No virus notifications but pc freezes often.(Help appreciated.)

[RandyL]

Sorry for the glitch. There were ten OTL log posts in moderation. I approved them all. I don't know why it happened but I'll keep an eye on it.

[jbradvi9]

Thank You for being on this thread again.I will post ComboFix log but I must inform You that same problems are still present(just typing my post in this editor was interrupted for two minutes with 3-4 'this tab is not responding do you want to close or wait' messages shown up).Shockwave flash crashes too many times but not in safe mode.In safe mode there is no desktop or taskbar freezing but there is a rustle noise issue in streaming audio/video that I noticed before last reformat too(this rustle increases while moving window on desktop or scrolling).Btw ComboFix deleted Spyware Process Detector, a tool I downloaded after the problems appeared to see if there are hidden processes that can't be seen with Task manager.

 

 

 

ComboFix 13-07-24.03 - Korisnik 26.07.2013 5:27.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.2038.517 [GMT 2:00]

Running from: c:\documents and settings\Korisnik\Desktop\etavaresCF.exe

AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\Spyware Process Detector

c:\program files\Spyware Process Detector\Base\good.spd

c:\program files\Spyware Process Detector\Base\process.spd

c:\program files\Spyware Process Detector\Base\safe.spd

c:\program files\Spyware Process Detector\Base\startup.spd

c:\program files\Spyware Process Detector\Base\system.spd

c:\program files\Spyware Process Detector\Help\english.chm

c:\program files\Spyware Process Detector\Plugin\belarusian.lng

c:\program files\Spyware Process Detector\Plugin\bulgarian.lng

c:\program files\Spyware Process Detector\Plugin\czech.lng

c:\program files\Spyware Process Detector\Plugin\deutsch.lng

c:\program files\Spyware Process Detector\Plugin\english.lng

c:\program files\Spyware Process Detector\Plugin\francais.lng

c:\program files\Spyware Process Detector\Plugin\hungarian.lng

c:\program files\Spyware Process Detector\Plugin\italian.lng

c:\program files\Spyware Process Detector\Plugin\romanian.lng

c:\program files\Spyware Process Detector\Plugin\russian.lng

c:\program files\Spyware Process Detector\register.url

c:\program files\Spyware Process Detector\spydetector.url

c:\program files\Spyware Process Detector\Uninstall\unins000.dat

.

.

((((((((((((((((((((((((( Files Created from 2013-06-26 to 2013-07-26 )))))))))))))))))))))))))))))))

.

.

2013-07-22 01:01 . 2013-07-22 01:02 -------- d-----w- C:\ac2ddeb38ddbecd73e09be3db1

2013-07-19 02:46 . 2013-07-20 20:47 -------- d-----w- C:\Sandbox

2013-07-18 15:38 . 2013-07-19 03:58 -------- d-----w- C:\BIOSTools

2013-07-18 15:37 . 2013-07-18 15:37 -------- d-----w- C:\swsetup

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-07 21:56 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-06-07 21:56 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-06-07 21:56 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-06-07 21:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2013-06-04 07:23 . 2004-08-04 12:00 562688 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 01:40 . 2004-08-04 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys

2013-05-03 01:26 . 2004-08-04 12:00 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-03 00:38 . 2004-08-03 22:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]

"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2011-06-23 9800560]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360]

"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]

"Search Protection"="c:\documents and settings\All Users\Application Data\Search Protection\SearchProtection.exe" [2013-06-13 943016]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-07-16 295512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Korisnik\Start Menu\Programs\Startup\

Google Chrome.lnk - c:\program files\Google\Chrome\Application\chrome.exe [2013-7-16 846288]

On-Screen Keyboard.lnk - c:\windows\system32\osk.exe [2004-8-4 215552]

Prečac do Podaci.lnk - c:\documents and settings\Korisnik\Desktop\Podaci.txt [2013-7-16 10343]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

REALTEK USB Wireless LAN Utility.lnk - c:\program files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe /H [2013-7-16 790528]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Spooler]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

@="[6cFgE][Ş?u?đ, ?i?eô ??? ga?e cő?ťř?l?e?š !!! !!! !]"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]

@="Portable Media Devices"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\SMART Technologies\\Education Software\\UCGui.exe"=

"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSNMPAgent.exe"=

"c:\\Program Files\\SMART Technologies\\Education Software\\UCService.exe"=

"c:\\Program Files\\SMART Technologies\\Education Software\\VantageService.exe"=

"c:\\Program Files\\Parallels\\Parallels Workstation\\Application\\prl_client_app.exe"=

"c:\\Program Files\\Parallels\\Parallels Workstation\\Application\\prl_disp_service.exe"=

"c:\\Program Files\\Parallels\\Parallels Workstation\\Application\\Parallels Transporter.exe"=

"c:\\Documents and Settings\\Korisnik\\My Documents\\Preuzimanja\\BitTorrent.exe"=

"c:\\Documents and Settings\\Korisnik\\Application Data\\BitTorrent\\BitTorrent.exe"=

.

R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [16.7.2013 23:56 13560]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [17.7.2013 0:01 22064]

R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [13.6.2013 2:27 1236336]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [16.7.2013 19:28 38144]

R2 Parallels Networking Service;Parallels Networking Service;c:\program files\Parallels\Parallels Workstation\Application\prl_naptd.exe [28.7.2011 14:18 2795376]

R2 Parallels USB Device Manager;Parallels USB Device Manager;c:\windows\system32\drivers\prl_usb_mng32.sys [17.7.2013 0:08 18288]

R2 Parallels Virtualization Hypervisor;Parallels Virtualization Hypervisor;c:\windows\system32\drivers\prl_hypervisor_32.sys [17.7.2013 0:08 227184]

R2 Parallels Virtualization Service;Parallels Virtualization Service;c:\program files\Parallels\Parallels Workstation\Application\prl_disp_service.exe [28.7.2011 15:14 16650608]

R2 prl_net;Parallels Networking Driver;c:\windows\system32\drivers\prl_net.sys [28.7.2011 13:41 28144]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16.4.2013 3:07 39056]

R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [20.9.2012 5:39 3677000]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [17.7.2013 0:01 66344]

R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe [13.7.2011 21:14 311664]

R3 PRLVNIC;Parallels Virtual NIC Adapter;c:\windows\system32\drivers\prl_vnic.sys [28.7.2011 13:41 13296]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16.7.2013 19:29 207616]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [21.7.2013 19:25 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21.7.2013 19:25 701512]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.7.2013 20:49 1691480]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2.6.2011 10:08 11336]

S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [17.7.2013 2:33 41584]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21.7.2013 19:25 22856]

S3 prl_dsk;Parallels Loopback Driver;c:\program files\Parallels\Parallels Workstation\Drivers\prl_dsk.sys [28.7.2011 13:42 52080]

S3 prl_mount_svc;Parallels Mount Service;c:\program files\Parallels\Parallels Workstation\Application\prl_mount_svc.exe [28.7.2011 14:12 521584]

S3 PRLUSBDEV;Parallels USB Device Driver;c:\windows\system32\drivers\prl_usb_dev32.sys [17.7.2013 0:08 25968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-16 18:24 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-21 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2013-06-13 00:27]

.

2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16 21:00]

.

2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-16 18:16]

.

2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-16 18:16]

.

2013-07-17 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1993962763-1450960922-725345543-1003.job

- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 01:09]

.

2013-07-26 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1993962763-1450960922-725345543-1003.job

- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 01:07]

.

2013-07-26 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1993962763-1450960922-725345543-1003.job

- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 01:07]

.

2013-07-26 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-1450960922-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 10:45]

.

2013-07-24 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-1450960922-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 10:45]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.hr/

IE: I&zvoz u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\cg6lbnmv.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.hr

FF - ExtSQL: 2013-07-19 03:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)

SafeBoot-drmkaud

SafeBoot-AudioEndpointBuilder

SafeBoot-HdAudAddService

SafeBoot-MMCSS

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-07-26 05:33

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2013-07-26 05:35:32

ComboFix-quarantined-files.txt 2013-07-26 03:35

.

Pre-Run: 110.596.440.064 bytes free

Post-Run: 111.896.231.936 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - ACCEA0D044538DC15C74DEB85DC83688

8F558EB6672622401DA993E1E865C861

[jbradvi9]

Google chrome is totally screwed up(not responding).

[etavares]

Hello, jbradvi9.

 

 

 

 

Step 1

 

 

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
    

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

  [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

  [*]Accept any security warnings from your browser.

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

  [*]Push the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

  [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

  [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

 

 

 

 

 

 

Step 2

 

 

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1

alternate download link 2

 

 

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
    

  [*]Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  
• Exit MBAM when done.
  

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

 

 

 

 

 

 

Step 3

 

 

 

 

Chrome isnt' working...does IE work? We can narrow it down to an application or something with http protocol.

 

 

etavares

[jbradvi9]

Step 1

 

C:\System Volume Information\_restore{E8F7761D-A09E-4056-ACF9-49F8153BBD8F}\RP50\A0028661.exe Win32/Adware.1ClickDownload.AN application

 

 

[ATTACH=CONFIG]1054.vB5-legacyid=1980[/ATTACH]

 

......file deleted!

 

Step 2

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

http://www.malwarebytes.org

 

 

Database version: v2013.07.27.01

 

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Korisnik :: NONE-BB75D357C4 [administrator]

 

 

Protection: Disabled

 

 

27.7.2013 4:09:18

mbam-log-2013-07-27 (04-09-18).txt

 

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205928

Time elapsed: 1 hour(s), 3 minute(s), 13 second(s)

 

 

Memory Processes Detected: 0

(No malicious items detected)

 

 

Memory Modules Detected: 0

(No malicious items detected)

 

 

Registry Keys Detected: 0

(No malicious items detected)

 

 

Registry Values Detected: 0

(No malicious items detected)

 

 

Registry Data Items Detected: 0

(No malicious items detected)

 

 

Folders Detected: 0

(No malicious items detected)

 

 

Files Detected: 0

(No malicious items detected)

 

 

(end)

 

 

Step 3

 

Unfortunately not.IE8 produces the same huge rustle noise effect in streaming audio and streaming video frame speed is irregular(i don't know how to describe this in simple words).Freezing affects many tested apps(notebook,office....)and especially the taskbar.Roughly said my pc is every 15 min OK and every 10 min freezed up.

 

[etavares]

Hello, jbradvi9.

 

We'll do one final scan. I'm believe this is hardware related, especially since it happens immediately after a reformat as well. Does your computer get hot to the touch? Is the fan running continually?

 

 

1. Download TDSSKiller.exe and save it to your desktop.
   
2. Double-click TDSSKiller.exe to run it.
   
3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
   
4. Click Start scan and allow it to scan for Malicious objects.
   
5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
   
6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
   
7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
   
8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
   for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
   
9. If no reboot is required, click on Report. A log file should appear.
   
10. Please post the contents of the logfile in your next reply
    

 

 

etavares

[jbradvi9]

[ATTACH=CONFIG]1055.vB5-legacyid=1981[/ATTACH]

[ATTACH=CONFIG]1056.vB5-legacyid=1982[/ATTACH]

 

Freezing comes up after a relatively longer period after all 4-5 clean installs I did(5-6 hours,I put this time because in that period I am installing a number of software(office 2003,nero,hardware drivers,xpsp3,web browsers,AV,adobe stuff,real player,filezilla etc.and these need multiple reboots).After that grace of total pc responsivness now it can be sometimes the pc is off for all day and on power on it is possibe to freeze just after loading the system tray icons so this is very strange because it happens often.I am sure if I do a reformat again it will work for 6hours with no problems.Can possibly a malware file(some kind of downloader) hide itself in RAM before I do a clean install and than after a period installs new files that then are causing these issues?I am asking this because I wouldn't like to throw this pc away!

[etavares]

A clean install (e.g. if the partitions are destroyed and rewritten) should ensure your computer is clean and free of malware. We can try and find out what's causing the slowdown. Are you able to pull up the task manager (Ctrl-Shift-Esc) and click the CPU column title twice so it sorts from high to low for CPU usage. What do you see when it locks up? Is anything using more than 10 in the CPU column?

 

Do you hear the hard drive clicking? Failing hard drives can cause issues like this. We can run a hard drive diagnostic if you are able to run this overnight.

 

-etavares

[jbradvi9]

TM:

 

[ATTACH=CONFIG]1058.vB5-legacyid=1992[/ATTACH]

 

hard drive diagnostic:

 

[ATTACH=CONFIG]1059.vB5-legacyid=1993[/ATTACH]

[jbradvi9]

http://s6.postimg.org/42jjqm2zl/Screen_Hunter_15_Jul_29_10_28.jpg

 

http://s6.postimg.org/gv7nqjeld/Screen_Hunter_19_Jul_29_10_43.jpg

 

http://s6.postimg.org/tb4dka7xd/Screen_Hunter_21_Jul_29_11_54.jpg

[jbradvi9]

http://s6.postimg.org/rklcisqe9/Screen_Hunter_20_Jul_29_11_01.jpg

[jbradvi9]

http://s6.postimg.org/alce3jf6p/Screen_Hunter_22_Jul_29_12_01.jpg

[jbradvi9]

http://s6.postimg.org/rzwmbtcbl/Screen_Hunter_23_Jul_29_22_26.jpg

[etavares]

Hi,

 

 

That's a fairly high CPU usage. Does jqs.exe usually use that much of your processing capacity?

 

 

Your hard drive is running hot in both diagnostics. Have you cleaned your computer since you've had it? Dust may be building up around your hard drive mount or the intake/exhaust fans. Do you have cables in the way?

 

 

-etavares

[jbradvi9]

Sometimes taskmgr.exe uses so much CPU (21%) and many others so my opinion is that it's not problematic.I frequently kill Jqs.exe and other processes that use cpu or memory.Ineresting,I cleaned the comp interior a week ago while looking where ram module is placed(another pc helping site guy asked me for that.) and in that way it's like new now but with no effect on what is going on with my OS.

[jbradvi9]

Look at this video,please!(expeccially after 2:50-annoying rustle effect)

 

 

[etavares]

Hi jbradvi9,

 

At this point, I need to ask you to pick where you would like to get help from. Working with more than one person at a time can be problematic. There is a potential that you end up with a nonbootable computer as we are not sure what the other person is asking you to do. We don't want this to occur. I do understand you want to resolve the issue as quickly as possible. Please let me know if you'd like to continue with my help and only my help, or if you want to continue to work with the person on the other site (and with only them!). I'm not trying to be mean, but I am trying to ensure you end up resolving your issue and not making it worse.

 

Thanks,

-etavares

[jbradvi9]

Sorry for that but I told him that I am asking help from another forum and it would be problematic.I asked him only to help me with diagnostic and not with cure of found problems.Anyway he was giving me help only for possible hardware issues.Iwould never tell you abut this person if I didn't conclude help from that site.I hope this explain all.

[etavares]

OK, it does appear to be hardware related. MBAM is clean. ESET was clean (it only found a remnant in an old restore point of adware). Combofix was clean. TDSSKiller is clean. Your logs look clean. It also starts pretty quick after a reformat. This can be difficult to track down...could be RAM, power supply issues, MOBO short, hard drive failure, etc. Did you run an overnight scan of hte hard drive or only a quick scan?

 

-etavares

[jbradvi9]

Now my internet speed is about 2kbps so i am just telling you i used linux live cd-s 1. xubuntu and 2.slackware-partedmagic to try increasing speed but its internet speed is also slow which causes this forum page to not load correctly and fantasticaly slow so i am affraid we will contact again after another reformat.In live cd-s atleast apps load correctly and don't freeze but XP is total disaster! :(

[etavares]

You do have a graphics error in your logs:

Error - 16.7.2013 17:41:52 | Computer Name = NONE-BB75D357C4 | Source = ialm | ID = 262252

Description = The driver igxprd32 for the display device \Device\Video3 got stuck

in an infinite loop. This usually indicates a problem with the device itself or

with the device driver programming the hardware incorrectly. Please check with your

hardware

device vendor for any driver updates.

 

Please follow this guide and post the resulting link from Speccy, I want to see what video card you have so we can try and update the driver.

 

http://www.bleepingcomputer.com/forums/t/323892/publish-a-snapshot-using-speccy/

 

-etavares

[jbradvi9]

I am experiencing internet connection problems so at this moment i can't download files from internet (speccy) only load pages but incredibly slowly.I tried with a linux based live cd but still the same so it is surely ISP error.I called them and they said that would try to correct the problem......

[etavares]

OK, just let me know when it's back up and working. It could also be a network hardware or router. Do you have other devicies? If so, are they connecting OK?

[jbradvi9]

All devices are connecting OK (external hdd 512gb,two usb sticks,printer ,network adapter)I doubt there is hardware issue,because that ugly rustling or crackling noise with streamed media is happening only with windows and not with linux (linux based live cd).I reformatted again with wXP but this audio issue that is only happening with windows won't go away.Now I finally downloaded speccy setup file so I will post speccy content in my next post.

[jbradvi9]

The link is below:

 

http://speccy.piriform.com/results/7KTlvB5ypdJAxYdFjCZRjTJ

 

(Now the AV is MSE and second defense is adaware...)I am also planning to install a firewall like comodo....