5 Hours of Complete Pain XP Security 2011

[essexboy]

OK lets give this a shot

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Files/Folders - Modified Within 30 Days]
NY ->  3lhqy33xpt11p -> C:\Documents and Settings\Owner\Local Settings\Application Data\3lhqy33xpt11p
NY ->  3lhqy33xpt11p -> C:\Documents and Settings\All Users\Application Data\3lhqy33xpt11p
[Files - No Company Name]
NY ->  3lhqy33xpt11p -> C:\Documents and Settings\Owner\Local Settings\Application Data\3lhqy33xpt11p
NY ->  3lhqy33xpt11p -> C:\Documents and Settings\All Users\Application Data\3lhqy33xpt11p
NY ->  0908201015103842.bat -> C:\Program Files\0908201015103842.bat
NY ->  0907201015510757.bat -> C:\Program Files\0907201015510757.bat
[File - Lop Check]
NY ->  mJhLkDf01805 -> C:\Documents and Settings\All Users\Application Data\mJhLkDf01805
[Custom Items]
:Reg
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shellex]
[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\Program Files \Internet Explorer\iexplore.exe"
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\exefile]
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

[Probzzie]

here is the log after reboot.

EDIT: Sorry for it being such a quick post, I had stuff i was doing around the house and stuff as well.
But I'm free and ready to continue now

I now have control over dektop icons and all my exe files!!
Running Malware bytes right now will post log

[Probzzie]

Okay here is an MBAM Scan log, and an ashwmbr scan, hope it helps!!

[Probzzie]

Combofix log, and full MBAM scan. Noticeable infection still present with the systems performance. Much more sluggish and less responsive. Avast does not load up with windows, but has fully updated, windows firewall was successfully launched and is now running, windows update will not start though, tried going to control panel and the settings are set too on but the red x is still in system notifications area.


PS: Thanks so far to essexboy and pondus both of you have saved this systems life!!!

[Probzzie]

Ok the desktop seems too still be hijacked.... I went to open and re run combo fix and Avast popped up a dozen times with different items being attacked heres one of the many that came up.

[essexboy]

OK that is to be expected as Combofix does a lot of the same sort of actions as a virus/malware

So what you were doing was reacting to  some elements of combofix loading/running

It appears that combofix does not like the alot toolbar 

Could you let me know what problems remain please - ignoring the combofix notifications from Avast

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

[Probzzie]

Avast does not load with Windows, the icon is not in notifications area either, however when I click to load the program it act as if it was already on, task manager shows avast process but only avastsvc.exe.... Also Windows update will not configure, or turn on, so I have an security risk in the notification area (xp security, real)
Tried going into control panel toggle updates on and it let me select and apply on to updates but the x remained there stating they were off, tried going to windows update site to update or turn them on from there but was unsucessful in updating and turning them on.

Those are stil my problems and heres my taskmanager as soon as the system turns on.

[essexboy]

OK first could you do a repair to Avast - I will have a fix for windows update tommorow

[essexboy]

OK windows update repair


Go to this page
Run the fixit there  (big button about one third the way down) - if the normal run does not cure it then re run and use the aggressive mode

[Probzzie]

Hey thanks for the windows update fix, unfortunantly Avast! even with being reinstalled will not load with windows, I will attemp the windows update fix and hoefully that will cure this problem but as it stande its still not loading.

[essexboy]

Did you do a full uninstal/install with Avast ?

[Probzzie]

Yes full uninstall and reinstallation of Avast!
I ran the tool you asked me too download and it corrected both the problems, avast is loading with windows, and updates are enabled now.

THANK YOU SO MUCH FOR YOUR HELP! I wouldnt have been able to do this alone.

[essexboy]

OK I would like you to run for a day or so - and if no further problems appear let me know and I will remove my bits and bobs 

[Probzzie]

Ok I'll tell to keep an eye on it and notify me of any problems that arise.
Just doing a quick look and removing all toolbars and add ons they let be installed while downloading off the internet.

[essexboy]

Yep  leave the programmes I asked you to use - as I can remove them cleanly once you are happy