Adware_memwatcher

My pc has been slow of late and pages take a while to load.I have used Trend Micro housecall and it detected Adware_Memwatcher which i presume it removed but the problem still exists.Have run Spybot,Adware,Super anti spyware and also aRogue remover.Below is te Hijack this log.Look foward to responses from kind sould so i can regain my sanity!:cry

 

Hi alankew,
Welcome to Major Geeks!

Sorry for your computer troubles. I've removed your inline log and will attach it here as a reference. Please follow the instructions in the READ & RUN ME FIRST and attach the requested logs so we can see what's causing you all this trouble.

Thanks.
abri

 

In the read and run me first section it says "Uninstall ALL old Sun Java versions because they have vulnerabilities and then get updated. I presume i just got to the control panel to do this

 

Hi alankew,

Go to add/remove programs and uninstall all the old Java programs. The newest one, I believe, is Java(TM) 6 Update 5. If you have this particular one, all you need to do is uninstall all the other ones. If you do not yet have this one, then you need to also reboot your computer after you uninstall all the old ones and before you install the new one.

abri

 

Abri I have removed the Jave program and have also gone through the read me firts process but am having problems using the MGTOOLS file,I get the error message"failed tio initialise properly (0xc0000135).Click on ok to terminate the application,what should i do.Thanks

 

Hi alankew,

This error means that you do not have the Microsoft .NET Framework software installed from Microsoft Update. Go to your Windows Updates and see if you can find this and install it. You need it for many things besides the MGTools so it would be a good idea to install it anyway.

After this, try the MGTools again.
abri

 

Abri all done,hopefully below are the required logs,

 

Hi alankew,

I'm still missing your C:\MGlogs.zip file. Please find this as a file directly under C:\ You will find it located among the files just above the superman icon.

Based on the other logs, I see one folder that I'm not sure about. You can look at it and tell me what is inside the folder (do not open any files inside the folder - just tell me what kinds of things might be inside the folder)

C:\f130c39c52f635bdabb7

abri

 

Here is the missing file,not sure what you mean by "You can look at it and tell me what is inside the folder (do not open any files inside the folder - just tell me what kinds of things might be inside the folder)

C:\f130c39c52f635bdabb7".
When i clickon the folder it says it contains update.exe at 725kb and also wudfcustom.dll at 57kb

When i do a search to find this file,it tells me that it is an update file that was created on 3/4/08 at 7:58am but was accessed on same day at 7:46am?

 

Hi alankew,

Did you ever try going back to a restore point which preceeds the slowness you've had after this malware occurred?

I think the folder you looked into contains files having to do with a windows update. You have two more of these folders and I would like to make sure they do not contain malware either. Please check the contents as well. When I asked you to look in the folder but not to open any files, I meant not to double click on any of the files. This can cause certain types of files to run and if they are malware programs, you won't want them to run. Here are the two other folders. Just tell me again what kinds of files are in them.

C:\2a67c488a0bdfaddbb5fe1
C:\c6af4d5f566e5e2fdb1843d87862b6

Then I would like for you to do the following:

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
• It will create a folder named HostsXpert in whatever folder you extract it to.
• Run HostsXpert.exe, click Restore Microsoft's Hosts File and then click OK.
• Click the X to exit the program

3) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

After you click fix, just close hijackthis.

4) Now run CCleaner at the default setting with the Windows tab as the top one.

Let me know how your computer is doing.
abri

 

I have tried an earlier restore point but with no luck.I ahve uninstalled windows messenger and carried out steps 3 and 4.The 2 files are C:\2a67c488a0bdfaddbb5fe1,this is an update file and C:\c6af4d5f566e5e2fdb1843d87862b6 this says "%temp%dd_msxml_retMSI.txt.
I will let you know if anything has changed with regards to performance.Thanks

 

Still the same unfortunately.Pages are slow to load and sometimes take so long i press refresh

 

Hi alankew,

It's possible that the problems you are having appear to be related to the original virus, because around the same time you got that, you also installed a lot of software. You can run a rootkit scan if you would like by going to Alternate Scans. Scroll about halfway down the page where you'll find a list of rootkit scans and choose two of those. I recommend GMER and AVG Antirootkit. Attach the logs with your next post.

Also, please consider the following. Chaslang noticed that you installed all of the following recently. See what happens if you uninstall Sundbelt and Windows Defender. Does this help?

Let me know how this goes!
abri

 

Will give your suggestions a try however a few of the things i downloaded I only did so because I had a problem so pretty sure that they are not the cause(sounds as if I know what i am on about!lol)Not so sure about the Sunbelt firewall,this may have been installed when i started getting this problem.Have run the AVG rootkit and it detected no problems-as such there was no logfile.I have also uninstalled windows defender and sunbelt using add/remove programs.Did you also want me to uninstall the rest of these files

SUNBEL~1 17 Feb 2008 "Sunbelt Software"
WI4DF6~1 29 Feb 2008 "Windows Media Connect 2"
WIFD1F~1 3 Apr 2008 "Windows Defender"
WINDOW~2 16 Feb 2008 "Windows Media Player"
WINDOW~3 16 Feb 2008 "WindowsUpdate"
WINDOW~4 24 Feb 2008 "Windows Live Safety Center"
Problem still seems the same,particularly worse when using tabbed browsing(if this is relevant)

 

Hi alankew,
Try the rootkit scans also. As to the software, I was mainly thinking about the firewall and BitDefender.
abri

 

Abri tried running the AVGrootkit scan and it picked up nothing so i have uninstalled this and tried your other suggestion.GMER looks like it may have picked up something,maybe this is the cause?I am away from home from tomorrow so if it looks like i am not answering this is the reason.Thanks

 

Hi alankew,
Sorry I couldn't get back right away. Please run a check of your disk by doing the following:

Go to Start / My Computer
In the window that opens, right click on your C drive and select properties.
Click on the Tools tab
The first box is for checking the disk for errors.
Please run this and let me know if it finds anything.

Thanks.
abri

 

Abri have run the error checking facility and it picked up nothing(didnt say there were any errors to fix altough I did leave the 2 boxes unchecked,is this correct.Was there anything suspicious in the GMEr check.

 

Hi alankew,

The only thing in the GMER was this, which I think you saw

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior

This may be related to the below file which you can see was installed on April 9th. It has to do with copyright protection.

C:\WINDOWS\system32\drivers\"
acedrv05.sys Apr 9 2008 97792 "ACEDRV05.sys

If you would like to look a bit more for malware causes to the problems you're having, I would recommend going to Running BitDefender Online Scan and doing the scan there. You have to run it with Internet Explorer and Active X needs to be enabled. Be sure to read the instructions so that it will fix anything it finds and so it will produce a log which is useful for us. This is a lengthy scan and will include your archived data in the scan.

Also, please run Silent Runners and post the results.


abri

 

Abri I cannot see where to uninstall Java before i install the new version,have been to the control panel but it does not appear there,any ideas

 

Hi alankew,
So sorry! You don't have an old version to uninstall. Just install the new one.
abri

 

Abri here are the results of the Silent Runners program .Bitdefender detected no problems and as such did not allow me to create a log

 

Hi alankew,
The last scans didn't show anything that looks like malware. At this point, if you're still having loading issues, I would begin by uninstalling all of your protection software down to a minimum. You need to have a resident antivirus program running at all times and you can get by with the Windows firewall for a short period of time, but ultimately you need to have a two-way firewall. I know that Zone Alarm works well with Avast and AVG. Also; will ask you to uninstall all of the software and logs we had you put on your computer. See if this helps. Please do the following:

abri