PC is still infected

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by trancemc, May 11, 2007.

  1. trancemc

    trancemc Private E-2

    My PC has been acting funny, so I ran all of your suggested tests.
    MANY things were found on my computer and not all of them were fixed.
    Please review my logs and help me find a solution.

    Thank you
     

    Attached Files:

    trancemc, May 11, 2007
    #1
  2. trancemc

    trancemc Private E-2

    Here are the other three logs.
     

    Attached Files:

    trancemc, May 11, 2007
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.0_03
    Java 2 Runtime Environment, SE v1.4.1_02
    Java 2 Runtime Environment, SE v1.4.2_05
    Viewpoint Media Player

    Is the VolumeControl process something you installed and know what it is? I'm referring to the below?
    O4 - HKCU\..\Run: [VolumeControl] "C:\Program Files\VolumeControl\volume.exe"


    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    O2 - BHO: (no name) - {9548AFEB-30B9-4253-A592-6470FBADF801} - (no file)

    After clicking Fix, exit HJT.

    Now attach new logs for:

    * GetRunKey
    * ShowNew
    * HJT

    Be sure to tell us how things are running and what issues you are having.
     
    Last edited by a moderator: May 11, 2007
    TimW, May 11, 2007
    #3
  4. trancemc

    trancemc Private E-2

    I've done all that and my logs are attached.
    Am I clean now?
     

    Attached Files:

    trancemc, May 14, 2007
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please stop S&DTeatimer as it can interfere with some of the fixes.

    Also, you have too many realtime blocking tools
    o AVG Antispyware
    o Adaware Ad-watch
    o Spy Sweeper
    o Spybot Teatimer

    All but Ad-watch or Spy Sweeper (if Spy Sweeper is a paid version) should be uninstalled.

    Please empty your Norton N-Protect folder as requested, and then run AVG Anti-spyware and post the log.

    You never replied as to the Volume Control program....

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

    After clicking Fix, exit HJT.
     
    TimW, May 14, 2007
    #5
  6. trancemc

    trancemc Private E-2

    I stopped S&DTeatimer

    I only have AVG to run these tests. I will uninstall when you give me the word I should do so.
    I uninstalled adaware and disabled Spybot Teatimer. Should I also uninstall spybot? or can that run with spy sweeper (which I am keeping because it IS the paid version).

    I emptied the Norton N-Protect
    I have attached multiple AVG logs because I had to scan everything in parts. Everytime I attempted to run a full scan, the program simply stopped and disappeared as if it crashed.

    Volume control was a program I had installed, but I uninstalled that as well

    I did fix that error, but when I would immediately run an HJT scan again, that same line continued to show. The HJT log I attached was after "fixing" that line several times.

    Thank you for all your help thusfar, can U further advise please?

    Thank You TimW
     

    Attached Files:

    trancemc, May 23, 2007
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Do you have Yahoo toolbars? Please try removing all toolbars and add-ons for your browser.
    Then run HJT and have it fix that item ( R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com)

    What problems are you still having?
     
    TimW, May 23, 2007
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds