Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Security 2010 unable to access desktop in WinXP [Solved]

Started by snowriffic , Feb 07 2010 02:10 PM

  • This topic is locked This topic is locked

#16
heir
Posted 09 February 2010 - 01:45 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Good!

Let's make sure that we've removed the lot before we cleanup after the tools and do the prevention.

Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Viewpoint Media Player


Step 2.
Filescan:

  • Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\uccspecb.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Step 3.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O15 - HKLM\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
[2007/04/24 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/01/09 22:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Rosenblatt\Application Data\.bittorrent
[2006/12/07 03:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Rosenblatt\Application Data\Azureus
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58843:TCP"=-
"58843:UDP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Azureus\Azureus.exe"=-
"C:\Program Files\BitTorrent\bittorrent.exe"=-
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog

Step 4.
Things I would like to see in your reply:

  • The content of the result from the filescan in step 2.
  • The content of the fixlog from OTL in step 3.
  • Information on how your computer is running now.

  • 0

Advertisements

#17
snowriffic
Posted 09 February 2010 - 03:28 PM

snowriffic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
1: Removed Viewpoint Media Player successfully.

2. Scanned file using VirScan.org (log pasted below):

VirSCAN.org Scanned Report :
Scanned time : 2010/02/09 16:25:01 (EST)
Scanner results: Scanners did not find malware!
File Name : uccspecb.sys
File Size : 4 byte
File Type : data
MD5 : 796f1fd8f541036916b59ed80f2849bf
SHA1 : b22cf1f0ae83df8a81ac3416e0d2afe5d79124d9
Online report : http://virscan.org/r...04f4142ca9.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100210004111 2010-02-10 4.52 -
AhnLab V3 2010.02.10.00 2010.02.10 2010-02-10 1.02 -
AntiVir 8.2.1.160 7.10.4.3 2010-02-09 0.34 -
Antiy 2.0.18 20100201.3785967 2010-02-01 0.02 -
Arcavir 2009 201002091625 2010-02-09 0.01 -
Authentium 5.1.1 201002091123 2010-02-09 1.25 -
AVAST! 4.7.4 100209-1 2010-02-09 0.00 -
AVG 8.5.720 271.1.1/2660 2010-02-01 5.17 -
BitDefender 7.81008.5034703 7.30303 2010-02-10 5.14 -
ClamAV 0.95.3 10371 2010-02-09 0.00 -
Comodo 3.13.579 3409 2010-02-09 0.92 -
CP Secure 1.3.0.5 2010.02.10 2010-02-10 0.01 -
Dr.Web 5.0.1.12222 2010.02.10 2010-02-10 5.21 -
F-Prot 4.4.4.56 20100209 2010-02-09 1.25 -
F-Secure 7.02.73807 2010.02.09.08 2010-02-09 9.54 -
Fortinet 11.477- 11.477 2010-02-09 0.14 -
GData 19.10410/19.740 20100209 2010-02-09 5.89 -
ViRobot 20100209 2010.02.09 2010-02-09 0.41 -
Ikarus T3.1.01.80 2010.02.09.75149 2010-02-09 4.46 -
JiangMin 13.0.900 2010.02.08 2010-02-08 4.65 -
Kaspersky 5.5.10 2010.02.09 2010-02-09 0.03 -
KingSoft 2009.2.5.15 2010.2.9.20 2010-02-09 0.53 -
McAfee 5.3.00 5887 2010-02-09 3.49 -
Microsoft 1.5406 2010.02.09 2010-02-09 6.45 -
Norman 6.01.09 6.01.00 2010-02-09 4.01 -
Panda 9.05.01 2010.02.09 2010-02-09 1.80 -
Trend Micro 9.120-1004 6.836.13 2010-02-09 0.02 -
Quick Heal 10.00 2010.02.09 2010-02-09 1.31 -
Rising 20.0 22.34.01.01 2010-02-09 0.24 -
Sophos 3.04.1 4.50 2010-02-10 3.12 -
Sunbelt 3.9.2398.2 5667 2010-02-09 2.57 -
Symantec 1.3.0.24 20100201.009 2010-02-01 0.36 -
nProtect 20100207.01 7182772 2010-02-07 4.18 -
The Hacker 6.5.1.1 v00185 2010-02-09 0.35 -
VBA32 3.12.12.2 20100208.2132 2010-02-08 2.51 -
VirusBuster 4.5.11.10 10.119.47/2028717 2010-02-09 2.36 -
  • 0

#18
heir
Posted 09 February 2010 - 03:32 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Please also post the fixlog from OTL.
  • 0

#19
snowriffic
Posted 09 February 2010 - 03:33 PM

snowriffic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Yep, I'm in the middle of the OTL fix right now.
  • 0

#20
snowriffic
Posted 09 February 2010 - 03:38 PM

snowriffic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Step 3: Ran OTL Fix. (Log pasted below)

Step 4: System seems to be running well, no pop ups. As I was using firefox before running the OTLFix, seemed to be hanging up somewhat, but now is fine.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\.bittorrent\data\resume folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\.bittorrent\data\metainfo folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\.bittorrent\data folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\.bittorrent folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\Azureus\updates folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\Azureus\torrents folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\Azureus\tmp folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\Azureus\shares folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\Azureus\plugins folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\Azureus\logs\save folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\Azureus\logs folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\Azureus\dht folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\Azureus\active folder moved successfully.
C:\Documents and Settings\David Rosenblatt\Application Data\Azureus folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\58843:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\58843:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David Rosenblatt
->Temp folder emptied: 45036990 bytes
->Temporary Internet Files folder emptied: 245918506 bytes
->Java cache emptied: 56104029 bytes
->FireFox cache emptied: 49722095 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 54363 bytes
->Temporary Internet Files folder emptied: 728559 bytes
->FireFox cache emptied: 5828551 bytes

User: Karen Hoerst
->Temp folder emptied: 228364 bytes
->Temporary Internet Files folder emptied: 40685299 bytes
->Java cache emptied: 54331008 bytes
->FireFox cache emptied: 52432503 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 20282070 bytes

User: Molly
->Temp folder emptied: 17351 bytes
->Temporary Internet Files folder emptied: 137830 bytes
->FireFox cache emptied: 813331 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 455412 bytes

%systemdrive% .tmp files removed: 6597 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4586513 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99026 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 591771 bytes
RecycleBin emptied: 16409960 bytes

Total Files Cleaned = 567.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02092010_163009

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#21
heir
Posted 09 February 2010 - 03:42 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's do a final sweep.

Step 1.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 2.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of JDK 6 Update 18 (JDK or JRE).
  • Click the "Download JRE" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")

Step 3.
Things I would like to see in your reply:

  • The content of the report from MBAM from Step 1.
  • The content of the report from Kaspersky Online Scanner from Step 2.

  • 0

#22
snowriffic
Posted 09 February 2010 - 03:44 PM

snowriffic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Will do. I won't be able to get to this next step until later this evening, but I'll get back to you as soon as I do. Thanks for all your help!
  • 0

#23
heir
Posted 09 February 2010 - 03:45 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
FYI Kaspersky scan will take quiet a while so let it run overnight if possible.
  • 0

#24
snowriffic
Posted 09 February 2010 - 11:34 PM

snowriffic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Step 1: Ran MBAM (log pasted below)
Step 2: uninstalled old versions of JRE, restarted, installed new version of JRE
Step 3: In progress -- now running Kaspersky scan.

Malwarebytes' Anti-Malware 1.44
Database version: 3718
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/9/2010 11:55:51 PM
mbam-log-2010-02-09 (23-55-45).txt

Scan type: Quick Scan
Objects scanned: 136492
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 11
Files Infected: 193

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{58f07dd3-924d-4141-bc74-299f523a95f1} (Adware.WebDir) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{1e958a86-a23b-4659-a6ae-bd85fcd1d544} (Adware.Admedia) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a3e27dce-dd77-49f4-b566-03fa894c8308} (Adware.Admedia) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25982eaa-87cc-4747-be09-9913cf7dd2f1} (Adware.Admedia) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{cbfb2c79-9972-423d-b194-aaf5c39eae47} (Adware.Admedia) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0c877f3d-ca1e-47b0-9393-3531390ff386} (Adware.Admedia) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\WinBudget\bin\eSellerateControl350.dll (Adware.Admedia) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\WinBudget (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources (Adware.Admedia) -> No action taken.

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.
C:\Program Files\WinBudget\Budget License - Windows.rtf (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\BudgetAppIcon.ico (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\BudgetControls.dll (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\BudgetDocIcon.ico (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\BudgetMainWindow.exe (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\eSellerateControl350.dll (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\eSellerateEngine.dll (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\Interop.ESELLERATECONTROL350Lib.dll (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\Interop.Import.dll (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\Matrix.dll (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\MenuExtender.dll (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\MessageBoxExLib.dll (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\bin\_Import.tlb (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\ATM.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Balance.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Bank_Accounts.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Calc.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Calendar.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Cancel.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Cash.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Charge.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Check_Register.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Check_split.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Concept.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Credit.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Define_Pay.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Delete_Envelopes.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Delete_Transaction.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Deposit_split.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Editor.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Envelopes.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Envelope_Why.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Error.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Export.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Find.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Format.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Group_Envelopes.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\HelpInfo.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\History.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Income_Why.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\index.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Keep.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Make_Deposit.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Move_Accounts.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Move_Envelopes.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Multiple_Accounts.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Pay_Entry.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Pref.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Print_Check.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\QIF.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\QIF_Balance.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\QIF_Convert.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Register.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Reminder.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Reports.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Save_Backup.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Saving.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\SetupAssistant.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\SetupManual.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Shortcuts.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Standard_Data_Entry.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Started.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\StartedCredit.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Statistics.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\TableAmounts.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\ToDo.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Transfer.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Variable_Pay.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Write_Check.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\Write_CreditCheck.html (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\ATM.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Balance.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\BankAccount1.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\BankAccount2.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\BankAccount3.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\BankAccount4.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\BudgetMain.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\BudgetMainMulti.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Calendar.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Charge.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Charge_Multi.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Check.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\checkerboard.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\CheckPrintSetup.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\CheckSelectingAccount.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Check_Multi.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\CreditCheck.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Deposit.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Deposit_Multi.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\EnvelopeAppearance.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\EnvelopeDelete.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\EnvelopeInfo.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\EnvelopePaySetup.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Export.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Find.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\GroupEnv1.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\GroupEnv2.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\History.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\MainWindow_Checkbook.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\MainWindow_Savings.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\MainWindow_Total.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\PayRecord.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\PaySourcesEditAccount.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\PaySourcesEditFreq.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\PaySourcesEditName.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\PrefsBackup.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\PrefsCurrency.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\PrefsGeneral.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\PrefsIcons.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\PrefsUpdate.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Prefs_colors.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Prefs_general.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\QIFImport.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\QIFImportAccounts.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\QIF_Balance_Sheet.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\QIF_Record_Sheet.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Registration.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Reminder.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Reports.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\SavingsCalc.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\spacer.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Statistics3.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Transfer.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\TransferAvail.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\Help\images\Transfer_Multi.gif (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Info.plist (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\contents.xml (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon01.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon02.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon03.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon04.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon05.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon06.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon07.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon08.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon09.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon10.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon11.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon12.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon13.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon14.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon15.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon16.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon17.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon18.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon19.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon20.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon21.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon22.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon23.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon24.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon25.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon26.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon27.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon28.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon29.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon30.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Info.plist (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\contents.xml (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon01.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon02.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon03.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon04.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon05.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon06.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon07.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon08.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon09.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon10.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon11.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon12.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon13.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon14.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon15.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon16.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon17.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon18.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon19.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon20.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon21.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon22.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon23.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon24.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon25.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon26.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon27.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon28.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon29.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon30.png (Adware.Admedia) -> No action taken.
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Snowflake.tiff (Adware.Admedia) -> No action taken.
C:\Documents and Settings\Karen Hoerst\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> No action taken.
C:\Documents and Settings\Karen Hoerst\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> No action taken.
  • 0

#25
heir
Posted 10 February 2010 - 02:35 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
OK waiting for it
  • 0

Advertisements

#26
snowriffic
Posted 10 February 2010 - 08:47 AM

snowriffic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Step 3: Ran Kaspersky Scan overnight (log pasted below):

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, February 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, February 10, 2010 05:56:10
Records in database: 3463804
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 85089
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:28:05


File name / Threat / Threats count
C:\_OTL\MovedFiles\02072010_202959\C_Program Files\InternetSecurity2010\IS2010.exe Infected: Trojan.Win32.FraudPack.akqu 1
C:\_OTL\MovedFiles\02072010_202959\C_WINDOWS\SYSTEM32\helper32.dll Infected: Trojan.Win32.FraudPack.akps 1
C:\_OTL\MovedFiles\02072010_202959\C_WINDOWS\SYSTEM32\smss32.exe Infected: Trojan-Downloader.Win32.FraudLoad.wxvs 1
C:\_OTL\MovedFiles\02072010_202959\C_WINDOWS\SYSTEM32\winlogon32.exe Infected: Trojan-Downloader.Win32.FraudLoad.wxvs 1

Selected area has been scanned.
  • 0

#27
heir
Posted 10 February 2010 - 11:14 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
In the MBAM-log it says no action taken.
Can you please rerun MBAM and let it remove what it finds and post back the report.
  • 0

#28
snowriffic
Posted 10 February 2010 - 11:54 AM

snowriffic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry -- I did let MBAM remove what it found after the first scan, but must have posted the wrong log (from before the removals).

Here is the clean log from the MBAM scan I just ran:

Malwarebytes' Anti-Malware 1.44
Database version: 3718
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/10/2010 12:49:31 PM
mbam-log-2010-02-10 (12-49-31).txt

Scan type: Quick Scan
Objects scanned: 138078
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#29
heir
Posted 10 February 2010 - 03:34 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hey there, snowriffic !

OK! Well done, your log is clean again! :)

Time for some housekeeping.

Step 1.
Clean up:

First:
We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Double-click OTL.exe to run it.
Click the CleanUp button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTL CleanUp.


Second:
Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
System Restore will now be active again.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to download an update.

http://www.adobe.com.../readstep2.html

Remove the older versions and install the latest,


Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Fourth:
Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls
Fifth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers
Lastly:
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!
  • 0

#30
heir
Posted 14 February 2010 - 04:56 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP