Help please

frankfurter77 · Oct 17, 2008

I was on a forum that redirected me to a video which i was stupid enough to click on at which time I hit ok for a* "required" video codec installation.* The icon for the codec disappeared immediately and then firefox quit working.* Firefox will work for about 2 mins after i restart but then disappears.* That was this morning and I have spent the day on your removal thread to no avail.....here are my log.

frankfurter77 · Oct 17, 2008

here is my mglog

dr.moriarty · Oct 19, 2008

Welcome to MajorGeeks, frankfurter77

I'm looking over your logs and will workup a fix for you. Please be patient.

Thanks!

dr.moriarty · Oct 25, 2008

Hello, frankfurter77

Step 1:

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Step 2:

Now we need to use ComboFix to remove a bunch of malware files.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
Code:
KILLALL::
 
File::
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\atlsystem235354.exe
C:\WINDOWS\system32\atlsystem537540.exe
C:\WINDOWS\system32\atlsystem689907.exe
C:\WINDOWS\system32\atlsystem423244.exe
C:\WINDOWS\system32\atlsystem17314.exe
C:\WINDOWS\system32\atlsystem868967.exe
C:\WINDOWS\system32\atlsystem494888.exe
C:\WINDOWS\system32\atlsystem105469.exe
C:\WINDOWS\system32\atlsystem731927.exe
C:\WINDOWS\system32\atlcom698_351.dll
C:\WINDOWS\system32\Lka688_594.dll
C:\WINDOWS\download1
C:\WINDOWS\syscheck
 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Follow the prompts.

When it finishes, a log will be produced named c:\\combofix.txt

I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Step 3:

Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

C:\WINDOWS\Temp
C:\Documents and Settings\Jon\Local Settings\TEMP
Click to expand...

Step 4:

Run Ccleaner.

Step 5:

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

Then attach the below logs to your next reply:

C:\MGlogs.zip

C:\combofix.txt

Make sure you tell me how things are working now!

Log in or Sign up

Help please

frankfurter77 Private E-2

Attached Files:

log.txt

mbam-log-2008-10-17 (14-45-34).txt

SUPERAntiSpyware Scan Log - 10-17-2008 - 14-01-31.log

frankfurter77 Private E-2

Attached Files:

MGlogs.zip

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member