windowsisearch

Welcome to Major Geeks!

As malwre can hide in the most unexpected places, hijackthis may not locate it or its name has changed to something else that one of our malware experts may notice, so the below guide and logs may help.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

• READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.

• Do not assume that because one step does not work that they all will not.

Notes:

1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

Just attach the requested logs whenever you finish.

 

Why not? What problems did you have?

You did not update MBAM and SAS to the current definitions. Please do so now and run new scans and then attach the new logs.

Why not? You need to run this and attach the log and then you will have to re-run MGtools since it needs to be run after ComboFix has been run.

 

Having the current version of the program does not mean you have the current definitions/detections which is what I asked you to update to. You still need to do this.

Yes. We do not want inline logs as explained in the READ & RUN ME. The instructions explain how to find the logs but here is where they would normally be saved on your PC:

C:\Documents and Settings\Ruthie & Jonathan \Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs

C:\Documents and Settings\Ruthie & Jonathan \Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

These logs normally would show in MGlogs.zip but they do not. The problem could be due to the choice of user account names you chose. You have USERNAME=Ruthie & Jonathan Using user account names like this will cause many miscellaneous problems ( including problems for MGtools) as the & is a special character. You really should change your user account name and each user should also have their own user account.

ComboFix is a valid program used in hundreds of forums thousands of time per day. You need to shut down McAfee as requested in the instructions and run the scan and then attach the log.

 

Did you install the below on Sep 30th?

Code:

"C:\Program Files\"
1-CLIC~1      Sep 30 2008              "1-Click Answers"
ANSWERS.COM   Sep 30 2008              "Answers.com"

Try uninstalling them and see if it cure your problems. I'm not sure it will solve this problem but Answers.com is questionable software. You may have a new form of infection that is starting to crop up that shows no signs in any scanners yet. It may be infecting a particular registry key but we have no info on what. What we have seen is that other user accounts are usually fine or using a browser like Opera rather than IE or FireFox seems to work okay.


Also uninstall the below software:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5

There is no real malware in your logs.

 

Let's try a few more things. Make sure you shutdown all protection software before doing the below.



Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now reboot in normal mode


Copy the bold text below to notepad. Save it as fixIE.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now reboot your PC. After reboot is there any change?