Hi, I have on my PC Malwarebytes and AVAST, yesterday I ran MBAM and it found nothing, I then ran avast and it found the following:
A0157300.Ink LNK:Lnkbaddst-S (Trj)
A0157317.Ink LNK:Lnkbaddst-S (Trj)
A0164579.exe Win32:Crypt-IGW (Trj)
A0175297.dll Win32:Malware-Gen
nt5dll.dll Win32:Malware-Gen
I then performed a boot scan and it found a very long item that finished with slowpcfighter (PUP) I was not able to remove or delete this item.
Any help would be appreciated.
Try this and see if it find and remove anything
Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update the program so you have lates database before you scan
click the remove selected button to quarantine any infections found
please post the scan log here
OBS: did not see this
Hi, I have on my PC Malwarebytes and AVAST, yesterday I ran MBAM and it found nothing, I then ran avast and it found the following:
I have Malwarebytes Pro version and it is updated daily, I have teh free AVAST and it updates on start up as well, on the start up scan I could not select any of the removal processes as it says “feature not available” for removal and “could not perform the operation” with delete.
That above link looks to be the same as I already have.
I could not select any of the removal processes as it says "feature not available" for removal and "could not perform the operation" with delete.Was this a custom scan ? have you selected scan memory ?
No, after the initial scan, it removed the items listed then suggested a re-boot and boot scan which I did and that is where it finds the slowpcfighter (PUP) it then brings up I think 8 options and you select a number for teh action you want taken, and when I try remove to chest or delete it says it has an error or the request is not available or something like that.
I performed a flash scan first with MBAM:
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5594
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/25/2011 5:18:22 PM
mbam-log-2011-01-25 (17-18-22).txt
Scan type: Flash scan
Objects scanned: 134396
Time elapsed: 2 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I will do a full scan now and post once complete
After updating MBAM, I ferformed a full scan, here is the log
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5594
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/25/2011 6:17:18 PM
mbam-log-2011-01-25 (18-17-18).txt
Scan type: Full scan (C:|)
Objects scanned: 237143
Time elapsed: 53 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
PUP does not necessarily mean malware
A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants.http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html
So is this a program you know ? “slowpcfighter”
http://www.google.no/search?hl=no&source=hp&q=what+is+slowpcfighter+&btnG=Google-søk&aq=f&aqi=&aql=&oq=
why avast can not remove this i don`t know
if you have installed this, does it show in the program list ?
have you tried to just uninstall it ?
No I have never installed that program, my PC was recently hit by SYSTEM TOOL2011 and has since been removed, that is the first time it has been hit with a virus, since that I upgraded all my software, bought Malwarebytes Pro and installed the free AVAST software, AVAST is the one that picks it up, MBAM does not. It does not come up in add/remove programs or the internet access panel. If i search the C drive for slowpcfighter it does not find it.
If you want, you can let Essexboy have a look inside to see if you are clean
He will be in the forum later, about 8:pm to 11:59pm uk time
if so, do this
Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(post the logs here in this topic and not in the guide)
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt. / Extras.Txt.)
Ran OTL scan, attatched is the results.
I am in Australia, I do not know how to add that information in my profile.
I am in Australia, I do not know how to add that information in my profile.Forum spam protection (not that it help much) so you need 20 post
So should I not worry about the item it finds, is it a false positive
A0157300.Ink LNK:Lnkbaddst-S (Trj) A0157317.Ink LNK:Lnkbaddst-S (Trj) A0164579.exe Win32:Crypt-IGW (Trj) A0175297.dll Win32:Malware-GenThese are from the system restore so reseting restore points should clear them
Did you set these proxy settings ?
IE - HKU\S-1-5-21-3414482857-1331418073-2303840045-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.IPrimus.com.au;192.168.1.254;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*; IE - HKU\S-1-5-21-3414482857-1331418073-2303840045-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.iprimus.com.au:8080
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found. [2010/12/30 12:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nNmNl09000:Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
No I have not set any proxy settings manually, I will run OTL as instructed and post log when complete.
I ran OTL but it got the the point pf ‘processing complete’ (something like that) and it froze up, I left it for 10 mins but nothing happened so I had to re-boot, should I run the fix again.
With the system tool incident I had ( dec last year) to reset all my router and everything so that may have altered some settings.
I checked the logs for AVAST and the last boot scan did not find anything so it might be right now, just very paranoid after that system tool incident
What problems do you have now ?
Everything seems fine, just paranoid that AVAST picked up those items and MBAM did not, the AVAST logs state the last Boot scan detected no items so I must assume it is ok now.
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands [resethosts] [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
Run OTL again and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
SPRING CLEAN
Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
http://i1224.photobucket.com/albums/ee362/Essexboy3/Bootdefrag.jpg
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
[*]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe 
All done, PC is much smoother now thank you very much.
I will retain MBAM as I paid for the PRO version.