Inactive Remaining virus and trojan horse infections I can't elimate

[Broni]

No reason.
We'll fix it.

Do this on the computer you are posting from:
Copy the text in the codebox below:

:OTL
IE - HKU\Owner_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2011/12/28 16:46:28 | 000,001,202 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\w03v5ho382r0eu83588ggfx84pax154ve3u7
[2011/12/28 06:59:51 | 000,020,660 | -HS- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
[2011/12/28 06:59:51 | 000,020,660 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
[2011/12/26 11:26:46 | 000,020,770 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1
[2011/12/24 19:56:16 | 000,018,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\015467y6h152l128c172x1glr3b3
[2011/12/24 19:56:15 | 000,018,272 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\015467y6h152l128c172x1glr3b3
[2011/12/24 11:33:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\41Jq85.dat


:Services

:Reg

:Files
c:\windows\explorer.exe|c:\windows\ServicePackFiles\i386\explorer.exe /replace

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

• Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
  
  • (The content of Fix.txt should appear in the box)
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log produced (you'll need to transfer it with USB stick)
• Attempt to reboot normally into Windows.

Then re-run Combofix.

 

[goleftfast]

Rebooted after the scan and only got a blue screen with several error messages.

1. Generic Host Process for Win32 Services encountered a problem and needs to close.
2. System Shutdown initiated by NT Authority System, DCom Server Process Launcher terminated unexpectedly.

It rebooted again, got the Toshiba startup screen and then the blue screen with error msg, Windows Explorer has encountered a problem etc and clicked don't send report and it went away. Nothing else on the screen, just blue background and that's where it is now, at the blue screen with nothing on it.

What now?


========== OTL ==========
Registry value HKEY_USERS\Owner_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator.OWNER-830FA6330.000_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\Administrator.OWNER-830FA6330.000_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\Owner_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\w03v5ho382r0eu83588ggfx84pax154ve3u7 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1 moved successfully.
C:\Documents and Settings\All Users\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\au28rqra8fv2700kr8366nd3am6oq5t1 moved successfully.
C:\Documents and Settings\All Users\Application Data\015467y6h152l128c172x1glr3b3 moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\015467y6h152l128c172x1glr3b3 moved successfully.
C:\Documents and Settings\All Users\Application Data\41Jq85.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File c:\windows\explorer.exe successfully replaced with c:\windows\ServicePackFiles\i386\explorer.exe
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 01062012_232513

 

[Broni]

Turn the computer off.
Wait 1 minute.
Restart again.
If normal mode doesn't work see if you can boot to safe mode.

 

[goleftfast]

Turned off, waited, turned back on, got windows explorer error and then the blue screen. Restarted into safe mode, got same error msg and a black screen with safe mode in the corners. Nothing else, no icons, start button,

 

[Broni]

Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

fixboot

exit

Attempt to start normally.

 

[goleftfast]

I do not have the recovery console installed on this laptop.

 

[Broni]

According to the latest Combofix log you do.
Did you try it?

 

[goleftfast]

Hey Broni,

Sorry about the delay, but I just needed a break. After much consideration, I decided to go ahead and do a system recovery with the long lost CD's. It took just about as long to update and reinstall everything, but it is working properly now.

Many thanks and I admire your patience with dealing with it.

 

[Broni]

Thanks for letting me know