Malware Removal Done, Logs Attached

Hi, Guys. I started having a problem with my laptop computer about 3 weeks ago. I was not doing anything in particular and don't recall downloading anything other than an Adobe file occasionally. I suddenly had a small window popping up. It was constantly blinking. The IE page behind it was blinking also. Across the top I was able to see something like the words Windows Program Developer Tools. I think the name of the IE page preceded those words. In the body of the page were some tabs across the page, such as HTML. I constantly tried closing it to no avail. I couldn't close or minimize any page without clicking for several minutes. I couldn't open any links by clicking. I had to right click and open everything as a new page. I tried rebooting. shutting down completely. I checked all the connections. Everytime I logged onto IE, the page would pop up. I googled the name and learned it is a legitimate program in Windows. Finally, after a few days, I minimized it, and it stayed minimized. When I closed IE, it disappeared and I haven't seen it since. However, the webpages on IE still constantly blink, and I have all the other problems as well.

In the meantime, I have OpenOffice Word Processor, and that is not working properly. In my email and in my word processor, I can't drag my mouse over a selection of words to copy them. If I can select them at all, I have to start at one point, hold the shift key and go to the end point and place the curser there. (And yet as I am writing this thread, the page is not blinking and I am able to cut and paste by draging my mouse. All the other pages on MG have been blinking as I've gone through the Malware Read Me and Remove Me steps.)

I am afraid to send any email to anyone for fear it is infected with whatever?
Before I started MG, I ran SuperAntispyware, which I already had; CCleanler; Eusing Registry; AdAware; AVG Antivirus; Spybot; and Spyware Blaster; I have since removed Eusing, AdAware, Spybot and Spyware Blaster. None of them found anything wrong.

When I went through your steps, I removed AVG using the link you provided.

I made notes, which I can't find now, but one of the tools said I had to remove SuperAntispyware; and another kept telling me that it couldn't run because AVG was scanning. I checked andAVG was not listed in Add/Remove Hardware, but there were two empty files in Windows Explorer. I deleted them. The tool then said it was going to run anyway at my risk. Root Repeal would not run.

In the meantime, I have no protection other than Comodo. My firewall is still off. I do not have SuperAntispyware. Can I reload it now and put my firewll back on? Thanks for all the help you provide so many people. I hope that you will be able to help me.

Sincerely, Elaine Rimbach

 

Tim
Thank you for replying.

I used the link in the Malware Removal Process for removing AVG. I checked the Add/Remove Hardware in Control Panel and it is not there. I did a search in WE and found 103 folders or files which I deleted. I did not delete any of the files in Comodo Dragon that showed up on the list.

Norton is listed on Add/Remove Hardware, but shows nothing under size or MB
so I didn't think anything was on the system. I did a search on WE and found 3 folders which I deleted.

I deleted C:\Documents and Settings\Elaine\Templates\kqxjax25212syk721811b172n8n71yg66c. I received a message that it was a system file and that it might be integral. But I deleted it as you directed. As I was searching for AVG and Norton files, I noticed that the majority of the files in Windows are now in blue and say $NtUninstallfollwed by a bunch of numbers.

So, now the only program I have is Comodo which was installed as part of the malware removal process. I think it is spyware, malware and antivirus. Please correct me if I am wrong. I also have CCleaner. I turned on my Firewall.

There is no change to the problem. You said you don't see much sign of malware. What do you mean by "much?" Are trojans and worms malware? Is there anything else you can think of? I had an appt. with a local man, but he got sick. Another local man has not returned my calls. If you cannot help me, I will have to try to find someone reputable in my area. I appreciate all you are doing and thank you so much for your time.

 

Tim,

This is an addition to my previous reply. I don't know why the items that I removed via Add/Remove Software in Control Panel weren't completely eliminated - not even .exe files. I did searches in Windows Explorer for each, and found lots of files. I then went through WE and deleted each file for avg and several others.

However, I had problems with SuperAntiSpyware. When I tried to delete
SAS.exe
AppLogs
SDDLLS
deupx
214a885-ee2-4123-8aa9-fdf32e311c55.exe

I received message - Cannot Delete: Make sure disk is not full or write protected and that file is not currently in use.

I went to the logo on the task bar and right click it and selected "Exit."

Thanks, Elaine :-o

 

TimW,

Don't know what or where the .bat file is. The only file I have is MGtools.exe. I ran that. During the run, at the point 'Finished with ServInfo.bat
Running analyse.exe,' a message popped up:
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run,
and type Notepad C:\Windows\System32\Drivers\etc\hosts...."

Unfortunately, "Run" disappeared from my Start list months ago. Also WORD disappeared sometime before that.

P. S. While deleting SAS from WE, I found a log from 5/21, which I have attached also, in case you are interested.

Thanks, Elaine :cry

 

TimW,

I ran C:\MGtools\GetLogs.bat.

At the lines 'Finished with ServInfo.bat
Running analyse.exe, a message popped up from HiJack.
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may not be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run, and type notepad C:\windows\system32\drivrs\etc\hosts.

I DON'T HAVE RUN. It disappeared from my Start menu about a year ago. A few months later, WORD disappeared also.

I 'x'd out of the popup rather than saying OK. MG continued to run and I have attached the log. I feel like I'm going freaking crazy, though. At first I thought you meant to run MGtools.exe again because I couldn't find .bat. So I did that around 10:30 a.m. Had the same Hijack problem. Got a log with time of 10:49. Then I look at your note again and I did find the .bat file. I ran that around 12 p.m. But there's only one log and still says 10:49.

When I went to upload the two logs, I received an error message saying that the two logs had already been uploaded to this thread. What do I do now??

I'm pulling my hair out. Since my last post did not show up, I can only pray that this one does.

Thank you again.
Elaine

p.s. This is my second attempt at making this post. I wrote this reply an hour ago, but for some reason it didn't show up. I just discovered that when I came back to check whether you had answered.
:cry

 

TimW,

I have not found my XP discs yet. This laptop is 6 years old and I have moved several times.

I exited Comodo and I ran avenger.exe. When the system rebooted, the log was there. On top of the log was a window which read: Exception processing message c 0000013 parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
Cancel Try again Continue

I chose Cancel. The heading for this window was Windows - No Disk.

 

TimW,
I am dreadfully sorry if this is important. When my system restarted today, a message appeared on the black screen for too short a time for me to copy it. It starts with Real Tek...[something]...fast ethernet
?
?
?
[something]....unable to find (?) or boot (?) file.

The system then continues to boot up.

I usually put my computer to sleep. If I have shut it down, I turn it on and walk away for a few minutes; so I haven't seen this screen.

 

Tim,

Does this mean that I can start using my E-MAIL again!??


Elaine
Thanks for all of your help!

 

TimW,

Thank you so much for your help, your time, and your patience over the past several days. I do appreciate all of it. I clicked most of the "Thanks" links, but after several attempt on the last one I guess my system or software problem was just being obstinate.

Elaine