take a look please

[skyblue]

Did a stupid thing yesterday , tried downloading atorrent software from mininova which badly infected my computer to the extent that i had to reinstall windows.
Everything is now working fine but i still ran a couple of scans ,spybot , superanti spyware, and malwarebites which all found something ,so can one of you experts  take a look at my logs to see if alls ok.
when i say everything is ok it is except a couple of keys are not right the @ is now on the 2 key and the " is on the @ key ?
skyblue

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[skyblue]

Cheers evilfantasy
logs you need

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
.
----------

Use the

Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator.

Click on SCAN NOW
Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save
  
• Save the file to your desktop.

Post the Kaspersky log in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

[skyblue]

scan report
oddjob

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

You will end up destroying your Hard Drive using cracked software.

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Now download The Avenger by Swandog46 and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your Desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
  
• Copy everything in the Code box below, and paste it into the Input script here window:

Code: [Select]

Comment:

Files to delete:
C:\Documents and Settings\Mike\Desktop\Anti Virus\VundoFix.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
C:\Documents and Settings\Mike Carney\My Documents\Downloads\RegCure 1.5.0.0 + Crack + Latest Version + Keygens\CRACK\RegCure.exe
C:\Documents and Settings\Mike Carney\My Documents\Downloads\RegCure 1.5.0.0 + Crack + Latest Version + Keygens\RegCure 1.5.0.0 Trial.exe
C:\Documents and Settings\Mike Carney\My Documents\Downloads From Mininova\Mcafee 2008\McAfee    Total    Protection    2008  (Retail)  -  HeartBug\CDSetup.exe
C:\Documents and Settings\Mike Carney\My Documents\Downloads From Mininova\Nero 8 Ultra Edition 8.3.2.1 New  KeyGen + Activation + Serials[Full Activated]\Nero-8.3.2.1_eng_f.u.l.l\Nero-8.3.2.1_eng_trial_2.exe
C:\Documents and Settings\Mike.ATLAS-FEA1386A2\My Documents\Downloads From Mininova\Mcafee 2008\McAfee    Total    Protection    2008  (Retail)  -  HeartBug\CDSetup.exe
C:\Documents and Settings\Mike.ATLAS-FEA1386A2\My Documents\Downloads From Mininova\Nero 8 Ultra Edition 8.3.2.1 New  KeyGen + Activation + Serials[Full Activated]\Nero-8.3.2.1_eng_f.u.l.l\Nero-8.3.2.1_eng_trial_2.exe

• Now click the Execute button.
  
• Click Yes to the prompt to confirm you want to execute.
  
• Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
  
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

.

• Add the Avenger log in your next post.

[skyblue]

log

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

Please do the following:

1. Download this diagnostics tool MGADiag.exe and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.

[skyblue]

You will end up destroying your Hard Drive using cracked software.

Thanks for your advice i think i have learnt that lesson
btw the key board issue i have resolved in languages and region

cant do a copy of the report sshot
oddjob

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

Download

OTMoveIt2 by OldTimer

• Save it to your desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

• Double-click OTMoveIt2.exe to run it.
  
• Copy the lines in the codebox below.

Code: [Select]

[kill explorer]
C:\Documents and Settings\Mike\Desktop\Anti Virus\VundoFix.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
C:\Documents and Settings\Mike Carney\My Documents\Downloads\RegCure 1.5.0.0 + Crack + Latest Version + Keygens\CRACK\RegCure.exe
C:\Documents and Settings\Mike Carney\My Documents\Downloads\RegCure 1.5.0.0 + Crack + Latest Version + Keygens\RegCure 1.5.0.0 Trial.exe
C:\Documents and Settings\Mike Carney\My Documents\Downloads From Mininova\Mcafee 2008\McAfee    Total    Protection    2008  (Retail)  -  HeartBug\CDSetup.exe
C:\Documents and Settings\Mike Carney\My Documents\Downloads From Mininova\Nero 8 Ultra Edition 8.3.2.1 New  KeyGen + Activation + Serials[Full Activated]\Nero-8.3.2.1_eng_f.u.l.l\Nero-8.3.2.1_eng_trial_2.exe
C:\Documents and Settings\Mike.ATLAS-FEA1386A2\My Documents\Downloads From Mininova\Mcafee 2008\McAfee    Total    Protection    2008  (Retail)  -  HeartBug\CDSetup.exe
C:\Documents and Settings\Mike.ATLAS-FEA1386A2\My Documents\Downloads From Mininova\Nero 8 Ultra Edition 8.3.2.1 New  KeyGen + Activation + Serials[Full Activated]\Nero-8.3.2.1_eng_f.u.l.l\Nero-8.3.2.1_eng_trial_2.exe
EmptyTemp
[start explorer]

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
  
• Close OTMoveIt2

.
----------

Now run a new HijackThis scan and post the log.

[skyblue]

where are we going with this, am i infected?
Explorer killed successfully
File/Folder C:\Documents and Settings\Mike\Desktop\Anti Virus\VundoFix.exe not found.
File/Folder C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Outlook\outlook.pst not found.
File/Folder C:\Documents and Settings\Mike Carney\My Documents\Downloads\RegCure 1.5.0.0 + Crack + Latest Version + Keygens\CRACK\RegCure.exe not found.
File/Folder C:\Documents and Settings\Mike Carney\My Documents\Downloads\RegCure 1.5.0.0 + Crack + Latest Version + Keygens\RegCure 1.5.0.0 Trial.exe not found.
File/Folder C:\Documents and Settings\Mike Carney\My Documents\Downloads From Mininova\Mcafee 2008\McAfee    Total    Protection    2008  (Retail)  -  HeartBug\CDSetup.exe not found.
< C:\Documents and Settings\Mike Carney\My Documents\Downloads From Mininova\Nero 8 Ultra Edition 8.3.2.1 New  KeyGen + Activation + Serials[Full Activated]\Nero-8.3.2.1_eng_f.u.l.l\Nero-8.3.2.1_eng_trial_2.exe >
File/Folder C:\Documents and Settings\Mike Carney\My Documents\Downloads From Mininova\Nero 8 Ultra Edition 8.3.2.1 New  KeyGen + Activation + Serials[Full Activated]\Nero-8.3.2.1_eng_f.u.l.l\Nero-8.3.2.1_eng_trial_2.exe not found.
File/Folder C:\Documents and Settings\Mike.ATLAS-FEA1386A2\My Documents\Downloads From Mininova\Mcafee 2008\McAfee    Total    Protection    2008  (Retail)  -  HeartBug\CDSetup.exe not found.
< C:\Documents and Settings\Mike.ATLAS-FEA1386A2\My Documents\Downloads From Mininova\Nero 8 Ultra Edition 8.3.2.1 New  KeyGen + Activation + Serials[Full Activated]\Nero-8.3.2.1_eng_f.u.l.l\Nero-8.3.2.1_eng_trial_2.exe >
File/Folder C:\Documents and Settings\Mike.ATLAS-FEA1386A2\My Documents\Downloads From Mininova\Nero 8 Ultra Edition 8.3.2.1 New  KeyGen + Activation + Serials[Full Activated]\Nero-8.3.2.1_eng_f.u.l.l\Nero-8.3.2.1_eng_trial_2.exe not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\MIKE~1.ATL\LOCALS~1\Temp\~DF2475.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MIKE~1.ATL\LOCALS~1\Temp\~DF2489.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MIKE~1.ATL\LOCALS~1\Temp\~DFC204.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\PCPalSrvHost.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_2Fe45bzcI1jfxQI scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_31g49IvlLdhrJcc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_J2mg6aSWeVftDZf scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08172008_190850

[skyblue]

hjt log

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

where are we going with this

Cleaning the computer... Would you rather stop?

Run this online scan. Requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply

[skyblue]

Cleaning the computer... Would you rather stop?

not at all, just thought that if i did a complete reinstall of windows that it would take care of any viruses and problems i was having ,so thou i did a complete install that viruses are still lurking ? btw that scan was 5 hours
skyblue

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

Reinstalling is always the safest way as it will remove anything that we may never find this way.

The log is clean though.

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates.

If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

----------

Please keep these programs up-to-date and run them whenever you suspect a problem. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.