Hey Mr. Chas..

Yes! You are not following the instructions. Especially the ones that are currently given in the READ ME.

You have comboFix.exe.exe on your Desktop and currently it should be named cf.exe per the READ ME and the instructions obviously changed to use cf.exe instead of combofix.exe from the run box. But since you named it incorrectly with two .EXE's instead of one, even the old instructions would not work. You must make sure you are always using the current online version of the READ ME which you apparently are not doing since you did the ComboFix part wrong. Also you did not uninstall Viewpoint Media per step 1 of the READ ME and you did not download install and run SUPERAntispyware which was required before running ComboFix. Thus you need to start over and get the correct process run and attach new logs including the SUPERAntispyware log.

 

The below is a direct quote from your newfiles.txt log (inside the MGlogs.zip file) and this was run after ComboFix. This is where I got the info from

Code:

                                                                              
Locating all files in C:\Documents and Settings\Owner\Desktop                                   
"C:\Documents and Settings\Owner\Desktop\"
ad-awa~1.lnk  Jan 24 2008         861  "Ad-Aware SE Professional.lnk"
bizzy_~1.mp3  Aug 30 2007     5529536  "bizzy_bone___trae-thug__til_i_die-rgf.mp3"
BOOKS         Feb 24 2008              "books"
ccleaner.lnk  Jan 27 2008        1548  "CCleaner.lnk"
combof~1.exe  Mar 19 2008     1599141  "[B][COLOR=darkred]comboFix.exe.exe[/COLOR][/B]"
error.jpg     Mar 19 2008      131316  "error.JPG"
joe-bu~1.mp3  Mar 19 2008     4533895  "joe-budden_-_touch_and_go.mp3"
MYTUNEZ       Oct 21 2007              "MyTunez"
NEWFOL~1      Mar 14 2008              "New Folder"
pauloa~1.mp3  Mar 17 2008    10110976  "Paul Oakenfold - Legacy (Junkie XL Remix).mp3"
SECURI~1      Jan 24 2008              "Security Appz"
spywar~1.lnk  Jan 27 2008         690  "SpywareBlaster.lnk"
thumbs.db     Mar 17 2008       91648  "Thumbs.db"

Out of tens of thousands of people whose PCs we fix, only one said they ever used Viewpoint and that was rarely. Read the info in the READ & RUN ME link in step 1. Specifically this link Uninstall Malware via Add/Remove Programs see the info on Viewpoint.

 

You have Messenger Plus! Liveinstalled which we indicate in the READ ME should be uninstalled. This program is the cause of tens of thousands of PCs getting infected with LOP and/or Virtumonde which you may have picked up from it too. You should uninstall this application immediately.


I also advise against using things like below
Absolute Poker
Full Tilt Poker
PartyGaming
PokerStars
UltimateBet

Is the below from something you installed?
C:\Documents and Settings\Owner\Application Data\ooVoo Details


Now we need to use ComboFix to remove some files and registry keys.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Which is why we always question these programs. Let's cleanup.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Owner\My Documents\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Owner\My Documents\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

After clicking Fix, exit HJT.

It looks okay other than what we were cleaning.

So are you saying that you already uninstalled ooVoo? If so, just delete the folder I mentioned and any other folders from it.

 

Yes I know but since it was not installed, I was cleaning up the left overs.

You should never install an additional antivirus program while another is installed.


You did not say how things are working. Your logs are clean other than the PartyPoker stuff already given.

 

When you enable viewing of hidden files and folders (which is done during the READ ME) you will see things that are normally hidden. And if you have thumbnails turned on, you will see them too. If this bothers you, double click on the C:\MGtools\hide.reg file and allow it to be added to your registry. This will return things to Windows defaults.

If you are not having any other malware problems, it is time to do our final steps:

2. Uninstall COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN
   • Now type cf /u in the runbox and click OK.
   • Note: The space between the cf and the /U, it must be there.
3. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
5. If you are running Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
6. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome. Surf safely!