« previous next »
Pages: [1] 2   Go Down

Author Topic: I got some problems...suggestions welcome :)  (Read 7663 times)

0 Members and 1 Guest are viewing this topic.

asw301

  • Guest
I got some problems...suggestions welcome :)
« on: November 02, 2011, 10:35:52 PM »
I noticed my PC running slow, Avast was disable and would not restart. Also noticed some network connection problems and web pages were taking ages to load.

heres the report - any ideas?

will be attemptimg to get Avast to work...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8071

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

02/11/2011 21:34:11
mbam-log-2011-11-02 (21-34-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 361008
Time elapsed: 57 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\relevantknowledge\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\components\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os3D10.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os3D10.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os3D10.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os3D10.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os3D10.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os8F44.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os8F44.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os8F44.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os8F44.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os9B84.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os9B84.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os9B84.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~os9B84.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~osBC4.tmp\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~osBC4.tmp\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~osBC4.tmp\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~osBC4.tmp\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~osBC4.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~osBC4.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~osBC4.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\~osBC4.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\MSVCP71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\MSVCR71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\nscf.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files (x86)\relevantknowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I got some problems...suggestions welcome :)
« Reply #1 on: November 02, 2011, 10:38:09 PM »
How long has this been going on ?

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs
Logged

asw301

  • Guest
Re: I got some problems...suggestions welcome :)
« Reply #2 on: November 02, 2011, 10:52:25 PM »
thanks for the reply - am doing it now, can you explain?
Logged

asw301

  • Guest
Re: I got some problems...suggestions welcome :)
« Reply #3 on: November 02, 2011, 10:54:33 PM »
sorry to anweswer the question - noticed a real slowness in last 24 hours
Logged

asw301

  • Guest
Re: I got some problems...suggestions welcome :)
« Reply #4 on: November 02, 2011, 10:56:07 PM »
pc is very slow (2-3mins) to get connection on startup too, might just need an update though..
« Last Edit: November 02, 2011, 11:02:06 PM by asw301 »
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I got some problems...suggestions welcome :)
« Reply #5 on: November 02, 2011, 11:00:31 PM »
That is indicative of a rootkit at work but I will need the OTL log to confirm it
Logged

asw301

  • Guest
Re: I got some problems...suggestions welcome :)
« Reply #6 on: November 02, 2011, 11:03:45 PM »
shit i dont think i clikced all users on the scan....ill post it but will redo after finished...:(
thanks for help :)
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I got some problems...suggestions welcome :)
« Reply #7 on: November 02, 2011, 11:08:49 PM »
Attach the log you have and if necessary we will run the all users afterwards
Logged

asw301

  • Guest
ill run again with all users...
« Reply #8 on: November 02, 2011, 11:10:19 PM »
a
Logged

asw301

  • Guest
Re: I got some problems...suggestions welcome :)
« Reply #9 on: November 02, 2011, 11:12:48 PM »
extras?!
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I got some problems...suggestions welcome :)
« Reply #10 on: November 02, 2011, 11:15:40 PM »
Nothing of import there, I notice that you have Norton as well I would recommend that it be fully uninstalled.  What problems is Avast having ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Logged

asw301

  • Guest
Re: I got some problems...suggestions welcome :)
« Reply #11 on: November 02, 2011, 11:22:02 PM »
the all user file is too big to attach! email me at
« Last Edit: November 02, 2011, 11:28:11 PM by asw301 »
Logged

asw301

  • Guest
Re: I got some problems...suggestions welcome :)
« Reply #12 on: November 02, 2011, 11:27:11 PM »
 
Error - 19/01/2011 18:11:33 | Computer Name = Whiffles-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.34 for the Network Card with network
 address 00044B18D0E3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 19/01/2011 18:36:05 | Computer Name = Whiffles-PC | Source = bowser | ID = 8003
Description =
 
Error - 20/01/2011 17:52:50 | Computer Name = Whiffles-PC | Source = bowser | ID = 8003
Description =
 
Error - 23/01/2011 12:48:36 | Computer Name = Whiffles-PC | Source = bowser | ID = 8003
Description =
 
Error - 24/01/2011 17:18:02 | Computer Name = Whiffles-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP      :1d" could not be registered on the interface
 with IP address 192.168.1.38.  The computer with the IP address 192.168.1.37 did
not allow the name to be claimed by  this computer.
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I got some problems...suggestions welcome :)
« Reply #13 on: November 02, 2011, 11:27:28 PM »
I would recommend that you delete the e-mail address or you will get a lot of spam - modify your post and remove it
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I got some problems...suggestions welcome :)
« Reply #14 on: November 02, 2011, 11:28:52 PM »
Logged
Pages: [1] 2   Go Up
« previous next »