[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
I never up’ed to SP3 because some of my programs became unstable. Not to mention the OS seemed to run a little harder… .I don’t know why… so instead of going SP3 I just get all the other updates. Because SP3 is basically a newer version of explorer.exe and other system files but the updates covers most of them… Just missing some parts of other security features in SP3 are made up with my avast. I could try SP3 again… To see how it would work again but I can’t quite entirely remember how it worked with my current configuration.
Here is the attached new log from Combofix with the custom script dragged into the executable.
We definitely need to update, but we will do that after we get your system more stable. It is very important to keep your Windows operating system up to date…if not, the older software are just waiting to be infected along with the rest of your system.
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
P2P - I see you have P2P software Limewire and uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a “safe” P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.
Malwarebytes
I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
Please run a free online scan with the ESET Online Scanner [i]Note: You will need to use Internet Explorer for this scan[/i]
[*]Tick the box next to YES, I accept the Terms of Use
[*]Click Start
[*]When asked, allow the ActiveX control to install
[*]Click Start
[*]Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
[*]Click Scan (This scan can take several hours, so please be patient)
[*]Once the scan is completed, you may close the window Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner[b]log.txt
[*]Copy and paste that log as a reply to this topic
In your next reply please attach the logs made by Malwarebytes and ESET online scanner.
I realize the majority of the dangers of P2P software and despite that i use a legit Utorrent software, I do everything with the knowledge I have to ensure I don’t get wares from such p2p software… I have only once downloaded something with uTorrent that was a fake and my avast detected it and aborted the connection. I’m thankful enough to such anti viral software such as avast.
But Limewire… was another p2p that I uninstalled a year ago… There is no program file information on it on this drive… I checked my remove programs and files list… in windows… and I don’t see an uninstall shield for Limewire… I Don’t understand why it’s still present somehow on my PC… perhaps the uninstaller didn’t remove keys from the registry hives?.. Is there any way to get rid of the rest of limewire? …
One thing that really shocks me is that… There is some legit software from Avanquest… That is being found bad on the ESET scanner… Which really has me nervous now… I paid a lot of money for that software… and it’s bad?
Take a look at the scanner… And also the malwarebytes scanner picked upa PUM mod for my start menue for log off… Why would it be doing that? No matter how many times I remove it… it comes back… and i noticed when I select to get rid of the malware my Log off button in the start menue vanishes… so I have to config the Menu bar to bring it back… Then when I scan again… Malwarebytes detects the same PUM again… Is this a false positive? or is there something in the registry that is maliciously coded by an unknown infection that not even avast can detect? It just started happening after a Malwarebytes update just five months ago…
P.S : I traced the the origin of the infection that got onto my computer… it was via Firefox due to the fact that each separate profile on Windows XP … has it’s own cache and profile set up in Firefox for each Windows Logon user… In the documents and settings folder under Guest… there was an infection detected originally in the cache and temp files that came from Firefox… That was neutralized via Avast and Malwarebytes scans.
I know also am 100% it was due to the guest account because it was the first detection that Avast found when a guest came to my computer to use it. It wasnt on my account or any other account in Windows XP.
ok… I have noticed… that right after I did that ESET Scanner online… Scan… My PC has been really getting slow bad now. I don’t know why…
Another thing… During startup I see the select operating system configurations start up in the Boot.ini … Now I have a selection for Windows XP Professional and then " C:\CMDCONS\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons" , then another for do not select this" /debug . … .
When this process fix is done… Will the Debug selection disappear and be uninstalled from my computer?
So when is you system getting slow again? Is it just when working with programs on your system or while on the internet? Let me know exactly what you are experiencing.
The entries that you see on startup are normal since we added the Recovery Console.
It just got slow for about 39 mins… It’s ok now… I think. .It doesn’t seem really slow anymore… Anyways that was the final log… Is there anything else that needs to be done? and that Debug. … theres two… theres the Recovery console… and then there’s a different one called “UnsupportedDebug=“do not select this” /debug” It’s a different selection.
What is the next step after this? Awaiting instructions.
Thanks in advance.
It was both… Not the internet connection it self: the internet speeds are fine… It firefox… and among other programs too even windows explorer.exe And when I’m working with other programs too… It did it earlier today… In the morning… But now it’s not doing it: i haven’t noticed any lag in the actual operating system now…
Well all updates have been done… Only thing I didn’t choose to do was put SP3 into XP. I don’t know if I should do that or not… Might be kinda risky considering I’ve been having a different problem with my computer… RAM, HD or HD Cables are faulty. Been replacing parts and doing testing.
As far as the OS concerned is there anything else that needs to be done?
Again sorry for the late reply.
my sincere thanks to all of you for your support in this matter.
As far as the OS concerned is there anything else that needs to be done?
I am not seeing anything malware related in the logs you are providing. The only thing that I would highly recommend is that you upgrade to Windows XP SP3 as soon as you can.
there's a different one called "UnsupportedDebug="do not select this" /debug"
Something seriously just happened with my system!!!
It’s saying one of my hard drives messed up via windows debugging report to microsoft.
[i]Windows was temporarily unable to read your hard disk drive. We don’t know the exact cause of the problem. In most cases, this type of condition is momentary and doesn’t indicate a serious problem, but sometimes it means that a hard disk is failing.
[/i]
I know this is a viral malware forum… do you know any forums that can help diagnose which drive of mine is failing? I have three total hard drives on this system and I don’t know which one it is.
You can check the drives and see which one is failing using HDTune.
Please download HD Tune (the free version not the trial), run an error scan on your primary harddrive (full not quick) and report back if any blocks aren’t green. It tests your hard drive for bad sectors.
No it is actually becoming more chronic… Thing is… I don’t know how to identify the hardware codes to figure out which Hard drive it is… I only know it’s something as a hex decimal type that may ID the drives… that or has values of 0, 1, 2 … being I have three drives… I don’t know if that will say anything in the recent Debug Files I have from all the crash dumps… So far I have had 14 total crashes related to Hard drive issues…
thing is… if I knew which drive it was… I could fix the problem… see… theres no failed sectors in any of the three drives… they are all green across the board… and so I think it might be due to a bad power cable or a bad Data Cable to one of the three drives… but if I don’t know which one is having issues: Then I would be having to replace ALL cables which would put extra money out of my pocket…
As Far as the virus and malware is concerned… you all have helped me a great deal and I appreciate it… There is this other forums with savy techs that might be able to help me with the hardware issues… Do you know any good ones?..
Again thank you again so much for your assistance; you guys are amazing and gracefully helpful.
