I've had problems recently with my computer running slow,and just shutting down in the middle of something.It usually happens every 2 days.Any help would be greatly appreciated.Here's all my logfiles:
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP248\A0071980.dll (Rogue.Ascentive) -> No action taken.
C:\WINDOWS\system32\ConTest.dll (Rogue.Ascentive) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:05 AM, on 3/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Hi and welcome to the Help2Go forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.
Despite that it is important that you first know a couple of things:
The fixes are specific to your problem and should only be used for this issue on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me how long it will take so the topic will not be closed.
There are also some things that I want you do so I can work as good as possible:
Please be patient. The work I do is voluntary and I also have a private life (school, work, friends and hobbies).
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
Please reply to this thread. Do not start a new topic.
Also, don't post logs as attachments. Other helpers like to view the logs as well and opening a lot of attachments is irritating. It can also contain malware.
One more thing is very important for users who have Vista as operating system. When I instruct to run a tool or program always right-click and choose 'Run as Administrator' instead of just double-clicking the icon.
Finally, please make a uninstall list using HijackThis and post that log so I know you have read this post.
To access the Uninstall Manager you would do the following:
Start HijackThis
Click on the Open The Misc Tool Section button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop and post the contents in a reply to this topic.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Agere Systems PCI Soft Modem
AIM 7
Apple Application Support
Apple Software Update
AVG Free 9.0
CCleaner
Download Updater (AOL LLC)
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HP Software Update
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
KBD
Logitech QuickCam
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6)
MVision
PC-Doctor for Windows
PS2
QuickTime
Sonic RecordNow!
Updates from HP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
When done, DDS.txt will open. Another file called Attach.txt will open after a short while. Please save these 2 files to your desktop as they will be deleted once you close them.
Step 2: Download and Run Gmer
Please download Gmer to your desktop and unzip it to your desktop. http://www.gmer.net/gmer.zip
Disconnect from internet and close running programs. There is a small chance this application may crash your computer so save any work you have open.
Double click the .exe file. If asked to allow gmer.sys driver to load, please allow that.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the Save button, and in the File name area, type in "Gmer.txt" or it will save as a .log file.
Save it where you can easily find it, such as your desktop.
Note: Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Step 3: Post logs
Please post the following logs in a reply to this topic (use multiple posts if needed):
DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Owner at 21:01:11.21 on Wed 03/24/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.297 [GMT -5:00]
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/17/2010 7:11:48 PM
System Uptime: 3/24/2010 5:55:50 PM (4 hours ago)
Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU 1 | 3065/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 179 GiB total, 168.433 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 2.165 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 2/17/2010 7:17:03 PM - Configured easy Internet sign-up
RP2: 2/17/2010 7:19:05 PM - Removed Microsoft Office Standard Edition 2003
RP3: 2/17/2010 7:21:07 PM - Removed Microsoft Plus! Dancer LE
RP4: 2/17/2010 7:21:26 PM - Removed Microsoft Plus! Digital Media Edition Installer
RP5: 2/17/2010 7:21:44 PM - Removed Microsoft Plus! Photo Story 2 LE
RP6: 2/17/2010 7:31:09 PM - Removed Norton Security Center
RP7: 2/17/2010 7:33:20 PM - Removed HP Organize
RP8: 2/17/2010 7:33:56 PM - Removed HP Deskjet Preloaded Printer Drivers
RP9: 2/17/2010 7:52:32 PM - Installed AVG Free 9.0
RP10: 2/17/2010 8:37:00 PM - Removed Adobe Reader 6.0.1
RP11: 2/17/2010 8:37:17 PM - Removed Adobe Acrobat - Reader 6.0.2 Update
RP12: 2/17/2010 8:37:24 PM - Installed Adobe Reader 9.3.
RP13: 2/17/2010 8:45:34 PM - Configured iTunes
RP14: 2/17/2010 8:51:45 PM - Installed Java(TM) 6 Update 17
RP15: 2/17/2010 8:54:26 PM - Removed Sonic Express Labeler
RP16: 2/17/2010 8:55:13 PM - Removed muvee autoProducer 3.5 magicMoments - HPD
RP17: 2/17/2010 8:56:18 PM - Removed Microsoft Works
RP18: 2/18/2010 9:26:07 AM - Avg8 Update
RP19: 2/18/2010 8:48:57 PM - Installed Windows Installer KB893803v2.
RP20: 2/19/2010 9:06:32 PM - System Checkpoint
RP21: 2/21/2010 10:08:12 AM - System Checkpoint
RP22: 2/22/2010 10:09:58 AM - System Checkpoint
RP23: 2/23/2010 10:21:34 AM - System Checkpoint
RP24: 2/23/2010 9:36:07 PM - Logitech Camera Driver Install
RP25: 2/24/2010 9:44:44 PM - System Checkpoint
RP26: 2/26/2010 12:28:22 AM - System Checkpoint
RP27: 2/27/2010 3:15:58 AM - System Checkpoint
RP28: 2/28/2010 3:40:12 AM - System Checkpoint
RP29: 3/1/2010 4:28:45 AM - System Checkpoint
RP30: 3/2/2010 4:57:12 AM - System Checkpoint
RP31: 3/3/2010 5:55:18 AM - System Checkpoint
RP32: 3/4/2010 6:39:32 AM - System Checkpoint
RP33: 3/5/2010 7:36:56 AM - System Checkpoint
RP34: 3/6/2010 2:09:17 PM - System Checkpoint
RP35: 3/7/2010 4:10:39 PM - System Checkpoint
RP36: 3/8/2010 7:21:06 PM - System Checkpoint
RP37: 3/9/2010 9:58:26 PM - System Checkpoint
RP38: 3/11/2010 12:39:10 AM - System Checkpoint
RP39: 3/12/2010 1:55:52 AM - System Checkpoint
RP40: 3/13/2010 4:09:39 AM - System Checkpoint
RP41: 3/13/2010 9:48:07 AM - Avg8 Update
RP42: 3/13/2010 9:51:21 AM - Avg Update
RP43: 3/14/2010 11:54:29 AM - System Checkpoint
RP44: 3/15/2010 2:43:10 PM - System Checkpoint
RP45: 3/16/2010 2:55:47 PM - System Checkpoint
RP46: 3/17/2010 8:34:56 AM - Avg Update
RP47: 3/18/2010 1:35:21 PM - System Checkpoint
RP48: 3/22/2010 8:51:45 AM - System Checkpoint
RP49: 3/22/2010 6:05:55 PM - Installed QuickTime
RP50: 3/23/2010 6:13:31 PM - System Checkpoint
RP51: 3/24/2010 6:23:44 PM - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Agere Systems PCI Soft Modem
AIM 7
Apple Application Support
Apple Software Update
AVG Free 9.0
CCleaner
Download Updater (AOL LLC)
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HP Software Update
HpSdpAppCoreApp
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
KBD
Logitech QuickCam
Logitech® Camera Driver
LS_HSI
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.2)
MVision
PC-Doctor for Windows
PS2
QuickTime
Sonic RecordNow!
Updates from HP
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
3/22/2010 9:30:37 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
3/22/2010 9:30:37 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\AIM_72~1.1\imappver.dll. Reference error message: The operation completed successfully. .
3/22/2010 9:30:37 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
3/21/2010 11:32:02 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/21/2010 11:16:58 PM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 0011D8DE3A6B has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-03-24 21:07:25
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\kwaorfow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9CE1F20]
The logs look perfect so I think you are not infected. Let's run one more scan though and do some other important things.
You aren't running Firewall Software. Please download and install one of them first!
Use a Firewall - Using a Firewall on your computer can be very important. Without a firewall your computer is susceptible to being hacked and taken over. There are some different situations you can be in where a third-party firewall may or may not be a good addition to your system:
If you are not using Windows XP or Vista, but an older version I recommend you to use a firewall.
If you are using Windows XP or Vista, but are on dial-up I recommend you to use a firewall.
If you are using Windows XP or Vista and are using broadband, but are not experienced in using firewalls and getting the choice to allow or disallow things I recommend you to use Windows Firewall.
If you are using Windows XP or Vista, are using broadband and experienced, I recommend you to disable Windows Firewall (as it is not perfect) and get a third-party firewall.
Step 1: Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
First remove the older versions:
Click Start
Go to Control Panel
Go to Add/Remove Programs
Find and click Remove for each version of Java that is present
Under JDK 6 Update 18 click the red box called Download JRE.
As Platform select your operating system, agree to the License Agreement and click Continue.
Now click on the link under Windows Offline Installation and download the installer to your desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.
Reboot your computer.
Step 2: Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
Double click the CCleaner shortcut on the desktop to start the program.
On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you check Cookies for removal, you can use Options, Cookies to decide which Cookies to keep.
If you use the Firefox browser, the box to check for Cookies is on the Applications tab, under Firefox.
Click on the Options icon at the left side of the window, then click on Advanced.
Deselect Only delete files in Windows Temp folders older than 24 hours.
Click on the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the Registry feature unless you are very familiar with the registry as it has been known to delete legitimate items.
After CCleaner has completed its process close the program.
CCleaner should be run with the above settings for each User Account!
Step 3: Run Kaspersky Online Scan
Please go to Kaspersky website to perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to your desktop by changing the Files of type to Text file (.txt) before clicking on the Save button.
Now close the window.
Step 4: Post logs
Please post the Kaspersky log together with a new HijackThis log. Also let me know if you are still having problems and tell me about any problems you still have.
LinkBack URL
About LinkBacks
computer running slow and shutting down
