Pc went off then a virus...

HJT LOG.




Help me with this. I really doubt 023 line (1033r.exe, 3076p.exe, aaaamonz.exe and 3com_dmiia.exe) How can i remove this. Thanks in advance!

First

Click Start > Run and copy and paste these commands hitting enter after each one:..


sc stop idsvclanmanserver

sc delete idsvclanmanserver

sc stop SpoolerW32Time

sc delete SpoolerW32Time

sc stop wscsvcSysmonLog

sc delete wscsvcSysmonLog

sc stop SSDPSRVALG

sc delete SSDPSRVALG


Next
Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:

* Close all programs so that you are at your desktop.
* Double-click on the My Computer icon.
* Select the Tools menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and shutdown My Computer.
* Now your computer is configured to show all hidden files.

Now find and delete the following files.

C:\WINDOWS\system32\1033r.exe
C:\WINDOWS\system32\3076p.exe
C:\WINDOWS\system32\aaaamonz.exe
C:\WINDOWS\system32\3com_dmiia.exe

NEXT
Make sure any antivirus or protective software is disabled.
Here is a tutorial for most programs.
http://www.bleepingcomputer.com/forums/topic114351.html

Then Download ComboFix.exe from HERE to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it). Just save it to your desktop as MyCombo.exe. Then click the MyCombo.exe file to run the repair.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay.


A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop, however given the infection there ComboFix will likely cause a reboot in order to complete it's repairs.

(ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver)

Post back the C:\ComboFix.txt log as well as a new HijackThis log please.

I followed your step by step guide.

Im done with the following (CleanUp40.exe, mbam-setup.exe, Superantispyware and Online Bitdefender Scan.

Here is my latest HJT log.




Bitdefender Results



I tried downloading the Combofix and named it to MyCombo but it says combofix is already expired.

Use this one instead...


Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.

Note: If you already have ComboFix on your machine, please DELETE it from your desktop before downloading the newest version.

Also

Open HJT and click scan only, place a check by these entries DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O23 - Service: Network DDE NetDDESpooler (NetDDESpooler) - Unknown owner - C:\WINDOWS\system32\acelpdecn.exe (file missing)
O23 - Service: WebClient WebClientNetDDE (WebClientNetDDE) - Unknown owner - C:\WINDOWS\system32\1037p.exe (file missing)
O23 - Service: WMI Performance Adapter WmiApSrvAppMgmt (WmiApSrvAppMgmt) - Unknown owner - C:\WINDOWS\system32\3com_dmii.exe (file missing)

Close all windows and browsers except HJT and click fix checked.

Latest HJT and Combofix.



HJT Log



The 023 services with file missing were not removed even though i fixed it. I follow your instructions carefully though.

Make sure any antivirus or protective software is disabled.



* Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Quote box below:




* Save this as CFScript.txt and place it on your desktop.





* Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
* ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
* When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

With a new HJT log


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.