Malware problems - did RRMF, attached logs

Hi:

I have an emachines t6410 running Windows XP SP3.

I have been having issues with my computer for nearly a week now, after recently having upgraded my memory (now 2G) and installed a video card with memory on board (1 G: formerly had integrated graphics and only 3/4 of a gig of memory!).

Ironically, I started having difficulties right away after the upgrade and hardware installation with getting my new MS updates to download correctly, particularly the Microsoft .NET, and I don't know if it was coincidental or not, but things seemed to settle down for aro 2 weeks, when I all of a sudden started getting MAJOR slowdowns after having had a nice, speedy "grace" period once I got everything sorted out with the new memory and hardware. I downloaded Iobit Malware, and it detected Funmoods in the registry entries, but that was it. I deleted them and then rebooted, did an Avast bootscan, and everything looked all right, but it was still slow. Decided to try one system restore to see if it was as a result of the driver updates and new programs I had installed for the upgrades, but that didn't help. Another scan with Iobit then showed Misleading.SystemRestore in the malware list, so then I started the R&RMF and the downloads. At first I could not get the RogueKiller to install (Message said it was not a valid Win32 application, so i proceeded to the MBAM install, which caused the computer to crash. Upon reboot it never brought up my start up programs, so I eventually used task manager to get it to shut down, where it hung for over an hour or more before I forced a shut down and did a safeboot. I ran the MB onward, and then decided to try to redownload Rogue Killer again from MG's, installed, and this time it worked. Ran that scan after the process had been completed, so I hope it doesn't effect the outcome too much?

Attached are the logs for the scans.... everything else proceeded normally.

 

My apologies: I tried to edit my response above to add my MBAM report, because the initial scan did show malware, but it didn't delete it or ask me to restart (and once I did, my computer is so slow I was timed out of the editing :cry). I reran the scan to be sure it COULD be deleted, and both logs are now attached here.

Thanks in advance for your time and assistance!

 

Ran MG tools analyse.exe, but was unable to check these two items because they no longer appeared in the register:
O4 - HKUS\S-1-5-21-4040081491-1042395676-2837990558-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mommy.)')
O4 - HKUS\S-1-5-21-4040081491-1042395676-2837990558-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Mommy.)')

When I deleted the software items listed, Software Version Updater did not appear in the Add or Remove Programs list, so I did a search for it and found the icon listed in the Orbit downloader file and deleted it (I don't make a habit of using Orbit downloader other than when my dancing daughter was downloading things she needed for her major in dance, just to keep things as safe as possible.... never used it to update my software, I always waited to be prompted by the distributor of the software itself).


Sun Java did not "validate" online after several attempts even after restarting and trying again, so I am going to go back now and see if I can get it to validate and if not, I may uninstall and reinstall to see if it will now work. Please let me know if you would advise otherwise?

Other than that, everything proceeded as you set out. Things are not looking any better yet - the computer is still being very slow and acting glitchy even after the last reboot. Is there a need for me to deactivate one of the malware programs I had to install during the procedure? I have Avast Free version, and now Iobit Malware and Malware Bytes Malware running on boot, so if that is part of the problem I can either stop one or both of them, or delete as you recommend.

Thanks again, Chaslang!

 

I am so sorry for the big delay. Things have gotten crazy and I have not had the time to actually do your questions any justice by really playing with my computer to see what was working better and what wasn't. Some things seem to be running a bit more quickly again, but it still does not seem back to normal....

Boot up (and shut down) is now looking better, but the time from the start page to utilizing email or browser (I am running Firefox, but both that and IE were painfully slow, somewhat improved since I followed your recommendations) is long and it is still slow to open those programs and respond to prompts. I timed it and it is taking about 5 minutes to get things loaded on my desktop, and then open my email which took another few minutes, and then I finally opened Firefox, and it is now almost 20 minutes later and things are just starting to run a little more smoothly. It seems if I don't shut down or restart, and keep just utilizing my word/email and browser, search functions, etc that things almost seem okay, but it is really rough and slow in the beginning. Task Manager is currently reporting 85-95% CPU usage right now, 20 or so minutes in, with most of the memory usage being Outllook, IE, FIrefox, Avast, and one of the svchost entries, of course, accompanied by taskmanager... so was Malwarebytes, but I temporarily exited that to try to help speed it up.

Things were about the same in Safe Mode.

For that short period from the time I noticed problems and prior to taking the abovementioned actions, the computer was vvery slow to load anything, do anything, and anything I tried to move, click on, etc., took forever (it seemed) to respond: you know, where you move a prompt or page and it looks like you spread a deck of cards across the screen? It would take so long to respond to a mouseclick I sometimes clicked again (which or course made it worse) because minutes would pass and nothing would happen or a program would not open. The scans I tried to run were taking hours and seemed to be scanning one item a second, pulsing like a heartbeat at 60bpm, instead of flying along. At least that is much better, but not "normal" for my computer prior to the morning I awoke to face all of this trouble.

We are on cable, using a wired router.

As I booted this morning, I decided to run the bootscan again (Avast) because while I was under the impression I may have picked up a virus, I had difficulty getting Avast registered (I had, at that time. 11 days left to register, and when I tried to register it, it would not allow me to do it from the direct link, I had to request the code and enter it). Even then, it was being very slow to scan - on that first day it took over 10 hours to scan on boot). Well, though I had started to think we had things under control after following your steps, when I rebooted and did a boot scan, it took 6-1/2 hours to scan 80% of the files, before I gave up and exited to get back on and respond to your questions to help shed some light on the difficulties I am having.

"We did not ask you to install IoBit Malware Figher. You installed that on your own. Try uninstalling it to see if that helps. You were not really having true malware problem. It was just junkware. "

Sorry, didn't mean to imply that YOU had asked me to download Iobit, it was what I turned to based on recommendations on MG's when I was afraid that my Avast and Spybot might not be finding malware, so I downloaded that and it reported the Fungames and Misleading.System Restore, as previously mentioned. I just was inquiring whether they would be causing each other to slow down, and so deleted Iobit once I got your response.

I am relieved you have not found any malware, and am assuming the fungames is the junkware you are referring to (which, I am afraid, may have been downloaded with an update, because I cant figure out how it got on my computer and I am USUALLY the only one who does the updates). I am, alas, the most informed user (thanks to Geeks), but that just means I try to be cautious, not that I am foolproof!

I hope I provided the details you needed?

It is now almost an hour since I booted, and the CPU usage is still in the 90's.... something is not right I was hoping after things got going it would settle down.

Thanks for your patience.....

 

Firefox, taskmanager, system idle process are currently

 

Sorry, I didn't realize you needed to know the values since they are constantly fluctuating. When I was on last night, Firefox was utilizing aro 50 with task manager using aro 25-30 and system idle at 20-25 but now system idle has been fluctuating between 60-99 and taskmanager roughly aro the remainder of that (5-25 or so) with flickers showing IE, avast, or firefox, since I just got in here and haven't clicked on anything else this morning until now, so firefox is now at 50 and above with the others taking up the rest of that total in constant fluctuation.

Oh, and I forgot to add that my cable connection is DSL.

Should I submit my issue to the software forum, and need I mention the clean up we just did? Do I need to follow any steps to remove things we used for the prior steps, or the folder on my desktop that was created to remove potential malware/junkware? It is very strange that everything slowed down again after doing the avast bootscan, when it had started to look close to normal....

 

Followed your steps, and hope that I am not providing TMI, but want to be thorough, bolded the figures you actually asked for :

Used Admin Acct because "view processes from all users" was grayed out on my user acct.

On reboot 30 processes initially opened, went up to 36 without browsers and CPU usage was at 91-99% (Constant fluctuation) until soundman, jusched, QTTask, ctfmon, CCC.exe and MOM.exe loaded (what is MOM.exe - I noticed that only recently?) where the processes fluctuated only between explorer, avastSvc., task mgr, and system idle process (I monitored for over 12 mins).

During that time: taskmanager ranged from 18-22% for the most part, occasionally blipping higher, with system idle splitting the difference other than VERY occasional second-or-two-long interruptions for AvastSvc or System, or explorer.exe. At around 10 mins(!!) a pop-up message for MBAM interrupted to remind me that the trial period is now expired. CPU usage stayed in the mid to high 90's with an occasional blip into the 80% range. So, system idle stayed somewhere around 60-90+% for the most part swinging largely back and forth with task manager.

Opened IE (first attempt of double clicking rendered nothing after 6 mins so I tried again) Monitored for more than 18 minutes. 38 processes running now. Took almost 2 minutes to open a page. Monitoring showed the task manager initially ranging from 30-50% then settled down to more like 13-32%, with system idle process ranging from 63-99% to split the difference with tskmgr and IE, which just occasionally registered at 8, 11, and 25% for the most part, sometimes just flashing for a second or two and then returning to 00, and sometimes several changing flashes around those values, and then 30secs-1min later returning to 00. (there were only very occasional one or two second long interruptions from lsass.exe, AvastSvc.exe) IE was very quiet after a few minutes, with CPU usage by the end of that period looking more like 85-99%.

Closed IE and opened Firefox, 37 processes running now. Monitored for about 15 minutes when my computer went to sleep (was following directions not to use my mouse!) Firefox took less than one minute to open on the first doubleclick (which is pretty typical right now) and initially Firefox.exe (swinging between 25-99%) , AvastSvc.exe and task mgr were running (no system idle process) and CPU usage was 100%. 2 minutes in and task manager was registering ranges of 20-25% ( a little later it was more like 10-33%) and Firefox was registering occasional blips at 17, 20, 29 and 33% so system idle process swung between 57-99% for the most part AFTER things settled down in that 2 minute plus period of time. CPU usage was staying at 88-97% for the most part during that time after the initial 2 minutes. (Very occasional interruption for IE, system, jqs.exe.or lsass.exe).

NOTE: I did not shut down my computer yesterday so that I could see if things settled down after awhile, and they did. I did not see my CPU usage over something like 25-45% all day yesterday until I rebooted today even with several tabs open in Firefox, and Outlook also running. That means that from the time I booted up and posted to you the night before (aro 8pm), until somewhere midafternoon yesterday (but not by 8am when I responded to your post) things returned to somewhere reasonable, and i was able to browse and email and update within a pretty typical (for my old overloaded computer), reasonable amount of time. I don't know if that brings any illumination, because there were not other processes running that I could see to explain WHY it takes so long for my CPU usage to drop after a boot up (though I was on my user acct and the view processes from all users prompt IS grayed out)..

Just took one last peek at my task manager, and things look about the same now that I am only using Firefox with one tab open to respond to this post.

Hope this helps!?
Thanks for your patience.... you guys rock!:heart

 

Okay, had to edit this in case it is relevant: Just logged off admin act and logged on to user acct (since rebooting seems to render it so slow). Am currently running firefox with four tabs open, and have Outlook open as well, and my current CPU usage is at 4-21% max (more like 4-11%) and the system idle process is wavering between 80% and 90-something% and things are running as quickly as they normally do for my computer when it IS NOT having any difficulties. (the remainder being split of course between firefox and task manager with figures in the SINGLE digits).

 

Perhaps it is time to try a couple things. The first I would recommend is to uninstall all of the below:

Avast :eek
IObit Malwarefighter
Malwarebytes' Anti-Malware



I had already deleted IObit upon your earlier recommendation, so I downloaded some MS updates that came up (while I still had antivirus) and then followed your instructions to uninstall MAM and Avast. Unfortunately, CPU usage remained practically at 100% with almost NONE of it system idle as I proceeded through those steps, and after uninstalling Avast. Attached logs as you directed. Will be eagerly awaiting your next instruction because I dont want to be using my computer for email and stuff that I really need without any AV installed

Can't wait to find out why after a fairly lengthy period of time my usage finally looks more like yours, but it sure is slow getting to that point!

Hope you are able to enjoy Mother's Day with your family today. Thanks so much!

 

Sorry: should have verified that the zipfile actually had a chance to attach before I sent my reply.... sheesh this thing is so slow.

 

Ran and attached the files as requested (I believe combofix is attached with MGlogs but attached it separately just in case?) CPU usage is around 88-99% and the system idle is swinging between 00 and 80something right now, with lasass, system, taskmanager and firefox being the other values.... not really seeing an improvement, but I am not opening browser pages or email to test it since I am unprotected from virus right now.... Thanks again for your help.

 

Attached file as requested.... about to go install my Avast. Curious to hear what you are finding since it is not malware.... thanks!

 

Thanks chaslang.... I will post in the software forum after I finish reading the links you provided (I already checked my IDE port and it is set to DMA) to see what I can do about the Hardware Interrupts. Is it appropriate to link to this thread or quote your last response on this thread?

Also, should I do clean up now from the malware removal process? I still have all of the programs, logs, etc., on my Admin desktop in case we were to need them again.

I have been considering doing a clean reinstall of my computer in June, just wanted to complete reorganizing my voluminous music files and backing them up as well as a last ditch effort to take an Outlook file from an earlier restore and attempting to recover some lost email contacts before I do an overhaul. Would that help with this problem too? If so, perhaps I should just back up the files and try to restore that old outlook file first, and start over?

Thanks for all of your help!