Im home now ... If possible I'd like to ressume my help please.

Thank you

I have just ran and cleaned or had hijack this delete the files as instructed. Here is the attatched results after another scan. Im still trying to figure out where the combofix is .....

I did a search for files & folders for " ComboFix " . It located 1 empty folder & 5 text documents. 1 of the documents it titled " ComboFix-quarantined files " so I clicked on it. I then noticed it says :

Folder PATH listing for volume DSK1_VOL1
Volume serial number is 0006FE80 C398:B160
C:\QOOBOX
\---Quarantine
+---C

So @ this point I'm assuming this is where it is located. Am I correct ?

I have attatched the file.

I couldn't locate the other file for ComboFix nor did I know where the application was being stored so I went back to my instructions given by a Tech on here & I reinstalled the " ComboFix " . I made sure it was saved on the " C " drive. When I double clicked it as instructed in the first instructions it automatically started. I was not prompted to do anything. Here is the result of that scan.

[COLOR="Blue"]Edited by Moderator: No need for a double post if there are no replies between your current post and the last post, unless bumping the thread. In that case, please wait at least 24 hours before doing so. Otherwise, simply use the "Edit post" button instead.[/COLOR]

Attached Files

	new scan results for hijack this.txt (6.0 KB, 1 views)
	ComboFix-quarantined-files.txt (713 Bytes, 0 views)

I am unable to get rid of the Active X virus. I have followed all of the steps and other different ways. I just cant seem to get rid of it. I need help so now what do i do?

I couldn't locate the other file for ComboFix nor did I know where the application was being stored so I went back to my instructions given by a Tech on here & I reinstalled the " ComboFix " . I made sure it was saved on the " C " drive. When I double clicked it as instructed in the first instructions it automatically started. I was not prompted to do anything. Here is the result of that scan.

As you already know I had to reinstall the " ComboFix " and it automatically ran itself without any prompting. The good part about all of this is that this time it actually saved to my " C " drive. I opened my " C " drive where I also saved the " ComboFix-Do " file by a Tech Support on this thread and dropped it into the " ComboFix " . It automatically ran itself and this is the report it produced.

Now what do I do ??? Where do I go from here ???

[COLOR="Blue"]Edited by Moderator: No need for a double post if there are no replies between your current post and the last post, unless bumping the thread. In that case, please wait at least 24 hours before doing so. Otherwise, simply use the "Edit post" button instead.[/COLOR]

Attached Files

	Last Scan for ComboFix.txt (8.0 KB, 1 views)
	ComboFix after dropping ComboFix-do into the reinstalled version of ComboFix.txt (8.3 KB, 2 views)

Hi,

Please wait at least 24 hours have lapsed since the last reply before you bump your thread.

Navigate manually in windows explorer and delete these 3 files.
C:\WINNT\system32\Perflib_Perfdata_604.dat
C:\WINNT\system32\Perflib_Perfdata_5c4.dat
C:\WINNT\system32\Perflib_Perfdata_520.dat

Apart from that, your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

You may also delete the C:\VundoFix Backups folder and its contents.

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of Untamed Desirez only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Good morning momok,

I have a couple of questions. I'm sorry it took me so long to respond. You said

Navigate manually in windows explorer and delete these 3 files.
C:\WINNT\system32\Perflib_Perfdata_604.dat
C:\WINNT\system32\Perflib_Perfdata_5c4.dat
C:\WINNT\system32\Perflib_Perfdata_520.dat

I'm a little curious as how to do this ?

I've also been running scans and it keeps detecting the quarrantined files on my " C " drive. Is there a way to delete those files ? I ran a scan yesterday ( AVG AntiSpyware scan ) and it picked up something called hijacker.Agent.jw it said it had a high risk level. See below :

The QooBox is where hijackthis stored the quarantined files from the previous infection that initially brought me to this web site. Is there a way to permanently destroy those files ? Will these files keep being detected in scans ? Is keeping those files in my system putting my computer @ risk again ?

Looking forward to hearing from you and thank you.

I just went into " Find Folders and Files " from my start button. It searched the " C " drive and found the first 2 files that you told me to locate and delete. I just " Right Clicked " on them directly from the " Search Results " box and clicked " Delete " . Was this a sufficient form of deletion or do I need to perform this in a different way? Also this brings me to the last file on your list , After locating the first 2 and I deleted those it said the 3rd file didn't exist.

Perflib_Perfdata_520.dat

Did I do something wrong? If so will you please tell me how to continue.

Thank you

[COLOR="Blue"]Edited by moderator: Please do not copy and paste logs here.
Also, no need for a double post if there are no replies between your current post and the last post, unless bumping the thread. In that case, please wait at least 24 hours before doing so. Otherwise, simply use the "Edit post" button instead.[/COLOR]

Hi,

Have you tried unhiding your system files? See how HERE.

Regarding the listed infections by AVG, no worries about them as they are mostly tracking cookies, which can easily be cleared from your internet cache. In fact many of them come from techspot, because our site has functions which allow users to see each other online and our activity on the forums etc.

You can also delete the entire C:\Qoobox as it is no longer needed now.


Regards,
Your friendly momok =)

This thread is for the use of Untamed Desirez only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Hi momok,

I just deleted the QOOBOX file folder. I did another run and still couldn't find the Perflib_Perfdata_520.dat file folder. I exposed the hidden folders and still didnt come up with anything. Could this file be named something other than this? I did a complete search on my hard drives and then I ran one on my computer.

Hi,

In that case the offending file is most likely gone. Sometimes the files disappear once the infections are cleaned during the process.

You can go ahead with your system restore turn off/on steps.

Regards,
Your friendly momok =)

This thread is for the use of Untamed Desirez only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Every since I completed these steps I have not been able to open my " Add/Remove Programs " in regualr mode. However when I load up in safe mode it has no problem loading. When I Go through my " CONTROL PANEL " or just through my " START " button it opens the window like its going to load and then it just freezes. Can you please tell me what I need to do. Also when I try to access other programs sometimes it will say " Unable to read WINDOWS INSTALLER " . " MISSING FILE or FILE HAS BEEN DELETED " . Then it says make sure the file path is correct. I dont know how this happend I followed ALL of the instructions given when I was eliminating my virus. Plz help .

Please post a fresh HJT log as per [URL="http://www.techspot.com/vb/topic19133.html"]these instructions[/URL].

Regards Howard

[color=red][b]This thread is for the use of[/color] Untamed Desirez [color=red]only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our [URL="http://www.techspot.com/vb/menu28.html"]security and the web forum[/URL].[/color][/b]

After removing a virus from my computer I am now unable to open my " Add/Remove Programs " in regualr mode. However when I load up in safe mode it has no problem loading. When I Go through my " CONTROL PANEL " or just through my " START " button it opens the window like its going to load and then it just freezes. Can you please tell me what I need to do. Also when I try to access other programs sometimes it will say " Unable to read WINDOWS INSTALLER " . " MISSING FILE or FILE HAS BEEN DELETED " . Then it says make sure the file path is correct. I am also unable to Download or install " WINDOWS UPDATES " or " JAVA UPDATES " via the little icon on the desk top bar or start button. Per your request I am posting this new thread and I have downloaded and ran the HJT. Thank you.

Attached Files

hijackthis.log (10.3 KB, 1 views)

Threads merged.

Nothing nasty showing up there.

However, you haven`t renamed HijackThis.exe to Analyze.exe as per [URL="http://www.techspot.com/vb/topic19133.html"]these instructions.[/URL]

Please do so and post a fresh HJT log.

Regards Howard

Yes I did but when I clicked on the icon that I sent to the desk top from the C Drive it loaded another icon that said HijackThis. Now I have 2 of them on my desk top. The 1 I have in my " C " program is still named Analyze.exe . I dont know why it did this.

Just double click on the Analyze.exe and do a scan, then post that logfile.

Regards Howard

I'm sorry I was saving the file to the C Drive I wasn't saving it to C Drive Program Files. I think I did it right this time .

Attached Files

hijackthis new results.txt (10.2 KB, 1 views)

Still nothing nasty there.

Try this.

Click start/run and type sfc /scannow into the runbox and press the enter key.

Windows will scan for any missing or damaged OS files and replace them as necessary. You will need to have your Windows CD handy.

Regards Howard

Thank you. But in the instance that I do not have the CD is there anything that I can do ? I took my computer to a shop to have it fixed about a year ago. They informed me that my hard drive was fried. They installed a new one however they did not send me home with a CD.

That creates a bit of a problem. If you`ve no Windows cd, you`re very limited as to what you can do.

I`m not sure what else to suggest.

I suppose it`s possible you still have some malware on your system, as not all malware shows up in HJT.

Go and read the [b][URL="http://www.techspot.com/vb/topic58138.html"]Viruses/Spyware/Malware, preliminary removal instructions.[/URL][/b] Follow all the instructions exactly.

Post fresh [b]HJT[/b], [b][color=red]AVG Antispyware[/color] and Combofix logs as attachments[/b] into this thread, only after doing the above.

[b]Also, let me know the results of the AVG Antirootkit scan.[/b]

Regards Howard

[color=red][b]This thread is for the use of[/color] Untamed Desirez [color=red]only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our [URL="http://www.techspot.com/vb/menu28.html"]security and the web forum[/URL].[/color][/b]

Won't any XP CD work? I think that if you'd borrow one from a friend or a local computer shop, you'd be in business.

Not trying to step on your toes here Howard, just offering my $0.02.

Regards

Sounds to me like the quickest fix would be a complete reinstall of the operating system. Lose Macafee and buy PC-Cillin. I have been on the internet now over 12 years and never had a virus/trojan make it throught the front or back door. PC-Cillin grabs them and will not let go.

Have you tried runnng housecalls? www.trendmicro.com , its a site that PC-Cillin owns and allows users free online scans