I need help removing Virus Trigger

Status
Not open for further replies.
OK get me a new HJT log.

Then bring me up to date as to what the remaining problems that you see and feel as you use the computer.

Go to to Start > Run
Type

combofix /u

I am preparing a post offline be back less than 10 minutes.

Mike



Run CCleaner Temp and Registry twice or more until they come up clean.

Reboot open nothing else and do the below.

Download OTScanIt: http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe
Close all Apps and Browsers

Download and save to Desktop and Dbl Click extract the files to an OTScanIt Folder.

If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.

Enter the OTScanit folder and run OTScanit.exe.

In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings

Top Left click Run Scan.

The scan can take some time so allow it time.

Then finished a log will open, save log, attach contents back to here.

Mike
 
The combofix/u or combofix /u could not be found. A little icon on the bottom keeps popping up now saying there is no firewall. I don't know if this windows or still part of the virus. I have not clicked on it. Everything else seems to be ok with the computer.
 
Well good that computer is running good.

We may be finished.

What bothers me is that combofix will not run.

Delete the combofix folder.

Then do a windows search files and folders Advanced search system search hidden search subfolders for Combofix*.* delete all found.

Reboot and run combofix once more.

Mike
 
Suggestions from viewing the most current HijackThis log:

The following entries should be removed:
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPokerNet\RunPF.exe (file missing)
O20 - Winlogon Notify: ahrdvdd - C:\WINDOWS\ahrdvdd.dll (file missing)
O20 - Winlogon Notify: gdjbwumw - gdjbwumw.dll (file missing)
You should disable this program while cleaning:
O4 - HKLM\..\Run: [BCROReminder] C:\Program Files\ByteCrusher\RegistryOptimax\BCRO.exe -rem>>Registry Optimax helps maintain the integrity of your Windows Registry by scanning, identifying, cleaning and repairing errors in your Windows Registry Database. This advanced clean and repair process helps your system performance remain smooth, fast and stable.
You are loading two media players at startup- Music Match and QuickTime. Neither needs to start on boot:
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe">>Musicmatch Jukebox
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
The following are all non-essential Dell processes.
The computer came with these pre-loaded. None need to startup on boot and some cane be removed all together.
C:\Program Files\DellSupport\DSAgnt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe>> an application provided by Dell. It stops the autorun application from executing on disc insertion.
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe">>a process which is related to DELL online support.
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
You are also showing HP processes loading:
None need to load at startup. It appears that you may have an HP peropheral in addition to the Dell Printer. Both are loading at startup. Neither need to load at startup.
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>> HP Software Update Application or HP Driver Diagnostics .
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe>> Checks the internet for updated drivers/utilities for your HP product -
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

Stopping unnecessary programs from loading and removing bad entries such as the 020 entries, will free up resources on the system as well as prevent it's misdirection. Consider the above.
 
I recommend doing them all. If you want do it now.

I usually do these last but I am more concerned that Combofix will not run.

This should do it.

Download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

Save to desktop.

This will remove all the tools we used to clean your computer.
These tools update so often they require downloading again later if needed.

Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

Approve all if prompted by Firewall, Widows Defender or other guards or security programs about OTCleanIt attempting access to the Internet, allow all.

If prompted to Reboot click Yes.
OTCleanit will delete itself when finished, if not delete it by yourself.

Once finished reboot and try Combofix again.

Mike
 
Status
Not open for further replies.
Back