Malwarebytes finds nothing, but have something

[candys]

Internet explorer has been getting progressively laggier and sluggish so I ran malwarebytes and it found nothing. Over the course of a month it became unusuable, I looked at the running proccesses and found Cd_2somethingorother, ended it, and IE ran perfectly.


Logfile of Trend Micro HijackThis v2.0.2

[TimW]

If you want us to check your system for malware, please do the following:

READ & RUN ME FIRST. Malware Removal Guide

[candys]

Windows xp, 32 bit, service pack 3.

Malware bytes and SuperAntiSpyware found nothing, so not including those logs.(Was already using SAS to clean random junk out)

Mgtools won't work. I click on it and a black window flashes and disappears, than nothing. Can't find any advice on how to fix that.

Still having browser issues on restart. Google chrome doesn't lag, but it doesn't connect to sites. IE lags and has a lot of issues. I went into task manager, ended a lot of processes and was able to get chrome going. WMP still closes instantly.

[Kestrel13!]

I still want you to attach the logs from SUPERantispyware and Malware Bytes even if they did not find anything.

What happened with Combofix? Did you run that? If so attach the log please.
I understand MGTools did not work.

You need to run the below too now.

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run


Please also download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

[candys]

Combofix log is the log.txt file in second post.

So, all these scans are after i've ended the c2c.exe process with taskmanager to get google chrome working. Maybe something would show up if i scanned while that was running?

[Kestrel13!]

Quote:

Combofix log is the log.txt file in second post.

Okay, I missed that. You got the log from TDSSKiller too please?

[candys]

yeah

[TimW]

Please re-run TDSSKiller and fix these:

Quote:

08:01:06.0421 1760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:01:06.0421 1760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Attach the new log.

[candys]

okay

Edit: wth. it looks like it deleted the log where I removed that file. This is after scan after I deleted it i guess

Edit: Windows media player works again.

[Kestrel13!]

Quote:

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Can I have the Extras.txt too please? Thanks.

[candys]

mkay

[Kestrel13!]

Java(TM) 6 Update 21 <--- uninstall outdated java.

We need to run an OTL Fix

• Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
• Copy and Paste the following code into the textbox. Do not include the word Code

Code:

Code:

:otl
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
[2012/05/02 16:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/06/02 16:22:25 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21946148r
[2011/06/02 16:22:24 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21946148
[2010/07/08 18:23:54 | 000,004,866 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf
[2008/08/11 08:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]

• Then click the Run Fix button at the top.
• Click Image.
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. ATTACH that report in your next reply.

Reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6


Now run OTL again like you did in post # 4 and attach the log.

[candys]

The otl extra's text isn't appearing anywhere. IE still messed up and c2c.exe process still running.

Edit: Ran otl again and it only opens otl.txt after scan, no extras.txt to be found anywhere on my system - I ran a search for it.

[Kestrel13!]

Quote:

IE still messed up and c2c.exe process still running.

Give me the full file path to this c2c.exe please.

[candys]

Dunno how to do that, but I file searched for c2c.exe and nothing. Everything else seems to be working fine, but I re-tested it and when I end the c2c.exe process, IE immediately starts working. Google Chrome works fine, btw.

Edit: NM, found a way to get file path and im working on it.

[candys]

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

Looks likes it's skype, which would make sense - just got it a couple weeks ago.

On restart, IE worked fine even with c2c.exe running, but google chrome wasnt working. I ended c2c.exe and it instantly connected to webpage.

[candys]

I deleted skype and Both IE and Google chrome are working fine, c2c.exe is gone. No problems on the system now that im aware of.


Edit: Looks like one of my posts was eaten, but c2c.exe's file path led to skype.

[Kestrel13!]

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!