I am now trying to restore the computer.
ADWCleaner has been run and the log is attached.
Malwarebytes will not install or run
OTL runs but will not complete, gives an error of access violation at address 0052DFB7 in module ‘otl.exe’. Read of Address 00000000.
here is the log from ASWmbr.
[*] I will be working on your Malware issues this may or may not solve other issues you have with your machine.
[*] The fixes are specific to your problem and should only be used for this issue on this machine.
[*] If you don’t know or understand something, please don’t hesitate to ask.
[*]Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc…)
[*] Please DO NOT run any other tools or scans whilst I am helping you.
[*] It is important that you reply to this thread. Do not start a new topic.
[*] Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
[*] Absence of symptoms does not mean that everything is clear.
.
=========== Next ============
Please download zoek.exe and save it to your desktop.
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:
process;
srinfo;
systemscpecs;
installedprogs;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
C:\Windows\system32\services.exe;i
C:\Windows\SysNative\services.exe;i
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Downloaded it to a flash drive (can not currently get on the internet from the infected computer) and copied it onto the desktop of the infected computer. Disable avast, and double click on it to run, and the hourglass appears and goes away, but nothing happens. Right click and select run, and get the same results.
Please print these instruction out so that you know what you are doing
[*]Download OTLPENet.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[*]Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes
[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[]OTL should now start.
[]Drag and drop this attached scan.txt into the Custom scans and fixes box
[attachment=64806:scan.txt]
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
Results from the otl.txt file are attached, it wouldn’t let me post it inline as it is over 10,000 characters.
Download the attached fix.txt to a USB
Start the Reatogo CD
Once on the desktop run OTL
Press Run Fix
A dialogue will open asking for the location of the fix.txt
Locate and select fix.txt on the USB drive
Press Run Fix again
On completion reboot and try normal windows again
ran the fix. rebooted into windows normal. Still having applications that won’t load (many will open by double clicking on a file and launching the application, but they won’t open by clicking on the application itself. I have attached the log file created after the fix.
We deleted AVG you have two antivirus.
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.
How to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
log file is attached.
Open notepad and copy/paste the text present inside the code box below:
Folder::
c:\windows\system32\config\systemprofile\Application Data\AVG2013
c:\documents and settings\Dave\Application Data\AVG2013
c:\documents and settings\Dave\Local Settings\Application Data\AVG SafeGuard
c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
c:\documents and settings\All Users\Application Data\AVG2013
c:\program files\AVG
c:\documents and settings\Dave\Local Settings\Application Data\Avg2013
Driver::
Akdser
ClearJavaCache::
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
new log file is attached.
You have a problem now?
On the system can be only one antivirus, never two.
yep. The computer is still preventing all applications from running. If I try to open internet explorer it pops up a window for about 5 seconds then closes, all other applications nothing happens when you double click on them. If I double click on a fie that is associated with an application (IE a word document, or a pdf, or an image) they will open in the application, I just can’t open any directly.
Can you open right click open?
yes
Download file
http://www.speedyshare.com/ex9Pa/xp-exe-fix.reg
Double click, yes > reboot
no change. also, when I try to right click open internet explorer it still is doing the 5 seconds and close, other programs seem to stay open ok with the right click open though.
Try this fix
http://www.speedyshare.com/uNGup/linkfile-fix.reg
malware has screwed up file associations
most of the programs appear to be working now. Internet explorer is still the same though, closes in 3-5 seconds. also, Microsoft word has an error message wanting me to repair it’s installation when it opens, but it still opens. I also seem to be hearing more hard drive action when the computer is running, not sure if that is significant or not…