-09 19:02:59 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2016-05-09 19:01:56 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2016-05-09 19:00:58 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2016-05-09 18:59:58 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2016-05-09 18:58:59 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2016-05-09 18:57:56 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2016-05-09 18:56:59 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2016-05-09 18:55:59 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2016-05-09 18:54:58 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2016-05-09 18:53:59 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2016-05-09 18:52:59 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
2016-05-09 18:51:58 229462 -c--a-w- c:\windows\system32\dllcache\digifwrk.dll
2016-05-09 18:50:59 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2016-05-09 18:49:59 19456 -c--a-w- c:\windows\system32\dllcache\brbidiif.dll
2016-05-09 18:48:54 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2016-05-09 18:48:51 2149888 -c--a-w- c:\windows\system32\dllcache\OLD18.tmp
2016-05-01 17:39:09 -------- d-----w- c:\documents and settings\owner\local settings\application data\Epic Privacy Browser
2016-05-01 17:39:09 -------- d-----w- c:\documents and settings\all users\application data\Epic Privacy Browser
2016-04-26 17:22:39 -------- d-----w- c:\program files\Generic Trader
2016-04-13 18:15:43 -------- d-----w- c:\program files\Pale Moon
2016-04-12 18:04:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
2016-04-12 18:04:33 -------- d-----w- c:\windows\system32\wbem\Repository
2016-04-12 18:03:45 -------- d-----w- c:\program files\Security Task Manager
.
==================== Find3M ====================
.
2016-04-25 1804 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-04-25 18:05:53 153088 ----a-w- c:\windows\system32\javacpl.cpl
2016-04-13 16:08:11 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-04-13 16:08:11 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-03-24 16:53:47 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2016-03-24 16:49:45 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
.
============= FINISH: 15:09:10.00 ===============
Ron032 is offline  
Old 05-10-2016, 02:17 PM   #6
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



I was unable to save the attach.txt, so it is here:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume6
Install Date: 12/30/2012 6:10:27 PM
System Uptime: 5/9/2016 12:39:37 PM (27 hours ago)
.
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Intel Celeron processor | Socket 775 | 1599/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 44 GiB total, 10.009 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 9.219 GiB free.
E: is FIXED (NTFS) - 4 GiB total, 1.411 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&1AF1648C&0&18F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&1AF1648C&0&18F0
Service:
.
==== System Restore Points ===================
.
RP1: 3/30/2016 5:14:30 PM - System Checkpoint
RP2: 3/31/2016 5:18:36 PM - System Checkpoint
RP3: 4/2/2016 10:09:12 AM - System Checkpoint
RP4: 4/3/2016 8:23:51 PM - System Checkpoint
RP5: 4/4/2016 8:57:17 PM - System Checkpoint
RP6: 4/5/2016 9:05:22 PM - System Checkpoint
RP7: 4/7/2016 7:24:24 AM - System Checkpoint
RP8: 4/8/2016 11:30:46 AM - System Checkpoint
RP9: 4/9/2016 12:14:36 PM - System Checkpoint
RP10: 4/10/2016 1:16:13 PM - System Checkpoint
RP11: 4/11/2016 1:39:49 PM - Restore Operation
RP12: 4/12/2016 11:40:43 AM - Restore Operation
RP13: 4/12/2016 11:54:36 AM - Restore Operation
RP14: 4/12/2016 12:02:17 PM - Restore Operation
RP15: 4/12/2016 12:07:22 PM - Software Distribution Service 3.0
RP16: 4/12/2016 12:12:36 PM - Software Distribution Service 3.0
RP17: 4/12/2016 1:10:23 PM - Revo Uninstaller Pro's restore point - PC Mechanic
RP18: 4/13/2016 1:17:48 PM - System Checkpoint
RP19: 4/14/2016 1:19:10 PM - System Checkpoint
RP20: 4/15/2016 3:03:11 PM - System Checkpoint
RP21: 4/16/2016 3:50:52 PM - System Checkpoint
RP22: 4/17/2016 4:30:17 PM - System Checkpoint
RP23: 4/18/2016 5:04:39 PM - System Checkpoint
RP24: 4/19/2016 5:21:55 PM - System Checkpoint
RP25: 4/21/2016 11:49:35 AM - System Checkpoint
RP26: 4/22/2016 1228 PM - System Checkpoint
RP27: 4/23/2016 12:52:26 PM - System Checkpoint
RP28: 4/24/2016 2:55:01 PM - System Checkpoint
RP29: 4/25/2016 3:13:06 PM - System Checkpoint
RP30: 4/26/2016 3:30:14 PM - System Checkpoint
RP31: 4/28/2016 11:38:51 AM - System Checkpoint
RP32: 4/29/2016 12:07:00 PM - System Checkpoint
RP33: 4/30/2016 1:38:33 PM - System Checkpoint
RP34: 5/1/2016 1:56:27 PM - System Checkpoint
RP35: 5/2/2016 2:35:50 PM - System Checkpoint
RP36: 5/3/2016 11:50:22 AM - Removed Evernote v. 5.8.13
RP37: 5/3/2016 11:50:53 AM - Installed Evernote v. 6.0.6
RP38: 5/4/2016 11:56:53 AM - System Checkpoint
RP39: 5/5/2016 12:04:58 PM - System Checkpoint
RP40: 5/6/2016 12:50:24 PM - System Checkpoint
RP41: 5/7/2016 1:34:36 PM - System Checkpoint
RP42: 5/8/2016 1:43:45 PM - System Checkpoint
RP43: 5/9/2016 2:12:47 PM - System Checkpoint
RP44: 5/10/2016 2:35:30 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 21 NPAPI
Adobe Reader XI (11.0.08)
AntiLogger Free version 1.8.2.320
Apple Software Update
Auslogics DiskDefrag
Brother MFL-Pro Suite MFC-495CW
CCleaner
Citrix Online Launcher
Compatibility Pack for the 2007 Office system
Driver Booster 3.3
DVD Suite
Evernote v. 6.0.6
Free Picture Resize Starter 4.5
Generic Trader
Google Chrome
Google Earth Pro
Google Update Helper
GoToMeeting 7.16.0.4800
herdProtect Anti-Malware Scanner
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Image Resizer Powertoy for Windows XP
Intel(R) Graphics Media Accelerator Driver
Java 8 Update 91
Java Auto Updater
Java(TM) 6 Update 45
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox 46.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Multimedia Keyboard Driver Ver1.0 (KB-0108)
Open Freely
OpenOffice 4.1.1
Opera Stable 36.0.2130.65
Paint XP version 1.1
Pale Moon 26.2.1 (x86 en-US)
PaperPort Image Printer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Task Manager 1.8g
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Should I Remove It
Skypeô 7.22
Solitaire XP version 1.0
Spybot - Search & Destroy
SumatraPDF 2.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
5/9/2016 12:48:35 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
5/9/2016 1:14:11 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
5/8/2016 10:14:22 AM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 1 time(s).
5/8/2016 10:14:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
5/8/2016 10:14:09 AM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/8/2016 10:14:02 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/8/2016 10:13:55 AM, error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
5/8/2016 10:13:55 AM, error: Service Control Manager [7034] - The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s).
5/5/2016 8:20:05 AM, error: Print [23] - Printer Export To Web failed to initialize because a suitable Web Export driver could not be found.
5/5/2016 8:19:41 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
5/4/2016 9:03:06 AM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
5/4/2016 8:53:36 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
5/4/2016 8:53:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
.
==== End Of File ===========================
Ron032 is offline  
Old 05-10-2016, 02:29 PM   #7
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



The problem with my computer: It very frequently freezes up using Firefox, Chrome, Opera, Pale Moon. I have lately been running in Safe Mode Firefox, and it is much better, but still freezes up some. Sometimes I wait a minute and it will continue to run, sometimes I close the browser and then start over. I notice in task manager that after I close the browser, it takes maybe a minute before it stops and disappears from task manager. I very often use CCleaner, defrag, Spybot, herd cleaner anti-virus. I have run Check Disk, nothing seems to help. I start each day by shutting off a few things using task manager, that helps some. I look at task manager often, and I see Firefox using as much as 99% of CPU quite often. If I enable Flash, then "plug-in container.exe" comes on and paralyzes the computer.
Ron032 is offline  
Old 05-11-2016, 12:42 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Thanks for the info. Now, let's get started, shall we? Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 05-11-2016, 07:10 AM   #9
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



Contents of AdwCleaner scan:

# AdwCleaner v5.116 - Logfile created 11/05/2016 at 0803
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : Owner - YOUR-1448A2727D
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\eazyzoom
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Uniblue
[-] Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[-] Folder Deleted : C:\Program Files\Uniblue
[-] Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
[-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{103089DA-0F31-4A8B-843F-7D24A7FE8345}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3097623530-1643735588-2267371944-1003\Software\SweetIM

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2638 bytes] - [11/05/2016 0803]
C:\AdwCleaner\AdwCleaner[S1].txt - [2751 bytes] - [11/05/2016 08:04:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2784 bytes] ##########
Ron032 is offline  
Old 05-11-2016, 07:28 AM   #10
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



I have a HOSTS file produced while scanning with Farbar. How do I attach it, I don't know where it is.
Ron032 is offline  
Old 05-11-2016, 08:29 AM   #11
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



Attached is FRST and Addition.
Attached Files
File Type: txt FRST_11-05-2016_09-21-59.txt (114.5 KB, 37 views)
File Type: txt Addition_11-05-2016_09-21-59.txt (31.9 KB, 31 views)
Ron032 is offline  
Old 05-12-2016, 12:35 AM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Ron032,

Thanks for the logs. Please do the following steps.

STEP 1

We need to uninstall some program.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of program to uninstall:

Open Freely >>>>> READ

=========================================================

STEP 2


Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{6959B6E8-B5E0-4E64-B1B4-C82969BAF394}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\psuser.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\4431\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\psuser.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\EpicUpdate.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B [284]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
Toolbar: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin HKU\S-1-5-21-3097623530-1643735588-2267371944-1003: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-05-01] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-3097623530-1643735588-2267371944-1003: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-05-01] (Epic Privacy Browser)
FF Extension: Ebates Cash Back - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hq7zpcoj.default-1456078756515\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-04-26]
S1 SASDIFSV; no ImagePath
S1 SASKUTIL; no ImagePath
U1 WS2IFSL; no ImagePath
2013-01-01 15:12 - 2013-01-01 15:41 - 0009216 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.


NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 05-12-2016, 10:14 AM   #13
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



Fix result of Farbar Recovery Scan Tool (x86) Version:09-05-2016
Ran by Owner (2016-05-12 11:03:43) Run:1
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{6959B6E8-B5E0-4E64-B1B4-C82969BAF394}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\psuser.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\4431\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\psuser.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\EpicUpdate.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\EpicUpdateOnDemand.exe (Epic Privacy Browser)
CustomCLSID: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B [284]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
Toolbar: HKU\S-1-5-21-3097623530-1643735588-2267371944-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin HKU\S-1-5-21-3097623530-1643735588-2267371944-1003: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-05-01] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-3097623530-1643735588-2267371944-1003: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-05-01] (Epic Privacy Browser)
FF Extension: Ebates Cash Back - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hq7zpcoj.default-1456078756515\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-04-26]
S1 SASDIFSV; no ImagePath
S1 SASKUTIL; no ImagePath
U1 WS2IFSL; no ImagePath
2013-01-01 15:12 - 2013-01-01 15:41 - 0009216 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}" => key removed successfully.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{6959B6E8-B5E0-4E64-B1B4-C82969BAF394}" => key removed successfully.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => key removed successfully.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}" => key removed successfully.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}" => key removed successfully.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}" => key removed successfully.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}" => key removed successfully.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}" => key removed successfully.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}" => key removed successfully.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003_Classes\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}" => key removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":07BF512B" ADS removed successfully..
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found.
HKU\S-1-5-21-3097623530-1643735588-2267371944-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Installer;version=3" => key removed successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll => moved successfully
"HKU\S-1-5-21-3097623530-1643735588-2267371944-1003\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Installer;version=9" => key removed successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll => not found.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hq7zpcoj.default-1456078756515\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi => moved successfully
SASDIFSV => service removed successfully.
SASKUTIL => service removed successfully.
WS2IFSL => service removed successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

========= bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => 3.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:07:49 ====
Ron032 is offline  
Old 05-12-2016, 11:21 PM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Ron032,

Thanks for the log. Please do the below steps. Then tell me, How is the machine behaving now? What problems do you still have?

STEP 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

STEP 2

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.

========================================================

Things I need to see in your next post:
  • MalwareBytes Log
  • Eset Log
  • information about the computer.
__________________
tekir06 is offline  
Old 05-13-2016, 11:54 AM   #15
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



Here is the malwarebytes and eset log. I regret to say the computer is not working much better.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/13/2016
Scan Time: 10:49:16 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.13.04
Rootkit Database: v2016.05.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349242
Time Elapsed: 19 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110011441193}, , [89dfb3225b3e4de91eac6e07b54e09f7],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{9e9a4942}, , [7aeeb124e2b72313a8b993f016ed13ed],
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update sizlsearch, , [432564714f4ab086cd924c5bda28e11f],
PUP.Optional.CouponAmazing, HKU\S-1-5-21-3097623530-1643735588-2267371944-1003\SOFTWARE\APPDATALOW\SOFTWARE\couponamazing, , [c6a2f2e39405e551d1ea8ce763a0a55b],
PUP.Optional.GetSavin, HKU\S-1-5-21-3097623530-1643735588-2267371944-1003\SOFTWARE\APPDATALOW\SOFTWARE\GetSavin, , [5513369f1e7bc3734054067448bb4cb4],

Registry Values: 1
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110011441193}|AppName, Coupon Companion-bg.exe, , [89dfb3225b3e4de91eac6e07b54e09f7]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.MultiPlug, C:\Documents and Settings\Owner\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl\110, , [6701b52069308bab9d6b7d3021e1dd23],
PUP.Optional.MultiPlug, C:\Documents and Settings\Owner\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl, , [6701b52069308bab9d6b7d3021e1dd23],

Files: 16
PUP.Optional.InstallIQ, C:\Documents and Settings\Owner\My Documents\Downloads\nuancepdf_d165400.exe, , [5117e9ec1b7e6dc926885bc9f30e6c94],
PUP.Optional.SofTonic, C:\Documents and Settings\Owner\My Documents\Downloads\SoftonicDownloader_for_skype-web-toolbar.exe, , [7fe9f8dd4b4ee15559c9f52d10f1ff01],
Adware.OpenSUpdater, C:\Documents and Settings\Owner\My Documents\Downloads\SoftwareUpdater.exe, , [45234590128764d26b87bbd7f20fa759],
PUP.Optional.Soft32, C:\Documents and Settings\Owner\My Documents\Downloads\solitaire xp setup.exe, , [90d801d4aced092d596e3b8ce41c3ac6],
PUP.Optional.BundleInstaller, C:\Documents and Settings\Owner\My Documents\Downloads\Setup(1).exe, , [422606cfe1b8a88e9d36f96683819967],
PUP.Optional.BundleInstaller, C:\Documents and Settings\Owner\My Documents\Downloads\Setup(2).exe, , [0464a82dc9d037ffca09d48bbf45827e],
PUP.Optional.BundleInstaller, C:\Documents and Settings\Owner\My Documents\Downloads\Setup(3).exe, , [0f597b5a722740f6e1f2095639cb41bf],
PUP.Optional.BundleInstaller, C:\Documents and Settings\Owner\My Documents\Downloads\Setup(4).exe, , [90d88451019889adc01375ea8480619f],
PUP.Optional.OpenCandy, C:\Documents and Settings\Owner\My Documents\Downloads\SetupImgBurn_2.5.8.0.exe, , [5711ca0b2b6e94a2d7b67dd8689c42be],
PUP.Optional.WinZipDriverUpdater, C:\Documents and Settings\Owner\My Documents\Downloads\WinZipDriverUpdater.exe, , [f96fd8fd178268ceefe25573837e1ce4],
PUP.Optional.Amonetize, C:\Documents and Settings\Owner\My Documents\Downloads\yamaha virago manual book_10924_i51573916_il345.exe, , [2e3a6e6715843cfa628e08e3718f768a],
PUP.Optional.MultiPlug, C:\Documents and Settings\Owner\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl\110\lsdb.js, , [6701b52069308bab9d6b7d3021e1dd23],
PUP.Optional.MultiPlug, C:\Documents and Settings\Owner\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl\110\background.html, , [6701b52069308bab9d6b7d3021e1dd23],
PUP.Optional.MultiPlug, C:\Documents and Settings\Owner\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl\110\content.js, , [6701b52069308bab9d6b7d3021e1dd23],
PUP.Optional.MultiPlug, C:\Documents and Settings\Owner\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl\110\manifest.json, , [6701b52069308bab9d6b7d3021e1dd23],
PUP.Optional.MultiPlug, C:\Documents and Settings\Owner\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl\110\VcBQMlco.js, , [6701b52069308bab9d6b7d3021e1dd23],

Physical Sectors: 0
(No malicious items detected)


(end)


C:\Documents and Settings\Owner\My Documents\pcmechanicpm.exe a variant of Win32/UniBlue.F potentially unwanted application deleted
C:\Documents and Settings\Owner\My Documents\Downloads\Brothersoft_downloader_For_Microsoft_Photo_Editor.exe a variant of Win32/BSDownloader potentially unwanted application cleaned by deleting
C:\Documents and Settings\Owner\My Documents\Downloads\disk-defrag-setup(2).exe Win32/MyPCBackup.A potentially unwanted application deleted
C:\Documents and Settings\Owner\My Documents\Downloads\iobit-malware-fighter-setup(1).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted
C:\Documents and Settings\Owner\My Documents\Downloads\iobit-malware-fighter-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted
C:\Documents and Settings\Owner\My Documents\Downloads\paint.exe Win32/InstallMonetizer.AF potentially unwanted application deleted
C:\Documents and Settings\Owner\My Documents\Downloads\pcmechanic.exe a variant of Win32/UniBlue.F potentially unwanted application deleted
C:\Documents and Settings\Owner\My Documents\Downloads\rcpsetup_2005.exe Win32/Systweak.D potentially unwanted application deleted
C:\Documents and Settings\Owner\My Documents\Downloads\smart-defrag-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted
C:\Documents and Settings\Owner\My Documents\Downloads\speedupmypc.exe Win32/SpeedUpMyPC.A potentially unwanted application deleted
Ron032 is offline  
Old 05-13-2016, 02:13 PM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Quote:
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
You didn't do it. Please re-run Malwarebytes according to my instructions. This time click Remove Selected to allow MBAM to clean what was detected.
__________________
tekir06 is offline  
Old 05-13-2016, 05:56 PM   #17
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



Sorry, I thought I had removed them. They were quarantined. I ran another scan, it came up with no threats, and I removed the quarantined ones.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/13/2016
Scan Time: 5:02:03 PM
Logfile: mbam 2.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.13.06
Rootkit Database: v2016.05.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349339
Time Elapsed: 19 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Ron032 is offline  
Old 05-13-2016, 06:38 PM   #18
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



Tolga, I think the computer is running better now. Aside from getting "security alert" pop-ups on my outlook express, and if I can keep "wuauclt.exe" from running, I think it will be okay. Many thanks for your help.

Ron
Ron032 is offline  
Old 05-14-2016, 01:18 PM   #19
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Ron,
Quote:
I think the computer is running better now.
I am glad to hear that

I could not understand what you wrote about "wuauclt.exe". Can you explain a little more?

Please re-run FRST tool and attach fresh FRST.txt and Addition.txt.
__________________
tekir06 is offline  
Old 05-14-2016, 04:57 PM   #20
Registered Member
 
Join Date: Mar 2007
Posts: 16
OS: Window Office XP



Files attached.
Wuauclt.exe appears sometimes in task manager. When it does, the computer slows down terribly. I think it is associated with Microsoft updates, but if there is no icon showing an update is available, I end the process.
Attached Files
File Type: txt FRST_14-05-2016_17-50-22.txt (112.6 KB, 34 views)
File Type: txt Addition_14-05-2016_17-50-22.txt (27.9 KB, 25 views)
Ron032 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help ! PS3 games freezing :-(
Hi everyone, ive just joined in the hope of getting some help with a problem im having. :sad: I have a PS3 slim 2010 CECH 2503A 160 G I have had it from new since 2011. About 2 weeks ago, I had the 4.75 update ? come through, thought nothing of it. Then shortly after, I was in the process of...
Tifa73 Console Gaming Support 5 09-18-2015 04:02 PM
Touchpad Pointer Freezing Problem - Is there a Solution Out There?
Touch pad Freezing Review (Updated 30/1/2014) Millions of "Solutions" out there?! Hi! I have posted this on several forums in the hope that someone might have a working solution to this problem? I have given a fairly detailed description of things I have tried, but have not found a solution...
John Wilkinson Windows 7 , Windows Vista Support 6 02-28-2014 11:54 AM
Not again.. PS3 freezing.
Whew! Been a while since my PS3 has frozen in a while. I've had a thread similar to this before, but it was solved. So then! By the help of one of the tech-wizards here, I was able to fix my PS3 from freezing ever so often. After doing the said solution, which is going to the recovery menu, and...
Awesomesauce1 Console Gaming Support 10 01-16-2012 12:35 PM
dell ide hard drive in emachine t3604 sata. wont load past boot menu
so basically, found a random desktop outside the dumpster i guess someone was getting rid of, and i was like, eh, looks pretty new, lemme take it in and check it out. only thing missing was the front piece and the hdd,everything else was in tact. so i figured lemme take the hdd out of my crappy...
jimmy1200 Windows XP Support 4 04-07-2011 02:37 PM
Computer freezing, firefox freezing
I don't know what else to say other than my computer has been freezing and firefox has been freezing lately. I called the manufacturer and he said to restore windows to factory settings, so I did that. Things were great for a week or so, but recently my computer has begun freezing again. It happens...
colinmergens Inactive Malware Help Topics 0 02-27-2011 01:02 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:59 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts