Stumped and don't want to mess up

Discussion in 'Malware Help (A Specialist Will Reply)' started by bigtrucks, Oct 26, 2009.

  1. bigtrucks

    bigtrucks MajorGeek

    After combofix finished I did not get my desktop back. Had to go thru task manager to get here. I can access the programs thru tskmngr should I continue with R&R then log or start over? Also while the combofix was loading the console it came up with an error an asked if I wanted to continue I clicked yes. In the combofix log it states that the console was not downloaded. Where do I go from here?
    Thanks BT
     
    bigtrucks, Oct 26, 2009
    #1
  2. bigtrucks

    bigtrucks MajorGeek

    This is not funny at all I just posted my logs with a message and when I came back to checkand see if anyone had veiwed it the post was gone.
    So once again I'll post them.

    View attachment ComboFix.txt Had issues>didn't download console like it should have

    View attachment MGlogs.zip

    View attachment mbam-log-2009-10-26 (09-59-24).txt

    View attachment SUPERAntiSpyware Scan Log - 10-26-2009 - 03-20-56.log

    RootRepeal would not Root big issues and virtual window frequented pop ups with it. I honestly tried to run it. Got it downloaded but would not run.

    I've had issues every since my power went out and blew the wireless router power cord. Replaced it(router cord) and still have issues with it and the pc. Trying to do process of elimination to see if a virus is playing head games or if my pc is messed up some how from the power outages.
    Thanks for the help. You fighters really do a fantastic job.
    BT
     
    bigtrucks, Oct 26, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not sure what your exact problems are since you did not say, but they are not malware. Your logs are clean. However you do have some none malware things to fix.

    You need to uninstall SUPERAntiSpyware. And then download and install the current version and also update the database during the installation.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe (file missing)

    After clicking Fix, exit HJT.


    Since you are not having malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Oct 29, 2009
    #3
  4. bigtrucks

    bigtrucks MajorGeek

    Hey Thanks so much Chase.
    My problem was the firewall kept popping up saying that a new.dll was loaded and wanted to access the net or something like that, every 10-15 minutes. This started after my wireless router took a dump from a power flickering/outage. I replaced the power cord on the router and it lights up but it still would not access the net so I just ran the Ethernet cable straight to the pc until I get another router. I was trying to do a process of elimination and just wanted to be sure I had no problems in this area. The fw still pops but not nearly as much as before.Go Figure?! I haven't done the How to protect yet as I have a question on the windows update. I don't want the IE8 as I did it on my lap(Vista) Accepted it that is, and just about lost everything. Good thing I had a back up program that came with the lap(Carbonite) as that is exactly what I had to do to restore and get my things back to the way they were. It scared the ba-jeebies out of me because I thought for sure I wasn't getting all my settings/files/favorites back. It even wiped out all my pics?My question is How do I stop it from popping up to be installed with out shutting off the notice for auto updates or can I? If I can be walked through on how to install it on my desk(winxp) and guarantee it won't wipe out my files I would for sure do it, otherwise I'll stay at 7.

    I noticed that I have 2 IE icons on my desktop and WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe (the windows xp... has been there since April 29,09 mod.-Oct,17))Can I safely remove the IE Roadrunner(My ISP) and the IE from the desktop as I don't have them as my default(FF) and the Windowsxp-KB3..(I have no idea how or why it is even on the desktop and did not want to send it to the recycle bin.)? .
    I want to get a paid Anti malware protector which one is the better/lighter(not much in memory right now)more efficient for my pc? I'm on a fixed income.
    Thank You
    BT
    btw sorry for all the questions but, if I don't ask I won't learn.;)
     
    bigtrucks, Nov 2, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Wrong forum to ask this kind of question. Try the Software Forum.

    Again wrong forum to ask this kind of question. Try the Software Forum.


    AVG already has antivirus and antispyware protection but if you want to pay for anti-spyware protection then I suggest SUPERAntiSpyware, but adding it ( or any other antispyware program with realtime protection for that matter ) to what AVG is already doing will slow you down even more.

    NP! But you do need to ask question in the correct forums.
     
    chaslang, Nov 5, 2009
    #5
  6. bigtrucks

    bigtrucks MajorGeek

    Got cha;)
    This one I know is here. I checked the virus vault right before doing the R&R and found several virus/trojans that it caught as well as a numerous amount of tracking cookies(which for me is not surprising) the latest one caught was on 9/9/09 that was a Trojan horse Downloader Bandload.A00E; C:\RECYCLER\S-1-5-21...\Dc10.exe and C:\Sytstem Volume Info\restore(2 of them) As they are in the vault that means they are not harming my pc, correct?(These were in there before I updated to version 9 of the AVG I just forgot to ask in the last post:-o)And No nothing has been detected since then.
    Again Thanks
    BT
     
    bigtrucks, Nov 6, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If they are in the vault they are not problems but you should empty the vault. Also neither AVG nor any othe program can remove things from System Volume Information. You need to disable System Restore and then reenable it to remove things from this folder.
     
    chaslang, Nov 8, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds