Help me see if I'm clear of trojan downloader,adirss.exe, game#.exe, etc

Welcome to Majrogeeks!

Okay you have a bunch of work to do.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now please download and install Registrar Lite Make sure you select a Majorgeeks download link and not the Authors!

Run Registrar Lite navigate to the following key and take ownership of it (explained further down):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINCOM32\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINCOM32\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINCOM32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wincom32\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wincom32\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wincom32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINCOM32\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINCOM32\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINCOM32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wincom32\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wincom32\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wincom32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINCOM32\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINCOM32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wincom32\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wincom32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wincom32

To take ownership of the key do the following:

• Copy & Paste the registry key (one at a time) from above into the address bar of Registrar Lite and hit the enter key. This will bring you to the registry key.
• Click-on Security in the Menu
• Select Take Ownership
• Then repeat for each key given above
• Now leave RegistrarLite running and continue
• Now run the fixWC.reg REGISTRY PATCH below in this message.
• Tell me the results. Any error messages? Make sure it gives you a success message.
• Now in RegistrarLite click View and then Refresh
• Now navigate to each of the above keys (one at a time) that we took ownership of and verify that it no longer exists.
• if any of the above keys still exist, right click on it and select Delete.

Here is the Registry Patch

Now Copy the bold text below to notepad. Save it as fixWC.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

After completing ALL of the above instructions, continue here!

Start by downloading another tool we will need - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate them later.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab

After clicking Fix, exit HJT.


If you get an error message while doing the above command prompt step, just ignore it and continue!

Now run Pocket Killbox by doubleclicking on killbox.exe

• select File, Cleanup, Delete All Backups
• Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
• Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\wincom32.ini
C:\WINDOWS\system32\wincom32.sys

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Now delete the below folder:
C:\Documents and Settings\MyFamily\.housecall6.6

Now download and install the current versions of both GetRunKey and ShowNew from the links in the READ & RUN ME.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey - from the new version of the tool
2. ShowNew - from the new version of the tool
3. HJT

Make sure you tell me how things are working now!

 

You need to follow my instructions all the way thru and attach the requested logs! We will continue from there. Sometimes registry keys get lock and require additional special procedures to remove.

 

It always helps to follow directions properly!

Did you forget to fix the below? You don't need it to load at startup. It may come back if you reload or update QuickTime at some point but it is not required.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

You can also fix the below line too which will also help improve performance:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"



Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!