BleepingComputer.com: I can't get rid of v. win repair

Please download SystemLook from jpshortstuff and save it to your Desktop

Download Mirror #1

Download Mirror #2

• Double-click the SystemLook and copy/paste the following into the box
  

  :filefind
  combofix.txt

  
  
  
• Hit the Look button. Let it finish the scan
  
• A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

ok here it is...I think

Hello,


Please proceed to these locations.Then copy and paste those txt files one by one.

C:\ComboFix213089C\ComboFix.txt
C:\ComboFix219444C\ComboFix.txt
C:\ComboFix227323C\ComboFix.txt
C:\ComboFix232732C\ComboFix.txt

Also look in the is folder for any Combofix.txt files

C:\qoobox

They would be something similar to this:
C:\qoobox\ComboFix2.txt
C:\qoobox\ComboFix3.txt
C:\qoobox\ComboFix4.txt
C:\qoobox\ComboFix5.txt

This post has been edited by fireman4it: 09 July 2011 - 12:26 PM

ComboFix 11-07-06.04 - tbrothers 07/08/2011 19:27:27.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1177 [GMT -4:00]
Running from: C:\Users\tbrothers\Desktop\ComboFix2.exe

ComboFix 11-07-05.03 - tbrothers 07/05/2011 20:44:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1128 [GMT -4:00]
Running from: C:\Users\tbrothers\Desktop\ComboFix2.exe
Command switches used :: /nombr

ComboFix 11-07-06.04 - tbrothers 07/06/2011 21:56:31.3.2 - x86
Running from: C:\Users\tbrothers\Desktop\ComboFix2.exe

ComboFix 11-07-05.03 - tbrothers 07/05/2011 20:18:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1049 [GMT -4:00]
Running from: C:\Users\tbrothers\Desktop\ComboFix2.exe

nothing listed with combofix in qoobox

Hello,


1.
Please copy and paste everything that is in C:\qoobox



2.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.

Download Link 1
Download Link 2

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
  For instructions with screenshots, please refer to this Guide.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  
• If an update is found, the program will automatically update itself. Press the OK button and continue.
  
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

• Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  
• Click on the Scan button.
  
• When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked and then click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab.
  
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  
• Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check and check Remove found threats
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

4.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.


Things to include in your next reply::
qoobox results
MBAM log
Eset log
DDS.txt
How is your machine running now?

Good am
I am traveling with work so as soon as I land and get settled I will get this done

DDS results attached


Malwarebytes results:

alwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7068

Windows 6.0.6000
Internet Explorer 8.0.6001.18882

7/10/2011 9:47:56 PM
mbam-log-2011-07-10 (21-47-56).txt

Scan type: Quick scan
Objects scanned: 167382
Time elapsed: 26 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\23060240.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\njjcgdoecv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

qoobox
Most of the folders were empty

-------- 2011-07-04 - 21:13:30 -------------


-------- 2011-07-04 - 21:19:23 -------------


-------- 2011-07-05 - 14:51:42 -------------


-------- 2011-07-05 - 14:53:38 -------------


-------- 2011-07-05 - 19:57:03 -------------


-------- 2011-07-05 - 19:57:15 -------------


-------- 2011-07-05 - 20:12:14 -------------


-------- 2011-07-05 - 20:14:22 -------------

error: 31

-------- 2011-07-05 - 20:42:30 -------------

error: 31

-------- 2011-07-06 - 21:53:45 -------------


-------- 2011-07-06 - 21:54:25 -------------

error: 31

-------- 2011-07-08 - 19:25:12 -------------

error: 31

In the qoobox file is a folder called BackEnv that has about 20 different things do you want all of those copied and pasted or is there something specific I should look for

EST had no log come up..I have tried to scan it 3 times to get this the "list of found threats to come up" but nothing does

thanks
Hb

DDS results attached


Malwarebytes results:

alwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7068

Windows 6.0.6000
Internet Explorer 8.0.6001.18882

7/10/2011 9:47:56 PM
mbam-log-2011-07-10 (21-47-56).txt

Scan type: Quick scan
Objects scanned: 167382
Time elapsed: 26 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\23060240.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\njjcgdoecv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

qoobox
Most of the folders were empty

-------- 2011-07-04 - 21:13:30 -------------


-------- 2011-07-04 - 21:19:23 -------------


-------- 2011-07-05 - 14:51:42 -------------


-------- 2011-07-05 - 14:53:38 -------------


-------- 2011-07-05 - 19:57:03 -------------


-------- 2011-07-05 - 19:57:15 -------------


-------- 2011-07-05 - 20:12:14 -------------


-------- 2011-07-05 - 20:14:22 -------------

error: 31

-------- 2011-07-05 - 20:42:30 -------------

error: 31

-------- 2011-07-06 - 21:53:45 -------------


-------- 2011-07-06 - 21:54:25 -------------

error: 31

-------- 2011-07-08 - 19:25:12 -------------

error: 31

In the qoobox file is a folder called BackEnv that has about 20 different things do you want all of those copied and pasted or is there something specific I should look for

EST had no log come up..I have tried to scan it 3 times to get this the "list of found threats to come up" but nothing does

thanks
Hb

Hello,

1.
Uninstall Combofix

• Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
  o *If it is not on your Desktop, the below will not work.
  
• Click on then Run....
  
• Now copy & paste the green bolded text in the run-box and click OK.
  
  ComboFix /Uninstall
  
  
  
  <Notice the space between the "x" and "/".> <--- It needs to be there
  Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall
  
  
  
• Please advise if this step is missed for any reason as it performs some important actions:
  "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".

2.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
  
• Drive-by Trojan preying on out-of-date Java installations
  
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "Java Platform, Standard Edition".
  
• Click the "Download JRE" button to the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• From the list, select your OS and Platform (32-bit or 64-bit).
  
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  
• Click Ok and reboot your computer.

Congratulations! You now appear clean!

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

• Download OTC by OldTimer and save it to your desktop.
  
• Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  
• Then Click the big button.
  
• You will get a prompt saying "Being Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.

Recommendations
Below are some recommendations to lower your chances of (re)infection.

• Install and maintain an outbound firewall
  
• Install Spyware Blaster and update it regularly
  If you wish, the commercial version provides automatic updating.
  
• Install the MVPs hosts file, and update it regularly
  You can use the HostMan host file manager to do this automaticly if you wish.
  For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  
• Install an Anti-Spyware program, and update it regularly
  Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
  SUPERAntiSpyware is another good scanner with high detection and removal rates.
  Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  
• Keep Windows (and your other Microsoft software) up to date!
  I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
  
  If you are using Windows XP or earlier
  Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  
  If you are using Windows Vista
  
  • Click the "Start Menu" (or Windows Orb)
    
  • Click "All Programs"
    
  • Click "Windows Update"
    
  • On the left, choose "Change Settings"
    
  • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    
  • Press OK and accept the UAC prompt.
    Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    
  • Click "Check for Updates" in the upper left corner.
    
  • Follow the instructions to install the latest updates.
    
  • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  
  
• Keep your other software up to date as well
  Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  
• Stay up to date!
  The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing .

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 2-3 days the topic will need to be closed.

Thanks for understanding

With Regards,
fireman4it

I will be able to work on it tonight I have been away with work... I have been doing it at night. I have to use my iPhone as a hotspot bc there is no wifi available

Ok, Let me know how is t goes.

Hello,
Got everything done and the computer is running good. Thank you for all of your help.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.