Completed 8 steps, logs attached

Status
Not open for further replies.
My results of doing the 8-step Viruses/Spyware/Malware Preliminary Removal as instructed....

1.) I did a full antivirus scan done with a 30 day trial version of TrendMicro Internet Security Pro verson 17.0. The results of that were 7 cookies which were quarantined successfully.

2.) I then downloaded/installed and ran CCleaner 3 times.

3.) I turned off the TrendMicro Security Pro program and believe that is the only real time monitoring program to be running at the time.

4.) I downloaded/installed/updated and ran the Malwarebytes program. It was partially done, approx. a quarter of the way I would guess, when my monitor went blank then slowly got all the icons and such back so I made sure the program was shut down and totally restarted it and juststarted the scan over again from the beginning. That log file will be attached.

5.) I downloaded/installed/updated and ran the Super anti spyware program. The log file is attached as requested.

6.) I had to update my Java and it is now Version 6 Update 11 as the website said it should be. I was unable to delete any older versions that may be needing it because even though I can get my control panel open...the add/remove programs window wont open.

7.) I downloaded/installed/updated and verified I had gotten to most current version of Highjack This! then ran the scan as instructed and will attach that log file also.

8.) Finally on the last step afterI dont want to say how much later 'mumbling' I am going to post the requested logs in a thread and then cross fingers and toes y'all dont laugh me out of here!!

Another thing that is screwy with this comp that come to mind is that it is stuck on the old logon screen and I have been miserably unsuccessful at fixing that problem as well as all the others my logs will prob show you I have. I have received the errors about OJLEACC dll and tu_logonui.exe Although I cannot remeember any specific thing I did to prompt those eror messages to come up.

Thank you for taking the time to look at my thread and any assistance you may be able to provide is greatly appreciated......

Heather
(Please excuse typos, I was taking notes in notepad as I progressed thru each step and wanted to concentrate more on doing each of them totally correctly as opposed to worrying about a few funny spellings lol)

Again, thanks in advance!!
 
Code:
C:\WINDOWS\system32\ (Trojan.Vundo) -> Delete on reboot.
MBAB did not handle all that it found until the computer restart.

There are mixed signal for this problem. The major infection was a comparative lightweght. However, your description and HJT log indicate another scan tool should be used.


First, rescan with MBAB followed by SAS. Repeat until clean or something that cannot be cleaned.


This indicates prior use of ComboFix. Uninstall previous version. See supporting information.
Code:
O20 - Winlogon Notify: __c00AE7A7 - C:\WINDOWS\
O20 - Winlogon Notify: __c00DC242 - C:\WINDOWS\

Next, scan with ComboFix. See supporting information.


HJT scan informs what has not been handled (computer restart before HJT scan)

Post new logs and describe conditions.

Supporting information

Please see this for instructions:
:Temporarily Disable Real Time Monitoring Programs
  • 1 Spybot S&D (Teatimer)
  • 2 Ad-Aware Ad-Watch
  • 3 Spywareguard
  • 4 Windows Defender
  • 5 TrojanHunter Guard
  • 6 Disable SpySweeper
  • 7 WinPatrol
  • 8 CounterSpy
  • 9 AVG Anti-Spyware (formerly ewido)
  • 10 Spyware Doctor
  • 11 Prevx
  • 12 ProcessGuard
  • 13 ZoneAlarm's OS Firewall
  • 14 Ad-Aware 2007 Service
 
Thank you for trying to help me resolve these issues...

I ran Malwarebyte's again and am attaching that log. I then ran the SAS again as
requested, two times...and will attach that log.

When I tried to uninstall Combofix /u, I got the error message that windows cannot find combofix? Not sure what to do from here, any advice would be appreciated....

thanks in advance,
Heather
 
Scan with HJT. Tick & Fix items corresponding to code box. Restart computer
Code:
Missing items indicate prior cleaning

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) >> broken (yahoo companion)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll  >> [URL="http://www.systemlookup.com/lists.php?list=3&type=clsid&search=4EAFEF58-EEFA-4116-983D-03B49BCBFFFE&s="]malware[/URL]
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll >> [URL="http://www.systemlookup.com/lists.php?list=3&type=clsid&search=d9288080-1baa-4bc4-9cf8-a92d743db949&s="]objectionable[/URL]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} >> broken [URL="http://www.systemlookup.com/lists.php?list=10&type=clsid&search=1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB&s="](malware[/URL]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - >> broken [URL="http://www.systemlookup.com/lists.php?list=10&type=clsid&search=DF780F87-FF2B-4DF8-92D0-73DB16A1543A&s="](malware[/URL]
O20 - Winlogon Notify: __c00AE7A7 - C:\WINDOWS\
O20 - Winlogon Notify: __c00DC242 - C:\WINDOWS\

Install new copy of combofix.

Run ComboFix.

Scan with HJT.

Post both logs.
 
Sorry it took me a bit to get the next steps completed.....

I scanned with HJT, ticked and fixed items as directed. I then installed a new copy of Combofix and ran that.

I am attaching both log files as requested.

Again, all the help is more appreciated than you know!
Heather
 
I was hopeful another specialist would have seen that I am unavailable to respond fully to your findings in the log. It appears that fake antispy was infecting your computer.

It also deleted D:\autorun.inf If D: is a flash memory device, check to see that it can still be detected upon insertion. The other means is to explore the device (windows explorer).

It appears that you are not experiencing symptoms at this point. Advise of changes.
 
Status
Not open for further replies.
Back