Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Anti-virus scan problems - AVG, Malware bytes Anti-malware,

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 24th, 2010, 8:06 pm

leostar wrote:(The hidden files were as they should be already.)


Why are they hidden?

Hidden files/folders:
Object: C:\Program Files\eMule\Incoming\Classical\Carmen- Habanera-Georges Bizet (Victoria De Los A´Ngeles)-The Best Opera Album In The World Ever! Disc 2.mp3
Status: Hidden

Object: C:\Program Files\eMule\Incoming\Intuition +\Caroline Myss - Self-Esteem\Caroline Myss - Self-Esteem\Caroline Myss - Three Levels of Power and How to Use Them (1 to 4) - (Complete) (Self Help Audio Book)\Caroline Myss - Three Levels of Power and How to Use
Status: Hidden

Object: C:\Program Files\eMule\Incoming\Intuition +\Caroline Myss - Self-Esteem\Caroline Myss - Self-Esteem\Caroline Myss - Three Levels of Power and How to Use Them (1 to 4) - (Complete) (Self Help Audio Book)\Caroline Myss - Three Levels of Power and How to Use
Status: Hidden

Object: C:\Program Files\eMule\Incoming\Intuition +\Caroline Myss - Self-Esteem\Caroline Myss - Self-Esteem\Caroline Myss - Three Levels of Power and How to Use Them (1 to 4) - (Complete) (Self Help Audio Book)\Caroline Myss - Three Levels of Power and How to Use
Status: Hidden

Object: C:\Program Files\eMule\Incoming\Intuition +\Caroline Myss - Self-Esteem\Caroline Myss - Self-Esteem\Caroline Myss - Three Levels of Power and How to Use Them (1 to 4) - (Complete) (Self Help Audio Book)\Caroline Myss - Three Levels of Power and How to Use
Status: Hidden
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 25th, 2010, 8:40 am

Good morning Melboy. That I don't know. What I meant to say is that when I followed the instructions to go to My Computer, Tools etc. and ensure that certain boxes were ticked, they were already as you instructed them to be; I didn't have to change anything. I have no idea why those files are showing up hidden in the log.
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 25th, 2010, 1:40 pm

Hi Rachel

Ok, it looks like that folder is hidden in eMule by default.

However, I instructed you in my first reply to you that Forum policy on Peer-to-Peer (P2P) programmes dictates that eMule must be removed before we continue. It doesn't seem as though it has been removed fully. If you are having problems removing it I can remove it for you if necessary.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 25th, 2010, 4:23 pm

Hi Melboy,
I did uninstall and remove e-mule. I didn't change the name of a folder containing stuff in it though that has e-mule in the folder name. Perhaps this is the reason that they appear that way. However I still don't understand why they'd be hidden.

Please advise me what to do next.
Thank you, Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 25th, 2010, 7:58 pm

Hi Rachel

At this stage I'm not seeing anything in your logs that would suggest a current malware infection.


Further inspection of your logs shows the Malwarebytes folder is named incorrectly.
C:\Program Files\rMalwarebytes' Anti-Malware

Navigate to C:\Program Files and rename it without the r to:
Code: Select all
Malwarebytes' Anti-Malware




Backup the Registry:

Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.(System registry & Current user registry)
  • Click on OK
  • When the Question pop-up appears click on Yes to create the folder.
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.



OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Processes
    
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"=- 
    "CustomizeSearch"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36791C41-EE2D-4A40-AF45-24A5ABA6D46E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44C9969F-4DCD-2E8D-1242-7959041A25AB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{546EB25A-6A5D-99EF-7458-F82F8D257E62}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57087586-1D03-1EF0-AC05-C1E652E44817}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7585DA5E-00B8-A6A6-588F-E650C178A259}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{820EE400-4068-7AC4-7934-F519A5AC7D69}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD1C10AB-B823-DD59-CC22-04E0B321DD28}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D60E38EA-36A4-3D12-683A-41C122B274BF}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=dword:00000001
    "NoFileAssociate"=dword:00000000
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "KernelFaultCheck"=-
    
    :Files
    C:\Documents and Settings\Owner\Desktop\downloads\New Folder (Johann)\Xvid Mpeg-4 Video Codec V 2.1 (Xvid Divx Dx50)(3)(2).exe
    C:\Documents and Settings\Owner\Desktop\downloads\Slingo\SlingoQuestSetup.exe
    C:\Program Files\eMule
    C:\Program Files\Big Kahuna Reef 2\Big Kahuna Reef 2_AVG_RESTORED.exe
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Last edited by melboy on March 26th, 2010, 1:50 pm, edited 1 time in total.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 26th, 2010, 9:32 am

Hi,

Melboy I"m so glad you mentioned that MBAM file. I'd forgotten it but it might be a sign of something. When I initially installed MBAM something blocked it. I couldn't make it work - it was as if something recognized the program name and wouldn't allow it. So I added the r before the real program name to trick it. I will go take it out this evening.

One other PC behaviour that I just thought to mention is that the stand-by function won't work. The PC is always cycling on immediately after pressing the "moon" stand by one-touch button. My electricity bill is very high and its just dawned on me that this is the reason. It's on 24-7.

I'll run these suggested programs this evening.
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 26th, 2010, 5:05 pm

HI Melboy,

I need your help in installing ERUNT. I can't see how not to put it in start folder. It doesn't give me the option of changing that to another folder or saying no. It's simply click on Next or I have to stop.

Also, I just thought to mention some other PC behaviour. The PC as well as not having found Notepad (yet I know it's there from these logs), nor allowing sleep mode /stand-by, will not make file associations to some programs. So each .doc I have to say open with Word or a .jpg open with the photo program etc. I've tried looking for a fix online but it didn't help.

PLease advise on ERUNT installation.
Thank you, Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 26th, 2010, 5:10 pm

Ok Rachel, click next when that option comes up - it's not a problem.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 26th, 2010, 7:14 pm

Ok, I"m now devastated. I ran the OLD TIMER while I was waiting for you to answer about ERUNT thinking I"ll at least have accomplished something today and I"ve lost 3 GB of my music files which was in the folder with e-mule in the name. I tried a system restore but they didn't come back. I don't know what to do now. Have any of the other tools you've had me use created a backup?

Can you help me get them back?
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 26th, 2010, 7:47 pm

Sorry, sorry, false alarm, I was so depressed I didn't recognize the back up name. I found it.
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 27th, 2010, 4:29 am

The System Restore is likely to have undone any work I've done.

Please post back with the OTM log and a fresh HijackThis log (Do a system scan and save a log file).
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 27th, 2010, 3:26 pm

Hello Melboy,

The system restore point was only Thursday afternoon, so nothing should have been undone.

I ran the OTM yesterday and today. On both occasions, the PC froze when shutting down as part of the reboot of OTM's process and I had to press the off button, so it didn't come back to that log page. I don't know how to find its log. I looked under C:program files to see if I could find it under OTM, but it's not there. Can you tell me how to find that log?

Here's the Hijack This log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:24 PM, on 3/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {36791C41-EE2D-4A40-AF45-24A5ABA6D46E} - (no file)
O2 - BHO: (no name) - {44C9969F-4DCD-2E8D-1242-7959041A25AB} - (no file)
O2 - BHO: (no name) - {546EB25A-6A5D-99EF-7458-F82F8D257E62} - (no file)
O2 - BHO: (no name) - {57087586-1D03-1EF0-AC05-C1E652E44817} - (no file)
O2 - BHO: (no name) - {7585DA5E-00B8-A6A6-588F-E650C178A259} - (no file)
O2 - BHO: (no name) - {820EE400-4068-7AC4-7934-F519A5AC7D69} - (no file)
O2 - BHO: (no name) - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - (no file)
O2 - BHO: (no name) - {D60E38EA-36A4-3D12-683A-41C122B274BF} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1163709375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7111 bytes
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 28th, 2010, 3:36 pm

Hi

We'll try disabling Ad-Aware before running OTM.


The OTM script will again remove the eMule program folder and subfolders found at C:\Program Files\eMule

Make sure that any music in the folder is saved to another folder in a different location first.



Disable Ad-Aware Service

  • Go to Start, Run and type services.msc and click OK.
  • Under the Extended Tab, find this service, Lavasoft Ad-Aware Service
  • Click once on the service to highlight it.
  • Right-Click on the service. Click on Properties
  • Select the General tab.
  • Next to Service Status, click Stop.
  • Click the Arrow-down tab on the right-hand side of the Start-up Type box.
  • From the drop-down menu, click on Disabled
  • Click Apply , then OK


Backup the Registry:

Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so.

  • Start ERUNT by double clicking on the desktop icon >> Click OK at the Welcome prompt.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.(System registry & Current user registry)
  • Click on OK
  • When the Question pop-up appears click on Yes to create the folder.
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.



OTM
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Processes
    
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"=- 
    "CustomizeSearch"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36791C41-EE2D-4A40-AF45-24A5ABA6D46E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44C9969F-4DCD-2E8D-1242-7959041A25AB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{546EB25A-6A5D-99EF-7458-F82F8D257E62}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57087586-1D03-1EF0-AC05-C1E652E44817}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7585DA5E-00B8-A6A6-588F-E650C178A259}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{820EE400-4068-7AC4-7934-F519A5AC7D69}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD1C10AB-B823-DD59-CC22-04E0B321DD28}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D60E38EA-36A4-3D12-683A-41C122B274BF}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=dword:00000001
    "NoFileAssociate"=dword:00000000
    
    :Files
    C:\Documents and Settings\Owner\Desktop\downloads\New Folder (Johann)\Xvid Mpeg-4 Video Codec V 2.1 (Xvid Divx Dx50)(3)(2).exe
    C:\Documents and Settings\Owner\Desktop\downloads\Slingo\SlingoQuestSetup.exe
    C:\Program Files\eMule
    C:\Program Files\Big Kahuna Reef 2\Big Kahuna Reef 2_AVG_RESTORED.exe
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please post back with a fresh HijackThis log (Do a system scan and save a log file) and a description of how the computer is running now.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 29th, 2010, 9:07 pm

Hi Melboy,

The computer is still hanging at the shut-down stage when trying to reboot after running OLT. This is even after disabling the Ad-aware program. So, I still have no log for you from that.

By the way, Notepad is not where it should be. I've not been able to find it on the PC with a search.

Please advise.

Thank you, Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 30th, 2010, 4:54 am

Hi Rachel

We have been attempting to address any malware issues you may have had for over two weeks.

There is - and has been - no sign from your logs of an active malware infection.

The removals and registry changes I am attempting/have attempted with both HiJackThis and OTM are very minor issues.


We are fast approaching the stage where if you are having any further problems after attempting the instructions below, then I can only suggest other options as this forum deals exlusively with malware Removal.



Backup the Registry:

Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so.

  • Start ERUNT by double clicking on the desktop icon >> Click OK at the Welcome prompt.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.(System registry & Current user registry)
  • Click on OK
  • When the Question pop-up appears click on Yes to create the folder.
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.



Custom Registry fix

Warning. Please note that this fix is specific for this poster and should not be used by anyone else:

Click Start > Run, type Notepad and click OK. Notepad should open.

  • Copy the contents of the Code Box below (DO NOT include Code:) and paste them into the open Notepad window.
  • Make sure there are NO blank lines before REGEDIT4
  • In notepad go to File > Save as
  • When the window opens, name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop

    Code: Select all
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"=- 
    "CustomizeSearch"=-
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36791C41-EE2D-4A40-AF45-24A5ABA6D46E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44C9969F-4DCD-2E8D-1242-7959041A25AB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{546EB25A-6A5D-99EF-7458-F82F8D257E62}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57087586-1D03-1EF0-AC05-C1E652E44817}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7585DA5E-00B8-A6A6-588F-E650C178A259}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{820EE400-4068-7AC4-7934-F519A5AC7D69}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD1C10AB-B823-DD59-CC22-04E0B321DD28}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D60E38EA-36A4-3D12-683A-41C122B274BF}]
    [-HKEY_CLASSES_ROOT\CLSID\{36791C41-EE2D-4A40-AF45-24A5ABA6D46E}]
    [-HKEY_CLASSES_ROOT\CLSID\{44C9969F-4DCD-2E8D-1242-7959041A25AB}]
    [-HKEY_CLASSES_ROOT\CLSID\{546EB25A-6A5D-99EF-7458-F82F8D257E62}]
    [-HKEY_CLASSES_ROOT\CLSID\{57087586-1D03-1EF0-AC05-C1E652E44817}]
    [-HKEY_CLASSES_ROOT\CLSID\{7585DA5E-00B8-A6A6-588F-E650C178A259}]
    [-HKEY_CLASSES_ROOT\CLSID\{820EE400-4068-7AC4-7934-F519A5AC7D69}]
    [-HKEY_CLASSES_ROOT\CLSID\{AD1C10AB-B823-DD59-CC22-04E0B321DD28}]
    [-HKEY_CLASSES_ROOT\CLSID\{D60E38EA-36A4-3D12-683A-41C122B274BF}]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=dword:00000001
    "NoFileAssociate"=dword:00000000
    
    


    Then double-click on the fix.reg file, and when it prompts to merge say yes.


Reboot


Delete files and folders

Using Windows Explore by right-clicking the start button and left clicking Explore navigate to and find the following files and folders: if found, delete them:

    Folders:
    C:\Program Files\eMule


    Files:
    C:\Documents and Settings\Owner\Desktop\downloads\New Folder (Johann)\Xvid Mpeg-4 Video Codec V 2.1 (Xvid Divx Dx50)(3)(2).exe
    C:\Documents and Settings\Owner\Desktop\downloads\Slingo\SlingoQuestSetup.exe
    C:\Program Files\Big Kahuna Reef 2\Big Kahuna Reef 2_AVG_RESTORED.exe


Please post back with a fresh HijackThis log (Do a system scan and save a log file) and a description of how the computer is running now.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 90 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware