STill trying to get rid of virus

[Helpme220]

Did what the first post recommended removed all progams ccleaner and such . Ran all logs there attached here . It all started after downloading and update to adobe . removed adobe and all internet browsers i.a. internet explorer, msn , bonjour.installed mozilla firefox . was working fine no hijacks until i tried another adobe program . Computer is running slow opening and closing programs and typing . Hopefully somebody can look at these logs and figure it out . Running xp . Normally run AVG 8,5 . Antispyware , malware , and zonealarm for my firewall .
Thanks

[Saving space, attachment deleted by admin]

[SuperDave]

Hello Helpme220 and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - {2ee8be41-c6be-4dfd-a28b-a5cd7cd24aa4} - C:\WINDOWS\system32\msiebbar.dll


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[Helpme220]

Hey SD , thanks for helping me out sorry i didn"t do all this sooner xmas and all . I ran hijack this only saw three things that matched ran  fix checked only got rid of two 018 hijack browser is still in there . Downloaded combofix it ran but didnt give me any log . At least it wasn"t saved to my desktop the log that is so . Here is my hijackthis log . Please let me know if I am doing something wrong with the combofix. I used the first link seemed to work . the second link took me to aplace all in spanish . Don't speak it so really i ran out of ideas .
Thanks again
Helpme220

[Saving space, attachment deleted by admin]

[SuperDave]

My fault. I forgot to have you remove the file. Too much eggnog, I suppose.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O18 - Filter hijack: text/html - {2ee8be41-c6be-4dfd-a28b-a5cd7cd24aa4} - C:\WINDOWS\system32\msiebbar.dll


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Click Start, Search, select All Files and Folders. Copy and paste

Code: [Select]

C:\WINDOWS\system32\msiebbar.dll and click search. Delete this file.

You should be able to find the ComboFix log at C:\ComboFix. If you can't find it, please send me another HJT log.

[Helpme220]

Hey sd . Ran hijack this tried to fix checked 018 hijack browser  wouldn 't get rid of it. Went in computer wouldnt find the msiebar file . Also only found combofix fil were dat of pf files I couldnt post them forum does not support them . zi reran my hijack and i am attaching it . Does the combo file have to be txt . Also my computer is runing extremely slow.
Thanks again for the help
Helpme220


[Saving space, attachment deleted by admin]

[SuperDave]

Yes, the ComboFix log is a txt log. Did you look in the C: drive under Combofix? If you can't find it, could you please run it again.

[Helpme220]

Hey SD, I keep running the combofix . It will run give me an hour glass then nothing . I searched several times it shows no text file .I disabled my shield protect from avg 8.5 and completly disabled my zonealarm firewall. i am also sunning antispyware and and malware software . Would that effect me getting my combofix text log?Should i just delete all my virus software and reinstall? I went in earlier and did a hijackthis scan and tried to fix checked the 018 browser hijacker . Still wont go away then searched again for the msiebbar file shows it s not there ,. I did another hijack this scan and i am attaching it . Thank you again getting tired of this
Help me 22o

[Saving space, attachment deleted by admin]

[SuperDave]

Would that effect me getting my combofix text log?Should i just delete all my virus software and reinstall?

Not disabling your AV and Firewall should not prevent ComboFix from running. It just affects how it runs. By all means, don't delete your AV until I check with my mentor.

Download DDS from HERE or HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
   

[Helpme220]

Okay ,  I tried the first link no page , Second link seemed to work . I downloaded to the desktop. I ran it first time it took five minutes and just would make a dash ,,,,,,,,,,,, . So I went and ran it a gain then the screen would just disappear . ran it again same thing . tried to go to last link to download just said it wouldn't run in dos. So now what ? I do have to say I am amazed by your patience I am ready to smash this thing . Also i am running mozilla fox for my browser , would that have anything to do with all these downloading problems ?Just  asking . Here you go sd hope you like a challenge

helpme 220

[SuperDave]

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.
 
Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

• Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.
  
  Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
  

[Helpme220]

Hey SD , So i ran the first rkill program . Then the exehelper . I think it worked here is the log
Thanks again
 Help me 220

[Saving space, attachment deleted by admin]

[SuperDave]

Try running ComboFix again.

[Helpme220]

Hey . Well it worked here is my combofix log .


[Saving space, attachment deleted by admin]

[SuperDave]

Download GMER Rootkit Detector and save it your desktop.
 
* Extract it to your desktop and double-click GMER.exe
* Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click the Rootkit tab and then Scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.

[Helpme220]

Hey sd, was hoping this was gonna be it . Downloaded GMER .exe and ran it . First time I got a blue screen saying windows shut down because damage was going to happen to my computer . They said there was a program called Kwtcypow.sys. that was causing trouble and i needed to restart my computer and see if my harware and software was all installed properly.And is this continued to go into safe mode. So I restarted my computer again and ran it again . this time same blue screen but it was saying it shut down because there was a Bad_Pool_ caller  What ever that is ? so I am at your mercy . What is the next step ?
Thank you
Helpme 220