Is my PC clean? Please check my files

I just wanted to other helpers know I'm working this thread, and also to let you know I was able to extract the files from the ZIP.

I will look at your logs and let you know what I see.

 

When you setup your new computer, do not use your family name anywhere.

Let's take care of the left overs from AVG AntiVirus.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to AVG7 Alert Manager Server
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Now repeat the above to Stop and Disable the below two Services (if you do not find them or get any errors, just continue):
  • AVG7 Update Service
  • AVG E-mail Scanner
• Click OK until you get back to Windows.

• Next, run C:\MGtools\analyse.exe which is really HijackThis, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste Avg7Alrt into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now repeat the above to delete the below two Services (if you do not find them or get any errors, just continue):
  • Avg7UpdSvc
  • AVGEMS
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Delete the below files.
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\SET8FD.tmp
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\SET8FE.tmp
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\SET901.tmp
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\SET902.tmp

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

After clicking Fix, exit HJT.


Here are a couple things you missed from step 1 of the READ ME.

Uninstall the below software:
J2SE Runtime Environment 5.0 Update 9
Viewpoint Manager (Remove Only) <-- should have been uninstalled in step 0 of the READ ME
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now delete the below folder if it still exists:
C:\Program Files\Grisoft\AVG7


There is only one item I see in your logs that I question and I get hits on it only at Asian websites and one German site. Do you know what the below file is:
C:\WINDOWS\System32\EBUtil2.dll

It is hooked into winlogon.exe, explorer.exe, and spoolsv.exe. If unknown, put it into a ZIP file and attach it here.

Are you having any problems?

 

It is not a problem. It is a file related to Epson printers.

Are you having any problems at this time? If not, work thru the below:

1. 
   If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN
   • Now type combofix /u in the runbox and click OK.
   • Note: The space between the X and the /U, it must be there.
2. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
3. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Re: System Changes after Running ComboFix and MGTools

Did you do all of the final steps I gave you in your thread where you should have posted this message? ( In fact, I'm merging you back to that thread too.) Did you do the combofix /u

Normally when ComboFix finishes running the standard clock time is already re-established. The Uninstall is also supposed to correct it.

However resetting the clock yourself pretty easy to do. You can fix your clock from Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.

The screen saver and browser change are typical effects of running cleaning procedures. Since so many malware programs hijack desktops and browsers and manipulate registry keys, the easiest thing for cleaning programs to do is to put them back to defaults because it is too difficult to really distinguish between things you may have configured and what malware may have done.

 

ComboFix is just behaving a little strange lately. There have been some new features added (kmd.exe) is one and all the bugs are not quite worked out yet. Thanks for the feedback as others may run into the same behavior.