Need help comfirming if my computer is malware free!

LouieG · Nov 26, 2008

Hi all, i'm new and I just did the run and read me first. I did every step, but i'm not sure if my pc is completely free from viruses, spyware, malware, etc. Can someone comfirm please? Here are the logs:

Also, when my pc had viruses, my computer started giving me this message that it did not pass validation of microsoft and that I may be a victim of software counterfeiting and that I need to fix it. Does anybody know what causes this? Maybe the walmare? Can anybody confirm? Whenever I try to fix it, it just tells me I need to pay like $129 or something. Any help is appreciated

LouieG · Nov 26, 2008

Re: The last part of my log

Here it is

dr.moriarty · Nov 27, 2008

Welcome to MajorGeeks, LouieG.

Please be patient while I look over your logs.

Thanks!
dr.m

dr.moriarty · Nov 27, 2008

Hello, LouieG - just a few things to do.

First, please disable any antivirus and/or antispyware programs you have installed so they will not block this fix. Print out these instructions or save them to a text file so as All Browser Windows must be CLOSED. *The fixes are specific to your problem and should only be used for issue(s) on this machine.

**CAUTION: Using P2P programs and torrent downloads can be dangerous, as they by-pass your firewall and may contain malware.

Step 1:
Please look in Add/Remove Programs for the following and un-install:
Viewpoint <=== as requested in Step 1: House Cleaning & Stepup

Step 2:
Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Step 3:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

* Optional 04 Lines To Fix * These can be removed to free up resources without compromising system performance.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
Click to expand...

After clicking Fix, exit HJT.

Step 4:
Navigate to and delete this file:
C:\WINDOWS\system32\drgwated.tmp

Step 5:
Run Ccleaner

Step 6:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

Then attach the below log to your next reply:

C:\MGlogs.zip

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

Thanks!

LouieG · Nov 28, 2008

Hi, thanks again for your help. Much appreciated!

Ok, I went to Add/Remove programs and could not find the viewpoint to uninstall. So, I went to step 2 and disabled Windows messenger. I did step 3, but I could not find O9 to fix. I remember deleting weatherbug from add/remove program, so I guess it has something to do with that. I did however, fixed O4 quicktime. I went to step 4 and deleted the file you mentioned and ran Ccleaner. I went and did step 6 and attached the log.

after I did this, I ran spydoctor and it detected this as an infection: application.NirCmd and it says the threat level is info & PUAs. I have no idea what it means or do I know if it was already there before I did your steps. Though, the description says it is a "legitimate application. Under certain circumstances, however, some people may find it undesirable." I still don't know if it safe or not.

dr.moriarty · Nov 28, 2008

You're Welcome!

NirCmd is used by ComboFix and many many other applications. A brief description:

NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface. By running NirCmd with simple command-line option, you can write and delete values and keys in the Registry, write values into INI file, dial to your internet account or connect to a VPN network, restart windows or shut down the computer, create shortcut to a file, change the created/modified date of a file, change your display settings, turn off your monitor, open the door of your CD-ROM drive, and more...
Click to expand...

PUA just means Potentially Unwanted Application...some would classify Spyware Doctor as such. :innocent

Your logs look good! If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (=This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

If we had you run Avenger, you can delete all files related to Avenger now.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware

Click to expand...

Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif

dr.moriarty · Nov 28, 2008

edited

LouieG · Nov 29, 2008

ok, thanks dr.m! i'll do those you mentioned

Log in or Sign up

Need help comfirming if my computer is malware free!

LouieG Private E-2

Attached Files:

SASlog.txt

combofixlog.txt

mbam-log-2008-11-26 (03-45-14).txt

LouieG Private E-2

Attached Files:

MGlogs.zip

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

LouieG Private E-2

Attached Files:

MGlogs.zip

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

LouieG Private E-2