I am not sure this is a virus problem but lately I have removed a virus, something like “openclose”, and I am not sure if the problem encounterd, which I describe below, is caused by something left by the virus.

My system is Windows XP Pro (OEM) updated to SP3
Avast Free Edition, Malwarebytes, SpywareBlaster, SuperAntiSpyware

When I try to open Component Services it hangs, rarely it opens but when attempting to open the COM+ node returns an error. Anyway as consequence asp pages do not run on my local server. Tried all Microsoft suggestions found on the net but no success.
Except this the computer seems to work ok when the connection is open but when I close it it seems the mouse has some problem like stop moving for a short time which makes me think of a system activity trying to connect (I may be wrong).
Note that the COM+ worked fine for long time but then appeared this problem, as usually the Micrsoft support doesn’t give any support, the most they can say is reformat.

Well it will be appreciated if someone could give me a clue or help if it is the case.
Attached an HiJackThis log file.

Thanks

can you post the Malwarebytes scan log ?

Hijack This looks ok

This is the log when it was detected and removed the virus I mentioned. If I scan now it looks clean.

can you also post the last scan log ? does not matter if it is clean

Ok I scanned right now.

yepp as i suspected, you are scanning with the old program 1.46 and with a very old database

latest program is 1.50 and database 5346

run update, it will then download and install the new program. when done run update again to download the latest database

Then run new scan and post new log

always update before you scan, Malwarebytes is releasing 5-10 updates a day
i guess you also need to update your version of Superantispyware ?

Here it comes

Are you still getting the problem ?

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in

[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT

[/b]

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Ensure the files are saved as ANSI and attach to your next post

Yes the problem is still there. Attached the files.

I can see the error being reported - but there is no explanation as to why. So I will have a look at your drivers next

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

.
THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

At the moment I am encountering some problem. After the fix process was complete the computer blocked then I reboot it manually.
I run the ComboFix, it installed the recovery console it started the scan but the computer is blocked again and the log files seems to be disappeared.
I will unlead to reboot.

These are the log files after the fix, I proceed with the ComboFix again.

Well it looks like the computer has some problem to work smoothly. I run again the OTL fix, this time when rebooting, after saved the configuration, blocked after appeared “disconnecting”, then I did disconnect the power lead.

After boot I execute the ComboFix but it hangs, after showing in the outoscan window the lines notifying about the scanning time it remains there with the flashing underscore but nothing happen and the computer is dead, also the time stops running.

I will wait for your reply.

Any suggestion?

Essexboy enters the forum late, he is just around the corner…

Could you try coombofix again - but from safe mode this time

If that fails again then do the following

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

I am currently running ComboFix in safe mode, should appear anything in the AutoScan window after the lines about the scanning time or only the flashing underscore? I can’t understand if it is running or not, there is only the flashing underscore, the clock stopped but the disk light is on.

It should run through steps 1 to 50 - is it doing that ?

No luck, it hangs also in safe mode, Dr Web does not download, tried many times but there is no file there. Also the connection to this forum is very troubled today. Feel like to kill my self.

have you tried downloading DrWeb from another computer, then put it on a usb stick and move it over ?