Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bagle Worm, cant access Antivirus/hijackthis!plz help [RESOLVED]


  • This topic is locked This topic is locked

#91
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
its done...what do i do now?
  • 0

Advertisements


#92
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
u there man?
  • 0

#93
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Sorry, been hellish busy at work, and haven't been able to check in.

Anyway, run DSS for me again please, post me the log and also let me know how everything is running with the computer.

Cheers,
RatHat
  • 0

#94
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
the pc is not well. Its running fine, but no programs in startup except for msn messenger and epestpatrol, which shouldnt even start, it never used to, but i guess it does it because avast wont start still.. still get "not a win32 application" errors



there you go;

Deckard's System Scanner v20071014.68
Run by dave on 2008-03-27 19:36:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as dave.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:01, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\dave\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dave.exe
C:\Program Files\Avant Browser\avant.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11082 bytes

-- Files created between 2008-02-27 and 2008-03-27 -----------------------------

2008-03-27 17:32:30 0 d-------- C:\WINDOWS\LastGood
2008-03-27 17:27:20 0 d-------- C:\WINDOWS\Prefetch
2008-03-26 22:45:33 0 d-------- C:\I386
2008-03-25 21:14:45 0 d-------- C:\fsaua.data
2008-03-25 01:10:22 0 d-------- C:\cmdcons
2008-03-24 22:18:42 0 d-------- C:\Documents and Settings\dave\Application Data\Malwarebytes
2008-03-24 22:18:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-24 22:18:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-24 20:52:04 0 drahs---- C:\autorun.inf
2008-03-24 19:45:38 0 d-------- C:\Program Files\Trend Micro
2008-03-24 12:39:22 0 d-------- C:\Combo-Fix
2008-03-23 23:40:46 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-23 23:40:46 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-23 23:40:46 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-23 23:40:46 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-21 16:05:40 107520 --a------ C:\WINDOWS\system32\UnCasino5.exe <Not Verified; ; UnCasino Application>
2008-03-21 16:05:08 0 d-------- C:\Program Files\WH GBP Casino
2008-03-21 16:04:00 0 d-------- C:\Program Files\William Hill Poker
2008-03-19 18:56:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Vara Software
2008-03-19 18:50:16 0 d-------- C:\Documents and Settings\dave\Application Data\Vara Software
2008-03-16 14:31:49 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-03-09 12:20:58 0 d-------- C:\958f7957514ceef8862ed3ec8f6dd584
2008-03-03 20:05:59 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-03 17:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-03 17:58:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 15:31:00 93184 --a------ C:\WINDOWS\system32\UnPoker.exe <Not Verified; ; UnCasino Application>
2008-03-02 14:11:30 5685 --a------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-03-02 14:11:30 24576 --a------ C:\WINDOWS\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-03-02 14:11:27 0 d-------- C:\Program Files\ASUS
2008-03-02 14:09:15 0 dr------- C:\WINDOWS\AsDmiHtm
2008-02-29 21:34:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 21:34:39 0 d-------- C:\Program Files\Classic Menu for Office
2008-02-29 16:48:05 0 d-------- C:\Documents and Settings\dave\Application Data\GridIron
2008-02-29 16:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\GridIron Software
2008-02-29 15:49:43 0 d-------- C:\Program Files\Microsoft Works
2008-02-29 15:49:33 0 d-------- C:\Program Files\MSBuild
2008-02-29 15:48:04 0 d-------- C:\Program Files\Microsoft.NET
2008-02-29 15:40:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 15:39:20 0 dr-h----- C:\MSOCache
2008-02-29 15:18:51 0 d-------- C:\Program Files\PowerISO


-- Find3M Report ---------------------------------------------------------------

2008-03-27 17:16:15 0 d-------- C:\Program Files\Movie Maker
2008-03-27 17:15:02 23680 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-27 17:13:59 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-27 17:13:53 0 d-------- C:\Program Files\Messenger
2008-03-27 17:13:38 0 d-------- C:\Program Files\Windows NT
2008-03-23 15:44:14 0 d-------- C:\Program Files\XoftSpySE
2008-03-20 19:02:42 0 d-------- C:\Documents and Settings\dave\Application Data\Adobe
2008-03-20 16:03:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-13 09:54:01 0 d-------- C:\Documents and Settings\dave\Application Data\BSplayer Pro
2008-03-12 00:03:06 0 d-------- C:\Documents and Settings\dave\Application Data\Ahead
2008-03-04 00:14:46 0 d-------- C:\Program Files\Vtune
2008-03-04 00:08:11 0 d-------- C:\Program Files\MagicISO
2008-03-04 00:06:11 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-04 00:05:16 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-03 23:58:38 0 d-------- C:\Program Files\Bonjour
2008-03-03 23:58:37 0 d-------- C:\Program Files\Avant Browser
2008-02-29 15:49:03 0 d-------- C:\Program Files\Common Files
2008-02-22 14:24:53 0 d-------- C:\Program Files\GenArts
2008-02-14 15:42:11 0 d-------- C:\Program Files\Disc2Phone
2008-02-14 15:30:29 0 d-------- C:\Documents and Settings\dave\Application Data\Teleca
2008-02-14 15:29:53 0 d-------- C:\Documents and Settings\dave\Application Data\Sony Ericsson
2008-02-14 15:27:39 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-14 15:27:05 0 d-------- C:\Program Files\Sony Ericsson
2008-02-12 23:56:49 0 d-------- C:\Program Files\Vertus Fluid Mask 3
2008-02-12 23:56:23 1024 --a------ C:\WINDOWS\system32\u1xi0qt.dll
2008-02-12 23:56:22 1024 --a------ C:\WINDOWS\system32\grcauth2.dll
2008-02-12 23:56:22 1024 --a------ C:\WINDOWS\system32\grcauth1.dll
2008-01-31 19:25:52 0 d-------- C:\Program Files\DivX
2008-01-31 13:57:24 0 d-------- C:\Program Files\THQ
2008-01-31 13:37:08 0 d-------- C:\Program Files\Ulead Systems
2008-01-18 18:07:49 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-01-18 18:07:49 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-01-15 15:40:52 3727360 --a------ C:\WINDOWS\system32\sapphire_ae.dll <Not Verified; GenArts, Inc.; GenArts, Inc. Sapphire Plug-ins>
2008-01-09 11:18:12 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:16:10 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-09 11:16:10 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-09 11:16:02 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [10/04/2006 08:19]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [02/06/2006 08:45]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [01/05/2006 10:07]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [31/08/2006 07:39]
"nwiz"="nwiz.exe" [31/08/2006 07:39 C:\WINDOWS\system32\nwiz.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [31/10/2005 09:51]
"P17Helper"="P17.dll" [03/05/2005 11:38 C:\WINDOWS\system32\P17.dll]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [09/01/2006 02:43]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20/03/2007 15:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/12/2007 19:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [23/03/2008 23:44]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [21/04/2006 14:42]
"atwtusb"="atwtusb.exe" [21/09/2005 18:08 C:\WINDOWS\system32\ATWTUSB.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [02/06/2005 13:22 C:\WINDOWS\KHALMNPR.Exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11/05/2000 00:00]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20/03/2006 17:34]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00:47]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe" [30/06/2006 14:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [14/11/2007 21:34]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [02/01/2008 21:14]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [31/08/2006 07:39]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [20/09/2007 04:35]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [03/08/2004 21:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03/08/2004 21:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03/08/2004 21:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
"IE7-10"=rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [11/01/2008 16:55:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f57bd60-e871-11dc-aa80-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-03-27 19:37:23 ------------
  • 0

#95
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, download, install and run this anti virus for me:

Avira AntiVir PersonalEdition


This should ensure you have no remnants of the virus left in your computer.
  • 0

#96
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
anythign specific in the scan? or just scan my drives?
  • 0

#97
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Carry out a complete scan of your C: and E: drives. This should confirm (I bloody hope) that we have got rid of this bagle worm, and all the rubbish it has propagated. Let me know how it goes, and if it finds anything.

Then we just have to get your programs working again!
  • 0

#98
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
AntiVir PersonalEdition Classic
Report file date: 27 March 2008 20:58

Scanning for 1168633 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PISSOFF

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 14:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 13:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 16:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 13:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 15:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 20:52:03
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 3/27/2008 20:52:03
ANTIVIR3.VDF : 7.0.3.86 2048 Bytes 3/27/2008 20:52:03
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 3/27/2008 20:52:04
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 11:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 08:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 14:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 3/27/2008 20:52:04
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 08:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 13:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 08:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 12:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 13:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 13:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 10:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 27 March 2008 20:58

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avant.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'PPActiveDetection.exe' - '1' Module(s) have been scanned
Scan process 'aaCenter.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'ATWTUSB.EXE' - '1' Module(s) have been scanned
Scan process 'caissdt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'CTSched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '38' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\dave\Desktop\OTScanIt\OTScanIt.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '483f0b1a.qua'!
C:\Documents and Settings\dave\My Documents\Files\SOFTWARE\Adobe CS3 Keygens--Bitmysta Special--\Fireworks CS3\Adobe FireWorks CS3 Keygen.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.aae.13
[INFO] The file was moved to '485b0cd8.qua'!
C:\System Volume Information\_restore{BCA76585-1AC2-4C75-8162-9F03C41856B0}\RP3\A0002479.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '481c14bc.qua'!
Begin scan in 'E:\'


End of the scan: 27 March 2008 22:06
Used time: 1:07:41 min

The scan has been done completely.

15428 Scanning directories
560524 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
560521 Files not concerned
11958 Archives were scanned
1 Warnings
16 Notes
  • 0

#99
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
AntiVir PersonalEdition Classic
Report file date: 27 March 2008 21:47

Scanning for 1168633 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: dave
Computer name: PISSOFF

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 14:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 13:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 16:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 13:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 15:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:52:03
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 20:52:03
ANTIVIR3.VDF : 7.0.3.86 2048 Bytes 27/03/2008 20:52:03
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 27/03/2008 20:52:04
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 11:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 08:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/03/2008 20:52:04
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 08:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 13:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 08:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 12:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 13:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 13:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 10:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 27 March 2008 21:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned
Scan process 'Acrobat.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avant.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'aaCenter.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'ATWTUSB.EXE' - '1' Module(s) have been scanned
Scan process 'caissdt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'CTSched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'


End of the scan: 27 March 2008 22:58
Used time: 1:10:40 min

The scan has been done completely.

15410 Scanning directories
558023 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
558023 Files not concerned
11958 Archives were scanned
1 Warnings
16 Notes
  • 0

#100
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
seems ok? i had viruses but on the E drive, nothing to do with bagle i dont think.
  • 0

Advertisements


#101
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
E Drive looks clean, I would unplug that now until we have finished, so you don't lose any of your backed up files.

Now comes the tedious part. Try to run each program you have, and if you have errors, reinstall. This is required because windows will have overwritten some of the files these programs need to use, if they have been written to the windows directory.

The good news is that files that were damaged by the virus will also have been overwritten. Some consolation eh!

Regards,
RatHat
  • 0

#102
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
you legend! so that means im clean and good? and i only need to reinstall avast and so on?

this is the part where i'd love to get some advice from you. I know there are probably different answers to this question depending who i ask, but u seem to know your stuff;

I wanted to know which antivirus and maybe also antispyware is worth buying at this point? something that will really protect me. Avast obviously didnt recognize i was infected at all, so i've given up on it. its done that before with other viruses and this is the last straw. Can you recommend me something more advanced? and antispyware too? i have etrust anti spyware, and also ad-aware, and xoftspy. I dont want to keep going with avast, it disappointed me.


thanks rathat!!!
  • 0

#103
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
my C: drive and destkop are covered in scanners and folders and logs that u asked me to download, how do i know which i can delete and which not? there's all these new files and folder in my C:drive...
  • 0

#104
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, Dave,

From what I can see, your log is clean. I am concerned about the deletion of this file by Antivir; Adobe FireWorks CS3 Keygen.exe

Be very careful of Keygens, Cracks and crack sites, they are riddled with malware, and you never know what you are letting into your machine.

The first thing we need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Click Here to download OTCleanIt
Double-click OTCleanIt.exe to run it.
Click the Clean up button
Click Yes to the reboot.

Any other files that remain, other than the Anti Virus and ATF Cleaner, remove OK.

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.

System Restore will now be active again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next, lets reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

Reset Hidden/System Files & Folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


In addition to Windows updates, you also need to ensure that your version of Java is the latest.Click here to download the latest version (Java Runtime Environment (JRE) 6 Update 5). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except Java ™ 6 Update 5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here.
  • Spybot Search & Destroy a powerful tool which can "search and destroy" nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. A tutorial can be found here.
  • AdAware another very powerful tool which searches and kills nasties that infect your system. A tutorial can be found here. AdAware and Spybot Search & Destroy compliment each other very well.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


On to personal Anti Virus programs. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves. You have already installed Avira, so just keep that one.

Anti Virus Programs~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lastly, it is a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

Temp File Cleaners
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Note: Do NOT run this program if you have XP Professional 64 bit edition.
  • ATF Cleaner A very powerful cleaning program for XP and Windows 2000 only. Note: You may have this already as part of the fixes you have run.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will keep this log open for the next few days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Best regards,
RatHat
  • 0

#105
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
desktop.jpg


can u tell me what can be deleted and what not? this is quite confusing...im not sure wha'ts what.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP