I ran a file I shouldn't...

I ran a file I shouldn't and I KNOW something was installed on my comp.

I'm running Windows 7 on a brand new computer with AVG.
I have pop-ups showing up and my AVG notifies me of infected files that shouldn't be infected.

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:43:27, on 15/11/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)


Edit by chaslang: Inline HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.

 

Welcome to MajorGeeks!

Please close out your topic at the Safer Networking Forum or request that we close this one out. There are not enough helpers to go around and double posting wastes our resources. http://forums.spybot.info/showthread.php?t=53441

We need more information besides a HJT log and all logs must be added as an attachment. Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

Also.

Be sure to get the new version of HJT listed in teh READ ME.

 

Thank you for the help.

First of all, I didn't find an option to close the thread I opened on Safer Networking - so I replied there and asked to close the thread.

I ran everything. The logs are attached, except two:

1. I did not run ComboFix. I get the following message: "ComboFix beta for Windows 7 x86. WARNING!! This is a BETA version ComboFix meant for compatibility testing. WARNING!! Under no circumstance should this be run on a live machine. Heed this warning or be prepared to buy a new machine". After such a message, I didn't dare run it

2. When running RootRepeal I get the following message on startup: "FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info". The application does load up, but when pressing "Scan" I get the message "DeviceIoControl Error!" and no scan is running.

As I said, the other logs are here.

For now, I think the problems I had are gone. There are no unknown iexplore.exe instances in the task manager, no pop-ups and AVG doesn't pop up any warnings. I still want to work with the system a bit more to be sure.

How do the logs seem?

 

Hello.

Please go to Add or remove Programs (Win 7 Programs and Features) and uninstall:

• Ask Toolbar

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX Checked until you exit all browser sessions including the one you are reading in right now:

• O20 - AppInit_DLLs: nvrtm

After clicking Fix checked, exit HijackThis.



Download OTM by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:

:Processes
explorer.exe

:files
C:\WINDOWS\tasks\At*.job

:Commands
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

* Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.




ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log



Next post add the OTM and ESET logs.


Also, is this a beta version of Windows 7?

 

My Windows 7 is not a BETA. It's the final release.

Here are the logs.

 

That's a false positive.

How is the computer running now?

 

Everything seems to work fine!

Thank you very much!

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

 

Did everything.

Thank you again.

 

Your welcome.

Safe surfing...