pLEASE NEED HELP TO GET RID OF tROGEN

[jeffce]

Please download and run ERUNT (Emergency Recovery Utility NT).  This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.  **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:OTL
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKU\S-1-5-21-192252866-2205986208-601751812-1008\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-192252866-2205986208-601751812-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-192252866-2205986208-601751812-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O33 - MountPoints2\{6b699fc0-20d6-11e1-a890-001731aaab15}\Shell - "" = AutoRun
O33 - MountPoints2\{6b699fc0-20d6-11e1-a890-001731aaab15}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b699fc0-20d6-11e1-a890-001731aaab15}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\{6b699fc1-20d6-11e1-a890-001731aaab15}\Shell - "" = Autorun
O33 - MountPoints2\{6b699fc1-20d6-11e1-a890-001731aaab15}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e74674a0-cbad-11df-adf8-001731aaab15}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Setup.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

Post the new OTL log and let me know how your system is running now.  :)

[Tiggie]

This may be the log for when I did a full scan with malwarebytes
Will do the Arunt and other orocedure you need. Tiggie

[Tiggie]

I have Done it at last. this is the Malwarebytes log for the first quick scan. Its all in the where one saves it to it seems.Will now do what you instructed  Erunt etc  Tiggie

[jeffce]

Ok sounds good. 

[Tiggie]

jeffce here is the Erunt log .I am  now going to do OTL.exe
Tiggie

[jeffce]

Ok...when you get OTL.txt please attach that. 

[Tiggie]

jeffce here is the OTL.exe file created last night.(Fix )
I am now running a new scan and will post it as soon as its finished.
Tiggie

[Tiggie]

jeffce this is the new OTL log done this morning. hope all is well now.
Will let you know how my system is running later today
I appreciate very much your patience with me
Tiggie

[jeffce]

Hi,

Please run the set of instructions from Reply 30 once again exactly as I wrote them.  For some reason the fix did not take. 

Once complete please post the logs that are created.   

[Tiggie]

Hi jeffce, I ran the OTL.exe again yesterday.When it started it said "killing processes, DO NOT INTERUPT. " but unlike a scan those words did,nt move .when I went to bed last night everything was the same.This morning the programme said  not responding. Wish it had said that last night. Hence you getting no mail from me.
I can try it again.
My ststem was running well yesterday happy to say.
Tiggie
 

[Tiggie]

Although OTL .exe page had on it not responding this morning, I see the program has made a log and  perhaps it is what you want jeffce. Hope so  I am attaching it now.
Tiggie

[Tiggie]

jeffce the last log sent to you was the fix it log done last night .Now sending the OTL.exe scan .
Tiggie

[jeffce]

Hi,

I think that we need to run a different tool here.  Some of these just are not being removed...

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------

[Tiggie]

jeffce just going to do Combo fix I want to get it right so will you please advise me  which do I choose when disabling Avast anti virus ie-One hour or untill pc is restarted
Tiggie

[jeffce]

You can disable it until the system restarts.