[elkski]

I got mbam. But it is just so sluggish still. Still says more ms updates and I'm sure dell drivers are needed too.

Even start window takes so long to open.

[Advertisements]

Ok, please post the logs when all the scans are finished. Also, please do not install any further updates or install any new software for the time being.

[pystryker]

Ok, please post the logs when all the scans are finished. Also, please do not install any further updates or install any new software for the time being.

[elkski]

  Results of screen317's Security Check version 0.99.87  

 Windows XP Service Pack 3 x86   

 Internet Explorer 6 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Disabled!  

Please wait while WMIC is being installed.d 

i 

s 

p 

l 

a 

y 

N 

a 

m 

e 

ECHO is off.

S 

y 

m 

a 

n 

t 

e 

c 

ECHO is off.

E 

n 

d 

p 

o 

i 

n 

t 

ECHO is off.

P 

r 

o 

t 

e 

c 

t 

i 

o 

n 

ECHO is off.

 Antivirus out of date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Java 2 Runtime Environment, SE v1.4.2_03 

 Java version out of Date! 

 Adobe Flash Player 10 Flash Player out of Date! 

  Adobe Flash Player 10.1.102.64 Flash Player out of Date!  

 Adobe Reader 7 Adobe Reader out of Date! 

 Mozilla Firefox (3.0.19) Firefox out of Date!  

 Google Chrome 37.0.2062.103  

 Google Chrome 37.0.2062.120  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 

 

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# product=EOS

# version=8

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=ffcce1f1d5d10a4eab949cf743b4c566

# engine=20109

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-09-11 06:42:22

# local_time=2014-09-11 01:42:22 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=64740

# found=2

# cleaned=0

# scan_time=6931

sh=151429375F548A02D9C4BAA63DA04612595CAC45 ft=0 fh=0000000000000000 vn="Win32/Adware.Virtumonde.NEO application" ac=I fn="C:\WINDOWS\system32\ebigawap.ini"

sh=F0886BA91626B747B65231D9943B75FCA5F05C1F ft=0 fh=0000000000000000 vn="Win32/Adware.Virtumonde.NEO application" ac=I fn="C:\WINDOWS\system32\umazevog.ini"

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/11/2014

Scan Time: 9:32:12 AM

Logfile: MBAM.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.11.03

Rootkit Database: v2014.09.10.02

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: enkhmart

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 321347

Time Elapsed: 38 min, 4 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

Malware.Trace, HKU\S-1-5-21-2987564195-3664300104-303828230-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\fias4051, Quarantined, [fe026488403bcf6766c5742960a337c9], 

 

Registry Values: 2

Trojan.BHO, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHAREDTASKSCHEDULER\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}, Quarantined, [c739b438cab10036b4e6892459a92ed2], 

Trojan.BHO, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHAREDTASKSCHEDULER|{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}, STS, Quarantined, [c739b438cab10036b4e6892459a92ed2]

 

Registry Data: 1

PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[c43cdf0d0576cb6bc04ffafa1ce8758b]

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

[pystryker]

Thank you for the logs.

Ok, let's remove the 2 items that ESET found. Once this is finished, then we'll start working on updating your programs. After that is finished, due to the age of the machine, I'd like to have our hardware techs check it out.

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt

Start
C:\WINDOWS\system32\ebigawap.ini
C:\WINDOWS\system32\umazevog.ini
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log

[elkski]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-09-2014

Ran by enkhmart at 2014-09-11 21:19:47 Run:2

Running from C:\Documents and Settings\enkhmart\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Start

C:\WINDOWS\system32\ebigawap.ini

C:\WINDOWS\system32\umazevog.ini

End

*****************

 

C:\WINDOWS\system32\ebigawap.ini => Moved successfully.

C:\WINDOWS\system32\umazevog.ini => Moved successfully.

 

==== End of Fixlog ====

[pystryker]

Thank you for the log. Let's get your programs up to date.

Step 1: Update Java

A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.

• Click on this link Java Website and click Do I Have Java?
• Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa

• Unzip the files to the directory of your choice.
• Double click the JavaRa icon in the directory and choose your language preference.
• Click Remove Older Versions from the menu.
• Click Yes.
• If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
• JavaRa will then search for and remove old versions of Java from your machine.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Step 2: Update Adobe Reader and Adobe Flash


Updating Adobe Reader

• Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
• Please click here to download FoxIt Reader.
• If you wish to continue to use Adobe Reader, then please update it by clicking here.
• Please remember to uncheck the option to install the Google Toolbar and browser.

Updating Adobe Flash Player

• Please update Adobe Flash Player by clicking here.
• Please remember to uncheck the box to install McAfee's Security Suite.

Step 3: Update FireFox Web Browser


Please update FireFox by clicking Help at the top of the browser and then selecting About Firefox. FireFox will automatically update itself.

Also, your hard drive will need defragging soon. But I would wait until you've updated these programs, and had the Hardware Techs check it out.


Step 4: Tool Removal and Creation of a Clean Restore Point

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Please let me know when these steps are completed and please post the DelFix log in your next post.

[pystryker]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.