Microsoft XP problems

[makuta2]

Random noises (child laughing, "danger", aim pings), and computer is alot slower then before.
Has had this problem for at least 3 months before deciding to come onto CompHope for help

Here are logs after doing everything that forum as advised me, hope you guys can find the problem.

[Saving space, attachment deleted by admin]

[SuperDave]

Hello makuta2 and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

=====================================
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

==============================================

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

============================================

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Once completed, exit HijackThis.

[makuta2]

I was able to do what you told me for HJT, but ComboFix had run into a problem. At first i was unable to disable to the parts of AVG8 before running ComboFix (The link provided did not have details on disabling my AVG8 Anti-Spyware, link provided had different steps on disabling)

After successfully running ComboFix, and restarting the computer, Combofix was unable to produce a log. Is there another program i can use that can replace Combofix, or must it be this program?

I can try to run ComboFix again, but i don't want to run into the same problem and end up without any results

EDIT: to be more specific Combofix did not create a FindR3m part of its logfile. (Uploaded the incomplete Combofix.txt)

[Saving space, attachment deleted by admin]

[SuperDave]

Download random's system information tool (RSIT) by random/random from here and save it to your Desktop.

•Double click on RSIT.exe to run.

•Click Continue at the disclaimer screen.

•Once it has finished, two logs will open.
•log.txt <will be maximized and info.txt <will be minimized

•Please post the contents of both logs in the next reply.

[makuta2]

Ran Rsit without any problems.

Want to include another computer symptom that I have noticed but forgot to mention before. Avg takes a considerably long time to put up its Firewall, don't know if some malware is causing this delay or if its part of AVG programing.

[Saving space, attachment deleted by admin]

[SuperDave]

Avg takes a considerably long time to put up its Firewall, don't know if some malware is causing this delay or if its part of AVG programing.

What do you mean by "put up its Firewall. Do you get a warning from your Security Center?
============================================

I noticed in your HJT log that you are running a P2P file-sharing program (uTorrent) on your computer. While the program itself is probably safe, the files you download with this program are a major source of infections. Therefore, I strongly urge you to uninstall it.


=====================================
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
=============================================

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[makuta2]

ESET didnt find anything, so i didnt receive a log to upload. There's no warning, just a little exclamation mark in the AVG tray

Regarding my previous question. AVG firewall is inactive when i start up computer, it becomes active after 2-3 minutes

EDIT: I had removed utorrent and Viewpoint a long time ago, I don't know why it would still end up on the HJT log unless there's a registry error, what can i do to solve this?

[SuperDave]

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

[SuperDave]

Regarding my previous question. AVG firewall is inactive when i start up computer, it becomes active after 2-3 minutes

I'm not sure about the AVG firewall whether or not it updates on startup but my laptop does the same thing when I boot up. I get a warning from the Security Center and after the updates are finished, the warning goes away.
=========================================

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\
sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\robert\Desktop\utorrent.exe"=-
Driver::
Viewpoint Manager Service

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[makuta2]

AVG's problem with the Firewall seems to have disappeared.

Here's the log file

[Saving space, attachment deleted by admin]

[SuperDave]

Download GMER Rootkit Detector and save it your desktop.
 
* Extract it to your desktop and double-click GMER.exe
* Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click the Rootkit tab and then Scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.

[makuta2]

done

can you tell me what "Thumbs.db" is? it is sometimes sitting in my folders for some reason, in the latest case it appeared after i downloaded GMER.

[Saving space, attachment deleted by admin]

[evilfantasy]

can you tell me what "Thumbs.db" is? it is sometimes sitting in my folders for some reason, in the latest case it appeared after i downloaded GMER.

It's because you have hidden files and folders set to Show All. We'll take care of that before we finish up.


RootRepeal - Rootkit Detector

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

[makuta2]

here you go

[Saving space, attachment deleted by admin]

[evilfantasy]

I can't read that.

Run it again please and just copy and paste the log into the next reply.