police ukash virus on vista laptop

ASJ112

strange, will it run in normal mode ?

john64

I've had to power off.
On power up, I let it auto select the option to ' start windows normally'..
Normal desktop comes on..
I double click otl icon & do quick scan..
otl is running..

john64

Hi ASJ,
Many thanks for all this help,

I'm in normal mode,

otl seems stuck at

scanning driver AVGIDSHX...

its been showing this for over 5 minutes..

ASJ112

if it stays at that for much longer, try run MBAM and see if that works

john64

I've powered it off,
Power On,
Starts windows normally,
Starts MBAM
check for updates,
pc frozen

I'll try run mBAM ..

john64

Normal mode
launch MBAM
performing quick scan

Seems stuck at
objects scanned 51702
objects detected 0
time elapsed 2m 22s
currently scanning c:\windows\system32\AltTab.dll for over 5 minutes

john64

Normal mode
launch MBAM
performing quick scan

stuck at
objects scanned 51702
objects detected 0
time elapsed 2m 22s
currently scanning c:\windows\system32\AltTab.dll for over 15 minutes

I'm going to power off & go to bed.

Thanks for all your help,ASJ, & I hope to continue tomorrow.

ASJ112

I see you have installed AVG and SUPERAntiSpyware, can you do a quick scan with either of those ?

john64

I'll do as you suggest & should be able to reply later tonight . thanks.

john64

Hi
laptop started in normal mode
SuperAntiSpyware was not found to be installed.
I opened AVG & clicked update, the laptop froze.
I powered off & on & started in normal mode.
I opened avg & started a scan.
At 50% of avg scan completed, the laptop froze . It did not show what file it was testing at the time.
I powered off & on & started in normal mode.
I installed SuperAntiSpyware from a usb stick.
A SuperAntiSpyware is running.

the result is..

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/03/2012 at 08:35 PM

Application Version : 5.6.1014

Core Rules Database Version : 9676
Trace Rules Database Version: 7488

Scan type : Quick Scan
Total Scan Time : 00:06:29

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 685
Memory threats detected : 0
Registry items scanned : 30823
Registry threats detected : 0
File items scanned : 6917
File threats detected : 10

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\AMANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\AMANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\AMANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\AMANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\AMANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\AMANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\AMANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\AMANDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-StartPage
C:\USERS\AMANDA\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\HFR08QT0\OTL[1].EXE
C:\USERS\AMANDA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\HFR08QT0\OTL[1].EXE

john64

I clicked 'remove threats',
quarantine & removal complete,
laptop rebooted.

I will run superantispyware again when pc stats up.

john64

SAS quick scan result clean & ok.

I'll run a SAS full complete scan..

john64

I'm in normal mode
I started a SuperAntiSpyware full scan.
It froze after 15m11s as it was scanning c:\program files\common files\px storage engine
Memory items scanned 688
registry items scanned 39680
file items scanned 5622
threats detected 0

john64

I powered off & on, then selected ' start windows normally'.
Normal desktop displayed ok.
Running SAS pro trial version quick scan.

result clean & ok.

running SAS complete scan now ..

john64

Hi

SAS complete scan froze at
scanning progress c:\program files\sony\sony picture utility\pmbcore\ippccw7-5.3.dll
memory items scanned 686
registry items scanned 39680
file items scanned 12748
threats detected 0
elapsed time 20m23s.

Where do we go from here ??

ASJ112

honestly I'm stumped, your logs are clean but clearly something is amiss.

all the scans freezing is not good. do you know what security programs you have installed on the pc ?

john64

I powered off & on & selected ' start windows normally',
the screen was black with a small scrolling bar with green stripes & 'microsoft corporation',
after 5 or 6 minutes it went to chkdsk,

stage 2 of 3 , 25% complete,
'deleting index entries in index $I30 of file 1902,
deleting index entries in index $I30 of file 62607,
recovering orphaned files into directory file 1902,

the files mentioned included
ehsso.dll
msconfig.exe
TMM.dll
PortableDeviceApi.dll
fdeploy.dll
fdWCN.dll
PnPutil.exe
rasppp.dll
mscorier.dll
pnpsetup.dll

chkdsk ended

then it went back to a black screen with a small scrolling bar with green stripes with 'microsoft corporation',

then it showed the 'welcome vista' screen & then a black screen & then normal mode desktop.

From power on to normal mode desktop took 25 minutes.

john64

At the moment, the pc has
AVG antivirus free 2012 and
SuperAntiSpyware running from startup.

Also installed is
malwarebytes MBAM
OTL

thanks

ASJ112

lets see if you can get OTL or MBAM to run now after chkdsk. If your PC is taking 25mins to boot up then there is an issue that needs to be fixed.

I'm going to bed soon, but if OTL or mbam wont run, can you download combofix again, run it, and post the log from it.

If we have no luck I'm going to send you onto some experts.

john64

I right-clicked the bar at the bottom of the screen & clicked task manager.
A microsoft windows orange box appeared with ' the application is not responding'
do you want to end this process,
I click 'end process' & the pc is frozen again.

john64

ASJ112 wrote: »

lets see if you can get OTL or MBAM to run now after chkdsk. If your PC is taking 25mins to boot up then there is an issue that needs to be fixed.

I'm going to bed soon, but if OTL or mbam wont run, can you download combofix again, run it, and post the log from it.

If we have no luck I'm going to send you onto some experts.

I start it again & try OTL before bed .

happy zzzzzzzzzzzzzzz's to you.:)

ASJ112

Try run everything in safe mode as this will make it less likely for programs to freeze.

I am officially off to get my ZZZ's, so try OTL-MBAM-Combofix, and if they don't fix the problem we will go onto the next step.

john64

I powered off & on & selected ' start windows normally',
pc started up to normal mode inside 2 minutes..

I started otl.exe from desktop & started a quick scan..
scan running..

john64

OTL normal mode quick scan result..

froze when is reached
looking for newly created files: C:\windows\system32\wsqmcons.exe

this also happened in post#31.

I'll go try safe mode OTL scan.

john64

safe mode, OTL, quick scan running..

pc froze when it reached
looking for newly modified files: C:\windows\system32\wsqmcons.exe

wsqmcons.exe indicated again.

john64

safe mode, MBAM, quick scan running..

MBAM froze at c:\windows\system32\oobe\audit.exe

See post #29 where mbam was also stuck at directory oobe..

john64

I started up in 'safe mode'
plugged in a usb stick,
and ran combofix.exe
a combofix warning appeared,
'combofix has detected avg to be active'
I ignored & hit 'ok'

A combofix window opened
'administrator: autoscan' is at the top of of the window,

it showed completed stages 1 to 38
then it shows
'access denied . administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks '

then, it showed completed stages 39 to 50.
then nothing for over 30 minutes.

I opened ' windows task manager'
Application ' administrator:autoscan' shows running.
I tried to 'end task' but nothing happened.
pc is frozen again.

mp22

It sounds like AVG is acting up to be honest try uninstalling it,if it wont go use one of these http://www.avg.com/ww-en/utilities

john64

Hi mp22,

Glad to see there's still something to try.

I'll do that later & reply .

Many thanks.

john64

Hi

I powered on & went to 'safe mode with networking'.

I used Internet Explorer to go to Avg Remover 32bit 2012 & did 'Run'.
When it finished , the laptop shutdown.

I powered on & it went straight to normal mode desktop ( without a screen to need to select 'start windows normally').
In normal mode I tried OTL from the desktop & it froze at
looking for newly created files: C:\windows\system32\wsqmcons.exe.

I powered off & powered on in f8 'safe mode',

The screen showed
loaded: windows\system32\drivers\crcdisk.sys for a few minutes then went to 'safe mode' desktop.
In safe mode I tried OTL from the desktop & it froze at
looking for newly created files: C:\windows\system32\wsqmcons.exe again.

I'll try combofix in safe mode from usb stick & post result..