Need serious help before a divorce!

Yes...if you are unable to run in normal mode...you can do the scans and logs in safe mode. Attach them to your next post and we will see what we can do.

 

The only way the pic's would be lost is if they are infected and one of the scans removes them/it. Not to worry...it would be rare.

 

What are you running...xp or vista?

You may want to let chkdsk run and see if it finds any faults...

And yes you can do the scans in safe mode.

 

The malware is messing with permissions.....so the best course would be to download ComboFix to a diff. computer and transfer it to the infected one....it doesn't require an install....run it in safe mode.

 

Certainly....

 

Could try.....and it would be better if you could...let me know.

 

Try renaming combofix.exe to combo-fix.exe and see if that works. If not then just run it without renaming it. Make the appropriate adjustments in the command given to run it from the Start, Run box.

 

You should be working in an account with administrative rights. So when you download a file, right click it and see if there is a securty tab....your account should be on it.
If you are doing it in safe mode...you should also be in the administrator account no other account.

When you download a file, note where it is going ...and change it to your desktop!

You can do a search (all files and folders) for COmboFix....move it to the desktop and double click it.

If you can get on line, it might be good to try an online scan:

Go to Bitdefender agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

Click-on the Detected Problems tab. Then select Click here to export the scan report

When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

 

Yes, you should have allowed the installation of the activeX for the scan to run.

However....ComboFix has removed a large amount of trash and we will remove some more, after which you should be able to run all the scans as instructed in the Read and Run First.

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

download The Avenger by Swandog469, and save it to your Desktop.
* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now do as much of the read and run first instructions as possible.

 

You should be able to right click the tray icon for AVG and disable it. Then do as much of the Read and Run as you can ...safe mode is fine if you can't do it in normal mode. Then attach the logs.

Do not activate system restore until we know you are clean.

 

I want you to re-run combofix....but first let's fix my mistake:

* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Where you able to run the reg. patch? Did you get any errors doing it?

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

 

Leave system restore off for now.

 

If you haven't already, please disable the Guest account in User accounts.

It appears as though you have both Trend Micro and AVG8 installed....you should only have one anti-virus program.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Open notepad and copy and paste the following text in the quote box into the window:

Save this as fix.bat
Choose to save as all files.
Doubleclick fix.bat and let the program run.
A small black dos window will flash, this is normal.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\%username%\Local Settings\Temp

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

 

If they are installed ( and it is in your startup keys _ trend Micro) ir should be in the system tray...do you have it hidden? If it is something you can re-install, then go ahead and uninstall them while you do the fix.

 

LOL.....okay...now do the fix and after, don't do anything on the web other than attach the logs.....(until you re-install 1 anti-virus) ...now can I eat my dinner??? :-D

 

Sorry...we have been a bit swamped...go ahead and download/install avast...I will double check your logs in the AM.

 

Your still showing traces of Symnatec......however:

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 6"
Java(TM) 6 Update 3

Now for a few files pretending to be legit:
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


Now hopefully one last time run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

 

Looks good...Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
2.
* Click START then RUN
* Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
* Note: The space between the cf and the /U, it must be there.
3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
5. If you are running Windows XP or Windows ME, do the below:
* Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
* Then reboot and Enable System Restore to create a new clean Restore Point.
6. After doing the above, you should work thru the below link:
How to Protect yourself from malware!

 

You are most welcome...safe surfing.