My Log from ComboFix continuation

[haydee]

Hi essexboy

So I feel the problem on this system is not malware but A2 and a stalled IE7 install

How do I fix the stalled IE7?

I'm so sad and frustrated. I even lost the internet connection.
Thanks for your help.
haydee

[essexboy]

OK first things first

Download and run http://www.majorgeeks.com/downloadget.php?id=4372&file=10&evp=4578a0d2691013178f302c260093894b this is the winsock fix and is a repair for windows

Please re-open HiJackThis and scan.  Check the boxes next to all the entries listed below.

O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe
O4 - HKLM\..\RunOnce: [Installing-ie7] C:\DOCUME~1\HAYDEE~1\LOCALS~1\Temp\IE7-WindowsXP-x86-enu[1].exe /passive
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\HAYDEE~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{97BFB627-6E7B-492A-8B95-61754BAAB54D}
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [Internet Explorer] C:\Program Files\Internet Explorer\iexplore.exe

Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Internet Explorer 7

Let me know how you get on from here

[haydee]

Hi essexboy, Thanks

Download and run http://www.majorgeeks.com/downloadget.php?id=4372&file=10&evp=4578a0d2691013178f302c260093894b
 this is the winsock fix and is a repair for windows
I lost the Internet connection, I'm using my daughter's one to communicate with you.
Unfortunatelly I can't repair windows.I don't know if losing Internet connection has
to do with the problem the computer has.
My daughter has Comcast and I have a wireless USB network device. I used to get her
Internet connection in my computer but now is gone. I used the Comcast CD to make the
connection and it doesn't get it.

I can go to the task manager through Ctrl+Alt+del and I got the desktop box and ran the HiJackThis but
I didn't see any of the 04-HKLM\..RunOnce: entries except the last one.I checked that entry and clicked
Fix Checked.

I ran the Hijackthis again and I see R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Defalt_Search_URL
 =http://go.microsoft.com/fwlink/?LinkId+54896

There are 5 of this varing after \Main...
Am I suppose to leave those?
I can't send you the log Report since I don't have the Int.connection.

[haydee]

Is there anyway to get to "search' through task manager?

[Lisandro]

Is there anyway to get to "search' through task manager?

No. But Process Explorer could give you more info.
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx

[haydee]

Thanks Tech, very kind of you.
I went to program Files and found Internet Explorer and clicked to delete it and I got a message saying this:
Error Deleting File or Folder
Cannot delete internet Explorer: It is being used by another person or program. Close any program that might be using the
file and try again.

The only thing I have opened is the task manager.

[haydee]

essesxboy

I found Internet Explorer at Programs and deleted it.

[haydee]

To whom wants to help in the forum:
 I found out my computer system was damaged and the Windows
program was stalled or inactivated.
I got my computer from AOL and when I called to Activate
Windows they say according to the installation ID that it is no legitimate or genuine. they want me to get the Product key
but I don't see it anywhere.

Now back to my daughter's computer I think is doing fine. I put the firewall you told me, the spyware and everything.
Avast warns me right away if any virus try to sneak in and also the spyware terminator. They are good stuff. thanks a lot to all of you who have helped me.
I ran the VundoFix and it didn't find anything.

This is my daughter's computer last Hijackthis . Please check and
see if everything is ok.

http://www.4shared.com/file/18144647/e1840...kthis_LAST.html


My complements to all of you for being so Blessed Good.

[essexboy]

Hi Haydee that last link was invalid.

Reference the product key they may need the certificate of authenticity which should be on a sticker on the side of your system.  See this link  http://www.microsoft.com/resources/howtotell/en/coa.mspx You can scroll down and expand the various images

[haydee]

Hi thank you very much.
 I found the product key on the side of my computer.
This is the link:

http://www.4shared.com/file/18144647/e18402ab/hijackthis_LAST.html

One question:
 I have Spyware exterminator and it asks to allow in certain programs. My grandson blocked Avast. How can I unblock it?
I updated it but it is still showing the small pop up saying that it is blocked. I can open it anyway from the desktop and it found 4 trojans. But if it is blocked I guess it can't detect any virus
that enters on the spot.

[essexboy]

Hi Haydee The log looks clean

For your daughters computer it is clean up time

Now the best part of the day ----- Your log now appears clean 

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update
  

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe  :wave:

As for spyware exterminator I am afraid I have no knowledge of that programme maybe someone else can help

[haydee]

essexboy
Thanks a lot.
About my computer I don't know if I will ever get it
back. My son took the disk out of the computer
and took it to his house to "fix it" and I don't know
what will he bring back to me 
I just feel so sad because I had so many important
links at My favorites. I think I might lost all that
plus all my files from My documents.
Well, I am used to lose the things I love, so one
more hurt is just that, another one.


Now, concerning my daughter's computer, Avast have
found a virus few times at this location.
C:\_OTMoveIt\MovedFiles\WINDOWS\..\xanjvlym.dll
Infection: Win32B

haydee

[essexboy]

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

The trojan alerts are on the files OTmoveit killed so they can safely be deleted and are no threat to the system

[haydee]

Hi essexboy
Thanks again.
Work done with OTMoveIt.
My son hasn't returned the disk he removed
from my computer.
I found out the monitor was not working.
He said that since the monitor was damaged
that it could've damaged my the computer
system? Is that right?
If he has to reprogram the whole thing, will I
be able to recover my lost files?
How about my favorites?
Thanks,
haydee

[Lisandro]

I found out the monitor was not working.
He said that since the monitor was damaged
that it could've damaged my the computer system? Is that right?

I really doubt about this... I don't think so.

If he has to reprogram the whole thing, will I be able to recover my lost files?

What do you mean with reprogram? Formated?