please check hijack this

[empirebaypete]

G'day all,

been having a few problems lately.
first google tool bar disappeared from firefox.
then lost all logitech mouse settings.
then applications "not responding".

then this week ALL my files in My Documents disappeared.
luckily i did an archive about 2 weeks ago, so didn't lose
too much.

I have followed the instructions in the
preliminary removal instructions.

Thanks

Pete

 

[momok]

Hi,

May I have the results of the AVG Antirootkit scan in your next reply please.

Please download and run CCleaner via step 9 of the instructions HERE.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O23 - Service: AdobeVersionCue - Unknown owner - (no file)

Apart from that, your logs are looking quite clean. However your problem does sound like it is malware related. I shall have to see the results of the AVG antirootkit scan first before passing any judgement.


Regards,
Your friendly momok =)

This thread is for the use of empirebaypete only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[empirebaypete]

G'day friendly momok

I ran ccleaner as requested.
then ran AVG Antirootkit as in Step 11.

the results of that were that nothing was found.

sorry but perhaps i should have mentioned that whilst following the steps for removal i could not get mcafee anti virus to run in safe mode. It just would not launch, so I went back and downloaded AVG and used that instead. I probably should have run ccleaner again after going back a few steps

in your reply to me you had the following.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O23 - Service: AdobeVersionCue - Unknown owner - (no file)

excuse my ignorance, but was i supposed to go in and delete them with hijack this?

thanks

Pete

 

[momok]

Hi,

I'm sorry; a little slip of mine. Yes I was supposed to say "Please fix these entries" but somehow my fingers refused to obey.

Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

Attach the Autoruns log here.

Also, download and run a scan on the Blacklight programme. Let me know the instructions.


Regards,
Your friendly momok =)

This thread is for the use of empirebaypete only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[empirebaypete]

G'day again momok

the Blacklight found nothing.

here's the attached report from the autoruns.

I deleted the others in hijack this.

thanks

Pete

 

[momok]

Hi,

Please navigate manually in windows explorer and delete this following file:
C:\WINDOWS\tasks\A93AF979906D7619.job

Are you still experiencing any malware related problems of the sort?

Regards,
Your friendly momok =)

This thread is for the use of empirebaypete only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[empirebaypete]

G'day momok

Well the computer certainly seems to be going a bit
quicker and generally behaving better.

However when I start up I get a dialogue box which
says

Windows installer
Preparing to install.

Preparing to install what???

i tried to use windows movie maker and the
windows installer came up again, and flashed on
and off like crazy. I wish I could have posted a video.
But I've added a screen shot.


the application that was "not responding" all of the
time was ulead studio which I uninstalled and have
not had a chance to restall as yet.

 

[momok]

Hi,

I would recommend you reinstall Ulead if you need to use it.

Regarding the popup, it is certainly very strange. This popup can mean certain files required may be missing or corrupt, or it could be a very good hoax from malware on your system.

Could you post a fresh HijackThis, ComboFix and AVG Antispyware log just in case? Please also run AVG Anti Rootkit via Step 11 of the instructions HERE. Let me know the results of the scan.


Regards,
Your friendly momok =)

This thread is for the use of empirebaypete only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[empirebaypete]

G'day again, friendly ( & patient) momok

here are the new reports you asked for. was hoping to get them up sooner
but the antispyware was going way after midnight.

the computer seems to be going ok at present except for that windows installer.



thanks once again.

Pete

 

[momok]

Hi,

I noticed that your AVG log displays 'No Action Taken' for all the files detected.
Since all of them are just cookies, we'll take care of them with ccleaner as it is faster than a scan with AVG Antispyware.

Please download and run CCleaner via step 9 of the instructions HERE.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE

1. Go to start > run and type services.msc. Press the enter key.
   Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
   
   AdobeVersionCue
   
   
2. Please run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
   
   O23 - Service: AdobeVersionCue - Unknown owner - (no file)
   
   Close HJT.
   
   
3. Navigate in Windows Explorer and delete the following files and folders in bold.
   
   C:\WINDOWS\system32\vfw_32.reg
   C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
   
   Also go to this folder C:\REST2514 and let me know the contents. Was it created by you? What is it used for? Let me know in your next reply.
   
   
4. Reboot into normal mode and rehide your protected OS files.

Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of empirebaypete only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[empirebaypete]

G'day momok

firstly C:\REST2514 was created by me.
in an attempt to restore the files that
disappeared from my documents i installed
an application called restoration.exe.

it didn't work and i've now deleted that folder.

here are the fresh logs you've asked for.

Pete

 

[momok]

Hi,

Your logs are looking clean now.

There's still one more tracking cookie in your AVG log which shows no action taken. Run ccleaner to clear that.

1. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)
   You may also delete the C:\VundoFix Backups folder and its contents.
   
   
2. Turn off system restore (XP/ME only). Learn how to do that HERE.
   This will remove all the remaining nasties from your old restore points.
   
   
3. After that turn system restore back on.
   This would have created a new safe and clean restore point for your system.
   
   
4. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
   May I recommend you to read this article.
   This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of empirebaypete only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[empirebaypete]

Just a quick note to say thank you.
I appreciate the time you've spent helping me.

i've followed the last lot of instructions
and will read the article.

i'm still getting the windows installer
coming up when I start the computer.
I'll be at work, working long hours for
the next couple of days, so will have
to look at that issue at the weekend

thanks again

Pete

 

[momok]

Hi,

I would suggest that you do a repair via this thread HERE. The installer could have been caused by some damaged/missing files.


Regards,
Your friendly momok =)

This thread is for the use of empirebaypete only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.