Toshiba laptop - various issues

Discussion in 'Malware Help (A Specialist Will Reply)' started by john5657, Dec 15, 2010.

  1. john5657

    john5657 Private E-2

    Toshiba laptop running windows xp sp3.
    1.) IE8 is set to a home page (foxnews) - but comes up in a webweb123 (internet options only shows foxnews as a homepage)
    2.) Boot time is about 12-15 minutes - I've gone through the msconfig and deleted a bunch of stuff- but boot time is not much better.
    3.)the screen likes to switch from full screen to window mode when you tap the touch pad (not always, but if you tap the scroll bar for instance - it might scroll - or it might switch from full to window or from window to full) it will do this several times before it does what you are really trying to do.
    4.) audio and video are dead - I've tried remove and reinstall several times to no avail. (realtek HD audio) including downloading new drivers and reinstalling. I get an error code 39.

    I've run through the malware removal steps and I will attempt to attach
    the logs (superantispyware, antimalware, and combofix all found things to eliminate)
     

    Attached Files:

    john5657, Dec 15, 2010
    #1
  2. john5657

    john5657 Private E-2

    the other scans
     

    Attached Files:

    john5657, Dec 15, 2010
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    One of the very first instructions in the READ & RUN ME specified to make sure you do not have multiple antivirus programs installed. You appear to have ignored this. You have AVG2011 and Norton 360 installed and both are resource hogs. Pick which you prefer ( if either ) and uninstall the other immediately. Neither will probably uninstall properly since they almost never do.

    Then rerun MGtools and attach a new MGlogs.zip file so we can continue.
     
    Last edited: Dec 15, 2010
    chaslang, Dec 15, 2010
    #3
  4. john5657

    john5657 Private E-2

    I don't think it is really there. I downloaded it (AVG) - ran it and then tried to uninstall it. The computer locked up in the middle of the uninstall. At that point I was kind of stuck - I couldn't run the uninstall routine because some of it had been uninstalled. So I deleted the directory and ran the reg. cleaners to kill all the unattached dll's I could find. The computer still thinks its there- but it isn't - i think.

    reattached antimalware log - i think i attached the superantispyware log twice in my first post
    John
     

    Attached Files:

    john5657, Dec 15, 2010
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I assume you mean AVG?? If so we will remove it manually then.

    Not a good idea to do things like this as normally there are other methods of doing an uninstall.

    Also something to avoid unless you only select files and registry keys that you are absolutely sure belonged to AVG. Otherwise, stay away from registry cleaners unless advised by an expert on exactly what to do with it.

    I suggest that you uninstall below:
    Code:
    C:\Program Files\
REGIST~1      Dec  7 2010              "Registry Winner"
REGSCR~1      Dec  7 2010              "RegScrubVistaXP"
    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O23 - Service: AVG Firewall (avgfws) - Unknown owner - C:\Program Files\AVG\AVG10\avgfws.exe (file missing)
    O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
    O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)

    After clicking Fix, exit HJT.


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Dec 16, 2010
    chaslang, Dec 16, 2010
    #5
  6. john5657

    john5657 Private E-2

    Thank you. I will work through this procedure this evening.

    John
     
    john5657, Dec 16, 2010
    #6
  7. john5657

    john5657 Private E-2

    finished running the procedures. Logs attached

    I havn't deleted the two registry tools per your recomendation - mostly because I can't locate the uninstall tool for them. can't find the executable for that matter:-o
     

    Attached Files:

    john5657, Dec 16, 2010
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay they do not appear to be installed now but just have left overs. Will will remove them in the below fix. We have quite a few more things to remove from AVG.



    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip

    How are things are working now?
     
    chaslang, Dec 18, 2010
    #8
  9. john5657

    john5657 Private E-2

    Thanks for all the help!

    I will try to run the next round this evening if possible.

    the webweb123 start page is gone :) .

    having some issues with the touchpad - often times tapping on the scroll bar just toggles the screen from full screen to window or visa versa. sometimes tapping the touchpad to select something will do the screen toggle instead.

    boot time is still awful - I think it was 13 minutes when I booted the darn thing this am. Somewhere along the line I downloaded and ran bootvis out of curiosity - It seems to show several occurances where not much is going on - but the CPU is pegged at 100% useage for several minutes at a time.

    Audio is still out - realtek HD. (error 39) I have uninstalled and searched for new hardware several times - still shows the yellow icon of grief.

    John
     
    john5657, Dec 18, 2010
    #9
  10. john5657

    john5657 Private E-2

    next round of scan results
     

    Attached Files:

    john5657, Dec 18, 2010
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Like something you need to post in the Hardware Forum about.

    Another issue that could just be a Hardware Forum issue.


    This may be from what you are loading at startup and also possibly due to what happen when you had multiple security applications installed at the same time. I suggest that you first uninstall Norton 360 and then reboot. After reboot, run the below.

    Norton Removal Tool (SymNRT)

    Then reboot one more time and then continue with the below ( DO NOT reinstall Norton or anything else yet).


    Do you really need the below? If not then uninstall them.
    SweetIM for Messenger 2.8
    SweetIM Toolbar for Internet Explorer 3.6


    Now download TDSSKiller from Kaspersky to your directly onto your Desktop
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
    • Allow the application to run if prompted by Windows or any security programs you have installed
    • It will start the scan and run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    • Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

    Now we need to use ComboFix again
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Dec 19, 2010
    chaslang, Dec 19, 2010
    #11
  12. john5657

    john5657 Private E-2

    been away from this for a few days.

    uninstalled the sweetim stuff

    disabled norton 360 (daughters computer, she didn't want me to uninstall it)

    ran the requested programs.

    logs attached.

    RE: the hardware issues - plan on heading to the hardware forum when we get a clean bill of health here. I'm not sure if some, none, or all this laptops issues are malware related.

    Thanks for your help!

    John
     

    Attached Files:

    john5657, Dec 25, 2010
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Your logs are clean.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Dec 25, 2010
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds