Infected: slow and deleted items are reappearing on desktop

[nroberts]

I have a dell 530s Inspiron desktop, has been running very slow and freezes up which can only be

fixed by shutting it down. Today my desktop was covered by shortcuts I had previously deleted.

Ran Malwarebyes and it came back clean. Below are dds and attach.

Thanks.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16496
Run by CeCe at 15:45:00 on 2013-07-12
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.

uWindow Title = Internet Explorer provided by Dell

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzUwMjIyMTA2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=0cd91780f8ab47d19f3b4c7f87063cda-b3852606f8d31610eace3647d24149a3312c145d
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0




TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AAF9302C-9EF3-4DB3-82D5-B3EE2A0871D0} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cece\appdata\roaming\mozilla\firefox\profiles\5e6kt9v3.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-07-12 13:38:30 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{db91e398-72b5-43f0-b5a1-2ebecd902bf1}\mpengine.dll
2013-07-12 02:15:33 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-12 02:15:32 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-07-12 02:15:32 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-07-12 02:15:32 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-07-10 19:35:45 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a5a33867-20e5-45b1-90d7-4aac82918613}\gapaengine.dll
2013-07-10 19:28:24 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 19:26:49 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-07-10 19:26:49 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-10 19:26:49 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-10 19:26:49 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-10 19:26:49 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 19:26:49 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-07-10 19:26:48 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-07-10 19:26:48 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-10 19:26:48 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-10 19:26:46 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 19:26:43 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 18:05:32 -------- d-sh--w- C:\found.001
2013-07-10 18:00:25 -------- d-----w- C:\763b1a8a214132913e7b76717d4613
.
==================== Find3M  ====================
.
2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-08 03:40:36 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 01:58:22 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 22:03:36 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03:36 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 04:04:25 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03:42 37376 ----a-w- c:\windows\system32\printcom.dll
2013-04-24 04:00:30 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-04-24 04:00:30 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-24 04:00:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-24 04:00:24 41984 ----a-w- c:\windows\system32\certenc.dll
2013-04-24 01:46:29 812544 ----a-w- c:\windows\system32\certutil.exe
2013-04-17 12:30:06 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
.
============= FINISH: 15:45:57.57 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
Canon iP3500 series
Canon iP3500 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Coupon Printer for Windows
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Digital Line Detect
getPlus® for Adobe
GoToAssist 8.0.0.508
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® PRO Network Connections 12.1.11.0
iTunes
Java Auto Updater
Java 6 Update 23
Macromedia Dreamweaver 2
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
Mouse Suite for Desktop Computers
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music, Photos & Videos Launcher
NetWaiting
OpenOffice.org 3.2
Product Documentation Launcher
QuickBooks Simple Start 2008
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User's Guides
.
==== End Of File ===========================

 

[AdvancedSetup]

Hello and

Please run the following and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.


STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE:  Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
  
  
  STEP 02
  
  Please download Malwarebytes Anti-Rootkit from HERE
  

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
    
  
  STEP 03
  
  Please download Junkware Removal Tool to your desktop.
  
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
    

  
  STEP 04
  
  Please download AdwCleaner by Xplode to your desktop.
  

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
    
  
  STEP 05
  
  
  
  Please go here to run the online antivirus scannner from ESET.
  
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
      

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
    

  
  

[nroberts]

Hello,

I ran Malwarebytes Anti-Rootkit and it came back clean, ran it again and same results, so no logs were created.  I've attached the other logs you asked for.

JRT.txt

AdwCleanerS1.txt

eset-scan.txt

[AdvancedSetup]

Nothing obvious seen there.  Let me have you run this tool please.

 

Please visit this webpage for instructions on downloading and running ComboFix: How to use ComboFix

Please make sure you disable your security applications before running ComboFix.

Once Combofix has completed it will produce and open a log file.  Please attach that log file to your next reply.
If needed the file can be located here:  C:\combofix.txt

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
 

[nroberts]

Hi,

Attached is the log from Combofix.

ComboFix.txt

[AdvancedSetup]

This computer has run combofix before back in 2011 and was never properly removed.  The log also appears to indicate that it was either manually edited before you posted it or potentially obscured by security software. 
 
Let me have you run some other tools to ensure that some threat is not responsible.
 
 

STEP 1
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 

STEP 2

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files
• 
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 
 
 

STEP 3
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• RogueKiller 32-bit | RogueKiller 64-bit
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.

 

STEP 4

Next, download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
• Thanks

[nroberts]

Hi,

I could have run ComboFix back in 2011 when I had a problem and was working with someone I think in the Dell forums. Attached are the logs you requested.

FRST.txt

Addition.txt

Result.txt

RKreport0_S_07162013_205551.txt

checkup.txt

[AdvancedSetup]

Please uninstall all versions of Java.

 

I don't see any antivirus installed on this system unless I overlooked it.  

 

Please download and install the following antivirus for now and update it and do a Full System scan and let me know what it finds please.

 

http://www.filehippo.com/download_avast_antivirus/

 

Thanks

[nroberts]

Hi,

How do I uninstall Java?  Do I do it thru the control panel?

[AdvancedSetup]

Click on START -> Control Panel

Inside control panel there is an applet called Programs and typically a link for "Uninstall a program"

You should be able to remove Java from there.

Please get an antivirus installed and scan that system. Dangerous to be without one.

[nroberts]

Hi,

I uninstalled Java and then downloaded and did a full scan with Avast.

It showed no infected files. I have Microsoft Security Essentials running, is that not

a virus protector? If nothing seems to to be infected, why is it running so poorly?

[AdvancedSetup]

Yes it is an antivirus, I must have missed it in the logs.

 

Please run the following for me.

 

Next, download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

 

Thanks

[nroberts]

Hi,

I downloaded and ran SecurityCheck. When it started up, the black box said "collecting info", then

said "preparing" and an AutoIt Error box popped up. It said line 1 error variable must be of type object. I clicked on okay and it continued and produced the attached log.

checkup.txt

[AdvancedSetup]

You need to update the following software to the latest versions please.

 

Adobe Reader 8
Mozilla Firefox 8.0

 

Please run me a new DDS scan.  That log should have shown the avast antivirus but it did not for some reason.

 

How is the computer running now?

 

 

 

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment. 

When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt
   

• Save both reports to your desktop
• Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file

 

[nroberts]

Hi,

I upgraded Adobe. I deleted Firefox as I do not use it. I also deleted the Avast as I use Microsoft Security and you said that is an antivirus.

 

Atttached are 2 new logs form DDS.

 

The computer is not running any better, still keeps freezing, when I try to shut down the window I am in

it will start to fade out.

 

Thanks

attach.txt

dds.txt

[AdvancedSetup]

Okay please run the following for me.  Let's run MBAR again.

 

 

STEP 01
Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 02
Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller
Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.
PC Winvids - How to run Kaspersky TDSSKiller
If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.


STEP 03
Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

STEP 04

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

 

[nroberts]

Hi,

I ran the Malwarebytes Anti-Rootkit twice and it came back clean both times.  The other logs

you requested are attached.

 

Thanks

TDSSKiller.2.8.18.0_25.07.2013_18.09.33_log.txt

TDSSKiller.2.8.18.0_25.07.2013_18.12.27_log.txt

FSS.txt

Result.txt

[AdvancedSetup]

I'm checking on some information about one of the logs.  I may not be able to get back to you until tomorrow on this but it looks like you might have some infected files and you do have a TDSS rootkit element on the system still.  We can have TDSSKiller remove it but if those other files are infected we need to get them replaced too so I'll get back to you tomorrow.   If I've not replied within 24 hours please send me a private message.

 

Thanks

[AdvancedSetup]

The file in question appears to be valid so no issue there.

How is the computer running now ? Is it just slow or are you experiencing malware related issues?

[AdvancedSetup]

Are you still with us?

[nroberts]

Yes, I apologize for the delay in getting back to you. I am still having problems with slowness, fading out  and with some screen freezing. Since there does not seem to be any problem, could it be the hard drive?

[AdvancedSetup]

Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
  

 

Then reboot the computer and try doing a disk defrag and let me know if that helps or not.

[nroberts]

Hi,

 

I ran the TFC and then defraged. I still find that the internet is slow, prehaps not as slow as it was.

I've still had some incidents with freezing up. Should I redownload Internet Explorer? I have

version 9.

 

Thanks

[AdvancedSetup]

Please try the following.

 

Open Internet Explorer - go to Tools/Internet Options/Advanced and click on the Reset and close Internet Explorer.

 

Then shut down the computer and power off.  Then unplug the power from your Internet modem and router and leave them all off for a couple minutes.

Then plug your modem and router back in and leave them on for at least 3 minutes and then turn the power on for your computer and let it start up and give it a few minutes and then see how the speed is and let me know.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!