Solved Is this one clean

[h2dav]

This computer is used mainly as a print server for my home network just wondering if it looks clean to you guys

 

[Bobbye]

Welcome to TechSpot, h2dav. I usually fuss when someone leaves log with no description of problems and asks me if they're clean! But I do see the thread for the other system, so I'll reserve my fuss.

Let's have you run these 2 programs because of the malware that was found in the preliminary scans:
Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  
• Double click on the setup file on the desktop to run
• If prompted to download and install the Recovery Console, please do so.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If prompted to update, please allow.
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

.
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Leave logs for both in next reply.
I'm going to check the other system now. Thanks for for setting up a separate thread for it.

 

[h2dav]

My computers must be slow it took them a while to run those scans. But here are the second set of log files. I don't share a flash drive between computers but I do have a portable hard drive I use on my personal laptop and also there is a NAT attached to the network.

 

[Bobbye]

Thanks for clarifying that 3rd computer up.

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::
c:\windows\S7613622B.tmp
C:\Documents and Settings\Harrison Verrett\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.594.0-static.exe
c:\\Program Files\\LimeWire\\LimeWire.exe
c:\\Program Files\\Azureus\\Azureus.exe

Folder::
c:\program files\Azureus
c:\\Program Files\\LimeWire

Extra::
File::
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Firefox::
Firefox-: Profile - c:\documents and settings\Harrison Verrett\Application Data\Mozilla\Firefox\Profiles\c7wzb4c6.default\
Firefox-: prefs.js: Startup.Homepage - 
Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
You have a couple of Symantec entries still on the system. Since you now use Avast and ZoneAl;arm, you should run Norton Removal Tool

 

[h2dav]

Here is the log file you requested I also ran that Norton uninstall tool

 

[Bobbye]

You and all the electronics tools should be running better- yes? I would like to check out this one file that wouldn't delete:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::
FileLook::
c:\windows\S7613622B.tmp

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.

If this doesn't present a problem, I will have you clean up the removal tools.
====================

 

[h2dav]

The coputer seems to be running fine. The fan on the system hasn't been cutting off and on randomly and the internet appears to be running optimally. I haven't been able to print over the network to the printer attached to this system but everything else appears to be running correctly.

 

[Bobbye]

Okay! Looks clean to me! Printers, especially over a network, can cause problems occasionally. I usually just makes sure the Print spooler Service is set to Automatic, make sure printer is installed on all of the computes, set up the sharing first on the computer that has the printer hard wired to it, then set up the sharing on the other systems.

Remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  
  
  
  
• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  
  
• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

More details and screenshots for Disk Cleanup in Windows Vista can be found here.

It was nice working with you. Let me know if I can be of help in the future.