Was antivirus GT but now others...

You will need to uninstall AVG since it will cause problems for running ComboFix. So uninstall it now, but do not try to run ComboFix yet. First do the below.


Uninstall the below old versions of software:
Spybot - Search & Destroy 1.2

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O1 - Hosts: 91.206.201.8 private.microsoft.com
O1 - Hosts: 91.206.201.8 avir-guardian.com
O1 - Hosts: 91.206.201.8 www.avir-guardian.com
O2 - BHO: Sky-Banners Browser Enhancer habhu - {5C94EEA0-4183-4DF4-80B6-4B172A2823F4} - C:\WINDOWS\$NtUninstallMTF197$\habhu.dll
O2 - BHO: (no name) - {dfa0e597-f6a6-4257-90e6-3ed19e4e2c91} - derasafe.dll (file missing)
O4 - HKLM\..\Run: [bipro] rundll32 "C:\WINDOWS\$NtUninstallMTF197$\habhu.dll",,Run
O4 - HKLM\..\Run: [gchk] C:\WINDOWS\$NtUninstallMTF197$\upg.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Help - {69A35C15-1632-4980-B3B3-36127BCD600A} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {8F1BD32A-46D6-4D69-A1E8-6E6A9CDB0E95} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {AB584133-BA42-4129-BDD8-9208AA4EF6BF} - http://www.comcast.net (file missing) (HKCU)
O21 - SSODL: lozasayad - {7229aa23-961f-4840-9c54-c1be04824e67} - c:\windows\system32\fivajubu.dll (file missing)
O21 - SSODL: bunohalid - {26a0c061-0ee1-4f2c-b15b-a10324296dca} - c:\windows\system32\nomifeyi.dll (file missing)
O21 - SSODL: vayonebat - {454641e2-f165-44c9-8d97-8ab58acbcdfc} - c:\windows\system32\nomifeyi.dll (file missing)
O21 - SSODL: kemadogar - {a79f7563-9b73-42b5-a7ae-319f079b38b4} - c:\windows\system32\nomifeyi.dll (file missing)
O21 - SSODL: dumevamif - {32630d6b-4fd0-428c-9704-55010a330d22} - c:\windows\system32\fakugupu.dll (file missing)
O21 - SSODL: tukelarab - {1b9e690f-7b3a-419b-bc66-e1ec2c70708e} - (no file)
O21 - SSODL: vudezuded - {6fba5094-838d-4ba4-9fd6-7ed030dab7f0} - (no file)
O21 - SSODL: siwisohuj - {90afa447-03b7-4b45-9ba7-77631c960a75} - c:\windows\system32\sobipore.dll (file missing)
After clicking Fix, exit HJT.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Brenda\Local Settings\Temp
Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome. You did not uninstall AVG as requested. Uninstall it now.

Please rerun the fix with Avenger. I had a error in it the fix that I just fixed. Attach the new log from Avenger and rerun GetLogs.bat and attach the new MGlogs.zip file.

 

I just reviewed your logs in more detail. You had/have a lot of problems. Some we have removed and some remain. However, one of them is actually really bad in that it will require a reinstall to fix since there is no known fix at this time. Actually you have two forms of this nasty infection showing as the below in your process lists:

\\.\globalroot\systemroot\system32\mswsock.dll
\\.\globalroot\Device\svchost.exe\svchost.exe

I suggest that you back up all important personal data and then perform a reinstall.

 

You're welcome.

You will need the Windows XP boot CD and any driver CDs for your PC. Do you have/did you get these CDs with your PC?

You can try getting help for the reinstall in our Software Forum, but there are many links on the internet for performing reinstalls. I suggest that ( after you backup your data ) that you actually delete your harddisk partition, re-create the partition, and then format and reinstall.


After the reinstall, you should work thru the below:

How to Protect yourself from malware!