Thanks for all your help. This is quite an involved process. I appreciate all your help.
I had a problem with the first instructions. When I "Browsed" for a file to scan it opened a browser window and said 0 bytes uploaded. So I read the instructions and they gave a couple more options to scan files. One was to send and email with SCAN as the subject and to attach the file, so I did that with the two files you had highlighted. The site sent me an email response for each file, which I will paste in below.
Then I downloaded and ran Combofix. Everything went smoothly, except I had to press OK a few times when my pc magazine utility Startup Cop Pro detected a change in the registry. The computer rebooted, I reactivated my McAfee virus protection and firewall, and I am using it to send this to you. I will paste in the report it generated below as well.
I hope that you can make sense of all this information and that we are gaining ground. Thanks again for all your help. It is much appreciated.
Regards,
Art
Complete scanning result of "lvuvc.hs", processed in VirusTotal at 03/14/2010 21:13:12 (CET).
[ scan result ]
a-squared 4.5.0.50/20100314 found nothing
AhnLab-V3 5.0.0.2/20100314 found nothing
AntiVir 8.2.1.180/20100312 found nothing
Antiy-AVL 2.0.3.7/20100312 found nothing
Authentium 5.2.0.5/20100314 found nothing
Avast 4.8.1351.0/20100314 found nothing
Avast5 5.0.332.0/20100314 found nothing
AVG 9.0.0.787/20100314 found nothing
BitDefender 7.2/20100314 found nothing
CAT-QuickHeal 10.00/20100313 found nothing
ClamAV 0.96.0.0-git/20100314 found nothing
Comodo 4262/20100314 found nothing
DrWeb 5.0.1.12222/20100314 found nothing
eSafe 7.0.17.0/20100314 found nothing
eTrust-Vet 35.2.7359/20100312 found nothing
F-Prot 4.5.1.85/20100314 found nothing
F-Secure 9.0.15370.0/20100314 found nothing
Fortinet 4.0.14.0/20100313 found nothing
GData 19/20100314 found nothing
Ikarus T3.1.1.80.0/20100314 found nothing
Jiangmin 13.0.900/20100314 found nothing
K7AntiVirus 7.10.997/20100313 found nothing
Kaspersky 7.0.0.125/20100314 found nothing
McAfee 5920/20100314 found nothing
McAfee+Artemis 5920/20100314 found nothing
McAfee-GW-Edition 6.8.5/20100313 found nothing
Microsoft 1.5502/20100312 found nothing
NOD32 4944/20100314 found nothing
Norman 6.04.08/20100314 found nothing
nProtect 2009.1.8.0/20100313 found nothing
Panda 10.0.2.2/20100314 found nothing
PCTools 7.0.3.5/20100314 found nothing
Prevx 3.0/20100314 found nothing
Rising 22.38.04.03/20100312 found nothing
Sophos 4.51.0/20100314 found nothing
Sunbelt 5883/20100314 found nothing
Symantec 20091.2.0.41/20100314 found nothing
TheHacker 6.5.2.0.233/20100313 found nothing
TrendMicro 9.120.0.1004/20100314 found nothing
VBA32 3.12.12.2/20100314 found nothing
ViRobot 2010.3.13.2226/20100313 found nothing
VirusBuster 5.0.27.0/20100314 found nothing
=================================================
Complete scanning result of "logiflt.iad", processed in VirusTotal at 03/14/2010 21:19:42 (CET).
[ scan result ]
a-squared 4.5.0.50/20100314 found nothing
AhnLab-V3 5.0.0.2/20100314 found nothing
AntiVir 8.2.1.180/20100312 found nothing
Antiy-AVL 2.0.3.7/20100312 found nothing
Authentium 5.2.0.5/20100314 found nothing
Avast 4.8.1351.0/20100314 found nothing
Avast5 5.0.332.0/20100314 found nothing
AVG 9.0.0.787/20100314 found nothing
BitDefender 7.2/20100314 found nothing
CAT-QuickHeal 10.00/20100313 found nothing
ClamAV 0.96.0.0-git/20100314 found nothing
Comodo 4262/20100314 found nothing
DrWeb 5.0.1.12222/20100314 found nothing
eSafe 7.0.17.0/20100314 found nothing
eTrust-Vet 35.2.7359/20100312 found nothing
F-Prot 4.5.1.85/20100314 found nothing
F-Secure 9.0.15370.0/20100314 found nothing
Fortinet 4.0.14.0/20100313 found nothing
GData 19/20100314 found nothing
Ikarus T3.1.1.80.0/20100314 found nothing
Jiangmin 13.0.900/20100314 found nothing
K7AntiVirus 7.10.997/20100313 found nothing
Kaspersky 7.0.0.125/20100314 found nothing
McAfee 5920/20100314 found nothing
McAfee+Artemis 5920/20100314 found nothing
McAfee-GW-Edition 6.8.5/20100313 found nothing
Microsoft 1.5502/20100312 found nothing
NOD32 4944/20100314 found nothing
Norman 6.04.08/20100314 found nothing
nProtect 2009.1.8.0/20100313 found nothing
Panda 10.0.2.2/20100314 found nothing
PCTools 7.0.3.5/20100314 found nothing
Prevx 3.0/20100314 found nothing
Rising 22.38.04.03/20100312 found nothing
Sophos 4.51.0/20100314 found nothing
Sunbelt 5883/20100314 found nothing
Symantec 20091.2.0.41/20100314 found nothing
TheHacker 6.5.2.0.233/20100313 found nothing
TrendMicro 9.120.0.1004/20100314 found nothing
VBA32 3.12.12.2/20100314 found nothing
ViRobot 2010.3.13.2226/20100313 found nothing
VirusBuster 5.0.27.0/20100314 found nothing
===============================================
ComboFix 10-03-14.03 - Art 03/14/2010 15:48:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1305 [GMT -5:00]
Running from: c:\documents and settings\Art\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut
- - End Of File - - 0F7BA9CBF36AAA7F85C31F4FFB2EBD64
Everything is looking fine so let's see if everything really is.
Step 1: Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the Internet Explorer section except Cookies
Clean all the entries in the Windows Explorer section
Clean all entries in the System section
Clean all entries in the Advanced section
Clean any others that you choose
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it
Clean all in the Opera section if you use it
Clean Sun Java in the Internet Section
Clean any others that you choose
Click the Run Cleaner button.
A pop up box will appear advising this process will permanently delete files from your system.
Click OK and it will scan and clean your system.
Click exit when done.
If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!
Step 2: Run Malwarebytes' Anti-Malware
Please start Malwarebytes' Anti-Malware by clicking the icon on your desktop or launching it from the start menu.
Go to the Update tab and click Check for Updates
If an update is found, it will download and install the latest version.
Once the program has updated, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Close the Notepad file.
The log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Step 3: Use Adobe Reader
You're using an outdated version of Adobe Acrobat Elements, which will undoubtedly contain security leaks.
I am not going to force you to update because it costs quite some money to do so, however I insist that you use an updated version for viewing online PDF files. For that please use Adobe Reader which you do already have installed. Adobe Acrobat Elements is fine for editing and creating PDFs yourself as that does not bring security risks.
Step 4: Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
First remove the older versions:
Click Start
Go to Control Panel
Go to Add/Remove Programs
Find and click Remove for each version of Java that is present
Sorry to be the bearer of bad news John, but I spent most of yesterday running Ccleaner for each user account, Malwarebytes anti-malware software, updating Java by cleaning out older versions and installing the latest version, and running Kaspersky. I'm pasting in the logs, but don't think there will be much useful information in them.
I realize that my copy of Adobe Acrobat Elements is OLD, but just kept it so I would have the capability of creating PDF files. I use the latest version of Adobe Acrobat Reader to view and print PDF files. That should be okay.
Should I uninstall WinRar. I think it is only good for 30 days or so and then they want you to purchase a license.
I rebooted a number of times, and I am still getting an error message that there is an unresponsive program, with a name that is always different and is only 3 characters long (usually a combination of alpha and numeric characters). I try to let Windows close it but it can't, so I press "End Now" (it says I will lose any unsaved information) and the reboot shutdown continues ok.
When the system comes back up, everything looks normal except for one minor thing. My little icon for the Intel/Wireless adapter in the system tray is white and it should be green. I checked it out and it says another wireless utility is communicating with the Intel Pro/Wireless adapter. To avoid conflicts, Intel's profile management features have been temporarily disabled. I checked for Internet connectivity by opening my browser and I was online, so just left it.
I haven't had time to use a number of other programs much, so am not sure how well they are working. I was having a few problems with Excel hanging before we got into all this, so tried working on a file in Excel to test it. The program loaded quick. However, while working in the file a few times I ran into sluggish performance. Once I copied a couple cells and it took about 15 seconds to write the information to the clipboard. The copy worked fine. Then I went to "save as" and it took about 30 seconds for the directory to come up. The save worked fine. Another time, I edited a cell, pressed enter and it took about 5 seconds before my cursor came back and I could do anything else. The spreadsheet doesn't contain anything complicated and is only 67kb in size, so I would have to say the performance in Excel is sluggish, but at least it works.
I had to use my browser a few times to access web sites (including this one) and everything worked fine. I used Word a few times and it seemed to work fine.
I used Adobe Photoshop Elements to download some photos from my camera, and that worked fine. It is sluggish at the best of times. I played around with some of the settings in Elements and think I got my backup/synchronization agent working to backup my entire photo catalogue of 33,000 photos, so experienced some very degraded performance after that. I’ve been struggling to get it working, so will have to wait a day or two and check to see if that worked or not. I set it to just backup when the system is idle.
My biggest problem is handling email, as that is probably the program I use most often. I use Outlook 2003. I was replying to an email and did spell check, everything working fine until I told it to ignore a word and then it hung. After waiting awhile I used Windows Task Manager to end the program. Windows detected the event and I sent them an error report. I reloaded Outlook and of course got the message it wasn’t closed properly. It took a minute to check my files and then came back. I had copied my wife on the email I was working on, and checked her machine and she received it. I tried a few more things in Outlook, like forwarding or replying to messages, deleting a few and every second or third one, the program would hang – I would close it in task manager and reload it until I got through my emails. Very frustrating.
I don’t know if you noticed but I have a PC Magazine Utility Startup Cop Pro loaded. I exported the configuration to an csv file format and will also try send that to you. It is probably easiest read by importing the data into a spreadsheet and adjusting the column widths to accomodate the data.
I’ll post in the logs below: (Hope I got everything you asked for.)
Regards,
Art
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, March 16, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, March 15, 2010 22:45:36
Records in database: 3808822
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Selected area has been scanned.
JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Mon Mar 15 20:32:31 2010
Found and removed: C:\Documents and Settings\Art\Application Data\Sun\Java\jre1.6.0_14
Found and removed: C:\Documents and Settings\Art\Application Data\Sun\Java\jre1.6.0_15
Found and removed: Software\Classes\JavaPlugin.160_05
Found and removed: Software\JavaSoft\Java2D\1.6.0_02
------------------------------------
Finished reporting.
==============================================================
Malwarebytes' Anti-Malware 1.44
Database version: 3871
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:29 AM, on 3/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
As you may have noticed the scanners did not find anything bad so this is my normal post for when you are clear - which you now are - or seem to be.
The problems that you still have all seem to be related to non-malware topics or not enough maintanance. Later on in this post I will give some recommendations on maintanance and for the problems that you still have I recommend that you start a new topic in the Computer Help subforum: Computer Help - Help2Go
The helpers there may be able to find out what is wrong with the help of event logs and other data which I am not specialized in.
WinRAR will keep working after the 30-day trial and almost everybody uses that expired version. The only difference between than and now is that after the 30 days you will get a popup when starting WinRAR that the trial has expired and it kindly asks you to buy the product. You can close that window and just use WinRAR then. So I recommend that you keep it installed as it important for extracting archives.
Now that you are clean, I got some tips & tricks for you to keep your computer clean and secure. The first few (like removing dangerous tools and Windows Update) have to be done, the others are optional (beginning with SpywareBlaster).
It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:
Uninstall tools - The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files.
Go to Start
Click on Run
Type ComboFix /Uninstall (Note: This command is case sensitive.)
After doing that with ComboFix, do this with OTCleanIt to remove the tools not removed by ComboFix.
If you get any pop ups asking if it is OK let the program proceed.
At the end the program will ask to let it reboot the computer. Let it do so.
You may delete any logs and other tools left on the desktop.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You can download it here: SpywareBlaster
Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial here: WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox << Most used, I use this one myself. Opera
Bookmark general cleanup link - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly, check (so now bookmark) this link for tips & tricks: What to do if your Computer's running slowly
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions here: Malware that you were infected with -- malwarecomplaints.info
Thanks for all your help John. My computer is behaving much better than before. I'm not exactly sure which remedies helped, but am just glad it isn't hanging on me all the time.
If I continue to have shutdown problems I will do a post on the other forum as you suggested.
LinkBack URL
About LinkBacks
Followup on John's instructions
