Infected PC

I’d been redirected to this subforum. I’ve read through the sticky and have acquired the necessary logs and scanners. They’re attached to this post.

This was the original post I made; It was in the wrong section so I’m starting a new thread here with the scan logs:

http://forum.avast.com/index.php?topic=132779.0

Notes:
AdwCleaner did not generate log upon restart. I’ve included a “before” reboot scan and “after.”
I was unable to launch MalwareBytes. After hitting “finish” in the install, the install wizard window remained open and I had to close it with task manager. Running MBAM as administrator did not bring up a window. OTL and aswMBR worked fine.
As I can only upload four attachments, here is a link to my HijackThis log:

http://pastebin.com/uamzXxK9

OK Kaspersky is still running so we will remove that and do a clean install of Avast and then work from there

Download a fresh copy of Avast and AswClear to your desktop along with the Kaspersky removal tool

Download Uninstall Utility to your Desktop.
Download the correct version of Avast
Avast Free
Avast Pro
Avast Internet Security
Avast Premier

Download the Kaspersky removal tool from here http://support.kaspersky.com/common/service.aspx?el=1464

Disconnect from the net
Uninstall Avast via control panel

[]Run aswClear
[
]It will offer to reboot to safe mode … Accept that

https://dl.dropbox.com/u/73555776/aswclear.JPG

[*]Once it has rebooted to safe mode
[*]In the Select Product to Uninstall dropdown choose the version of Avast that is on your system.
[*]Press Uninstall
[*]Once complete reboot your system to Normal Mode

Run the Kaspersky removal tool
Reboot
Install Avast

Once completed could you let me know what problems you are having

After completing that yesterday I did see a few small improvements after removing Kaspersky, but for the most part all the big problems are still there. Running Avast in safe mode right now because normal mode is unbearable.

Current problems:
Still can’t run boot scan; I’m now able to restart the computer under “more details” with avast after scheduling now though.
I’m still seeing “not yet registered, 0 days of protection remaining” right after installing.
When I try to register I get “The AAVM subsystem detected a RPC error”
Update will not throw an error window but doesn’t seem to initiate.
Quick scan successfully initiates this morning but last night gave the “no available endpoints” error.

I’m going to try running in normal mode again now (which was working last night) though this morning the login screen was unresponsive the two times I tried.

OK it may be that Kaspersky prevented Avast from installing properly

Lets reinstall Avast

Download Uninstall Utility to your Desktop.
Download the correct version of Avast
Avast Free
Avast Pro
Avast Internet Security
Avast Premier
Disconnect from the net
Uninstall Avast via control panel

[]Run aswClear
[
]It will offer to reboot to safe mode … Accept that

https://dl.dropbox.com/u/73555776/aswclear.JPG

[*]Once it has rebooted to safe mode
[*]In the Select Product to Uninstall dropdown choose the version of Avast that is on your system.
[*]Press Uninstall
[*]Once complete reboot your system to Normal Mode
[*]Reinstall Avast


THEN

Run a fresh OTL scan for me please

Well, I got some mixed results. I followed your directions, uninstalled and ran the remover in safe mode, then reinstalled in normal mode. Upon first running Avast I noticed that while still sluggish, the overlay was working. Avast ran a first-time quickscan and updated itself which it hadn’t done before. I was also able to register the product. I decided to run a boot scan as I was pretty sure I had malware. The boot scan also worked and found about four infected java files. I opted to send all of them to the chest.

The problems started when I rebooted to normal mode again. I looked in the chest to see nothing. The boot scan wasn’t listed under the scan logs. I also noticed a lot of problems I was having before were present again (endpoint mapper error, product has 0 days left of protection left even though I had just registered it for a year, etc).

I will now scan again with OTL and attach the log.

-UPDATE-

I booted into safe mode again to check a few things. Certain problems with Avast are still there, but other problems seem to be gone. For example, I still need to renew my registration (“0 days remaining” at the top), BUT in safe mode I can see the stuff I quarantined in the chest. The boot scan still isn’t displayed in my scan logs though, only the startup scan, some quickscans, and a folder scan.

I’ve attached an image of my virus chest.

They all appear to be in the java cache bar one

Lets now clear the rest of the dross and see how it behaves on completion

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
O4 - HKLM..\Run: [132.exe] C:\Program Files (x86)\LP\229A\132.exe File not found
O4 - HKLM..\Run: [BKKK88fRZ9] C:\Users\Owner\AppData\Roaming\dwme.exe File not found
O4 - HKLM..\Run: [snnGG5aQH6dWKfL8234A] C:\windows\system32\AV Protection 2011v121.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
[2011/11/11 01:08:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\0404A
[2013/08/21 17:46:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\A2B04
[2011/11/11 01:07:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\c33oonGG4aH6sKf
[2011/11/11 01:21:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\cYo
[2011/11/11 01:07:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\kWWWJ77dEL8RZhY
[2011/11/18 01:15:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KwwwkUUVrlOtx0y
[2011/11/18 01:15:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OcSS11ibD3onGaH
[2011/11/18 01:14:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OhhhTXXqjUCeIBz
[2011/11/11 01:07:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\sPPP0yycS1iD3oF
[2011/11/18 01:15:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tDD22obF4pmG5Q6

:Files
C:\Program Files (x86)\LP

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

This is the log I received after running the fix and rebooting:

http://pastebin.com/YXHpFX6c

This is the log I received after I ran the quick scan with OTL:

http://pastebin.com/ngDgvvEx

Scans were completed in safe mode. I had to manually reboot. Computer is still slow (especially windows explorer).

You did have a lot of junk files on the system Total Files Cleaned = 5,583.00 mb
Also disc space is tight, MS recommend at least 15% free space Drive C: | 272.00 Gb Total Space | 29.72 Gb Free Space | 10.93% Space Free | Partition Type: NTFS

Next could you uninstall any programmes that are no longer used freeing at 10Gb of data and then run the disc defragmenter

Let me know if that improves the speed

Will do, I’ve been meaning to clean it out before getting hit with these issues. I’ll post back when I finish defragmenting, probably in a couple hours if the computer stays responsive. I’ve had to be very patient with it in normal mode. Would you recommend running Advanced System Care?

In a word … No in my opinion most programmes like that are just snake oil. Generally clearing temps running a defrag is all that is needed

Well I’m defragging my C drive now but since my computer has a defrag scheduled weekly things are pretty unfragmented already. I analyzed my C drive prior to defragging and it said it was about 1% fragmented.

It’s still pretty sluggish. The most noticeable stuff would be launching chrome and the windows start menu. Though using the control panel to uninstall programs was fine, markedly improved from a few days ago when I was trying to use it to uninstall Avast.

In your case it is not so much the amount of fragmentation but the lack of space to shift files around on the disc. Did you manage to free some space

yes, I have about 90 gigabytes of free space now. Did some cleaning up in my steam library. :slight_smile:

So we are looking at slow Chrome and the start menu with most other bits working OK ?

yeah, that’s what I’m seeing so far.

A quick question before I proceed : Do you experience the same problems with Firefox or IE

yeah, everything is extremely slow. Both browsers took several minutes to start up. I’ve been using IE in safe mode before and it works pretty well. In normal mode it’s still pretty awful. At one point I had to restart because windows explorer crashed. It generally takes at least 20 minutes to boot up and become semi-responsive. I have gone through msconfig to limit startup programs.

-EDIT-

So I decided to log onto the other account I have on my computer. I don’t regularly use it, it’s just a fresh user account I made a few weeks ago. In both accounts I’ve noticed that I can launch skype (as in I can see the window) but the fields where you would enter your credentials to log in is blank and I’m listed as offline. The other account seems to run fine save one thing: I can’t launch chrome. I had some trouble with IE, but I could coax it to run as admin. Windows explorer runs with no major hangups. Right now I have task manager open and I can see four instances of chrome.exe but that’s it. I hope this helps!

OK lets try and organise the boot sequence and then run it from there

Download the windows development toolkit to your desktop
Run the Downloader, accept the various agreements and defaults that pop up
When you get to this page select “Windows Performance Toolkit” only

https://dl.dropbox.com/u/73555776/Wintoolkitselect.JPG

Then select install, it will now download the toolkit. Select the desktop as the download location
Once it has downloaded then close the window
Go to the Folder on your desktop C:\Users\your name\Desktop\Windows Kits\8.0\StandaloneSDK
Run SDKSetup to install

Now open an elevated command prompt :
Go Start > All Programs > Accesssories
Right click Command Prompt and select "Run as Administrator "

In the black box that opens type in the following command :
(Note : Copy and paste will work if so desired)

xbootmgr -trace boot -prepSystem -verboseReadyBoot

https://dl.dropbox.com/u/73555776/xperf.JPG

Now your PC will be restarted 6 times. After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster (for the description read what ReadyBoot is). The last Reboots are training of readyBoot. After the training is finished, you’ll notice a huge improvement in startup.

Note! DON’T USE OTHER DEFRAGMENTATION PROGRAMS AFTER THE OPTIMIZATION, USE ONLY THE INCLUDED MS TOOL, BECAUSE EVERY TOOL PLACES THE FILES AT A DIFFERENT OFFSET ON YOUR HDD, BECAUSE ALL TOOL THINK THEY KNOW IT BETTER!

nevermind, I got it; will post back after I run cmd prompt.