I got some problems...suggestions welcome :)

Viruses and worms
1

I noticed my PC running slow, Avast was disable and would not restart. Also noticed some network connection problems and web pages were taking ages to load.

heres the report - any ideas?

will be attemptimg to get Avast to work…

Malwarebytes’ Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8071

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

02/11/2011 21:34:11
mbam-log-2011-11-02 (21-34-11).txt

Scan type: Full scan (C:|)
Objects scanned: 361008
Time elapsed: 57 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) → Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\relevantknowledge (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\components (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) → Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\relevantknowledge\rlls.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlls64.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlph.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlvknlg64.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlxf.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\components\rlxg.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os3D10.tmp\rlls.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os3D10.tmp\rlls64.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os3D10.tmp\rlservice.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os3D10.tmp\rlvknlg.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os3D10.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os8F44.tmp\rlvknlg.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os8F44.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os8F44.tmp\rlxf.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os8F44.tmp\rlxg.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os9B84.tmp\rlvknlg.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os9B84.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os9B84.tmp\rlxf.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~os9B84.tmp\rlxg.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~osBC4.tmp\rlls.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~osBC4.tmp\rlls64.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~osBC4.tmp\rlph.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~osBC4.tmp\rlservice.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~osBC4.tmp\rlvknlg.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~osBC4.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~osBC4.tmp\rlxf.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp~osBC4.tmp\rlxg.dll (Adware.RelevantKnowledge) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\chrome.manifest (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\install.rdf (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\MSVCP71.DLL (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\MSVCR71.DLL (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\nscf.dat (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rloci.bin (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) → Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) → Quarantined and deleted successfully.

2

How long has this been going on ?

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U*.* /s
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

3

thanks for the reply - am doing it now, can you explain?

4

sorry to anweswer the question - noticed a real slowness in last 24 hours

5

pc is very slow (2-3mins) to get connection on startup too, might just need an update though…

6

That is indicative of a rootkit at work but I will need the OTL log to confirm it

7

shit i dont think i clikced all users on the scan…ill post it but will redo after finished…:frowning:
thanks for help :slight_smile:

8

Attach the log you have and if necessary we will run the all users afterwards

9

a

10

extras?!

11

Nothing of import there, I notice that you have Norton as well I would recommend that it be fully uninstalled. What problems is Avast having ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

12

the all user file is too big to attach! email me at

13

Error - 19/01/2011 18:11:33 | Computer Name = Whiffles-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.34 for the Network Card with network
address 00044B18D0E3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/01/2011 18:36:05 | Computer Name = Whiffles-PC | Source = bowser | ID = 8003
Description =

Error - 20/01/2011 17:52:50 | Computer Name = Whiffles-PC | Source = bowser | ID = 8003
Description =

Error - 23/01/2011 12:48:36 | Computer Name = Whiffles-PC | Source = bowser | ID = 8003
Description =

Error - 24/01/2011 17:18:02 | Computer Name = Whiffles-PC | Source = netbt | ID = 4321
Description = The name “WORKGROUP :1d” could not be registered on the interface
with IP address 192.168.1.38. The computer with the IP address 192.168.1.37 did
not allow the name to be claimed by this computer.

14

I would recommend that you delete the e-mail address or you will get a lot of spam - modify your post and remove it

15

Do you have networked computers ? http://www.chicagotech.net/troubleshooting/eveny4321.htm

16

no i have a stand alone home pc wired, got an ipad on the wireless network but it doesnt match the ip in that text

17

It could be the Ipad as it will have its own IP address - try it with the Ipad disconnected