User Tag List

Virus/Spyware

This is a discussion on Virus/Spyware within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello. Thank you for viewing this thread. The problem is that everything runs slow, browser, movie, game, video, anything that


 
 
Thread Tools Search this Thread
Old 02-24-2016, 04:54 AM   #1
Registered Member
 
Join Date: Jan 2011
Posts: 63
OS: Windows XP SP2



Hello.
Thank you for viewing this thread.
The problem is that everything runs slow, browser, movie, game, video, anything that I use on this laptop of mine.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by abc at 17:50:07 on 2016-02-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.965 [GMT 5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\abc\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\abc\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
C:\Users\abc\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [uTorrent] "c:\users\abc\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{386A7934-F4BC-4A98-B8E1-329D2EF7102F} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\48.0.2564.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2016-2-20 1513784]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2016-2-20 1135416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-2-20 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2016-2-20 170200]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-2-20 51928]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-2-18 315488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2015-2-17 1343400]
.
=============== Created Last 30 ================
.
2016-02-20 14:22:24 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-20 14:21:55 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-20 14:21:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-20 14:21:55 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-02-19 20:37:09 -------- d-----w- c:\users\abc\appdata\roaming\Malwarebytes
2016-02-19 20:35:08 -------- d-----w- c:\programdata\Malwarebytes
2016-02-19 20:35:07 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-19 20:34:53 -------- d-----w- c:\users\abc\appdata\local\Programs
.
==================== Find3M ====================
.
2015-02-18 17:52:25 6000640 ----a-w- c:\program files\GUT9AD9.tmp
.
============= FINISH: 17:50:37.97 ===============
Attached Files
File Type: txt attach.txt (3.9 KB, 34 views)
Shahzal is offline  
Sponsored Links
Advertisement
 
Old 02-25-2016, 01:37 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Shahzal,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 02-25-2016, 05:50 AM   #3
Registered Member
 
Join Date: Jan 2011
Posts: 63
OS: Windows XP SP2



Quote:
Originally Posted by tekir06 View Post
Hello Shahzal,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.

# AdwCleaner v5.036 - Logfile created 25/02/2016 at 18:42:29
# Updated 22/02/2016 by Xplode
# Database : 2016-02-24.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : abc - ABC-PC
# Running from : C:\Users\abc\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\abc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [961 bytes] - [25/02/2016 18:42:29]
C:\AdwCleaner\AdwCleaner[S1].txt - [1007 bytes] - [25/02/2016 18:38:49]
C:\AdwCleaner\AdwCleaner[S2].txt - [1081 bytes] - [25/02/2016 18:40:57]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1179 bytes] ##########
Attached Files
File Type: txt FRST.txt (11.1 KB, 33 views)
File Type: txt Addition.txt (17.5 KB, 13 views)
Shahzal is offline  
Sponsored Links
Advertisement
 
Old 02-26-2016, 12:17 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Thanks for the logs. Your report looks clean. I didn't see any suspicious activity. Let's continue to check anyway.

I see you have P2P software ( BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features

=========================================================

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

=========================================================

Please download ComboFix and Save it to your Desktop.

Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Please make sure you disable your security applications before running ComboFix. Get help here
Double-click ComboFix.exe and follow the prompts to run it.
If a message window opens to install the Microsoft Windows Recovery Console, click the yes button.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.
Please re-enable your antivirus before posting the ComboFix.txt log.
NOTE: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe
Next, go File > New Task(Run...) and type explorer then press 'Enter'. or just reboot the computer.
__________________
tekir06 is offline  
Old 02-28-2016, 11:49 PM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Shahzal,

Still with us ? If you don't reply within 24 hours, this thread shall be closed.
__________________
tekir06 is offline  
Old 03-02-2016, 06:42 AM   #6
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Suspected Virus/Spyware in Win7 Home Premium
Windows 7 Home Edition Here is the dds.txt content: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2 Run by Scott at 19:07:57 on 2015-01-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.3989 . AV: Microsoft...
sediaz Inactive Malware Help Topics 15 01-23-2015 11:39 AM
virus/spyware messing with time/date
Hello, Has anyone experienced problems with time/date on their macbookpro2011? Just recently when I connect to my laptop I am receiving an error message saying my computer is set before 2008! When I go into Date & Time Preferences its showing my date and time to be current! I am...
thicko Mac Support 1 05-21-2013 08:33 AM
Startsear.ch (Virus/Spyware help needed) LOGS INCLUDED
Here is the first log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Steven at 13:26:35 on 2011-10-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1919.693 . AV: AVG Internet Security 2012 *Enabled/Updated*...
Stevencc Resolved HJT Threads 13 10-18-2011 05:33 PM
Virus/Spyware Help
I seem to have picked up a virus or spyware or something. The primary problem is when I'm using Firefox and I get additional tabs being opened and popups. The tabs are typically "mens health base", "womens health base", and I've also seen some tabs about allergy and Google hiring. The popups say...
stocktsi Virus/Trojan/Spyware Help 25 06-11-2011 05:19 PM
Windows 7 insanity! virus/spyware?
I've had an Inspiron All-in-one for over a month now. Everything was fine. Now, the icons are in the tool tray are popping up as continuos running lines of the icon for Microsoft Pen and Touch Input Component. An MS virus remover keeps popping up and insist I purchase it. I realize this is probably...
Iamthatis137 Windows 7 , Windows Vista Support 4 04-05-2011 09:58 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:31 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts