Still a problem!

2 Months ago I had all of my Microsoft Office programs decide they don't want to work. They try to start up but then I get the msg where 'Microsoft Word has encountered a problem and needs to close'. Also, my computer processing hovers very high - constantly between 60-100%. Glitches often (while typing this, the delay between when I type and when the text shows is noticeable and every 30sec-1min freezes for 10-15sec).

I originally thought maybe I had a virus. Ran BitDefender and it found a virus that I don't know the name of, but I looked it up and it looked pretty bad. Its purpose was to search my puter for all login/password and send them somewhere online and establish an FTP where someone can access all of my computer. BitDefender could not disinfect or delete so I found the locations and deleted the files myself. Then ran the MajorGeeks Read and Run First instructions. And I found no more infections. Problem still there though. That's when I decided to look to the Microsoft site for updates and saw SP3. Was hoping that it might fix some of my problems. Couldn't download it from the site without an error, so the Microsoft service people gave me a direct link. Tried that and it failed with a "data error (cyclic redundancy check)". I'm in the process with working on the problem with them, but figured you guys could probably help me better and more quickly! Anyway, attached are some of the needed files. Thank you!

Attached is most the info you were asking for...
There is no file named 'Svcpack.log' anywhere on my computer. I don't know if that's cause I have SP2 not SP3.

 

last log file

here's the 4th log file.

 

http://www.majorgeeks.com/images/grenade.gifWelcome to MajorGeeks.com!http://www.majorgeeks.com/images/grenade.gif


Pre-Instructions:

1. First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.
   
2. Print out these instructions or save them to a text file so that you can operate with All Browser Windows CLOSED.

Step 1:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Again, make sure ALL browser windows are closed when you click FIX.

Step 2:
Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Step 3:
Default Security Settings

To Default Security Settings:
For Internet Explorer 6 users:
Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up navigate to the Security Tab and click Default Level for the following:

• Internet
• Local Intranet
• Trusted Sites
• Restricted Sites.

Click OK to exit.

For Internet Explorer 7 users:
Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up, navigate to the Security Tab and simply click the "Reset all zones to default level" button. Click OK to exit.

Step 4:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Step 5:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

The form here for some reason will not let me click any of the buttons (including the attach paperclip icon). None of them. Don't know why. It worked fine before I did these steps. also, I had a few problems.

when HijackThis was finished and when it starts to automatically restart the computer, I got an error message saying "This program failed to initialize because windows is shutting down"

my computer still shut down, but got that error message first.

Then, upon restart, I got the blue screen. gave me the suggestions of
-check for adequate disk space
-change video adapters
-check with my hardware manufacturer for any BIOS updates
-disable BIOS memory options such as caching or shadowing
-etc.

Then, when I powered off and on again, it automatically went to the F8 screen. I selected "normal startup".

Then, when trying to reset zones to default the selection was grayed out so I couldn't do that.

THANK YOU guys for fighting such a good fight.

Ross

 

OK, so I am trying IE7 now instead of Firefox and I am now able to click the attach button.

My cpu processing is back down to normal and it seems like general response of everything is back too! woohoo!

 

So, I didn't realize before typing my last couple emails that Sunbelt Firewall did not start either when I restarted. So, I tried clicking on the .exe files to try to start it that way but it didn't work. I restarted my computer again, Sunbelt started, but the computer is running glitchy again (not as bad, but every couple min it will freeze for 10-15 secs). Processing power still normal though. Anyway, thought you'd like to know the latest. Thanks again,

Ross

 

First, look in Add/Remove Programs and uninstall My Way Search Assistant if found.

I'm curious about the below, did you install Sunbelt Firewall to this location?

I would recommend uninstalling Sunbelt from this location, rebooting and downloading a fresh copy and reinstalling to the default location.

 

Found no My Way Search Assistant

Reinstalled Sunbelt in default directory. When it restarted automatically, got an error popup

Logonui.exe - Application Error
the instruction at "0x00000000" referenced at "0x00000000". The memory could not be read.

I clicked OK to "terminate the program" (rather than debug), then a similar message popped up. Clicked OK. Then the above msg popped up again. Clicked OK. Then it tried to continue to start up and then went to a blue screen that said

STOP:c000021a {Fatal System Error}

with some other info. I powered off and restarted again. And everying loaded fine. Any cause for alarm???

Firefox still won't allow me to click any of the buttons on the form.

Other things are running much better. However, all of my Office programs are still not running and my computer won't allow me to download most of the Office suite updates or the SP3 update due to that cyclic redundancy error. any idea what that could be?? Thanks again!
Thanks.

 

It appears you more issues not related to malware so I would recommend at this point to post in the Software or Hardware forum.

 

well, I may have spoken too quickly as far as my internet speed working better. The cpu usage has gone way down still, but my internet is acting strange. About 1/2 the time I will click a link and it will not do anything. The bar at the bottem will stop and will not move for minutes - until i hit the back button, then click the link again, then it will go. Even if the screen doesn't change when I click the link, it will not let me click the link again. I have to go back to previous page, the go forward, then click the link, and then sometimes it will work fine, and sometimes I will have to start this process all over again. My internet never worked this way before our cleansing process. Thanks again for your help.

Ross

 

man, its gotten more and more often. 20% of the time, it will work right away. but 80% it Sometimes the blue bar will go just a mm and stop indefinitely, and sometimes much further - like now, the bar and the page will load almost all the way and stop forever. as I'm typing this now, the page is still not finished loading. its been over 10 minutes now (I left it on a while just to see). it says, "waiting for www.google-analytics.com". Thanks for your help,

Ross

 

Sorry to keep posting, but I keep having updates that I think might help you. Now, I am frequently getting "Bad Request (Invalid Verb)" pages when clicking on links. I still get the bar that stops, but now that one too.

 

Like I've said before, I don't think your problems are Malware related therefore I would recommend posting in the Software Forum.

 

Ok, I followed your instruction and posted the problems I thought you meant were computer related, but since this last one seemed internet related, I was still talking about it in here. Either way, Thanks for your help. I appreciate it.

 

You're Welcome!