Lurch987

Never mind, figured it out. Thanks.

Hey gang, I'm back with another one. I'm cleaning a friends computer and there's multiple users on this system. I cleaned as much as I can and 1 user's profile works great but another one's internet is slow. It doesn't make sense to me so I did a HJT log. Logfile of HijackThis v1.99.1 Scan saved at 7:16:32 PM, on 11/20/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WIND

Thank you!

Monday, September 22, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, September 21, 2008 17:55:35 Records in database: 1248303 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ Scan statistics Files scanned 167495 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 04:56:35 No malware has been detected. The scan area is clean. The selected area was scann

Here it is again. ComboFix 08-09-16.05 - Owner 2008-09-19 0:05:08.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.159 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\iuujefha.dll C:\WINDOWS\system32\mgwlun.dll C:\WINDOWS\system32\

There's no log there because it didn't finish. Anyway, I tried ComboFix again and it worked. Here's the log along with a new HJT. ComboFix 08-09-16.05 - Owner 2008-09-18 22:55:12.2 - NTFSx86 Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\wDeeKkkj.ini C:\WINDOWS\syste

That program hung on [emptytemp] and after a few minutes didn't respond. Up to that point everything was successful. I had to do a hard shutdown. I couldn't copy the results.

The program didn't run

Here's a new HJT log Logfile of HijackThis v1.99.1 Scan saved at 21:09, on 2008-09-18 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C

Here's the ComboFix log ComboFix 08-09-16.05 - Owner 2008-09-18 19:27:01.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.179 [GMT -4:00] Running from: C:\Documents and Settings\Owner\desktop\ComboFix.exe Command switches used :: /KillAll WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\PCHealthCenter\0.exe C:\Program Files\PCHealthCenter\2.gif C:\Program Files\PCHealthCenter\3.gif C:\Program Files\PCHealthCenter\sc.html

Ran Combofix and it rebooted my computer. Now it's stuck on the blue shutdown screen.

Thank you!

Here's the MBAM report: Malwarebytes' Anti-Malware 1.28 Database version: 1166 Windows 5.1.2600 Service Pack 3 18/09/2008 1:39:26 AM mbam-log-2008-09-18 (01-39-26).txt Scan type: Full Scan (C:\|) Objects scanned: 138729 Time elapsed: 1 hour(s), 7 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 12 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 21 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSE

I've been posting logs to fix my friends computer, but in the mean time my own computer got infected. I did some scans but it didn't get every thing. Getting pop ups. Here's the hjt: Logfile of HijackThis v1.99.1 Scan saved at 11:58:49 PM, on 9/17/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\syst

Here's the Combofix log and the new HJT log. ComboFix 08-09-16.01 - Katie 2008-09-17 0:49:02.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.193 [GMT -4:00] Running from: C:\Documents and Settings\Katie\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMffd9ee4c.txt C:\WINDOWS\BMffd9ee4c.xml C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.dll C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\elat.exe C:\WINDOWS\hosts C