NEWBIE NEEDS HELP
My Windows XP started acting strange , so I ran a Virus scan and PAID Malwarebytes
Avast found an infection, then did a boot scan and found 3 corrupt files.
I am lost
Why didn’t Avast catch the virus before it got to my HD ???
HELP
What was it that Avast found ? I.e. File name and location
Why didn't Avast catch the virus before it got to my HD[b]NO[/b] security program have 100% detection..... and there may be many reasons why this was not detected, we may find out when you answer essexboys question
I am not much help, BU
I did a Quick Scan and Avast Found
C:.…\manager.JS
C:.…\mplayer_Setup.exe
Then Avast did a Boot Time Scan
Found
C:.…\browser.xul
C:.…\A0171302.exe
Not good at this Hope info helps.
Thank You
Bob T
OK one is in system restore and the remainder are PUP’s (potentially unwanted programmes) not viruses but adware type programmes
They can be removed if you so wish… You probably have a bit more adware on your system as well
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
OK I am off to try
Thank You
Bob T
Sorry , but it took my computer 5 full minutes to complete a START up
This is info requested
Thanks
Bob T
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\3em3vfs8.default\searchplugins\mywebsearch.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Documents and Settings\Bob\Application Data\BabylonToolbar
Folder Deleted : C:\Program Files\Babylon
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browsers] *****
-\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\ Mozilla Firefox v16.0.2 (en-US)
File : C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\3em3vfs8.default\prefs.js
Deleted : user_pref(“browser.babylon.HPOnNewTab”, “1”);
Deleted : user_pref(“browser.search.defaultenginename”, “Search the web (Babylon)”);
Deleted : user_pref(“browser.search.defaulturl”, "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[…]
Deleted : user_pref(“browser.search.order.1”, “Search the web (Babylon)”);
Deleted : user_pref(“extensions.mywebsearch.openSearchURL”, "hxxp://search.mywebsearch.com/mywebsearch/opensea[…]
AdwCleaner[S1].txt - [5486 octets] - [07/04/2013 17:06:17]
########## EOF - C:\AdwCleaner[S1].txt - [5546 octets] ##########
Reboot now and let me know how it is behaving
OK will do
OK
Did Restart Command at 526 on my computer clock
Started to reboot quickly
Then at 529 Clock froze up with hourglass on screen
Then at 533 Clock came alive and startup finished. Hourglass cleared and nowI can use computer
Computer act normal , ie I can do all functions etc.
Start up freezes for 4-5 minutes when trying to restart.
???
I have Pro Version of Malwarebytes on my machine
Bob T
That would indicate that a late loading device is taking a lot of memory
Could you reboot and immediately pull up task manager and see what process runs rampant
I can’t pull up Task Manager unit the Boot Completes.
As long as the Hour glass is on screen I cannot do anything.
Yes I have noticed useage of memory at 100% at times.
I will reboot and start Task Manager ASAP and see what I can catch/
Thanks Much
Ok Reboot took5 full minutes, BUT I got Task Manager to show at beginning of startup before it freezes.
Only Thing I notice is CPU Usage is 100% and at that trime mbamservice.exe is toggeling between 97-99
Not much help, but
Thanks
Bob
UPDATE
I removed malwarebytes from my Computer.
Did Reboot and kept waiting for my Wireless Icon (Monitor) in Bottom rt corner to appear. It never did.
BUT everything works. The Wireless is connected, but the icon is gone.
I hate to leave maleware off , so will reload it.
Is it possible Wireless software a cause ???
Will check in tomorrow.
Thank you so much for all the help. I am learning a lot
74 years old and computers are not my cup of tea [grin]
2nd UPDATE Reloaded my Wireless USB adapter Drivers.
Reboot took 1 minute
Did Clean install of Malwarebytes
Reboot took 5 minutes
Same result on Task Manager mbamservice.exe @ 99 and Mem usage 113,872K
I have 4 G of RAM on machine
Bob T
At Present I have disabled Malwarebytes from starting when Windows starts.
This has made booting up very fast
Bob T
Will check in tomorrow
Thank You
essexboy is in bed now…check back late tomorrow 
Hmm I have found a few instances where that occurs but they all appear to be system specific with no real resolution
When you did the clean install of MBAM did you run the removal tool first ?
Yes I did Run the Cleaner. It did not find anything else.
Basically I am running the FREE Version of Malwarebytes now.
I purchased the PRO so it would check in real time.
Where can i get a Program that will do this that will work ???
My Computer is running much faster than it was with Malwarebytes installed.
What I did is uncheck the START PROTECTION WHEN WINDOWS STARTS
Malwarebytes now states I am unprotected.
I did google this problem , it seems it is widespread with no solution.
Thank You for helping me here.
Bob Timms
I want to add that I have another Hard Drive that is a CLONE of this Hard Drive done 4 months ago.
When I went and turned on the Backup Drive , it too had Virus Advast caught. A totally different Virus, but a Virus
I let it go to the Chest, then did a Boot scan.
I have not used the Backup Drive since . It is shut down in my bios.
Once I feel safe with this Hardrive I am running I will go back and look at the backup Drive for furthur Problems.
I will run the Cleaner on it also. and see if Malwarebytes is effecting that one too
What do you think of “BITDEFENDER 2013” ?
Will this work better than what I now have?
It is rated Higest !!!
Thanks
Bob T
That is a full antivirus suite and not an antimalware package. So you would have to remove Avast… And the highest rated is subjective, it depends on the site visited and whether or not they get a kick back ;D
http://www.av-test.org/en/tests/home-user/windows-7/novdec-2012/
Thank you VERY VERY much.
I truly appreciate the help received here.
My Computer seems to be running very good with Malwarebytes disabled to run LIVE in background.
Would prefer to have it ON but not much choice.
Regards,
Bob T
To be honest Avast gives a fairly good online protection, a once a week scan with MBAM will catch any oddballs