Viruses Gone - But ??

Your Combo log should be at C:\Combo.txt.

Please attach at least the C:\MGLogs.zip.

 

Did you actually go thru the entire Read and Run First instructions?

If so you need to ATTACH the requested logs:
SAS
MBAM
RootRepeal
C:\MGLogs.zip --> from running the C:\MGTools.exe

Read this:
HOW TO: Attach Items To Your Post

Your log of your ipconfig shows you have no IP address. You can try using SAS to repair your connection, but if that fails, and it is not a malware issue, then I will direct you to the networking forum.

 

The scans took care of most of it....so let's just do this:

What is this:
C:\Documents and Settings\Nancy\Desktop\antivirus

Please make sure msconfig is set to normal startup.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Please use add/remove programs to uninstall:
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME
Java 2 Runtime Environment, SE v1.4.2_03

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\Documents and Settings\Nancy\Local Settings\Temp\imt10.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt11.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt14.xml 
C:\Documents and Settings\Nancy\Local Settings\Temp\imt15.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt16.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt1c.xml    
C:\Documents and Settings\Nancy\Local Settings\Temp\imt1d.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt1e.xml   
C:\Documents and Settings\Nancy\Local Settings\Temp\imt21.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt22.xml   
C:\Documents and Settings\Nancy\Local Settings\Temp\imt23.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt29.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt2a.xml    
C:\Documents and Settings\Nancy\Local Settings\Temp\imt2b.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt2e.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt2f.xml     
C:\Documents and Settings\Nancy\Local Settings\Temp\imt30.xml    
C:\Documents and Settings\Nancy\Local Settings\Temp\imte.xml    
C:\Documents and Settings\Nancy\Local Settings\Temp\imtf.xml

Folder::
C:\Program Files\PersonalAV

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PersonalAV]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the prvevious file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now download and install:
Java Runtime 6

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

NO! Leave system restore alone until you are clean and I give you final instructions.

I suggest that you download a new copy of ComboFix to a different computer and then transfer it to you desktop via either cd or thumb drive. Then just drop it on top of the old version.

It can cause slow-downs...but she should have replaced it!

 

You are welcome.