Unknown Infection on win XP/IE8...unable to reinstall/run/update mbam

[BrianLevy]

Here are the results of Systemlook:

SystemLook 30.07.11 by jpshortstuff

Log created at 17:35 on 17/04/2013 by Brian

Administrator - Elevation successful

========== filefind ==========

Searching for "ieframe.dll"

C:\0f5ebfa42f3c2e16d2ae48b60e6651cf\ieframe.dll --a---- 11063808 bytes [08:39 08/03/2009] [08:39 08/03/2009] 729DA5D23A9AD20A6AA353156A126420

C:\550a13b0536b4efbf677d5afbc0e\ieframe.dll --a---- 11063808 bytes [08:39 08/03/2009] [08:39 08/03/2009] 729DA5D23A9AD20A6AA353156A126420

C:\ae5f3ce45a70cf008edc40bd3a1a64\ieframe.dll --a---- 11063808 bytes [08:39 08/03/2009] [08:39 08/03/2009] 729DA5D23A9AD20A6AA353156A126420

C:\e18bd55a6146299c2f34\ieframe.dll --a---- 11063808 bytes [08:39 08/03/2009] [08:39 08/03/2009] 729DA5D23A9AD20A6AA353156A126420

C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\ieframe.dll --a---- 11079168 bytes [21:27 11/08/2010] [12:24 24/06/2010] FBFC0E0CE96C8F3693DF4857EBB37949

C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\ieframe.dll --a---- 11082240 bytes [15:27 10/09/2010] [15:27 10/09/2010] 8C856AF5F0C1CA61A1EF66B891D785F4

C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll --a---- 11082752 bytes [10:57 06/11/2010] [10:57 06/11/2010] 19CAF5284FDF79E52FDD6F4E8FF9ECFC

C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll --a---- 11082752 bytes [14:04 10/02/2011] [23:58 20/12/2010] A91A853A07053930E45E8B006791ED5F

C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\ieframe.dll --a---- 11082752 bytes [08:57 23/02/2011] [08:57 23/02/2011] 7891399162494C05DBA4304481CAC512

C:\WINDOWS\$hf_mig$\KB2530548-IE8\SP3QFE\ieframe.dll --a---- 11083776 bytes [23:29 15/06/2011] [16:09 25/04/2011] A1089F1F506A56E6C3B047ED61B205C5

C:\WINDOWS\$hf_mig$\KB2559049-IE8\SP3QFE\ieframe.dll --a---- 11083776 bytes [05:03 25/06/2011] [05:03 25/06/2011] 87A15EF9AE97787B6D1BBEBC20185D27

C:\WINDOWS\$hf_mig$\KB2586448-IE8\SP3QFE\ieframe.dll --a---- 11084288 bytes [19:11 13/10/2011] [23:47 22/08/2011] C7D32F283994CC77DE43AD34FCBEA60D

C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\ieframe.dll --a---- 11083776 bytes [19:19 05/11/2011] [19:19 05/11/2011] F9372AB72020156C79B7A92AD4A1078D

C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\ieframe.dll --a---- 11085312 bytes [13:01 16/02/2012] [19:45 17/12/2011] 7091AE89663C1A89E4F8C46AD266557E

C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\ieframe.dll --a---- 11085312 bytes [21:35 10/04/2012] [10:58 01/03/2012] 74E6BFB8EC949380A917F2B49D4539D2

C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\ieframe.dll --a---- 11112960 bytes [19:42 13/06/2012] [14:41 11/05/2012] CB63D1090F09DD306D2FF2E2C2770664

C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE\ieframe.dll --a---- 11112960 bytes [13:12 15/08/2012] [17:48 02/07/2012] D6B7593EE88D0419AB3B3A4C2DD8CAD5

C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\ieframe.dll --a---- 11113472 bytes [13:19 24/09/2012] [15:13 28/08/2012] 0AEF74EA3115E8E2477578531390432D

C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\ieframe.dll --a---- 11113472 bytes [14:03 13/12/2012] [12:15 01/11/2012] 8002527BBF49C028AD5FA866D66768B4

C:\WINDOWS\$hf_mig$\KB2792100-IE8\SP3QFE\ieframe.dll --a---- 11112960 bytes [14:10 13/02/2013] [20:15 26/12/2012] 84C32D2FCA2BDB19C8C7FBD3468A228B

C:\WINDOWS\$hf_mig$\KB2809289-IE8\SP3QFE\ieframe.dll --a---- 11112960 bytes [05:34 06/02/2013] [05:34 06/02/2013] 3C8E0CB8C8B31483BFDE35B82855B600

C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll --a---- 6068224 bytes [21:21 03/04/2009] [17:26 03/10/2008] C0F690706C8F4468B17A20530D7B32E2

C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\ieframe.dll --a---- 6068736 bytes [21:21 03/04/2009] [23:55 20/12/2008] CBA0078473E65D8F4BE1A472099162D0

C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\ieframe.dll --a---- 6068736 bytes [18:09 20/02/2009] [18:09 20/02/2009] DFAD02C430698F3C28C82380F87B262E

C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\ieframe.dll --a---- 6069248 bytes [04:49 29/04/2009] [04:49 29/04/2009] 629932D1D34AC476AB8EBC78D719B33B

C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\ieframe.dll --a---- 6070784 bytes [13:31 19/07/2009] [13:31 19/07/2009] BCB67F7FC4EDDDD1D0F3FF9CD41D706C

C:\WINDOWS\$hf_mig$\KB974455-IE7\SP3QFE\ieframe.dll --a---- 6070784 bytes [07:31 29/08/2009] [07:31 29/08/2009] 4457FBAE53EB951FCFD4A92F4A62FCC4

C:\WINDOWS\$hf_mig$\KB976325-IE7\SP3QFE\ieframe.dll --a---- 6070784 bytes [07:45 29/10/2009] [07:45 29/10/2009] 5530B5093740BCFEDDE85C54CE2476BB

C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\ieframe.dll --a---- 11070464 bytes [13:07 13/01/2010] [18:15 29/10/2009] 1B8A2213F02EE2CE04BC2D9887B28789

C:\WINDOWS\$hf_mig$\KB978207-IE8\SP3QFE\ieframe.dll --a---- 11070976 bytes [19:09 22/12/2009] [19:09 22/12/2009] 7267B4EC41B8C4A2D0016E50DF73A2FA

C:\WINDOWS\$hf_mig$\KB980182-IE8\SP3QFE\ieframe.dll --a---- 11073024 bytes [18:43 30/03/2010] [06:19 25/02/2010] B960A4B8B0024EE885C892F82E3A4E2C

C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll --a---- 11078144 bytes [20:06 06/05/2010] [20:06 06/05/2010] 829BC36DEC43E7A9F53E826BAC991540

C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll -----c- 6049280 bytes [21:21 03/04/2009] [22:54 13/08/2007] 3460EC04E65C7B52024B5073C4AACFAA

C:\WINDOWS\ie7updates\KB961260-IE7\ieframe.dll -----c- 6066176 bytes [21:21 03/04/2009] [17:41 03/10/2008] 9A647EB36A8D4C97A15F46CD560E98E2

C:\WINDOWS\ie7updates\KB963027-IE7\ieframe.dll -----c- 6066688 bytes [11:45 17/04/2009] [23:15 20/12/2008] 1C736F3980C7328077B65C3BB33E80A3

C:\WINDOWS\ie7updates\KB969897-IE7\ieframe.dll -----c- 6066176 bytes [07:00 11/06/2009] [18:09 20/02/2009] A280BC1D20C94DDEE22EF9DB507821E0

C:\WINDOWS\ie7updates\KB972260-IE7\ieframe.dll -----c- 6066176 bytes [11:41 29/07/2009] [04:55 29/04/2009] 1DC989811B9CD1884C06B05B767F6A4D

C:\WINDOWS\ie7updates\KB974455-IE7\ieframe.dll -----c- 6067200 bytes [07:00 22/10/2009] [13:32 19/07/2009] DAABB9EC6CDEE737044E76812D5E1EEB

C:\WINDOWS\ie7updates\KB976325-IE7\ieframe.dll -----c- 6067200 bytes [13:03 09/12/2009] [07:36 29/08/2009] 947523EC3DB3F0148A28848D15C840EF

C:\WINDOWS\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\ieframe.dll --a---- 6066688 bytes [21:19 03/04/2009] [23:15 20/12/2008] 1C736F3980C7328077B65C3BB33E80A3

C:\WINDOWS\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\ieframe.dll --a---- 6068736 bytes [21:19 03/04/2009] [23:55 20/12/2008] CBA0078473E65D8F4BE1A472099162D0

C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\ieframe.dll --a---- 6066176 bytes [21:18 03/04/2009] [17:41 03/10/2008] 9A647EB36A8D4C97A15F46CD560E98E2

C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\ieframe.dll --a---- 6068224 bytes [21:18 03/04/2009] [17:26 03/10/2008] C0F690706C8F4468B17A20530D7B32E2

C:\WINDOWS\SoftwareDistribution\Download\60592bc9e478a3c60830f8835d653e9f\SP3GDR\ieframe.dll --a---- 11111424 bytes [00:41 02/04/2013] [20:05 05/02/2013] 59570CA554C9D75E72241AC3252E84BD

C:\WINDOWS\SoftwareDistribution\Download\60592bc9e478a3c60830f8835d653e9f\SP3QFE\ieframe.dll --a---- 11112960 bytes [05:34 06/02/2013] [05:34 06/02/2013] 3C8E0CB8C8B31483BFDE35B82855B600

C:\WINDOWS\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\ieframe.dll --a---- 11069952 bytes [13:06 13/01/2010] [07:45 29/10/2009] 259249EC893B9630917A42764FAB766E

C:\WINDOWS\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\ieframe.dll --a---- 11070464 bytes [18:15 29/10/2009] [18:15 29/10/2009] 1B8A2213F02EE2CE04BC2D9887B28789

C:\WINDOWS\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3GDR\ieframe.dll --a---- 11111424 bytes [00:44 29/08/2012] [00:44 29/08/2012] D573DEB87CB2DF4E5116D2A4E284EAB4

C:\WINDOWS\SoftwareDistribution\Download\982ca70dcc7d7c5793e4584ca12bd6a6\SP3QFE\ieframe.dll --a---- 11113472 bytes [20:46 02/04/2013] [15:13 28/08/2012] 0AEF74EA3115E8E2477578531390432D

C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\ieframe.dll --a---- 11081728 bytes [12:35 02/04/2013] [19:20 04/11/2011] 0B8FB29CDA02015448C9F5260A013F19

C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\ieframe.dll --a---- 11083776 bytes [18:19 05/11/2011] [18:19 05/11/2011] F9372AB72020156C79B7A92AD4A1078D

C:\WINDOWS\SoftwareDistribution\Download\a9521eaab98ac9cacc47fb50c6ebf296\sp3gdr\ieframe.dll --a---- 6105088 bytes [00:51 06/02/2013] [00:51 06/02/2013] 11E47C2A717C03E1C5E05E1CFF6FA3DF

C:\WINDOWS\SoftwareDistribution\Download\a9521eaab98ac9cacc47fb50c6ebf296\sp3qfe\ieframe.dll --a---- 6108672 bytes [00:49 06/02/2013] [00:49 06/02/2013] C6DFCC5CFC78BF757DFD8E83763D5682

C:\WINDOWS\SoftwareDistribution\Download\e66b4743816c49dca51948af9e24f676\SP3GDR\ieframe.dll --a---- 11111424 bytes [20:46 02/04/2013] [20:05 05/02/2013] 59570CA554C9D75E72241AC3252E84BD

C:\WINDOWS\SoftwareDistribution\Download\e66b4743816c49dca51948af9e24f676\SP3QFE\ieframe.dll --a---- 11112960 bytes [05:34 06/02/2013] [05:34 06/02/2013] 3C8E0CB8C8B31483BFDE35B82855B600

C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\ieframe.dll --a---- 11076096 bytes [20:46 02/04/2013] [10:41 06/05/2010] 4939E99C1B61017E37A006EEC2E7632D

C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\ieframe.dll --a---- 11078144 bytes [20:46 02/04/2013] [20:06 06/05/2010] 829BC36DEC43E7A9F53E826BAC991540

C:\WINDOWS\system32\ieframe.dll --a---- 6067200 bytes [22:54 13/08/2007] [07:46 29/10/2009] A8AB8F27F7BBA9CB6C0B8D0534B3C4AE

C:\WINDOWS\system32\dllcache\ieframe.dll --a--c- 6067200 bytes [21:21 03/04/2009] [07:46 29/10/2009] A8AB8F27F7BBA9CB6C0B8D0534B3C4AE

-= EOF =-

[TheDarkKnight]

Hey BrianLevy,

This will be a multistep process so please print these instructions for an easy read.

Please uninstall MBAM from your Control Panel.

=====

Next, please download the attached Fix zip file and run the Fix.BAT file within.

• Double-click it to run a Command Prompt window.
  
• When it finishes type EXIT and press ENTER.
  
• Restart your computer.
  

=====

Now, please reinstall MBAM from here:

http://www.malwarebytes.org/

=====

Do MBAM and IE work now?

FIX.zip

[BrianLevy]

Hi DarkKnight!!

The batch file failed. I uninstalled mbam, then restarted the machine (per the uninstaller's instructions), then ran the batch file. It gave the same error twice in a pop up:

DLLUnregisterServer in ieframe.dll failed. Return code was 0X80004001

Inside the command window, it said that it could not access the file as it was in use by another process (twice).

That being said, I thought maybe I would have better luck in safe mode. Same thing...no good.

I assume that since the batch file failed nothing changed, so I did NOT try to reinstall mbam at this point.

I await further instructions....

[TheDarkKnight]

Hello BrianLevy,

Please try repairing Internet Explorer:

http://support.microsoft.com/kb/318378

Does IE work now?

[BrianLevy]

Repair tool failed.

"Troubleshooting cannot proceed

The troubleshooter has experienced an unexpected error and cannot continue..."

OK, I know that we are not supposed to do things on our own, but after I tried to run Microsoft's repair tool unsuccessfully, I thought that I would go back and try your batch file another way. I copied it to the root of my "C" drive, and then booted into safe mode/command prompt only. I ran it, and it came up with a couple of errors (the last being a pop up that said "regsvr32:Loadlibrary ("ieframe.dll") failed, specified module could not be found). When I hit OK, it continued to run, and then gave another error that it could not find the bat file to delete (not worried about that one).

When I booted back into normal mode, nothing seemed to work that well, so I re-ran the fix.bat as I was supposed to from the beginning, and it did not give me any errors, although I was still having problems. I rebooted and tried to reinstall mbam, but towards the end of the install, I got several errors: CoCreateinstance failed, code 0x80040154. Class not registered. I got about 3 pop ups that ended with the same code, and the same result...class not registered.

I thought that now maybe the IE 8 install might work, and I ran it. It LOOKED like it ran fine. In fact upon reboot it was setting up my personal options, so i thought maybe we were getting there, but now when I try to open IE, instead of openning and staring at me, it opens, then closes immediately (I also tried restting IE).

Mbam is still giving me the old '372' error when I try to do anything with it. I then tried to run SFC, but it did not seem to find anything.

So bottom line is it appears that I made no real progress after the minor detour. I did not think that anything I was doing was too far off from what you were telling me. I hope that I am not mistaken. I just thought I would let you know what I did to try to get things to work. It just does not appear that we are making any progress with this.

I did also notice that somewhere along the way here I received an error stating that the windows installer could not be accessed. I went into my services and noticed it was set to manual (which I believe is normal). When I tried to start it, it stops immediately. It says that this is normal, but I was able to start it on another machine, and it stayed running. Not sure if this applies to anything, but I thought I would let you know. Also, I was searching google for my error, and in the bleepingcomputers forum there was someone who seemed to be having the same trouble as I am having, but I think they ended up reinstalling or something. One thing I did note in that thread was something about some of the classes in the registry were missing some zero's at the beginning of their CLSID, or something to that effect. I was wondering if that might have anything to do with what I am experiencing.

I am trying to avoid repairing or reinstalling windows. Hopefully we can avoid that.

Thanks for your help, and I await further instructions.

[TheDarkKnight]

Hey BrianLevy,

Please make sure MBAM is uninstalled and not in the Control Panel.

Then, navigate to Program Files on your C:\ drive and delete Malwarebytes.

Now try installing it. Did that work?

[BrianLevy]

I did as directed, and still got the same error messages during the install. All of the error messages ended with "Class not registered."

Since we have started, my PC has gotten progressively harder to work with (I use a program that uses IE controls, and since the last several steps, it has become unusable). I was thinking that I could try to uninstall IE8 (it now appears in the control panel), then try to reinstall IE7, but I fear that will fail as everything else has so far. I just want to know if I should try that route, or if perhaps you have another idea?? I am fighting off others around me who want me to just repair/reinstall windows. I fear that will just make the whole PC a bit of a mess...so I am trying to avoid that.

I await further instructions.

[TheDarkKnight]

Hey BrianLevy,

If you reformat that will wipe everything and give you a clean slate. It will certainly remove the problem.

If you wish to continue please try uninstalling IE and see if it reinstalling will help.

My apologies that this is taking ages. It seems you have some corrupt Windows files or settings and finding them is proving difficult.

[BrianLevy]

Didn't work. Was able to uninstall IE8, and tried to reinstall it. When I try to reinstall and choose the option that downloads all the updates as well, it just sits there, but when I tell it to JUST install, it installs, but when I go to open it up, it just flashes and closes.

I understand that we are talking about some corrupt windows files, and I understand how this is like looking for a needle in a haystack. I just don't know which is the best way to proceed. I am feeling more and more that trying a windows repair may be my next option. I do not have too much faith in that choice either, but I fear that we are running out of choices. Any other suggestions??

Brian

[BrianLevy]

I don't know if this helps, but I found this thread on another forum. Person appears to have the same problem as I do, however, I do not see exactly what was finally done to resolve this. There is one post to the thread that I really don't understand; maybe it is key??

Here is the link to the thread: http://forums.majorgeeks.com/showthread.php?t=275002 if you are interested....

[TheDarkKnight]

Hey BrianLevy,

Please download Windows Repair from here.

• Extract and launch Repair_Windows.exe.
  
• on the Start repairs tab and then click on Start.
  
• Check mark the following options:
  Reset Registry Permissions
  Reset File Permissions
  Repair WMI
  Remove Policies Set By Infections
  
• Checkmark the Restart System When Finished option.
  
• Click the Start button.
  
• Restart your computer when it is has finished.

[BrianLevy]

Nothing seems to have changed.

I was wondering if I should try and choose the 'repair internet explorer" option in that tool. I figure that it will fail like everything else, but what have I got to lose?

[TheDarkKnight]

Please give that a go and see how it goes.

[BrianLevy]

OK...We have partial success!!

I reran the repair tool, and selected repair IE, but I also selected repair winsock/dns, restore windows services, repair .lnk files, and repair windows update. When I restarted, IE works, my shortcuts work as they are supposed to, and malwarebytes was able to update and run.

Problems I am still having. My application that relies on IE is still not quite working, but I will work on that myself. Outlook opens, but gives a script error when trying to load the today screen. When I do send/recieve I get no errors, and all appears to work, except none of my emails download. Not exacly sure how to fix this, so any suggestions would help.

Bottom line I am MUCH better than I was yesterday...now to just mop up the mess...

[TheDarkKnight]

Good morning BrianLevy,

Great!

Outlook is one of those funny programs...when it starts to have issues it is often hard to resolve. My advice is to backup your messages, contacts, autocontacts and anything else you have in Outlook and reinstall it. Often a reinstall of Outlook fixes any issues, while trying to solve the issues can take ages.

=====

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start.
  
• When asked, allow the ActiveX control to install.
  
• Click Start.
  
• Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  
• Click Scan.
  Wait for the scan to finish.
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

[BrianLevy]

Looks like we have some critters....here is a copy of the log:

C:\Documents and Settings\Brian\My Documents\7zip_installer_d162802.exe probably a variant of Win32/InstallIQ application

C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir Win32/PrcView application

C:\RECYCLER\S-1-5-21-1206589861-3752764420-3085793165-1005\Dc2.exe a variant of Win32/Somoto.A application

C:\WINDOWS\Support\IP Scan\ipscan.exe Win32/NetTool.Portscan.C application

[TheDarkKnight]

Hello BrianLevy,

That log is fine.

Please download TFC to your Desktop.

• Open the file and close any other windows.
  
• It will close all programs itself when run; make sure to let it run uninterrupted.
  
• Click the Start button to begin the process. The program should not take long to finish its job.
  
• Once its finished it should reboot your machine; if not, do this yourself to ensure a complete clean.

=====

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[BrianLevy]

TFC locked up my PC when I tried to run it. I had to do a hard reboot to continue. I ran it in safe mode, and it seemed to work fine.

Security check was fine. Here is the log:

Results of screen317's Security Check version 0.99.63

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

AVG Anti-Virus Business Edition 2013

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 11

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (20.0.1)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 9%

````````````````````End of Log``````````````````````

[TheDarkKnight]

Hey BrianLevy,

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

• Please go to the below link and download the latest Windows XP version:
  

http://www.java.com/en/download/manual.jsp

• Save it to your Desktop.
  
• Please go to Start > Control Panel > Add Or Remove Programs.
  
• Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them:
  
• Select Remove.
  
• Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

Also, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

• Please go to Start>All Programs>Adobe Reader.
  
• Open Adobe Reader and navigate to Help>Check for Updates.
  
• Please follow the prompts to install the latest version.

=====

In your reply please let me know how the updates go.

[BrianLevy]

Updates went fine.

Only remaining issues are that one application i was telling you about, and I am working with their tech support to restore that, and outlook, and you summed that one up earlier. I am still not sure if everything is safe yet...did we ever identify an infection? I do know that I recognize one of the files the ESET scan detected...C:\Documents and Settings\Brian\My Documents\7zip_installer_d162802.exe. This was the file that I rushed into using when this all started I believe (and the time stamp backs that up). Is win32/insallIQ a virus? I can't find any information on it...

[TheDarkKnight]

Hey BrianLevy,

Is win32/insallIQ a virus?

ESET often identifies installers for programs as weird "infections", such as this one. No need to worry about it.

=====

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

And AdwCleaner:

• Please double click on adwcleaner.exe to run the tool.
  
• Click on Uninstall.
  
• Confirm with Yes.

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

=====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

[BrianLevy]

I typically am fairly well protected. This happened because I was in a rush to try and help someone, and instead of going slow and scrutinizing what I was doing, I just clicked and approved more than I should have. I am still trying to get everything back to the way it was, but I do believe that my system is pretty much back...thanks for your help!!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!