Cannot remove Malware..

[SuperDave]

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[huyniken]

ok i did, and here it is.

[Saving space, attachment deleted by admin]

[SuperDave]

The ComboFix log shows that you have MicroSoft Security Essentials installed. Did you re-enable it after you ran ComboFix?

[huyniken]

no i didnt do anything with it, when i had just gotten the virus, it wouldnt work, so i tried to unistall it and it wouldnt let me, and finally i was able to do it, then i tried installing it again but it wouldnt let me. i have the microsoft security essentials download package on my desktop, but i have not downloaded it again myself since i started with all of the steps.

[SuperDave]

no i didnt do anything with it, when i had just gotten the virus, it wouldnt work, so i tried to unistall it and it wouldnt let me, and finally i was able to do it, then i tried installing it again but it wouldnt let me. i have the microsoft security essentials download package on my desktop, but i have not downloaded it again myself since i started with all of the steps.

Did you get an error when you tried to install it again? Can you see MSE in your Add/Remove programs? If you can, uninstall it and download another version from here and tell me if you are able to install it.

[huyniken]

yeah its not in my change/remove programs or anything, and when i tried to download it says an error has occured when it tried to complete the installation.
 
i have a few microsoft visual C ++ progams in the list, and im not sure what those are for.

[SuperDave]

1. Download this diagnostics tool MGADiag.ext and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.
 
 
 
See here for MicroSoft visual C ++ progams

[huyniken]

alright i copied it, so the microsoft C++ is something i should keep on my computer then?

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-48VWH-T66HT-C7R2B
Windows Product Key Hash: H+mXaJKf2mqV6RqI0E31hdOez/E=
Windows Product ID: 76477-OEM-2111907-00108
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {345F6855-2EE9-4D24-95BE-BA88E90454A6}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\PROGRA~1\FLOCK\FLOCK.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>
{345F6855-2EE9-4D24-95BE-BA88E90454A6}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</
Architecture><PKey>*****-*****-*****-*****-C7R2B</PKey><PID>76477-OEM-2111907-00108</PID><PIDType>2</PIDType><SID>S-1-5-21-3912001545-3018062935-2635361069</SID><SYSTEM><Manufacturer>SAMSUNG ELECTRONICS CO., LTD.</Manufacturer><Model>NC10                       
</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies Ltd.</Manufacturer><Version>10CA.M006.20090716.RHU</Version><SMBIOSVersion major="2" minor="5"/><Date>20090716000000.000000+000</Date><SLPBIOS>$SAMSUNGPC</SLPBIOS></BIOS><HWID>3FE609900184C065</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Samsung Electronics</name><model>SEC</model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E710:Samsung Electronics CO., LTD
Marker string from OEMBIOS.DAT: $SAMSUNGPC

OEM Activation 2.0 Data-->
N/A

[SuperDave]

so the microsoft C++ is something i should keep on my computer then?

Only if you're using it to write code.

Download and install one of these until we can get the problem with MSE sorted out.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

[huyniken]

ok i installed it.

[SuperDave]

Can you please give me another HJT log?

[huyniken]

yup here it is

[Saving space, attachment deleted by admin]

[SuperDave]

Just one more item to fix with HJT.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

If there are no other issues, it's time for some clean-up. You can try downloading MicroSoft Security Essentials later if you still want it. You had it once and should be able to get it again. I've attached a link to run a Windows Installer Cleanup Utility below to completely uninstall your MSE. Perhaps, that's why you can't install a new one. If you still have no success, you can get more information on the MSE website concerning your particular problem. I cannot see any reason why you're getting an error. If the error has a number, you could try googling it. You can uninstall HJT but you can keep SAS and MBAM. Update them and run them about once a week.If you do manage to install MSE don't forget to uninstall Avira.

If necessary for any antivirus or other program try the Windows Installer Cleanup Utility - Description of the Windows Installer CleanUp Utility.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
Safe Surfing!

[huyniken]

If necessary for any antivirus or other program try the Windows Installer Cleanup Utility - Description of the Windows Installer CleanUp Utility.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

i downloaded the cleanup utility but i dont see a runbox or anything to type in anywhere to type in combofix

[SuperDave]

i downloaded the cleanup utility but i dont see a runbox or anything to type in anywhere to type in combofix

I'm sorry if I was misunderstood. The Cleanup Utility was to remove any traces of MSE which may be left on your computer thereby preventing the new installation of MSE

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Use this procedure to uninstall ComboFix.