Cannot remove a file

[screen317]

Let's see if it did what it was supposed to.

Upload c:\windows\syswow64\wininit.exe to VirusTotal and post the results here.

[dan1234]

Well, it looks clean. I used Firefox

Antivirus Version Last update Result

AhnLab-V3 2010.09.07.00 2010.09.07 -

AntiVir 8.2.4.50 2010.09.07 -

Antiy-AVL 2.0.3.7 2010.09.07 -

Authentium 5.2.0.5 2010.09.07 -

Avast 4.8.1351.0 2010.09.07 -

Avast5 5.0.594.0 2010.09.07 -

AVG 9.0.0.851 2010.09.07 -

BitDefender 7.2 2010.09.07 -

CAT-QuickHeal 11.00 2010.09.07 -

ClamAV 0.96.2.0-git 2010.09.07 -

Comodo 5999 2010.09.07 -

DrWeb 5.0.2.03300 2010.09.07 -

Emsisoft 5.0.0.37 2010.09.07 -

eSafe 7.0.17.0 2010.09.05 -

eTrust-Vet 36.1.7839 2010.09.06 -

F-Prot 4.6.1.107 2010.09.01 -

F-Secure 9.0.15370.0 2010.09.07 -

Fortinet 4.1.143.0 2010.09.05 -

GData 21 2010.09.07 -

Ikarus T3.1.1.88.0 2010.09.07 -

Jiangmin 13.0.900 2010.09.07 -

K7AntiVirus 9.63.2453 2010.09.06 -

Kaspersky 7.0.0.125 2010.09.07 -

McAfee 5.400.0.1158 2010.09.07 -

McAfee-GW-Edition 2010.1B 2010.09.07 -

Microsoft 1.6103 2010.09.07 -

NOD32 5430 2010.09.07 -

Norman 6.05.11 2010.09.06 -

nProtect 2010-09-07.02 2010.09.07 -

Panda 10.0.2.7 2010.09.06 -

PCTools 7.0.3.5 2010.09.07 -

Prevx 3.0 2010.09.07 -

Rising 22.64.01.04 2010.09.07 -

Sophos 4.57.0 2010.09.06 -

Sunbelt 6840 2010.09.07 -

SUPERAntiSpyware 4.40.0.1006 2010.09.07 -

Symantec 20101.1.1.7 2010.09.07 -

TheHacker 6.5.2.1.366 2010.09.07 -

TrendMicro 9.120.0.1004 2010.09.07 -

TrendMicro-HouseCall 9.120.0.1004 2010.09.07 -

VBA32 3.12.14.0 2010.09.06 -

ViRobot 2010.8.25.4006 2010.09.07 -

VirusBuster 12.64.20.0 2010.09.06 -

MD5: 94355c28c1970635a31b3fe52eb7ceba

SHA1: 2de5c051c0d7d8bcc14b1ca46be8ab9756f29320

SHA256: c4e98f07170cec69cacdd5cedb8927e48a2a299cb1b8cda87526e768af6174f0

File size: 129024 bytes

Scan date: 2010-09-07 10:16:52 (UTC)

[screen317]

Great.

Restart your computer and see if you are experiencing redirects still.

[dan1234]

I don't think I was ever redirected internet wise. But COMODO keeps picking things that are trying to get installed on my computer. The last one was with mcsacore.exe when I was running a malwarebytes scan. After looking it up, apprently a "Site Advisor program" for McAfee, but I've never actully installed or dl McAfee unless it comes with windows. And a couple of sites were saying it's spyware. And when I did the virus total scan I had a program called onlinescanneruninstaller.exe try to pop itself on my comp.

Also I have an ask.com search bar on my firefox browser. I've never installed it, it pop a few months back when a friend of mine was trying to download torrents on websites with security warnings, after I told him not too (did it anyways when I left the room). It's never appeared to cause me problems so I've ignored it. I don't know if that could be some kind of problem.

Anywho, after a scan there is still a file that I can't remove:(

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4559

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2010-09-07 06:37:35

mbam-log-2010-09-07 (06-37-35).txt

Scan type: Quick scan

Objects scanned: 140314

Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[screen317]

Hi,

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
  
  :Commands
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

Also update MBAM, run a Quick Scan, and post its log.

[dan1234]

Alright, here's the OTL log

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User

->Temp folder emptied: 4190141 bytes

->Temporary Internet Files folder emptied: 6002520 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 61342237 bytes

->Flash cache emptied: 4707 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 101396 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes

RecycleBin emptied: 51754052 bytes

Total Files Cleaned = 118,00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 09082010_220249

Files\Folders moved on Reboot...

C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

And heres the Updated MBAM log, looks clean:) :

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4577

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2010-09-08 22:12:22

mbam-log-2010-09-08 (22-12-22).txt

Scan type: Quick scan

Objects scanned: 140375

Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[dan1234]

Does that mean I'm all good to go? If so, thank you very much. I cannot express how much I appreciate all your help over the last few weeks:)

[screen317]

Looks like it.

Delete OTL, SecurityCheck, and all of the .reg/.bat files I had you create.

Let me know if you're encountering any further issues.

[dan1234]

There is one more thing. Ever since the last thing I did, when I start up my computer, I get an error msg from McAFee site advisor.

c:\PROGRA~2\Mcafee\sitead~1\SaHook.dll

Not sure about the caps and such. I'd tried to manually uninstall the program with control panel. But I get a bunch of defense msg from COMODO that it's trying to modifie files. I've been blocking it in case it is spy ware. Is there a way to remove it from my system without going thought the "official" uninstall? Or can I uninstall it the normal way, and it's safe to accept those file modifications?

[dan1234]

I've noticed something else as well that didn't use to happen. Every time I exit a game (online game or offline game), I get a black screen and I'm force to manually shut down my computer. I can't alt-crtl-del or anything. Don't know what's going on there as well:(

[dan1234]

Sorry for 3 replies in a row. But I can't see any edit button.. I think I figure out the black screen thing

[screen317]

Hi,

Disable Comodo temporarily and allow the uninstall to go through.

What happened with the black screen issue?

[dan1234]

Hi,

Disable Comodo temporarily and allow the uninstall to go through.

What happened with the black screen issue?

Hey,

I just tried that, and it says I cannot remove it. I need to go to the website "Service.mcafee.com" if the problem continues. I don't know if it's because it was partly uninstalled before, and now it causes errors? Is there a way to manually go in and just delete the files? Or is that an unsafe way to do it? I'll look at the website as well.

And I think the black screen thing was me panicking to fast... lol I had a lot of things running at once. After the reset I'd start up everything again (updates/scans/etc.) then try a new game, instead of running it when nothing was going on. And when I did that it started working fine. So I think it was nothing

[screen317]

Hi,

Download the McAfee Removal Tool.

Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.

Let me know how it goes.

[dan1234]

I think everything is fine now. Seems to be anyways. I still things trying to hop on my comp, but I think most of them are safe, and my security setting are probably just too high.

Any who, thanks for the help:) I really appreciate it.

[screen317]

Okay great. Open OTL and click CleanUp.

Now that your computer seems to be in proper working order, please take the following steps to help prevent infection in the future:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
  
• Yellow for caution
  
• Red to stop
  

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!