Help please!!! - Split from other user's thread

**bingo** · 05-10-2007, 06:25 PM

Originally Posted by jholland1964

Symantec AntiVirus is Norton Antivirus. I am 1000% sorry. Had your log and another printed out sitting here side by side and picked up their McAfee listings and thought they were yours

I am sorry.

Glad you removed the NOD32 though.

Now for your logs...
first of all you noted avgas.exe running in processes, that is the AVG Anti-spy program. this is NOT a good idea. For one thing cleaning the registry is good at times, but you also run the risk of cleaning out the wrong thing. Plus, this can make it much harder to actually find out what is causing a problem.

Can you give us more info on the computer itself...hard drive size, how much RAM do you have installed?

Also, please don't download anymore programs or do anymore cleaning until we can see if other steps are needed. By using other programs AFTER doing these scans the results are now skewed because some things showing in the scans may now be gone.
Can you do those steps again for me please and post the results.

Judy, thanks for your time and suggestions!

The reason I ran RegCure multiple times is I found that the second sacn immediately following the first scan still found many problems. Does the first scan and clean good enough if no following scan and clean?

My computer is IBM ThinkPad with 40GB hard drive and 512MB RAM. I have IE6 and FireFox installed. Although IE6 is the default web browser, I use FF in most of the time.

I'll not download and run any clean program untill you tell me to do so. I should can do all the steps in PP's list and post logs during the weekend.

Bingo

**jholland1964** · 05-10-2007, 10:50 PM

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

**bingo** · 05-13-2007, 01:38 AM

Hi Judy,

Here are my new logs.

1. I noticed following 2 items from Control Panel's Add or Remove Programs window are suspicious:

Auction Client 672 KB
Outer info 648MB

2. Windows Malicious Software Removal Tool didn't find any malicious software.

3. Kaspersky on-line scan found 1 Virus and 3 infected objects

Please review the logs and suggest me what's next step to clean the virus and remove the infected objects. Another big problem in my computer is the services.exe often occupied 99%+ CUP time and hang the computer. Is this related to the virus and infected objects in my PC?

Thanks and have a nice weekend!

Bingo

**jholland1964** · 05-13-2007, 12:35 PM

Outer Info is malware so uninstall via Add/Remove.
Don't know for sure about Auction Client but if you don't know what it is then if it were my computer I would uninstall that also.
I will look at your logs and get back with you.
Judy

P.S. This is NOT a full combofix log.

**bingo** · 05-14-2007, 03:16 AM

I tried to uninstall Auction Clien and Outerinfo from Add or Remove Programs. Following error message popped out when uninstalling Outerinfo:

An error occurred while trying to remove Outerinfo. It may has already been uninstalled. Would you like to remove Outerinfo.exe from the Add/Remove programs list?

When trying to uninstall Auction Client, RunDll32.exe is occupied 99% CUP, and the uninstall is never finished. I have to end the RunDll32.exe from Task Manager. What's the alternative way I can use to remove these 2 programs?

Following is the Combofix.log I ran tonight. It's even shorter than last time:

Scanning for infected files . . .
This typically doesn't take more than 10 minutes

Scan times for badly infected machines may easily double

"C:\WINNT\system32\bszip.dll"

If this is not you expected, I may not run it properly. BTW, I haven't got the prompts I got when ran it first time. Another concern is, when I double click Combo.exe, a window popped out to remind me some process is trying to change my web browser's default web site. I selected to restore my original default web site. Is this normal and right way to run Combofix.exe?

**jholland1964** · 05-14-2007, 01:08 PM

You are supposed to have ALL browsers CLOSED when running Combofix. You should also be DISCONNECTED from the internet.

**bingo** · 05-14-2007, 05:44 PM

Originally Posted by jholland1964

You are supposed to have ALL browsers CLOSED when running Combofix. You should also be DISCONNECTED from the internet.

I did disconnect my internet connection and close all browsers when I ran Combofix.exe. Actually, I just ran one more time, and the log is exact same as last time (in red).

**jholland1964** · 05-14-2007, 11:52 PM

bingo, you must be running combofix incorrectly. Look at this link; post #107 to see what a combofix log will look like
http://forum.networktechs.com/showth...t=1231&page=11

Follow these instructions exactly...you must be clicking the mouse during the scan because it seems to be stalling and not completing the scan.
Delete the last one you downloaded and click on the link here;

Download ComboFix.exe and save it to your DeskTop.
-- DoubleClick combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post that log for us.
Do not mouseclick combofix's window whilst it's running as it may cause it to stall...

**bingo** · 05-16-2007, 01:09 AM

Originally Posted by jholland1964

bingo, you must be running combofix incorrectly. Look at this link; post #107 to see what a combofix log will look like
http://forum.networktechs.com/showth...t=1231&page=11

Follow these instructions exactly...you must be clicking the mouse during the scan because it seems to be stalling and not completing the scan.
Delete the last one you downloaded and click on the link here;

Download ComboFix.exe and save it to your DeskTop.
-- DoubleClick combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post that log for us.
Do not mouseclick combofix's window whilst it's running as it may cause it to stall...

I ran new downloaded Combofix.exe one more time. And the log is still short. This time I selected '1', then start scan. After 30 min, the scan seems stop, I clicked the area outside the combofix window, and wait another hour, nothing happened. And following is the log:
Scanning for infected files . . .
This typically doesn't take more than 10 minutes

Scan times for badly infected machines may easily double

"C:\WINNT\system32\bszip.dll"
"C:\Temp\tn3"

Is anything wrong in my procedures?

**jholland1964** · 05-16-2007, 08:41 AM

This time I selected '1', then start scan.

Type 1 and then hit Enter on your keyboard.
The scan will run.
When the scan is completed a Notepad will automatically open with the log. Save the log as a text file and post it back here.

Thread: Help please!!! - Split from other user's thread

Thread Tools

Display

New logs

Thread Information

Users Browsing this Thread

Posting Permissions