Please help.

Couple of questions from a NOOB

Firstly "Happy New Years" to everyone.....I hope all went safe and well.

Alright, I am a long time reader and first time poster, I have been helped numerous times in the past just by reading, but I think I might need some one on one help this time.
I recently took my machine in to get a new video card (old one died) and now I can only log in as "user" in normal mode, I also cannot connect to the internet via "SafeMode" how can I fix these.
I am about to go through the entire process of the "Read & Run First" (recenently got hit with a few trojans and viruses) but would like to know if there is a fix for my two questions before I run all the scans.....or does it not matter and just go ahead with the scans.

Any help would be greatly appreciated and thanks in advance.

CP.

 

Well I went ahead and ran steps 1-5 in "SafeMode" including "CWShredder" but not "Kill2Me"......I then had to reboot in "SafeMode" to connect to the internet and then I followed step 6...(note: I had to reboot yet again after "Bitdefender" inorder to connect and run "Panda Active Scan"
I then rebooted in "NormalMode" and ran an HJT.

I hope I ran everything and attached everything correctley.
Any help would be greatly appreciated.

Thanks again,
CP.

 

Welcome to MajorGeeks.com:

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

Here is the Ewido scan

Again thanks,
CP.

 

Download Pocket KillBox
(Don't run it yet)


Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {EFE08795-2BF8-283F-7363-352336770626} - C:\WINDOWS\system32\winaj32.dll (file missing)

O4 - HKLM\..\Run: [iptp.exe] C:\WINDOWS\system32\iptp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Inst all3.0/Installer.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


FINAL STEP

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\iptp.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, reboot about 3 times and then attach a fresh HJT log.

 

Please excuse the delay......family duties.

Anyways here is the final HJT scan.
I re-booted several times, now on the third one I got to thinking about the system restore....well before I could think about it I turned it off and re-booted....If I jumped the gun and screwed things up, please forgive me for wasting your time.
I hope this cleans everything up though.

BJGarrick......I cannot thank you enough for your time and knowledge.
Thanks,
CP.

 

If you turned it off, turn it back on now to flush any bad Restore Points. Re-enabling it will create a fresh restore point.

Your HJT log is clean, are you having any further problems?

 

Rebooted after turned system restore back on.......I must say that everything seems to be fixed.

Man I am very grateful....Thank you very much.

OH! one last question:
I received an ONE year subscription to "ETrust EZ Armor" Firewall, Anti-virus and Pest Control.....well my one year is up next month....I was wondering should I stay with them or do you recomend any other services that might be better.

Thanks,
CP.

 

I would recommend AVG AntiVirus & ZoneAlarm Firewall, they run great together and both use little resources.

For a list of programs, see this article on How to Protect yourself from malware!

Surf Safely!