Need some help

Dear,

Since last sunday my pc slowed down a lot. It looks like some type of infection. I performed the READ & Run but it stays very slow in running and booting and I doubt I worked properly the MGTools. I cannot double-click and I lost the desktop and W. tasklbar during the last 2 days. Luckily I recovered after the READ & RUN. Everything started when I did a backup of my pc but I don't know why or if it was just a coincidence. While I was trying to download some malware removal I think I got infected with sometype of Vundo but the VundoFix does not find anything. Platform: Windows XP SP2. I attach all the log files.

Can you help me?

best,
davit

 

Hi davit!
Welcome to Major Geeks!

Your computer is infected. You will need to do several things to start with.

1) Go to add/remove programs and see if you have a program or a player called UUPlayer. If so, please uninstall it. Your backups will all have to be scanned as well if they include files that were stored in or which used this player.

Next, you need to disable Spybot's Teatimer. This will block our fixes. To do this please do the following:

2) To begin with, please disable Spybot's TeaTimer. This can be done two ways.
First:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

or Second, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot

3) Now make sure that msconfig is set to normal startup mode. To do this, click on Start / Run and type in msconfig. In the window that opens up, make sure the normal system start box is checked. Click on apply and okay.

4) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates. GetLogs.bat is in the MGTools folder under C:\ (or the drive where your operating system is located). You can run GetLogs.bat by double-clicking on it. Be patient until it is finished. It takes about a minute to run and you will get the message to hit any key when it is finished to close the black cmd prompt window. Once it is finished and you have hit any key to close the black window, please return to the forum and use the manage attachments button to look for the logs. You will find the MGlogs.zip directly under C:\ (not in the MGTools folder). This zip file will be located just above the Superman icon on the right side of your screen in the list of files (below the folders) that are under C. Just upload the entire zip file. Do not extract anything from it. We want to see the whole zip file.

abri

 

Hi Abri,

thanks for answering. I did what you told me but in step 4 the cmd window just opens for a second and close straight away. Nothing else happens and no zip file is created. What can I do? Shall I remove MGTools and install them again? I remember you also that I cannot double-click so I have to approach the files and folders through right-click and open.

best,
davit

 

Hi again,
I reinstalled and run the MGTools and found the same problem. How should I proceed?

davit

 

Hi davit,

You have a fairly complex mouse. Can you borrow a wire mouse and see if it will run properly?

Were you able to run CCleaner? It should be installed. If not, please refer to the READ & RUN ME FIRST for instructions for getting CCleaner.


Now please do the following:

I will be asking you to disconnect from the internet and doing several steps while you are disconnected.

Let's begin here. If something isn't possible, just continue.

1) Can you run CCleaner? If so, please run it at the default setting with the Windows tab on top.

2) Next I would like for you to download The Avenger by Swandog46, and save it to your Desktop. Extract avenger.exe from the Zip file and save it to your desktop. We will run it later.

3) Now, please print out these instructions so you can disconnect from the internet. After you print these out, please shut down your computer and physically disconnect it from the internet. Then reboot and disable all antivirus and antispyware programs before you continue with the next steps.

4) Run HijackThis. Select Do a system scan only) and select the following lines:

02 - BHO: (something here) - {FE2B2F38-A100-43C1-9A75-D20F53562A59} - C:\WINDOWS\system32\mllmk.dll
02 - BHO: (something here) - {CE360B19-4ADD-46DB-A247-653CCDD5B288} - C:\WINDOWS\system32\geeby.dll

After you click fix, just close hijackthis.

5) Next, please run Avenger (which is on the desktop)

• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

6) Run CCleaner (again) at the default setting.

7) Reconnect to the internet.

8) Please run the three scans you first provided, ShowNew, GetRunKeys and HijackThis and attach the logs they produce along with the Avenger log.

newfiles.txt (ShowNew)
runkeys.txt (GetRunKeys)
hijackthis.log
avenger.txt


Let me know how things are running now?

abri

 

Hi Abri,

I'm almost done. I'm using the mouse of the leptop and the problem of the inability to use double-click started at the same time as the computer slowed down. At that time I besides the backup I was also updating itunes+quicktime software.

The pc is still running really slow, it takes more than 10min to boot and some time to run the programs. Here you have the avenger and combofix logs. When I'm ready with the avg and spybot I'll send it to you.

davit

 

Hi again,

the AVG has been running for 1hour and a half and still needs to run another half. It takes a lot of time the scanning. I guess there's something else in the pc that makes it run so slow. I hope that in 1,5 hour will be finished and send it to you.

best,
davit

 

Hi Abri,

here you have the HJT log. Spybot did't return any infection.

davit

 

Hi davit!
It's my day for syntax errors.

Please run Avenger again as in post #5 only this time use the contents of this box:

Then run CCleaner.

Hopefully the Avenger log will show them gone this time!

abri
[/B]

 

Hi Abri,

here you have the avenger log. The pc is still running very slow, impossible double-click.

davit

 

Hi Abri,

how should I proceed?

davit

 

Hi davit!
If Viewpoint Media Player is on your computer, please uninstall it via add/remove programs.

Then delete the following:
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

What does Protector Suite do?

Please see if you can install the following two scans:

Download GetRunKey.Zip and ShowNew.Zip from the below links and extract all files from both ZIP files into a folder of their own. You can extract both ZIP files into the same folder. Like C:\MGToolsAlt While these tools will run from your Desktop, we strongly recommend that you DO NOT extract them to your Desktop. Please install them where recommended. See if you can get logs for me so I can see what's going on in your computer.

• Using GetRunKey
• Using ShowNew

The above may or may not work. It may be the same problem that you had with the MGTools. In the meantime, I'm going to ask if there's a way around your not being able to use double click for the tools.

abri

 

Hi Abri,

The protector suite is a fancy finger prints recognition (type of log in password). It comes with the computer. I did what you recommended. Here you have both log files.

davit

 

Hi davit!
They didn't work, so I will have to get the tools expert in here to figure out what's amiss.
Thanks for being patient!
abri

 

Hi Abri,

Are there any news?

davit

 

Hi davit,

The tool expert (Chaslang) would like to know what errors you're getting when the MGtools doesn't run. He said it can be run by opening it as you've been doing. He would like to know if you are able to see an error when you allow the GetLogs.bat to run even if the window is opening and closing very fast. It would help to know if there's an error.

abri

 

Hi Abri,

when I run Getlogs.bat in C:\MGTools it opens a cmd window for less than a second and close down again without pop-ing up any error. You can see what it seems to be the following title below (but for Getlogs). The same happens for Getrunkey.bat

******************************************************************************
* GetUnKeys.Bat - © 08/11/2006 by Chaslang and ShadowPuterDude *
* Supports all Windows OS *
* 01/03/2008 Version 0.17 - don't show finished msg in script mode *
******************************************************************************
* The GetUnKeys.bat program retrieves the installed programs list from the *
* registry and puts it into a file named C:\MGtools\GetUnKey.txt *
******************************************************************************

Any idea how to solve that?
thanks for your attention, I appreciate that.

davit

 

davit,
When you do this with the MGlogs.bat, do you get the same kind of a heading? What does that one say when you right click on it and then open it to run it?
abri

 

Hi Abri,

I do not have any MGlogs.bat into the C:\MGTools folder. I just have Getlogs.bat. Should I have it? I'll try to download it again.

davit

 

oh, sorry! Yes, the GetLogs.bat. The tools work so. When you first install MGTools.exe, it installs to the root drive where your operating system is (usually C:\ ). Double click on the program and allow it to run. While it is running, it automatically runs the scans which produce the MGlogs.zip. When you re-run the scans to get the MGlogs.zip after this initial run, then you use the GetLogs.bat. So, yes, if you have to reinstall the tools, then double click on the MGTools.exe and wait until it is completely done before you look for the MGlogs.zip under C:\
If you already have MGtools.exe installed and there is an MGTools Folder under C:\, then in this case, run the GetLogs.bat and when it's all the way finished (takes about 1-2 minutes), look for the MGlogs.zip.

If nothing at all is happening, please try to note exactly what appears in the Cmd Prompt window before it closes.

Thanks so much!
abri

 

Hi Abri,

I reinstalled MGTools. Nothing happens when I make it run. The cmd window opens for just a fraction of a second so there's no way to know what does it say. It seems that it shows the title I wrote in the last quote. From the previous time I had the MGlogs.zip, I attached here.

davit

 

Hi Davit!

Please do the following:

• Download and save to RenV.exe to your Desktop (must be on the Desktop)
• Doubleclick RenV.exe
  • When finished, it will produce a new log named Log.txt on the Desktop.
  • Attach this log to your next reply.

abri

 

Hi Abri,

here you have the log

davit

 

Hi Davit

I want to ask you to try one last thing and then I'm going to turn you over to the master tool maker. Please go to start / run and type in cmd and hit okay.

In the window that opens up, it shoud look like C:\Documents and Settings\your name>

After the end of that line, simply type in C:\MGTools and hit the enter key. This is not supposed to do anything at all but give you an error message, however, for some reason on my computer it causes the program to run without my doing anything further. I'm still trying to work that one out.

If that gives you an error, as it should, please try the normal way, which is to change directories first by typing in cd C:\MGTools and hitting the enter key. Once you're in this directory, type in (or copy paste) GetLogs.bat and hit the enter key. Tell me if this works or if you still get the same blip of the black dos screen.

abri

 

Hi Abri,

First of all when I run cmd I'm straight in (C:\), nothing else (docum & settin/name...). I typed C:\MGTools and no error was shown, after a few seconds it repeated the fast open/close as before. Then I typed cd C:\MGTools and then GetLogs.bat. The message attached in the word file was shown.

After the GetLogs header it says:
'find' is not recognized as an internal or external command, operable program or batch file.

davit

 

but you didn't type find?
What is the doc? Is that a screen shot?

 

Hi,

No I didn't type find and yes the file is a screen shot of the cmd window with the GetLogs header and the 'find' sentence.

davit

 

Hi Abri,

Is there anything I can do?

davit

 

yes

Please do the following:

go to Start / Run type in cmd and hit okay
In the window that opens, type in the following
set > c:\env.txt

Now attach the C:\env.txt file.

 

Hi,

here you have the file.

davit

 

Hi chaslang,

thanks a lot for the support. Sorry for the late answer, I was out for a couple of days. I did what you said and the tool worked properly. Here you have the zip file.

thanks,
davit

 

Hi chaslang,

First of all I did all you wrote down but I couldn't find the following:

Symantec KB-DocID:2003093015493306

When I ran HijackThis I couldn't find the following:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

For the rest everything is done.

My PC mouse and external mouse cannot yet double-click. The computer is still very slow booting and processing initial commands. In conclusion I cannot perceive any improval in it.

Here you have the new MGTools.zip, I hope it's going to help.

best,
davit

 

Hi chaslang,

I am finished with the recommended tasks. I removed some software from my computer. I recovered the double-click my running C:\Drivers\Pointing\Apoint.exe (what I believe is the driver of my mouse) however I lose the double-click when booting again. It might be possible that the reason behind the slow speed of my computer is not malware, but it came suddenly, in a second. Booting takes like 10 min and the first time I open an item (right click, program, folder, file...) it takes quite long. On the other hand when I repeat the same action (opening the same folder, right-click mouse,...) it goes much faster, almost as it used to be.

Here you have the MGTools.zip file. If you have any other suggestion about the root of the problem just let me know.

Thanks for your help,
davit

 

Hi chaslang,

thanks for the info. The problem is that the time it takes for booting is previous to "log in" so I do not think that the problem is due to start up software. I removed some start up software and once logged in it takes shorter time but the windows starting process before login is pretty long. I added the mouse driver to the start up processes so now I have double-click right from the beginning.
Do you know what could be the cause?

thanks,
davit