Welcome to MalwareRemoval.com, What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
tnt77 wrote:I have run Panda anti-root kit and found no infections but running a Panda Activescan 2.0 now - at this point indicates 31 files infected with 25 % of the files scanned. I will probably run Sophos Anti-root after this as well for good measure then -it might be time, I guess, to perhaps give up on my own PC virus repair
Hello!
It worries me that Combofix wont run. Could you post me the results of the Panda active scan? Also what other things have you done?
Combofix will allways create system restore point so we can do a system restore and start again. What would you like to do?
Hello - got side tracked. I am still fighting with this one. I ran the Panda anti-Rootkit and had no infection alerts then as indicated the panada virus scan which advised that i had a number of issues but I was going to have to pay to have then removed. I ran the Sophos anti-rootkit and it identified a number of questionable registry keys but did not allow me to do anything with them (other than see some details). I believe there is an problem between my F-secure and the combo-fix - even when I unload. I had - even when running combo-fix in safe mode had a pop-up advising that shaw (my service provider- who supplies F-secure) secure firewall was running - even though I tried to shut it off.
I at this point have some computer issues but not sure if they are now virus related or scars from such
Thank you for your answer. I would like to make sure you are clean. I can always direct you to an Tech forum if needed.
This is a purely a diagnostic tool, lets see what it comes up with.
OTScanIt2
Download OTScanIt2 by Oldtimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
Close ALL OTHER PROGRAMS.
Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).
NOTE:Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.
I have uninstalled Ewido, deleted combo fix as per instructions and run ATF cleaner and run Kaspersky Online Scan log below and attached is latest Hijack this log. The computer has been running sporadically ie extremely slow - then at normal speed. I tired Malwarebytes scan last night and it took 18.5 hours. I saw nothing in the on line scan that wasn't already quarantined and during the scan F-secure targeted one Kaspersky test file as a virus. I have, though, not seen anything related to the above noted previously quarantined 'packed.win32.krap.f' etc.
You do not have the required permissions to view the files attached to this post.
I dont see anything malicious in your logs. I have noticed that you have Symantec entries in your HijackThis log. Have you used Symantec antivirus program before?
Empty this foder: C:\Documents and Settings\T&A\.housecall6.6\Quarantine
I tired Malwarebytes scan last night and it took 18.5 hours.
Did Malwarebytes Antimalware scan find anything?
Remove HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Close all open windows and browsers/email etc...
Click on the Fix Checked button
When completed close the application.
Back Up registry with ERUNT
Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
Click on the erunt-setup.exe
Follow the prompts to install ERUNT
Choose language
A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO
Backup your registry to the default location
Note: To restore your registry (if needed), go to the folder and start ERDNT.exe
OTMoveIt3
Download OTMoveIt3 by Old Timer and save it to your Desktop.
Hi - emptied house calls quarantine I had, when first got the computer, Norton (symantex ) but when I uninstalled to use FSecure 'pieces' have been left behind including the process NPROTECT.exe - for the recycle bin. Bizarre occurrence today - when I opened task manager and switched to processes - the top part of the Manager screen disappeared ( the top of box which allows choice tabs, shutdown and min/max size). I tied to close task manger from taskbar by right mouse click and close but would not get the menu option - period Sorry Malware scan showed 0 issues removed hijack this entries backed up registry
OT Move log below : I had an "access violation at address 72058B0 read address of address 270508B0" when ran new Hijack this posted as attachment
========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Kazaa Lite K++\Kazaa.kpp deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\T&A\Desktop\nancy drew short cuts\BitDownload\BitDownload.exe deleted successfully. ========== FILES ========== C:\Documents and Settings\T&A\Desktop\Kaylee's games\nancy drew short cuts\bigfishgames_p22128766_s1_l1.exe moved successfully. C:\Combo-Fix moved successfully. C:\WINDOWS\temp\fsaua.tmp moved successfully. C:\WINDOWS\temp\F-Secure\Anti-Virus moved successfully. C:\WINDOWS\temp\F-Secure moved successfully. Folder move failed. C:\WINDOWS\temp scheduled to be moved on reboot. C:\ComboFix\N_ moved successfully. C:\ComboFix moved successfully. C:\Program Files\LimeWire moved successfully. C:\Program Files\Azureus\plugins\azupdater moved successfully. C:\Program Files\Azureus\plugins\azplugins moved successfully. C:\Program Files\Azureus\plugins moved successfully. C:\Program Files\Azureus moved successfully. C:\WINDOWS\system32\CF24175.exe moved successfully. C:\WINDOWS\system32\CF23029.exe moved successfully. C:\WINDOWS\system32\CF22085.exe moved successfully. C:\WINDOWS\system32\CF16448.exe moved successfully. C:\WINDOWS\system32\CF13676.exe moved successfully. C:\WINDOWS\system32\CF10714.exe moved successfully. C:\WINDOWS\system32\CF10280.exe moved successfully. C:\WINDOWS\system32\CF10149.exe moved successfully. C:\WINDOWS\system32\CF19462.exe moved successfully. C:\WINDOWS\system32\CF18568.exe moved successfully. C:\WINDOWS\gmer.ini moved successfully. C:\WINDOWS\gmer_uninstall.cmd moved successfully. C:\WINDOWS\gmer.exe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\gmer.dll
new log attached- sorry if it was missing on last post - when i tired to post reply (with log attached) the system hung with the 'hour glass' for about 15 minutes then showed that reply had been been post - I didn't double check to see if log went through
You do not have the required permissions to view the files attached to this post.
Users browsing this forum: No registered users and 294 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.