1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

xp becomes unresponsive

Discussion in 'Virus & Other Malware Removal' started by jayank, Apr 18, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. jayank

    jayank Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    11
    hi guys i have a nettop with xp professional sp3 installed on it now days i have noticed my computer to run slower day by day sometimes i am even unable to start as the taskbar doesnt even load at startup and computer becomes unresponsive. Here is the log file hope someone could help


    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 6:04:32 PM, on 4/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\eBoostr\EBstrSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Netbooster Client\Configurator\ventcfg.exe
    C:\Program Files\ZTE Dialer\bin\MonServiceUDisk.exe
    C:\Program Files\Netbooster Client\Client\ventc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Netbooster Client\squid\ventcsquid.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
    C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
    C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
    C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
    C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
    C:\Program Files\Netbooster Client\squid\ventcdnsserver.exe
    C:\Program Files\Netbooster Client\squid\ventcunlinkd.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    D:\DAEMON Tools Lite\DTLite.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Reliance Netconnect - Broadband+\Reliance Netconnect.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\74865.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VWJ83.tmp
    C:\WINDOWS\system32\quurulo.exe
    C:\WINDOWS\system32\quurulo.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    D:\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Netbooster Client\Configurator\ventcfg.exe -nomsgbox
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKLM\..\Run: [zyfoh] C:\WINDOWS\system32\mahebakoow.exe
    O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunServices: [zyfoh] C:\WINDOWS\system32\mahebakoow.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{32523D3B-D630-49A1-926E-A20FDB6E498D}: NameServer = 202.138.97.193 202.138.96.2
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - D:\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Backbone Service (iueofo60ytegyc) - Four-F - C:\WINDOWS\system32\lovawe.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\ZTE Dialer\bin\MonServiceUDisk.exe
    O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Netbooster Client\Client\ventc.exe

    --
    End of file - 13116 bytes
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    • Open HiJackThis
    • Click on Do a system scan only
    • Check the boxes next to ONLY the entries listed below (if still present):

    O4 - HKLM\..\Run: [zyfoh] C:\WINDOWS\system32\mahebakoow.exe
    O4 - HKLM\..\RunServices: [zyfoh] C:\WINDOWS\system32\mahebakoow.exe
    O23 - Service: Backbone Service (iueofo60ytegyc) - Four-F - C:\WINDOWS\system32\lovawe.exe
    • Close all windows except Hijackthis and click Fix Checked
    • Click Yes when prompted
    • Close HijackThis.


    NEXT


    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT


    Download GMER Rootkit Scanner from here to your desktop.
    • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


      [​IMG]
      Click the image to enlarge it


    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and post it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  3. jayank

    jayank Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    11
    sorry i was unable to send GMER Rootkit Scanner scan log as my computer restarted everytime i tried to scan my computer with it and when xp sarted it gave me a message that xp has recover from a serious issue so i think the problem is still not solved as i still see my sys a bit laggy
     

    Attached Files:

  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Yes, there are still infections to clean on your machine,

    please try and rerun GMER with just a checkmark beside "sections" and the C:\ drive, leave everything else blank, see if that helps, if not, try running it in safe mode.
     
  5. jayank

    jayank Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    11
    i tried to scan at normal mode but the windows shut down at safe mode it hanged. I think this is not gona work for me can u tell me something else that could help. i dont know how this thing came into my pc despite of a good antivirus and regular sys scans
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    OK,

    Lets move on.

    Please do the following:


    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  7. jayank

    jayank Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    11
    there's the report hope it helps i have also included the log file
     

    Attached Files:

  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    hi,

    We need to disable your CD Emulation drivers while we continue to clean your machine, please do the following;

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.


    NEXT

    Note: If combofix asks to install the recovery console, please ALLOW it to do so.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    http://forums.techguy.org/malware-removal-hijackthis-logs/917642-xp-becomes-unresponsive.html
    
    Collect::
    c:\windows\system32\mahebakoow.exe
    c:\windows\system32\dijouwacid.exe
    c:\windows\system32\lovawe.exe
    c:\windows\system32\kotourylun.exe
    c:\documents and settings\Administrator\Application Data\vuout.exe
    c:\windows\java\Packages\Data\B7PBD3L7.DAT
    c:\windows\java\Packages\08RDR771.ZIP
    c:\windows\java\Packages\Data\VH7713PJ.DAT
    c:\windows\java\Packages\Data\H7NTFLZ3.DAT
    c:\windows\java\Packages\Data\DRBDJB1V.DAT
    c:\windows\java\Packages\Data\BD7LJFFN.DAT
    c:\windows\java\Packages\Data\ZPRH39N7.DAT
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\zrmytpoyqihjhhf.sys
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dourah"=-
    
    Driver::
    ipalolya6b2g1
    iueofo60ytegyc
    jewfpwvypf
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"

    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
     
  9. jayank

    jayank Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    11
    I did it as u said these are the 2 files generated
     

    Attached Files:

  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following;

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so.

    NEXT

    Using Internet Explorer or Firefox, visit Kaspersky Online Scanner:
    1. Click Accept, when prompted to download and install the program files and database of malware definitions.
    2. To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View scan report at the bottom.
      [​IMG]
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
     
  11. jayank

    jayank Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    11
    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 4021

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/22/2010 4:12:39 PM
    mbam-log-2010-04-22 (16-12-39).txt

    Scan type: Quick scan
    Objects scanned: 104835
    Time elapsed: 14 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Zwangie (Adware.Zwangi) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zix (Trojan.Swizzor) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    The Kaspersky scan can take several hours.

    Please advise how your computer is running and if there are any outstanding issues as well.
     
  13. jayank

    jayank Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    11
    i did kaspersky scan it did not found anything
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    OK then,

    Please post a fresh DDS log and Attach.txt and advise how your computer is running and if there are any outstanding issues.
     
  15. jayank

    jayank Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    11
    now my computer seems to be ok but i can still feel that it takes more time to boot
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917642

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice