Ques about Combofix and AVG

Welcome to Major Geeks

While I look thru your logs, please complete the below instructions.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_04
Viewpoint Manager (Remove Only) <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Jackie\Local Settings\Temp

 

Well there is not too much to remove in the way of malware, but let's cleanup what I see.


Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.6.0_03\bin\jusched.exe
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O20 - Winlogon Notify: ddcya - ddcya.dll (file missing)

After clicking Fix, exit HJT.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.

Make sure you tell me how things are working now!

If you are still having performance issues, you will have to look into the things that you are running.

 

You need to run the correct batch file. You ran GetUnKey.bat. You need to run what I requested and that was GetLogs.bat which will create all new logs and put them in C:\MGlogs.zip. The C:\MGlogs.zip file is all that we need you to attach. We don't need the individual logs in the MGtools folder. They are all put into the MGlogs.zip file for easy upload.

I need the new log so I can veryify the last fix.

That is a correct assessment!

You change these setting under Control Panel -> Date and Time

You have a problem in your Windows software or an issue with another program. You will have to debug this in the Software Forum. They will more than likely want to see an Eventlog so you should get one of them too. See this: http://support.microsoft.com/kb/308427

 

You have to wait for the programs to finish running! Double click GetLogs.bat and do not do anything in the command prompt window. Let the program run until it finishes. Everyone has a different speed PC with a different amount of other background processes running so how long it takes to run can vary from 35 seconds to a couple of minutes. If you don't do anything else and keep the command prompt window as the top windows, it will run as fast as possible. If you pull another window to the front, the scans will run significantly slower.

When the scans are finished, the last few lines in the command prompt window will look somethings like the below (click the thumbnail to expand it).

Sorry about that! I'm not sure what I was thinking. The setting you need are under Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.

 

Your logs are clean but you should not have started using MSconfig to control startups again. You defeated the purpose of a couple of fixes I was having you do with HijackThis. MSconfig should not be used as long term startup manager. Use a real startup manager (like Startup CPL ) if you really need one but typically there is no real reason to have one.

You also did not do the below:

Since you are running Comodo BOClean, I recommend that you uninstall Windows Defender which will also give a boot speed and overall performance improvement.


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!