First Post

The trouble started when...attached are my posts. Any help would be greatly appreciated.

 

Part two of the logs.

 

Hi Tblak!

Welcome to Major Geeks!

Please start by running this utility:

1. Download this file - Combo Fix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply and

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.

Once you've finished, please post fresh logs for Shownew, Runkeys and HJT.

Thanks!
abri

 

Thank you for the kick response. Here is the first three logs with the last one to follow.

 

Last requested log.

 

Hi Tblak!!

Before I post a set of instructions to you, I wanted to ask you what these folders have in them?:

abri

 

Those folders are empty. I also checked with command line that there are no systems or hidden files in them.
Thanks

 

Hi Tblak !!

sorry again this took so long!

1) Go to add/remove programs and uninstall:

- Java 2 Runtime Environment, SE v1.4.2_03

Now REBOOT!

After you've booted back up, please install Java Runtime Environment vs. 6.2

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


3) Please run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: 0 - {9069A6A7-C14F-4543-61B0-177A9B0CCA83} - C:\Program Files\ComPlus Applications\quhaseju.dll (file missing)
O4 - HKLM\..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
O4 - HKLM\..\Run: [{C4-41-1F-F2-ZN}] C:\Documents and Settings\Tim\Local Settings\Temp\thinksnet.exe CHD003
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After clicking Fix, exit HJT.


4) Now Run The AVENGER by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it
yourself.
* A log file from Avenger will be produced at C:\avenger.txt


5) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


6) After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log
• Avenger Log

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

abri

 

Thanks for the next round of help. Right now everything looks good and the computer is running fine given I've aded new programs that take more memory (and I have limited resources). Attached you will find the the first of 3 logs with the last one to follow.

 

Last log 4 of 4.

Thanks

 

Hi Tblak !!


Your logs are clean. Is your computer working better now? It looks like you downloaded the messengerdisable.exe, but didn't run it. You can do this anytime. The Windows messenger creates unnecessary vulnerabilities and isn't used for the most part, as it's an inhouse messenger.

Other than that, you should follow the instructions in the box below.
Thanks for your patience and good luck with all your computing endeavors!
abri

 

I did run the disablemessenger so I do not know why it looks like I didn't, however I unisntalled messenger this time. Thanks for all you help, the computer is running fine and I learned a valuable lesson.

 

You're welcome, Tblak!
Enjoy your computer and check out the other forums if you're interested! There's a lot of valuable information to be had.
Good luck!
abri