win 7/IE infection

Hi - have 2 machines that were infected about the same time - this post is about my windows7 machine. I noticed it was acting strange when my wife tried to run IE - it would pop up and flash a dos command box. I was running MS Security essentials - did a scan and it found a number of trojans. Removed those rescaned with malwarebytes - showed it was clean but it was not - same behavior. I've since run asquared, superantispyware, malwarebytes, Combofix and mgtools - rootrepeal refuses to run. I'm attaching the logs of those 3 to this message in hopes that someone might see something that I can do.
Thanks so much.
John H.
Lansing MI

 

attached is the aborted log from root repeal.. thank you!
john H

 

Hi and welcome to Major Geeks, John!

Your logs for the most part are clean of malware. I think the bulk of your problems are coming from the abundance of security applications you have installed. I see the following installed:

• a-squared Free 3.5
• avast! Free Antivirus
• Microsoft Security Essentials
• Spybot - Search & Destroy

List of other items you should uninstall:
________________________________

• Coupon Printer for Windows
• Java(TM) 6 Update 29 (outdated)
• Java(TM) SE Runtime Environment 6 (outdated)
• uTorrentBar Toolbar (source of Conduit)

You would probably notice a speed increase if you were to uninstall all of these (at least temporarily). Then just choose one antivirus to reinstall for future use.

I see another problem though:

Code:

[Drives]

Item	Value	
Drive	C:	
Description	Local Fixed Disk	
Compressed	No	
File System	NTFS	
Size	455.71 GB (489,319,034,880 bytes)	
[B][COLOR="Red"]Free Space	26.67 GB (28,640,677,888 bytes)[/COLOR][/B]

You only have 5.85% free space on your OS (Operating System) drive.

I would recommend at least 20% free space on the OS drive.

Basically this computer is not infested with malware as you may think, it just needs some basic maintenance done to it.

You can try what I suggested if you like, but all other concerns with this computer should be addressed in the Software forum.

Good luck

 

I do believe this computer is still infected - I deleted a quite a bit of data from it - including those programs - then tried to run IE and got the popup dos windows that were trying to run google -1.exe or something similar. When I run Super AntiSpyware again it shows infections - I let this program get rid of those and if I run IE again , then SAS again the same infections - Security HiJack the log is below:
SUPERAntiSpyware Scan Log

Security.HiJack[ImageFileExecutionOptions]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE#Debugger

 

These are from the LogMeIn software you have installed. False-positive on SAS's behalf. See: http://kwsupport.com/2011/08/sas-false-positive-with-logmein/ and http://forums.superantispyware.com/index.php?/topic/4415-false-positive-ehshellexe/

 

Ah - thanks for your help. Well I'm going to try upgrading IE, then I'll move on to my XP machine which is *badly* infected. thank you for the advice!

 

Not malware as these are related to Google

Delete these if you want to remove them:

• C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
• C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
• C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3723745603-1483208816-3105831161-1000Core.job
• C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3723745603-1483208816-3105831161-1000UA.job

If they still appear, you may want to uninstall all of these, but once again, not malware related:

• Google Earth Plug-in
• Google Gears
• Google Gmail Notifier
• Google Quick Search Box
• Google Talk Plugin
• Google Toolbar for Internet Explorer
• Google Toolbar for Internet Explorer
• Google Update Helper

 

No problem. Surf safely!