Trying to scan with ESET NOD32 to obtain log..problem

[goldstar10]

   Thanks...so much...no more hijackings

But, my computer is still running sooooooo slooooooow.  Do you think something is still trying to bog it down?  I am also wondering if I have too many antispyware programs.   Maybe could reduce performance?  I have spy sweeper and superantispyware and adware.
Maybe a little overkill?

[Broni]

What are your computer specs? Processor speed, amount of RAM, hard drive size, and its free space?

[goldstar10]

Does this help?




OS Name   Microsoft Windows XP Home Edition
Version   5.1.2600 Service Pack 2 Build 2600
OS Manufacturer   Microsoft Corporation
System Name   YOUR-4105E587B6
System Manufacturer   Hewlett-Packard
System Model   Presario R3000 (PL986UA#ABA)
System Type   X86-based PC
Processor   x86 Family 15 Model 2 Stepping 9 GenuineIntel ~3000 Mhz
Processor   x86 Family 15 Model 2 Stepping 9 GenuineIntel ~3000 Mhz
BIOS Version/Date   Hewlett-Packard F.40, 10/26/2004
SMBIOS Version   2.31
Windows Directory   C:\WINDOWS
System Directory   C:\WINDOWS\system32
Boot Device   \Device\HarddiskVolume1
Locale   United States
Hardware Abstraction Layer   Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"

Time Zone   Eastern Standard Time
Total Physical Memory   512.00 MB
Available Physical Memory   106.45 MB
Total Virtual Memory   2.00 GB
Available Virtual Memory   1.96 GB
Page File Space   923.44 MB
Page File   C:\pagefile.sys


Other info found:

Intel Pentium 4 processor
 3.0GHz

60GB hard drive
512 MB DDR memory
384MB of ram


I just defragmented c: drive....the report states:

55.8GB Capacity
38.54GB Free Space
%of free space = 68%

Hope this helps!!

[Broni]

Your computer specs look OK. Adding another 512MB of RAM may help, and it's pretty cheap solution.

I have spy sweeper and superantispyware and adware.

This is no problem, because only Spy Sweeper runs in real time.

When was your last defrag?

[goldstar10]

I defraged last night.  But, an odd thing happens when I defrag in normal mode.......my computer completely shuts down and turns of when defrag has been running for about 5 minutes   It has never done that before.  It started when the adware/trojans appeared.

I was surprised that when I did the defrag last night (since no further attacks)  that the same thing happened.  So I had to defrag in safe mode..........hmmmm not sure what is up with that.

[Broni]

Defragging in Safe Mode is fine. How fragmented your hard drive was?

Let's try couple of other tools, just to be on a safe side...

*** Download SDFix (http://downloads.andymanchesta.com/removaltools/sdfix.exe) and save it to your Desktop.

    * Run the SDFix.exe by double clicking on it.
    * Allow it to install into the default location which is c:\SDFix
    * Now please reboot your computer into Safe Mode:
   # After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
   # Instead of Windows loading as normal, the Advanced Options Menu should appear;
   # Select the first option, to run Windows in Safe Mode, then press Enter.
    * When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    * Attach the Report.txt file to your next message.

*** Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)  to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post that log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

[goldstar10]

Sorry for such a delay in reply and update!!!!!!

I have tried several times to go through the steps with SDFix but, it has not worked for me as indicated in your instructions.

I downloaded from the link provided and rebooted into safe mode.  It runs just fine.  I get it to check 100% of the files but, it never prompts me to reboot to normal mode

I tried it at least three times and the log file always says this:

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 22:52:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

IPC error: 2 The system cannot find the file specified.
scan completed successfully
hidden files: 0

Was this suppose to be the log that I was looking for?

Sorry if I did not follow instructions........


But, I have gone ahead and run a full system scan with Malwarebytes anti-malware.  This scan is in progress now.  I will post the log when it is finished.

One other question

Where is the best place to obtain more memory?   I have never added memory to my computers before........      I think you made a good suggestion that this would be a good way to go.  Just not sure of the process.


BTW>>>>>>Have I said THANK YOU...THANK YOU ...THANK YOU

I HAVE NOT HAD ANY MORE ATTACKS!!!!   There are no words to express how wonderful you and this forum are!!!!!!!!   Computer Hope is a perfect name for this wonderful place.    Seeing as I felt totally hopeless when I came here..............AWESOME!!!!!

[Broni]

You're welcome

This scan is in progress now.

Let's wait, then.

As for RAM: www.crucial.com, or www.newegg.com

[goldstar10]

Here is my malwarebyte log....finally   :


Malwarebytes' Anti-Malware 1.02
Database version: 326

Scan type: Full Scan (C:\|)
Objects scanned: 291060
Time elapsed: 5 hour(s), 50 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\egodktf.btgv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00637463.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\006E2023.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\006E4937.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0AC9337E.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0076ACFB.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\0068BC9F.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daven\HCUpgrade3.1.exe (Heuristic.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alan\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.