malware or programs ?

Discussion in 'Malware Help (A Specialist Will Reply)' started by calmac, Apr 4, 2013.

  1. calmac

    calmac Private E-2

    Hi, im kinda new at this but i found a file on my machine called ichcop last week googled it went to a site did the removal process and i cleaned up a few things but not sure if i did it all or if that was the best way to do it. still having problems with my machine so i looked some more and found this site did some reading liked the process better than the last one so i went through the read me run me process now im sending the reports in hoping you guys can help.

    TY
     
    calmac, Apr 4, 2013
    #1
  2. calmac

    calmac Private E-2

    the problems i am having are IE freezing,hanging or not responding then recovering but running slow loading web pages takes a long time some times times out and doesnt load.
     

    Attached Files:

    calmac, Apr 4, 2013
    #2
  3. calmac

    calmac Private E-2

    sry for the mistakes im sure i have made some trying to learn the process here. here are the log files.
     
    calmac, Apr 4, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!
    You need to attach the logs from the below scans that were also requested in the READ & RUN ME.

    • RogueKiller
    • TDSSKiller
    • Hitman Pro
    • MGtools
     
    chaslang, Apr 6, 2013
    #4
  5. calmac

    calmac Private E-2

    here they are TY
     

    Attached Files:

    calmac, Apr 6, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall the below very old versions of Jav:
    J2SE Runtime Environment 5.0

    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Documents and Settings\HP_Owner\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}
C:\Documents and Settings\HP_Owner\AppData\LocalLow\DataMngr
C:\Program Files\ASK.COM
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\PC MightyMax 2013
C:\WINDOWS\temp\*.*
C:\Documents and Settings\HP_Owner\Local Settings\temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp]
[-HKEY_USERS\S-1-5-21-3432139161-2967614406-1206026367-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Assistant.lnk]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^HP_Owner.YOUR-F78BF48CE2^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.txt log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 8, 2013
    #6
  7. calmac

    calmac Private E-2

    Hi chaslang and TY

    the machine seems to be running much better not getting the page not responding anymore. it seems to hang from time to time but other than that its doing much better. it only has 1 gb memory.
     

    Attached Files:

    calmac, Apr 9, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Yes you really should upgrade to more memory. Another 2 GB would be recommended.

    Your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Apr 9, 2013
    #8
  9. calmac

    calmac Private E-2

    Hi Chaslang

    my machine is running good but i have two new problems now after the cleaning. its a HP DVD writer 640C
    my dvd writer isnt showing up anymore. i went in to device manager and unistaled it then reinstaled it it loads but gives a code 19 configuration in the registry is corrupt or missing files.

    the other thing is when i reboot i get SVC host.exe the instruction at "0x7c919af2" referenced memory at "0x00000010" the memory could not be written.
    click OK to terminate the problem or cancel to debug the problem.
    no matter what i do it keeps coming back.
     
    calmac, Apr 16, 2013
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    More than likely these issues are not from running the cleaning procedure. The are more likely due to the malware causing them. Hopefully you did not finish my final instructions which included disable system restore. You should not have followed those steps unless all was good. So my suggestion is to try using System Restore to go back to an old restore point and see if it cures your current problems. You had a restore point as far back as 4/2/2013 which was before you came here. So perhaps this is even an uninfected restore point.
     
    chaslang, Apr 18, 2013
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds