1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Super slow inherited laptop unable to run internet explorer

Discussion in 'Malware and Virus Removal Archive' started by quirkymac, 2010/10/10.

Thread Status:
Not open for further replies.
  1. 2010/10/10
    quirkymac

    quirkymac Inactive Thread Starter

    Joined:
    2006/09/07
    Messages:
    196
    Likes Received:
    0
    [Inactive] Super slow inherited laptop unable to run internet explorer

    Hi there,
    A family member has just been given this laptop but is finding it incredibly difficult to use, it is horribly slow (slower than the specs indicate it should be!) and she is unable to use Internet Explorer at all.
    I wonder if the gurus here could have a look at the logs and see if anything has been installed along the way that shouldn't have been...ie any nasties.
    Many thanks!!

    QK



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/12/2006 1:58:12 a.m.
    System Uptime: 10/11/2010 2:05:19 p.m. (-719 hours ago)

    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | uFC-PGA Socket | 1463/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 34 GiB total, 21.05 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP45: 25/08/2011 12:24:25 a.m. - System Checkpoint
    RP46: 25/08/2011 3:33:41 a.m. - Installed Windows Internet Explorer 8.
    RP47: 25/08/2011 3:36:15 a.m. - Installed Java(TM) 6 Update 21
    RP48: 25/08/2011 3:49:18 a.m. - Avg8 Update
    RP49: 25/08/2011 4:44:07 a.m. - Avg8 Update
    RP50: 26/08/2010 7:38:56 a.m. - System Checkpoint
    RP51: 26/08/2010 7:43:49 a.m. - Software Distribution Service 3.0
    RP52: 26/08/2010 8:17:32 a.m. - Software Distribution Service 3.0
    RP53: 27/08/2010 9:04:16 p.m. - Software Distribution Service 3.0
    RP54: 27/08/2010 9:06:01 p.m. - Software Distribution Service 3.0
    RP55: 28/08/2010 12:22:10 p.m. - Software Distribution Service 3.0
    RP56: 28/08/2010 1:13:28 p.m. - Software Distribution Service 3.0
    RP57: 28/08/2010 7:01:52 p.m. - Software Distribution Service 3.0
    RP58: 2/09/2010 8:07:38 p.m. - System Checkpoint
    RP59: 29/09/2010 4:27:53 a.m. - Software Distribution Service 3.0
    RP60: 29/09/2010 4:42:43 a.m. - Installed %1 %2.
    RP61: 29/09/2010 4:46:07 a.m. - Software Distribution Service 3.0
    RP62: 4/10/2010 2:21:42 p.m. - Software Distribution Service 3.0
    RP63: 4/10/2010 2:32:45 p.m. - Software Distribution Service 3.0
    RP64: 4/10/2010 7:00:23 p.m. - Software Distribution Service 3.0
    RP65: 4/10/2010 8:05:07 p.m. - Software Distribution Service 3.0
    RP66: 5/10/2010 7:00:31 p.m. - Software Distribution Service 3.0
    RP67: 6/10/2010 1:51:02 a.m. - Software Distribution Service 3.0
    RP68: 6/10/2010 7:00:41 p.m. - Software Distribution Service 3.0
    RP69: 7/10/2010 9:37:10 a.m. - Avg8 Update
    RP70: 8/10/2010 10:32:14 a.m. - System Checkpoint
    RP71: 9/10/2010 2:07:44 a.m. - Software Distribution Service 3.0
    RP72: 10/10/2010 8:40:09 a.m. - System Checkpoint
    RP73: 11/10/2010 8:43:12 a.m. - System Checkpoint
    RP74: 11/10/2010 2:37:50 p.m. - Removed Apple Software Update
    RP75: 11/10/2010 2:39:45 p.m. - Removed CD/DVD Drive Acoustic Silencer
    RP76: 11/10/2010 2:40:30 p.m. - Removed EasyCleaner
    RP77: 11/10/2010 2:44:57 p.m. - Removed InstallShield Restore Point
    RP78: 11/10/2010 3:01:59 p.m. - Removed Sonic DLA
    RP79: 11/10/2010 3:03:04 p.m. - Removed Sonic RecordNow!

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 7.0.8
    ALPS Touch Pad Driver
    Atheros Client Utility
    Atheros Wireless LAN MiniPCI/PCIe card Driver
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AVG Free 8.5
    Canon MX320 series MP Drivers
    CCleaner
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    InterVideo WinDVD for TOSHIBA
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 21
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    QuickTime
    Realtek High Definition Audio Driver
    SD Secure Module
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Display Devices Change Utility
    TOSHIBA Dual Pointing Device Utility
    TOSHIBA HDD Protection
    TOSHIBA Hotkey Utility for Display Devices
    TOSHIBA Password Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Boot Utility
    TOSHIBA SD Memory Card Format
    TOSHIBA Security Assist
    TOSHIBA Software Modem
    TOSHIBA TouchPad On/Off Utility V2.05.01
    TOSHIBA Utilities
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    WebFldrs XP
    Windows Defender
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Service Pack 3
    WinZip
    Wireless Hotkey

    ==== Event Viewer Messages From Past Week ========

    9/10/2010 8:09:01 a.m., error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
    9/10/2010 8:09:01 a.m., error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/10/2010 5:39:21 p.m., error: Print [6161] - The document http://www.nzva.org.nz/files/sharedimages/C2_Euthanasia_21Jun07_0.pdf owned by Val Ball failed to print on printer Canon MX320 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 12163788. Number of bytes printed: 793172. Total number of pages in the document: 8. Number of pages printed: 0. Client machine: \\TOSHIBA-USER. Win32 error code returned by the print processor: 13 (0xd).
    11/10/2010 2:38:53 p.m., error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

    ==== End Of File ===========================
     
    quirkymac,
    #1
  2. 2010/10/10
    quirkymac

    quirkymac Inactive Thread Starter

    Joined:
    2006/09/07
    Messages:
    196
    Likes Received:
    0
    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Val Ball at 15:15:01.15 on Mon 11/10/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.108 [GMT 13:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\ThpSrv.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SkyTel.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\DOCUME~1\VALBAL~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Val Ball\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Val Ball\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Val Ball\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.nz/
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: AutorunsDisabled - No File
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\val ball\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [00THotkey] c:\windows\system32\00THotkey.exe
    mRun: [000StTHK] 000StTHK.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [TPSODDCtl] TPSODDCtl.exe
    mRun: [ThpSrv] thpsrv /logon
    mRun: [TFNF5] TFNF5.exe
    mRun: [TOSDCR] TOSDCR.EXE
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe "
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_10\bin\jusched.exe "
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [DpUtil] c:\program files\toshiba\dualpointutility\TEDTray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

    ============= SERVICES / DRIVERS ===============

    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-30 6144]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2000-1-1 335240]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-13 27784]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2000-1-1 108552]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2000-1-14 908056]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2000-1-14 297752]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-10-5 13592]
    S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-30 35968]

    =============== Created Last 30 ================

    2011-08-24 16:44:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2011-08-24 15:49:56 -------- d-sh--w- c:\documents and settings\val ball\PrivacIE
    2011-08-24 15:43:25 -------- d-sh--w- c:\documents and settings\val ball\IETldCache
    2011-08-24 15:38:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-08-24 15:38:12 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-24 15:38:12 423656 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-08-24 15:31:11 -------- dc-h--w- c:\windows\ie8
    2011-08-24 11:00:58 -------- d-----w- c:\program files\Yahoo!
    2011-08-24 11:00:42 -------- d-----w- c:\program files\CCleaner
    2011-07-07 17:26:32 -------- d-----w- c:\windows\system32\Lang
    2011-07-07 17:12:52 -------- d-----w- c:\windows\system32\RTCOM
    2010-10-11 02:03:43 -------- d-----w- c:\docume~1\valbal~1\applic~1\MSNInstaller
    2010-10-08 13:07:56 6084944 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{b03307bb-3553-4bcd-b1d9-759b10b31fa9}\mpengine.dll
    2010-10-04 07:23:13 -------- d-----w- c:\windows\system32\XPSViewer
    2010-10-04 07:21:42 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2010-10-04 07:20:09 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-10-04 07:20:09 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-10-04 07:20:09 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2010-10-04 07:20:09 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-10-04 07:20:08 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-10-04 07:20:08 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-10-04 07:20:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-10-04 07:20:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-10-04 07:20:04 -------- d-----w- C:\31b91ad69c5c3ee8bb84
    2010-10-04 04:36:36 -------- d-----w- c:\docume~1\valbal~1\locals~1\applic~1\Adobe
    2010-09-28 15:25:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-09-28 15:25:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-09-28 15:25:13 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

    ==================== Find3M ====================

    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    ============= FINISH: 15:17:09.67 ===============
     
    quirkymac,
    #2


  3. to hide this advert.

  4. 2010/10/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Since it's inherited computer, you don't want to consider fresh Windows installation?
     
    broni,
    #3
  5. 2010/10/11
    quirkymac

    quirkymac Inactive Thread Starter

    Joined:
    2006/09/07
    Messages:
    196
    Likes Received:
    0
    Thanks Broni,

    It was a work computer before (and her work donated it to her) so she does acutally have quite a number of things on it that she wishes to retain. I did offer to backup, format and reinstall but that offer was declined.

    Was there anything of note in the logs I posted? If there is too much I will suggest to MD (Mother dearest) that starting from fresh is the best option.

    Thanks again,

    QK
     
    quirkymac,
    #4
  6. 2010/10/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We can surely clean it up :)

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...