INFECTED

I need help with my computer, I am sure I have a virus my internet explorer and google chrome gets hijacked, it does always allow me to download programs and it took me several tries to download the programs listed on this site and I am missing all programs listed in my start folder and sometimes i get a message saying i do not have administrator rights. I am attaching the logs mentioned on this site needed to help clean my computer

also attach aswMBR log…

it seems you also have AVG installed?

never install multiple AV as this will make your comp slower, give mysterious windows errors, and false positive detections

malware removers are notified. it may take hours before one arrive so be patient

Thank you
I will be patient and in the mean time I will uninstall AVG.

when done…run AVG removal tool so all leftover files that may conflict are gone http://singularlabs.com/uninstallers/security-software/

Once this has run let me know if your menu returns

[*] Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan

https://dl.dropbox.com/u/73555776/RKScan.GIF

[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.

https://dl.dropbox.com/u/73555776/RKDelete.GIF

[*]The report has been created on the desktop.

[*]Next click on the ShortcutsFix

https://dl.dropbox.com/u/73555776/RKFixShortcuts.GIF

[*]The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

i have run the avg removal tool and the menu has not returned.
i am attaching the aswMBR file.
and will now run rogue killer

attached are the RKreports

Are the menus still missing ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Yes the menu is still missing and I am currently running OTL which is taking awhile. It is still killing processes which has been about an hour so far.

OK stop OTL, Uninstall MBAM. Re-run the OTL fix and reinstall MBAM

Restore Accessories Program Files Menu

Please download this tool

You will need to unzip the tool first.

Once you’ve unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

https://dl.dropbox.com/u/73555776/restore-start-menu-accessories-folder.gif

Once they are, click on the Restore button.

Restore Admin Tools Program Files Menu

Please download this tool .

You will need to unzip the tool first.

Once you’ve unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

https://dl.dropbox.com/u/73555776/RestoreAdministrativeTools.gif

This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the Repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings[i]your name[/i]\start menu

https://dl.dropbox.com/u/73555776/recoverxp1.gif

https://dl.dropbox.com/u/73555776/recoverxp2.gif

I have run the “restore accesories” and the “restore the admin tolls” but when I run the Repair.vbs I get a windows script error “Loading your settings failed (Access is denied)”

sorry forgot to rerun OTL quick scan i have now and attached the file

I have just tried it on my VM and it worked quite nicely
Lets look deeper

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[]Accept the disclaimer and allow to update if it asks
[
]Allow the installation of the recovery console

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I ran combo fix, I still do not have items in my start/file and folder box I do however have some of my icons back on my desk top (like the recycle bin), and my internet explorer still seems to be hijacked every time I start it it asks me if I want it to be my default browser and such like I am starting it for the first time. and google chrome does the same, I also cannot change any of the security settings every time I do it reverts back to where they were previously also when I try and turn off windows fire wall it says its off but the check marks stats it is on. attached is combofix log

OK looks like some repairs to do, once this programme has run let me know what problems are outstanding

Download Windows Repair (all in one) from this site

Install the programme then run

https://dl.dropbox.com/u/73555776/waio%20start.JPG

Go to step 3 and allow it to run SFC

https://dl.dropbox.com/u/73555776/waio%20step3.JPG

On the start repairs tab click start

https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG

Select the following items and tick restart system when finished

https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG

I am unable to find my original windows cds can should I still run the program?

Yes skip the SFC part for now

I have run all in one and I still have the same problems

Hmm lets check services next

Download and run farbar service scanner

http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FSS-1.jpg

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

attached is the log