Cant access homepage

Discussion in 'Malware Help (A Specialist Will Reply)' started by scoobydoo1952, Sep 7, 2006.

  1. scoobydoo1952

    scoobydoo1952 Private E-2

    Hello Major Geeks,

    I am having problems trying to access my homepage. Instead of my homepage coming up, I get this link instead--my.porn-info.info. I have run all of the adware programs that you suggested. I have also run AVG and nothing turns up as well. I also seem to be suddenly getting some popups. The comp is running slowly as well.

    I have run the runkeys file and the newfiles programs and have saved the logs.

    I have tried to run the comp in safe mode but it wont go into it.

    Just let me know what you need and I will send it.

    Thanks

    Scooby
     
    scoobydoo1952, Sep 7, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

      • [*]runkeys.txt - the log from GetRunKey.bat
        [*]newfiles.txt - the log from ShowNew.bat
      • CounterSpy - ONLY IF you were not able to run Windows Defender
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    chaslang, Sep 7, 2006
    #2
  3. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas, Ihave downloaded and run all of the suggested programs. Enclosed are the logs that you requested.

    Scooby
     

    Attached Files:

    scoobydoo1952, Sep 8, 2006
    #3
  4. scoobydoo1952

    scoobydoo1952 Private E-2

    Hello Chas,

    Here are the other scans you requested.
     

    Attached Files:

    scoobydoo1952, Sep 8, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We did not ask you to install Bitdefender V8 antivirus. We said to run the online scanner. You violated step 3 of the READ ME when you did this! You also have Panda Antivirus installed.

    Uninstall Bitdefender & Panda Antivirus now and then reboot!

    Also do not run multiple HijackThis sessions:
    C:\ProgramFiles\HijackThis\HijackThis.exe <---- delete this file!
    C:\ProgramFiles\HijackThis\analyze.exe.exe

    Do you know what the below is for?
    MCCInstall"="D:\\Intro\\AA\\MCCInstall\\English\\MCCInstall.exe -Step=9 -Settings"

    Is drive D your CD ROM.

    Also what are the below files for:
    Are you sure that the below is not locking your home page to something you do not want?
    Norton Spyware Scan provided by Yahoo!"


    What is the below line for? Looks bad to me!!
    O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\Lynda\LOCALS~1\Temp\{67EEBBEC-9DB8-48C4-8D13-CC988664CC10}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" /SETUP:"/l0x0009"
     
    Last edited: Sep 9, 2006
    chaslang, Sep 9, 2006
    #5
  6. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas,

    Sorry that I downloaded the wrong Bitdefender and Panda. I deleted and rebooted.

    I then did the proper scans and are including the results in the message.
    I deleted the hijackthis file.

    I dont know what the next file is for.MCCInstall"="D:\\Intro\\AA\\MCCInstall\\English\\MCCInstall.exe -Step=9 -Settings"

    D is my cd rom drive

    I dont know what these files are for.
    C:\WINDOWS\
    bwunin~1.exe 2006-08-04 81920 "bwUnin-6.1.4.36-8876480L.exe"
    bwunin~2.exe 2006-08-11 118784 "bwUnin-7.2.0.157-8876480SL.exe"

    Also I am not sure what this file is for and can delete it if yO4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\Lynda\LOCALS~1\Temp\{67EEBBEC-9DB8-48C4-8D13-CC988664CC10}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" /SETUP:"/l0x0009"
    ou wish.
     

    Attached Files:

    scoobydoo1952, Sep 12, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.porn-info.info/? to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
    O4 - HKLM\..\Run: [MCCInstall] D:\Intro\AA\MCCInstall\English\MCCInstall.exe -Step=9 -Settings
    O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\Lynda\LOCALS~1\Temp\{67EEBBEC-9DB8-48C4-8D13-CC988664CC10}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" /SETUP:"/l0x0009"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O18 - Protocol: bw+0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {E96028FE-1F7E-480D-B62A-700C8877AD95} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.:
    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Now reboot in normal mode

    Now install the current version of Sun Java from: Sun Java Runtime Environment

    Then uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\Lynda\Local Settings\Temp

    Now attach new logs from HJT and from ShowNew (make sure you download and use the newest version of ShowNew).

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Sep 13, 2006
    #7
  8. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas,

    I have done everything you told me to do in the last post. Comp seems to be fine but is running slow. I am planning on getting more ram but comp used to be faster.

    Enclosed are the two logs you requested.
     

    Attached Files:

    scoobydoo1952, Sep 20, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Describe when it is slow:
    - during bootup
    - during shutdown
    - during browsing sessions
    - during ALL normal operations

    You have remnants of Panda Antivirus running which is wasting system resources.
    Is the Norton Antispyware stuff you install from Yahoo also a realtime blocking tool or is it just a scanner?

    Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Panda Process Protection Service ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

    Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

    PavPrSrv

    If you receive any error messages just ignore them and continue.

    Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

    Now re-run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    After clicking Fix, exit HJT.
    Now reboot in normal mode

    Delete the below folder if found:
    C:\Program Files\Common Files\Panda Software

    Now attach new logs from HJT and from ShowNew.

    Make sure you tell me how things are working now.
     
    chaslang, Sep 21, 2006
    #9
  10. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas,

    The computer is slow during all normal operations.

    Also since the first big fix i found out that i cant burn dvds. The burners are LG products. The message says that i havent got enough room on my hard drive, even tho i have over 8 gigs free, i also get a message that says that the drive or the disk is not ready. I have tried several disks.

    i got rid of the files that you asked me to get rid of.

    Thanks for the help

    Scooby
     

    Attached Files:

    scoobydoo1952, Sep 22, 2006
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is not a malware issue! I would suggest you free up more disk space though. You need temp space for all normal Windows operations along with temp space for bruning the DVDs. Whether that is truly the problem or not, I'm not sure but you need to make sure you have plenty of disk space for DVD burning.

    You used an old version of ShowNew to get the current log. You need to delete the old version and use the new version that you had used in your previous message; however, this time install it properly. You had it in your Temporary Internet Folder last time which is not a good idea. It is a Temp folder and will get erase when using an disk cleanup program.

    You PC speed problems are more than like not malware. It is probably just due to the stuff you are running and potentially low disk space for temp files. You should uninstall anything you don't need. Like perhaps the Yahoo & Google Toolbars. Do you really need them? Do you use MSN Messenger and Yahoo Messenger?

    But I would like you to try something. Click on Start, then Run ... type services.msc into the box that opens up, and click 'OK'. On the page that opens, scroll down to Automatic Updates... then right click the entry, select 'Properties' and click 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

    Now reboot and let me know if there is any change to your PC's performance.
     
    Last edited: Sep 23, 2006
    chaslang, Sep 23, 2006
    #11
  12. scoobydoo1952

    scoobydoo1952 Private E-2

    Sorry I didnt get back to you sooner. Computer was fine after your last post. But now I have two viruses, everytime I try to run the anti virus it freezes. Computer is constantly freezing. I have tried to run anti virus in safe mode but computer still freezes. Should I start a new thread.


    ScoobyLyn
     
    scoobydoo1952, Oct 12, 2006
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You can stay in this thread, but you will need to run all steps in the READ & RUN ME sticky thread and attach ALL the requested logs. Make sure you get the current version of programs like GetRunKey & ShowNew.

    It has been almost two months since you were last here and that is a long time in the malware world. Much could have changed on your PC. And since you never complete this thread last time, you never got the benefits of our final recommendations. It is a very bad idea to start a thread and not finish it. It is also not polite to the free help here. It can lead to your threads being ignored.
     
    chaslang, Oct 14, 2006
    #13
  14. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas,

    My computer wont run panda scan, spybot or bitdefender.

    I have ran runkey and shownew and hijackthis and am including these scans in this report/

    Windows defender reports that the computer is running normally.

    I ran ccleaner and cleaned all it suggested.

    Scoobylyn
     

    Attached Files:

    scoobydoo1952, Oct 20, 2006
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs do not show any problems!

    You said you have two viruses! How do you know that? Attach a log that shows what you are finding. Perhaps you need to uninstall AVG, reboot, and then reinstall!

    When did these problems begin? Was it around Oct 6th which is when you installed CEDP Stealer 5.0 for Messenger ?
     
    chaslang, Oct 21, 2006
    #15
  16. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas, I have uninstalled AVG, rebooted and reinstalled. However I am still getting the same problem. It always stalls on a java file. This is the file that it freezes on. C:\\ProgramFiles\Java\ire1.5.0_081\lib\rt.jar.\sun\util\calender\zoneinfo.class I think most of the spelling is correct. I had this problem before I installed CEDP stealer.

    Adware programs are also freezing up the comp. Should I uninstall java and reboot and reinstall?

    Thanks

    Lyn
     
    scoobydoo1952, Oct 23, 2006
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Since Sun Java has updated again. I would recommend that you uninstall this version and then delete the C:\ProgramFiles\Java folder. Then download and install the new version from the same link I gave you in message number 7.

    Why are you running adware programs? Or did you mean to say something different?
     
    chaslang, Oct 25, 2006
    #17
  18. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas,

    I have deleted rebooted and reinstalled java, but i am still having the same problem.

    Also when I said adware programs I meant to say adaware. It also freezes on spybot and avg.

    The comp freezes during reboot as well as during use. Could I be having a hardware problem of some kind.

    I have no problem reloading windows if you think it best. I have a portable drive that I can put my files on.

    Sorry I have been long in getting back to you but I have had three deaths in my family since september.

    Thanks

    Scooby doo
     
    scoobydoo1952, Nov 4, 2006
    #18
  19. matt.chugg

    matt.chugg MajorGeek

    I'm sorry to hear about your family problems scoobydoo, chas is away right now taking a much deserved vacation. Its possible there is a hardware issue, or possibly some sort of memory conflict.

    Do you know if spybot and avg freeze on a specific file ? I've had a similair problem on my computer once where there were some bad sectors on the disk.

    Try running ChkDsk
     
    matt.chugg, Nov 8, 2006
    #19
  20. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Matt,

    avg freezes on this file--C:\\program files\cyberlink\sharedfiles\navfilter\clnavx.ax

    spybot freezes on this file--coolwwwsearch

    I have ran chkdsk
    The first time it froze and then i rebooted and it ran again. I think it ran successfully.

    The problem with freezing is still there.

    Any suggestions

    scooby
     
    scoobydoo1952, Nov 12, 2006
    #20
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Very sorry to hear about the deaths in your family!

    Your PC problems could be hardware related. Let's try one more thing.

    Open up Windows Explorer and right click on the hard disk drive and select Properties, Tools, and click the Check now box in the Error-checking section of the form. Then you select the two check boxes on the next Check disk options window and then click Start.

    Let me know how this runs!
     
    chaslang, Nov 14, 2006
    #21
  22. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas,

    I hope that you had a great vacation. I ran chkdsk, although it froze once, i rebooted and it ran the second time. After it was finished it said that the volume was clean. There are no bad sectors. So far this morning it has not froze. I will try to run avg and adaware and see what happens and will report on this later.

    Scoobylyn
     
    scoobydoo1952, Nov 16, 2006
    #22
  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Thanks! Yes it was great!

    Let me know if you are still having problems! If you do, it is more than likely a hardware related issue not malware.


    If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
    3. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    4. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    7. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    chaslang, Nov 16, 2006
    #23
  24. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas,

    The comp is still freezing. If the problem is hardware related what do you think that the problem is. Do you think that it could be the hard drive?
    I have noticed that when it freezes the light beside the power and reboot buttons either stays on all the time or goes completely off. How can I check to see what hardware problems I have?

    Should I try to reinstall windows?

    Scoobylyn
     
    scoobydoo1952, Nov 18, 2006
    #24
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Many different hardware problems could impact you so it is hard to say. Let's find out the answer to a few other questions:

    1. Does it freeze when you boot in safe mode and run in safe mode for awhile?
    2. Does it ever freeze if you do not connect to the internet (don't even open a browser)?
    3. If you uninstall Windows Defender and ZoneAlarm (don't operate too long without Zonealarm. Just run long enough to see if the PC still freezes.)
    4. Is there a specific sequence of things you can do that cause the PC to freeze.
    5. How much RAM do you have?
    6. How much free hard disk space and what is the total hard disk size?
    7. When is the last time you did are hard disk defrag?
    8. The following has been know in the past to cause problems. Is it really necessary to load this stuff from your ISP: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    Also run the below and attach the log!

    Using Sophos Anti-Rootkit
     
    chaslang, Nov 19, 2006
    #25
  26. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas,

    1. I ran the comp in safe mode for over a half an hour and it froze when I tried to run AVG.

    2. Does it ever freeze if you do not connect to the internet (don't even open a browser)?
    I played solitaire for a couple of hours and then it froze when I tried to run AVG.

    3. I uninstalled Windows Defender and Zonealarm. The comp still froze after when trying to run AVG.

    4. The comp freezes all the time when trying to run AVG or Adaware. It also freezes when trying to use links on a webpage. AVG almost always freezes on a java file. Adaware reported 7 infected files before it froze.

    5. I have 256 ram.

    6. I have a 40 gig drive with almost 9 gigs free.

    7. I did a disk defrag today and it completed.

    8. I deleted this program [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
     
    scoobydoo1952, Nov 22, 2006
    #26
  27. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas

    I couldnt get the comp to attach the sarscan so I am including it seperately.

    Scoobylyn
     

    Attached Files:

    scoobydoo1952, Nov 22, 2006
    #27
  28. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    At this point it really does not look like your problem is malware related. There is either a hardware issue of some sort or there is some other kind of deep rooted corruption in the OS that only seems to take effect during deep scanning. What this could be I don't know. But none of your logs are revealing anything of concern.

    You may have to resort to a reinstall. You could try an sfc /scannow (if we did not try that yet) (see: http://www.updatexp.com/scannow-sfc.html ) or you could also try a repair install. See one of the below:

    http://www.michaelstevenstech.com/XPrepairinstall.htm

    http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx
     
    chaslang, Nov 23, 2006
    #28
  29. scoobydoo1952

    scoobydoo1952 Private E-2

    Hi Chas,

    I have tried a reinstall and it did not work. I am taking the comp to a tech, he feels it could be anything from the ram, power supply or motherboard. Thanks for all your help

    Scoobydoo
     
    scoobydoo1952, Dec 4, 2006
    #29
  30. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome and good luck!
     
    chaslang, Dec 4, 2006
    #30

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds