AV2009 w/ multiple false restarts

Hi and welcome. We are currently reviweing your logs so please be patient during this time and I will get back to you with a set of instructions as soon as possible.

Thanks:
Kestrel13!

 

*Note! You currently have NO Anti-Virus installed on this machine! As soon as we have completed the below steps I would like for you to install an anti-virus

*Note! MBAM was way out of date. I Recommend you run it and make sure you update. Run a new scan and attach a new log.

1) If you do not use Windows Messenger Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

2) Please disable the Guest Account if this hasn't already been done so through User Accounts

3) Please go to Add or Remove programs and uninstall the following softwares:

• J2SE Runtime Environment 5.0 Update 10
• J2SE Runtime Environment 5.0 Update 11
• J2SE Runtime Environment 5.0 Update 6
• J2SE Runtime Environment 5.0 Update 9
• Java 2 Runtime Environment, SE v1.4.2_03
• Java(TM) 6 Update 2
• Java(TM) SE Runtime Environment 6 Update 1

4) Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)


After clicking Fix exit HJT.

With regards to the sites that you have in your trusted zone do you really need these to be in the TZ? We don't recommend adding anything to the TZ unless it is absolutely necessary.

5) Now run Ccleaner!

6) Now reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6

7) Now click this link and install an anti-virus from the recommended list:

How to Protect yourself from malware!

8) Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Don't forget to attach the new MBAM log also.

Thanks
Kestrel13!

 

Please click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

• Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
• Then search for TDSSserv.sys
• Let me know if you find this or not.
• If you do find it, right click on it, and select Disable. Do not try to uninstall it.
• Also if this is found and you disable it, then reboot and let us know if there is any change.

Do you know what the below are?

Code:

"C:\Documents and Settings\Back Parts Counter\"
x.exe         Jun  2 2008       30615  "x.exe"
x.log         Jun  2 2008        4304  "x.log"

 

Probably nothing to worry about. May be something you or someone else used for work at one time. Silly to name them like that though.

Please try the below.

• Right click on your Desktop and select Properties.
• Then click the Desktop tab
• then click the Customize Desktop button.
• Now in the next window that comes up click the Web tab.
  • Make sure at the bottom that Lock desktop items is unchecked.
• Then in the Web pages: box delete all items but My Current Home Page and make sure it is unchecked too.
• Then click OK.
• Click Apply. And click OK.

Did this remove that extra window?

 

From what we can see, it does not appear to be malware.

You can experiment by seeing if it appears in safe boot mode and also using Msconfig (or CCleaner) as a temporary tool to disable various startups to find out if any of them are the cause.

It is for your modem.

 

I'm happy to hear you found out what it was from. Never saw this before with SAS. It does not occur on any of my PCs even if I let it load at startup.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link: