Malware/Virus/Trojan problem-(appears serious)

Have you tried doing a system restore to before the issues started? Tell me exactly what happens when you try to run MGTools.

 

A likely reason you had problems running ComboFix and MGtools is due to AVG. I suggest that you uninstall AVG until we finish cleaning your PC. Otherwise you will have difficulty trying to do the below. Also you may just find, it is a major contributor towards your PC being slow.


Uninstall the below software:
Java(TM) 6 Update 14
Prevx

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O23 - Service: FJIBC - Unknown owner - C:\Users\Chris\AppData\Local\Temp\FJIBC.exe (file missing)
O23 - Service: FRYXYM - Unknown owner - C:\Users\Chris\AppData\Local\Temp\FRYXYM.exe (file missing)
O23 - Service: FVI - Unknown owner - C:\Users\Chris\AppData\Local\Temp\FVI.exe (file missing)
O23 - Service: GJMNVOT - Unknown owner - C:\Users\Chris\AppData\Local\Temp\GJMNVOT.exe (file missing)
O23 - Service: IRDNCOTZKP - Unknown owner - C:\Users\Chris\AppData\Local\Temp\IRDNCOTZKP.exe (file missing)
O23 - Service: IUEZK - Unknown owner - C:\Users\Chris\AppData\Local\Temp\IUEZK.exe (file missing)
O23 - Service: OBHZPCVSUAJ - Unknown owner - C:\Users\Chris\AppData\Local\Temp\OBHZPCVSUAJ.exe (file missing)
O23 - Service: POCR - Unknown owner - C:\Users\Chris\AppData\Local\Temp\POCR.exe (file missing)
O23 - Service: POGZBZQWTE - Unknown owner - C:\Users\Chris\AppData\Local\Temp\POGZBZQWTE.exe (file missing)
O23 - Service: T - Unknown owner - C:\Users\Chris\AppData\Local\Temp\T.exe (file missing)
O23 - Service: WMXERQHB - Unknown owner - C:\Users\Chris\AppData\Local\Temp\WMXERQHB.exe (file missing)
O23 - Service: WRVAHFMGM - Unknown owner - C:\Users\Chris\AppData\Local\Temp\WRVAHFMGM.exe (file missing)
O23 - Service: XSRTAMLECE - Unknown owner - C:\Users\Chris\AppData\Local\Temp\XSRTAMLECE.exe (file missing)
O23 - Service: YBHTJ - Unknown owner - C:\Users\Chris\AppData\Local\Temp\YBHTJ.exe (file missing)
O23 - Service: ZEXRVQM - Unknown owner - C:\Users\Chris\AppData\Local\Temp\ZEXRVQM.exe (file missing)
O23 - Service: ZXAYC - Unknown owner - C:\Users\Chris\AppData\Local\Temp\ZXAYC.exe (file missing)

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment
Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
c:\windows\system32\F72B.tmp
c:\windows\system32\8017.tmp
C:\Windows\System32\KPGPSLJDU

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You need to tell us how things are working.

 

Don't know what this is but you can ask about this in the Software Forum. This is software that is likely just slowing your PC down anyway like all the other junk Toshiba is loading which is why your startup is so slow. This is not a malware problem. You also need to increase your memory to 2GB if you want to have better performance. You don't even have the minimum we recommend for XP. Your logs show

Code:

Total Physical Memory 768.00 MB 
Available Physical Memory 194.01 MB

And your laptop is an older slower type laptop

Code:

Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~1396 Mhz 

You also have all the below loading when you startup.

So this is not a problem.

 

Download TDSSKiller from Kaspersky to your directly onto your Desktop

• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
• Allow the application to run if prompted by Windows or any security programs you have installed
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

 

Let's see if Combofix is still detecting infected system files ( like userinit.exe ). Please delete the current copy of ComboFix.exe from your Desktop and then download and run the current version: combofix.exe

Attach the new log.

 

Combo is not indicating any infection. Tell me what issues, if any, you are still having.