Another performance oddity possibly caused by malware.

[supraquanta]

I'm keeping these ones:


D:\My Documents\My Received Files\torrentfiles\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack

 

[katana]

I'm keeping these ones:


D:\My Documents\My Received Files\torrentfiles\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack

That is entirely your choice.
Unfortunately, it means I will no longer be helping you.

We do not support the use of illegal Pirated/Warez/Cracked software.

• This will clear your System Volume Information restore points and remove all the infected files that were quarantined
• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • 

You can also delete any logs we have produced, and empty your Recycle bin.

 

[supraquanta]

Ok I changed my mind. Lets delete the files, but then again the aforementioned issue with combofix is still present.

 

[katana]

Custom CFScript

Please delete the copy of ComboFix that you have and download an updated copy from one of the links below

• 
  
  ComboFix.exe 1
  ComboFix.exe 2
  ComboFix.exe 3
  
• You must download it to and run it from your Desktop

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  KillAll::
  File::
  C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe
  C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe
  C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
  C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe
  D:\My Documents\My Received Files\SteamKeycollection_1.1.rar
  D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
  D:\My Documents\My Received Files\torrent files\keygen.exe
  D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar
  D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
  
  Folder::
  C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem
  C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack
  D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

 

[supraquanta]

I dragged the cfscript to the combo fix executable after I disabled the internet connection along with all the security programs,and after it started running and scanning for folders, it stalled and stayed on that state for an unusual amount of time.An hour and a half later there was no sign of activity. Can I delete the files manually through safe mode?

 

[katana]

Let's try this instead



OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below.

:Files
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe
D:\My Documents\My Received Files\SteamKeycollection_1.1.rar
D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
D:\My Documents\My Received Files\torrent files\keygen.exe
D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

[supraquanta]

Here's the log:


:Files
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe
D:\My Documents\My Received Files\SteamKeycollection_1.1.rar
D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
D:\My Documents\My Received Files\torrent files\keygen.exe
D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack


OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10162008_071024

 

[katana]

I'm not sure what happened there, but that is not a log that OTMI3 should produce.

Please can you try it again.

OTMoveIt

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below.

:Files
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe
D:\My Documents\My Received Files\SteamKeycollection_1.1.rar
D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
D:\My Documents\My Received Files\torrent files\keygen.exe
D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

[supraquanta]

My apologies. I generated that log by accident.

Here is what appeared on the results.

:Files
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe
D:\My Documents\My Received Files\SteamKeycollection_1.1.rar
D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
D:\My Documents\My Received Files\torrent files\keygen.exe
D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack

 

[supraquanta]

My apologies. I generated that log by accident.

Here is what appeared on the results.

:Files
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe
D:\My Documents\My Received Files\SteamKeycollection_1.1.rar
D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip
D:\My Documents\My Received Files\torrent files\keygen.exe
D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar
C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem
C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack
D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack

sorry, discard that, here is a fresher one:




========== FILES ==========
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\utility software\SDFix.exe not found.
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem.exe not found.
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar not found.
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\utility software\QuickTime Pro Keygen\QuickTime Keygen.exe not found.
File/Folder D:\My Documents\My Received Files\SteamKeycollection_1.1.rar not found.
File/Folder D:\My Documents\My Received Files\torrent files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip not found.
File/Folder D:\My Documents\My Received Files\torrent files\keygen.exe not found.
File/Folder D:\My Documents\My Received Files\torrent files\NORTON.ANTIVIRUS.2007.OEM.INCL.SERIAL-RETAIL.07.rar not found.
File/Folder D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack.rar not found.
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\utility software\smitRem not found.
File/Folder C:\Documents and Settings\JL\My Documents\My Received Files\The Silent Hill Collection\Silent Hill 2\NoCD Crack not found.
File/Folder D:\torrent files\The Silent Hill Collection\Silent Hill 2\NoCD Crack not found.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10172008_215744

 

[katana]

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

• This will clear your System Volume Information restore points and remove all the infected files that were quarantined
• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • 

Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.

Delete any logs we have produced and empty your recycle bin


Enable Teatimer

• RIGHT click Link >>> HERE <<< Link and select "save as" and save it to your desktop
• Double click ResetTeaTimer.bat
• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• check the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.
• You can now delete ResetTeaTimer.bat

The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

• 
  AntiSpyware is not the same thing as Antivirus.
  Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
  You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
  Most of the programs in this list have a free (for Home Users ) and paid versions,
  it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
• Spybot - Search & Destroy <<< A must have program
  • It includes host protection and registry protection
  • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
• MalwareBytes Anti-malware <<< A New and effective program
• a-squared Free <<< A good "realtime" or "on demand" scanner
• superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

• 
  These programs don't detect malware, they help stop it getting on your machine in the first place.
  Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 4.0
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

• 
  Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
  Using a different web browser can help stop malware getting on your machine.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       • Change the Download signed ActiveX controls to Prompt
       • Change the Download unsigned ActiveX controls to Disable
       • Change the Initialise and script ActiveX controls not marked as safe to Disable
       • Change the Installation of desktop items to Prompt
       • Change the Launching programs and files in an IFRAME to Prompt
       • Change the Navigate sub-frames across different domains to Prompt
       • When all these settings have been made, click on the OK button.
       • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

• 
  Temporary Internet Files are mainly the files that are downloaded when you open a web page.
  Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
  It is a good idea to empty the Temporary Internet Files folder on a regular basis.
  
  Tracking Cookies are files that websites use to monitor which sites you visit and how often.
  A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
  CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
  
  Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

 

[supraquanta]

Greetings Katana. I am sincerely thankful for your responses , for they have been effectively helpful. But unfortunately, after I performed all the approaches you mentioned, the main problem is still persistent , so the cpu overload is still present when the computer is booted after a significant amount of time. To complement the situation, the misconfiguration of the clock by combo fix didn't reset to its original configuration, and when I open up windows live messenger, this message appears after it attempts to open windows live today:



An error has occurred in the script of this page.



Line: 2
Char: 30610
Error: 'a' is null or not an object
Code: 0
URL: http://t.msn.com/es-xl/home.aspx?ver=8.5.1302&did=1



Do you want to continue running scripts on this page?



Whether I choose yes or no, it wont load the windows live today content layout entirely.

 

[katana]

HOW TO: Change Date, Time in Windows XP

There is no (live) malware that is causing your problem, but given the amount of "cracked" software that you have used it is impossible to tell what corruption the system may have suffered.

Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.

 

[supraquanta]

My sincere thanks for your responses. I will be logging on to one of these websites.


Thank You

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.