Please Help! *URGENT*

Before I begin, I just need to say that while running ComboFix my computer seemed to RESTART before I got the CF-RC.txt checked by anyone here. I read it was best to show someone knowledegable about the subject my CF-RC.txt file before rebooting. Could somebody please take a look at that and tell me if it's safe to re-boot my computer? I'm extremely nervous about that.

With that out of the way, I now can write about my situation. I'll be as descriptive as possible. Very late on the 27th (possibly very early in the morning of the 28th), I was looking up information on Firefox 2. Since I haven't upgraded to Firefox 3 yet, some things weren't showing up like they are supposed to and frustrated, I hopped on IE7 for a change. After a few minutes of browsing, IE informed me that it was blocking popups from the website I was on. Immediately after, I got an error message saying "Failed to open file C:\Documents And Settings\Local Settings\Temp\snapset\dPI191065.exe. Error: Access is denied." Immediately after that AVG 7.5 warned me it was blocking the same program. Within the next few minutes, I had about 5 new viruses quarantined, a fresh new "Mirar Toolbar" on IE and many popups. The longer I waited the more viruses popped up so I very quickly disconnected from the internet and loaded up AVG and Spybot S&D.

AVG found more that I quarantined and Spybot found various Vundo/Virtumonde and Smitfraud infections. I tried removing these with no luck that night and the day after. The Mirar Toolbar would not uninstall from Add/Remove programs and even in safemode, the malware Spybot was picking up would not delete. I noticed that everytime I went to shutdown my computer, "explorer.exe" would have a process that would not end and I'd have the option to either "end now" or "cancel and wait" for it to end and had to choose before I could shutdown. With all this information on the brain, I got really panicky and chose to do a system restore to an earlier date. (Yes, the infections are now in System Restore. ) All the symptoms my computer had went away however - including the explorer.exe process error when restarting, the Mirar toolbar on IE, and the infections SpyBot picked up. However, AVG found two viruses in a temp folder when I scanned. It was sent to the vault where I immediately deleted and then cleaned out my cookies etc. with CCleaner.

I used MalwareBytes and SuperAntiSpy a couple of times because they were recommended before proceeding with the instructions stickied up top. Both found infections that Spybot did not. They were quarantined and I deleted them. If you need me to post the logs showing the infections I can do that as well. I appologize for not scanning only once which is recommended - I was so panicky about the malware.

My JAVA is already updated so Vundo doesn't try to sneak in again.

If anyone can help me clean up my system and ease my nervousness about the whole situation I will be *forever* grateful! (Especially knowing if I can safely restart from that ComboFix RC log.) Thank you very much for reading all this.

 

Here are my Malwarebyte's and SUPERAntispyware logs as well. If anything else is needed please let me know and I will upload right away.

 

Sorry for bumping, but I just remembered these three important things:

- During the ComboFix Scan I do not recall it saying that it had completed any stages. I DID have to walk away from the computer for a minute though and maybe it did say it completed the 40 something stages then. (When I came back it was in the middle of re-booting the computer. And THEN it said "Preparing Log Report" etc.) You'll see the log but I just want to make sure - just in case it really didn't scan correctly like I thought.

- Also, while using MGTools, I remember it saying in that it couldn't find 10 or so files, one of them I believe was ISASS or LSASS but that file is running in the system processes when I press Ctrl+Alt+Del.

- Being tired, I don't remember if I actually healed or removed anything found by MGTools! (How could I forget that, right?!) Maybe that's in the next step?

These might not be important and/or be normal, but I thought I'd mention them anyway.

 

That's a relief! Thank you! I am confused about one thing though: I remember that ComboFix and/or MGTools said the word "Vundo" on their screens while checking my computer. What would that mean? Is it quarantined? Should I try again and take a screen shot to show you?

Oh, yes. Such a cluttered desktop huh? :-o I clean it about once a month, but it gets cluttered so quickly. I'll try to keep a better eye on it from now on.

Will do.

That's a shame that I will not longer be getting updates after this year ends. I heard AVG 8 was pretty awful, but I will give it a try.

As far as I can tell, I am no longer having any issues. The only thing suspicious would be how I saw the word "Vundo" on the screens when scanning like I mentioned above. You are much more knowledgeable than me so I will wait for what you have to say about that before worrying too much.

Could you please let me know ASAP if I can safely reboot/shutdown my computer by checking the CF-RC.txt? I was told to have someone experienced check it before I restart as there might be serious problems. My computer has been on for over 24 hours. :-o

Thank you very much for checking the logs over for me. I am so thankful I found this great website with amazingly helpful people! Tim, I look forward to another reply from you to hear your answers.

 

Thanks for the fast response! I really appreciate it.

I see now. I thought by "clean" you meant nothing was found. Sorry about that. :-o

Sounds like a good plan to me.

I rebooted successfully! The screen was up for two seconds and went away on it's own.

Thanks again for your time. I'll be awaiting your instructions, Tim!

 

Thank you Tim! I will do all of that and I will let you know the results. Before I go any further though, I should ask: am I supposed to manually delete the quarantined files in the QooBox folder that ComboFix created or will the quarantined files be deleted automatically when uninstalling combofix? The last thing I want is for the harmful files to go where they were before I cleaned and re-infect me! :eek

Thanks.

 

Hey Tim! I'm sorry for taking so long to reply to you!

It was deleted by itself when I uninstalled Combofix.

I apologize for all the questions I've asked and I don't want to take up too much of your time but is it recommended to keep SpyBot's TeaTimer permanently disabled and "Lock Hosts file read-only as protection against hijackers" unchecked? The guide had me disable both of them. I'm wondering if I should keep them off. :confused

Along with following your instructions above, I updated to Firefox 3 and updated all my virus/malware definition files and Sun Java to the newest releases. I've always checked for new virus updates daily, but If I had done them *all* in the first place I could have saved myself a lot of trouble, huh?

Thank you very much!!

 

I hate to have to ask another question when you are so busy (Sorry!) but I came across something today. I play some MMO's (online games) and one of them today just installed nProtect's GameGuard on my computer. Is GameGuard safe enough to have on my computer? I know a lot of people don't trust it because of some of the things it does.

Thanks for your time.

 

I looked up a lot of information last night and judging by all that I found, it seems safe enough to use. I still might end up posting about it in the game forums for the heck of it.

No worries! You have helped me out tons already. I can't thank you enough and I really appreciate your time!

Happy Holidays!!