Is Laptop still infected?

Welcome to Major Geeks!

This may be happening because you really do not have enough memory to properly run Vista and you may be caching lots of things to hard disk. Your log showsInstalled

Code:

Installed Physical Memory (RAM) 1.00 GB 
Total Physical Memory 0.99 GB 
Available Physical Memory 180 MB 

I recommend three times the 1 GB you have. In addition, things you are running may be contributing to this. The below has been known to be a problem

It does not look like you are having malware problems but let's run a couple more scans to be sure.


Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

• TDSSkiller - How to run

• Be sure to attach your log from TDSSKiller

Now please also download MBRCheck to your desktop.

See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

 

There were instructions in step 4 of the READ & RUN ME. The below was given

You MBRcheck log shows the belowpossible problem.

Code:

      Size  Device Name          MBR Status
  --------------------------------------------
     74 GB  [URL="file://\\.\PhysicalDrive0"]\\.\PhysicalDrive0[/URL]   Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E

Do you have your Windows Vista Boot DVD?

 

Well we will try some simple steps without the boot DVD and see if we can fix the MBR. Sometime we get lucky. But many times we do not. Let's start with the below.


Please download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post this log right now before continuing on with below.

Exit aswMBR and then Re-Run aswMBR

• Click Scan
• On completion of the scan, click the FIXMBR button
• There is a slight pause after clicking the 'Fix' button.
• Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
• Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.
  Note: After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
• Save the log as before and post in your next reply.

Now rerun MBRcheck and attach a new log from it too.

 

Looking better but I wanted you to do the below at the end of my last instructions

So please run it and attach the new log.

 

Okay this still shows an unknown MBR. If you are not having any malware problems, we will ignore this. So are you having any malware problems?

If you are having malware problems, this is the only thing I see to possibly be a problem and you will need a bootable CD/DVD to do this. Can you borrow a real Vista boot DVD from a friend just to repair the MBR?

 

Um.... See my first reply to you in message #2.

You need a Vista boot DVD to fix it anyway and there is no guarantee that it has anything to do with your problem.

If it is a full reinstall DVD not an upgrade disc then it may be a bootable disc. You would have to test it.

Any Vista DVD that is bootable should be able to be used to repair the MBR.

 

See what was posted in message # 12 of the below thread and see if you can get this CD to run.

whistler/black internet@mbr again!


This is for an older version of Hiren's CD but I would think the menus are still the same. Hopefully the problem is really with your MBR and this fixes it.

​

 

Yes.

 

That's okay. It is better than what you had.

Has it changed any behavior on your PC now?

 

Yes! Even if it does not completely solve your problem, you need more memory anyway. Vista cannot run efficiently with so little memory.

Let's do one more scan before final instructions.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

 

According to your logs, you have two antivirus programs installed:
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

You need to uninstall one immediately and since Ad-Aware is basically ineffective, I would uninstall it.

And inline with your performance issues, I suggest that you stop loading the below unnecessary stuff at startup. This is not malware, it is just a waste of system resources and you cannot afford this:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3728307304-2593972912-1515391872-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Luke')
O4 - HKUS\S-1-5-21-3728307304-2593972912-1515391872-1002\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Luke')
O4 - HKUS\S-1-5-21-3728307304-2593972912-1515391872-1002\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Luke')
O4 - HKUS\S-1-5-21-3728307304-2593972912-1515391872-1002\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Luke')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

 

I suggest that you use this >> Autoruns which is better for controlling more startups and services. You can easily test disallowing and reallowing things to run if you find you need them.

Since you are do not appear to be having any more malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!