Hi, I am operating a windows XP, Compaq Presario 061. I have been having some trouble removing some sort of infection on my computer. This infection is not allowing me to access any of my antispywares which would be " Malwarebytes, Hijackthis,SUPERantispyware, and whenever i try to open it again a messege would pop up saying "Windows cannot access the spicified device, path, or file. You may not have the appropriate permissions to access the item" I've also ran RootRepeal but it will close itself after awhile. I've also tried some methods to try running them such as renaming them, running them in safe mode, and running the programs from my flash drive, nothing seems to be working and i also got more problems where google links redirect me to random sites and where my msn messenger freezes, and i am sometimes unable to log in and also i cannot seem to run most of my other programs. Please, can anyone help me fix my problem?

-Shimizu_XD

This post has been edited by Shimizu_XD: Sep 5 2009, 01:34 PM

Hello and Welcome to the forums

Sorry about the delay in responding

If you still need help please reply back.

Oh yes, Thank You. i have waited a fairly long time to get a reply, but it's ok because i don't think the virus has done anything too bad. But as i said before,I've tried some ways i thoight would work, but lately i haven't had much luck. So if you could please help me fix this problem, I thank you for any kind of help from geekstogo Expets.

This post has been edited by Shimizu_XD: Sep 11 2009, 06:28 PM

• Please do not run any scans or fixes without my direction.
• Stay with this topic until I give you the final 'All clear' post.

1) exeHelper
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

2) DDS

Please download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  
  • DDS.txt
  • Attach.txt
• Save both reports to your desktop.

3) RR
Please download RootRepeal.zip.
Save it to your Desktop. Alternate download links here or here.
Please print these instructions, you will not have an Internet connection!
If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to Step 5. Otherwise...

1. Right click on RootRepeal.zip and select "Extract All"....
2. Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard."
3. Click on the Browse...button, then click on Desktop, then click OK.
4. Once done, check (tick) the Show extracted files box and click Finish.
5. Before running RootRepeal:
   Disconnect from the Internet as your system will be unprotected while using this tool.
   Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
6. Open the RootRepeal folder and double-click on RootRepeal.exe to launch it.
7. When the program opens, click the Report tab at the bottom, then click the Scan button.
8. In the Select Scan, dialog which asks What do you want to include in the scan?, check ALL the boxes.
   
9. Click OK.
10. In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
    The scan can take some time to finish. Do not use the computer while the scan is running.
    When the scan has completed, a list of files will be generated in the RootRepeal window.
11. Click on the Save Report button and save it as "rootrepeal.txt" to your desktop.
12. Close and exit RootRepeal
13. Double-click on the file rootrepeal.txt... Notepad will open... copy/paste the file contents in your next reply.

Make sure to enable your anti-virus, Firewall and any other security programs you disabled.
Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "safe mode".

4) What You Will Need To Post:

• exeHelper log
• DDS logs
• RR log

Here is the exeHelper log

exeHelper by Raktor - 09
Build 20090911
Run at 19:33:23 on 09/11/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Resetting filetype association for .exe
Resetting filetype association for .com
Finished.



I could only get the exeHelper Log, because dds and as i said before, I could not run rootrepeal. I followed the exact steps as how you wrote them but they don't seem to run their scans, I've also tried running dds and RootRepeal in safe mode but it wouldn't run either.

Is there another way ? or another program you would recommend to get the logs?

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from one of these locations:

Link 1
Link 2

When you are saving combofix, save it as combofix1.exe
**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

• Drag the setup package onto ComboFix.exe and drop it.
  
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply using Copy/Paste.


Notes:

Give it atleast 20-30 minutes to finish if needed.

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Also please describe how your computer behaves in your next reply.

Ok, theres another problem when i downloaded combofix and sp2 ms file and then dragged sp2 file to combofix, combofix loaded but it did not start. what do i do now?

Double click the combofix on the desktop and let it run

If combofix still doesn't run try this:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
• 

Next:


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  Note: Combofix will run without the Recovery Console installed.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.


Also please describe how your computer behaves at the moment.

Ok i tried the alternate option to run ComboFix but did not work, instead it tells me.....

"Windows cannot find 'ComboFix'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

This is getting kind of confusing now but I'll keep trying

What is combofix named on your desktop?

ComboFix name is "ComboFix.exe"

Oh and i just got this weird problem with google....
whenever i try to search something it wont go to the page with the results I don't know what happended

Rename combofix.exe to combofix1.com and see if it will run the scan.

Sorry, no luck i have no idea why my computer is being like this

Any other remedies to fix my problems??

Delete the combofix.exe you have now.

Download combofix again but when saving the file save as combofix1.com to your desktop.