Virus on Both my hard Drives ????? Avast did not catch

[Bob Timms]

NEWBIE NEEDS HELP 
My Windows XP started acting strange , so I ran a Virus scan and PAID Malwarebytes
Avast found an infection, then did a boot scan and found 3 corrupt files.
I am lost

Why didn't Avast catch the virus before it got to my HD

HELP

[essexboy]

What was it that Avast found ?   I.e. File name and location

[Pondus]

Why didn't Avast catch the virus before it got to my HD

NO security program have 100% detection.....
and there may be many reasons why this was not detected, we may find out when you answer essexboys question 

[Bob Timms]

I am not much help, BU
I did a Quick Scan and Avast Found
C:\....\manager.JS
C:\...\mplayer_Setup.exe

Then Avast did a Boot Time Scan
Found

C:\...\browser.xul
C:\...\A0171302.exe

Not good at this Hope info helps.

Thank You
Bob T

[essexboy]

OK one is in system restore and the remainder are PUP's (potentially unwanted programmes) not viruses but adware type programmes

They can be removed if you so wish..  You probably have a bit more adware on your system as well


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

[Bob Timms]

OK I am off to try
Thank You

Bob T

[Bob Timms]

Sorry , but it took my computer 5 full minutes to complete a START up
This is info requested
Thanks
Bob T

# AdwCleaner v2.200 - Logfile created 04/07/2013 at 17:06:17
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bob - BOB-13ADC5C039D
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bob\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\3em3vfs8.default\searchplugins\mywebsearch.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Documents and Settings\Bob\Application Data\BabylonToolbar
Folder Deleted : C:\Program Files\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\3em3vfs8.default\prefs.js

Deleted : user_pref("browser.babylon.HPOnNewTab", "1");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]

*************************

AdwCleaner[S1].txt - [5486 octets] - [07/04/2013 17:06:17]

########## EOF - C:\AdwCleaner[S1].txt - [5546 octets] ##########

[essexboy]

Reboot now and let me know how it is behaving

[Bob Timms]

OK will do

[Bob Timms]

OK
Did Restart Command at 526 on my computer clock
Started to reboot quickly
Then at 529  Clock froze up with hourglass on screen
Then at 533 Clock came alive and startup finished. Hourglass cleared and nowI can use computer

Computer act normal , ie I can do all functions etc.

Start up freezes for 4-5 minutes when trying to restart.



I have Pro Version of Malwarebytes on my machine

Bob T

[essexboy]

That would indicate that a late loading device is taking a lot of memory

Could you reboot and immediately pull up task manager and see what process runs rampant

[Bob Timms]

I can't pull up Task Manager unit the Boot Completes.
As long as the Hour glass is on screen I cannot do anything.

Yes I have noticed useage of memory at 100% at times.

I will reboot and start Task Manager ASAP and see what I can catch/

Thanks Much

[Bob Timms]

Ok Reboot took5 full minutes, BUT I got Task Manager to show at beginning of startup before it freezes.

Only Thing I notice is CPU Usage is 100% and at that trime mbamservice.exe is toggeling between 97-99

Not much help, but

Thanks
Bob

UPDATE

I removed malwarebytes from my Computer.
Did Reboot and kept waiting for my Wireless Icon (Monitor) in Bottom rt corner to appear. It never did.
BUT everything works. The Wireless is connected, but the icon is gone.
I hate to leave maleware off , so will reload it.
Is it possible Wireless software a cause ?
Will check in tomorrow.
Thank you so much for all the help. I am learning a lot
74 years old and computers are not my cup of tea [grin]

2nd UPDATE  Reloaded my Wireless USB adapter Drivers.
Reboot took 1 minute
Did Clean install of Malwarebytes
Reboot took 5 minutes
Same result on Task Manager  mbamservice.exe @ 99 and Mem usage 113,872K
I have 4 G of RAM on machine
Bob T

At Present I have disabled Malwarebytes from starting when Windows starts.
This has made booting up very fast
Bob T

Will check in tomorrow
Thank You

[Pondus]

essexboy is in bed now.....check back late tomorrow   

[essexboy]

Hmm I have found a few instances where that occurs but they all appear to be system specific with no real resolution

When you did the clean install of MBAM did you run the removal tool first ?