Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to complete Malware cleaning guide

Started by TmlGuy , Sep 22 2010 08:32 PM

  • This topic is locked This topic is locked

#46
TmlGuy
Posted 29 September 2010 - 03:10 PM

TmlGuy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\\"EnableDCOM"|hex(7):"N" /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Denise
->Temp folder emptied: 486163 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 8272759 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tim
->Temp folder emptied: 3548 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TmlGuy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85656 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 319 bytes

Total Files Cleaned = 9.00 mb

Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Denise
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Tim
->Flash cache emptied: 0 bytes

User: TmlGuy

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 09292010_135855

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

Advertisements

#47
andrewuk
Posted 29 September 2010 - 03:12 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :comment
Make sure you copy *all* the text in this codebox.

:reg
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#48
TmlGuy
Posted 29 September 2010 - 03:24 PM

TmlGuy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
SystemLook 04.09.10 by jpshortstuff
Log created at 14:23 on 29/09/2010 by Denise
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\OLE]
"DefaultLaunchPermission"=01 00 04 80 5c 00 00 00 6c 00 00 00 00 00 00 00 14 00 00 00 02 00 48 00 03 00 00 00 00 00 18 00 1f 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0b 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 0b 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 (REG_BINARY)
"MachineLaunchRestriction"=01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1f 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0b 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 (REG_BINARY)
"MachineAccessRestriction"=01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 (REG_BINARY)
"EnableDCOM"="N"

[HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat]
(No values found)

[HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


-= EOF =-
  • 0

#49
andrewuk
Posted 29 September 2010 - 03:45 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
do you still get the error messages?
  • 0

#50
TmlGuy
Posted 29 September 2010 - 03:56 PM

TmlGuy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I have been leaving the router plugged in so that I could run in normal mode. Unplugged it rebooted and yes, they both show up.
  • 0

#51
andrewuk
Posted 29 September 2010 - 04:00 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
i suspect this is a clash of your antivirus and firewall programs. so lets remove them all and install Avast.

firstly, could you remove all the antivirus and firewall programs you have installed via the add/remove programs in the control panel.

and then:

Go http://www.avast.com...avast-home.html and download the free version.

install it and follow the instructions from there, and give it a run.

avast! antivirus Home Edition is FREE to use but it is necessary to register before the end of the initial 60 day trial period. Following the registration you will receive by e-mail a license key valid for a period of 1 year. After you have downloaded and installed the program, the license key must be inserted into it within 60 days. The registration process is very easy, and it will take you only a couple of minutes.

also, each time you run the program you may be presented with a window offering to update you to the premium (paid) version. just close it.
  • 0

#52
TmlGuy
Posted 29 September 2010 - 04:18 PM

TmlGuy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Okay, I think I got em all. I even removed ones you had me install, except malwarebytes and olt
  • 0

#53
andrewuk
Posted 29 September 2010 - 04:29 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
could you try and run combofix again, first in normal mode, by double-clicking the combofix icon.
  • 0

#54
TmlGuy
Posted 29 September 2010 - 04:53 PM

TmlGuy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
ComboFix 10-09-29.01 - Denise 09/29/2010 15:43:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.595 [GMT -7:00]
Running from: c:\documents and settings\Denise\Desktop\ComboFix.exe
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-28 21:22 . 2010-09-28 21:22 63488 ----a-w- c:\documents and settings\Denise\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-28 21:22 . 2010-09-28 21:22 52224 ----a-w- c:\documents and settings\Denise\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-28 21:22 . 2010-09-28 21:22 117760 ----a-w- c:\documents and settings\Denise\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-28 21:22 . 2010-09-28 21:22 -------- d-----w- c:\documents and settings\Denise\Application Data\SUPERAntiSpyware.com
2010-09-28 21:22 . 2010-09-28 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-27 20:03 . 2010-09-29 22:15 -------- d-----w- c:\program files\Sophos
2010-09-27 02:17 . 2010-09-27 02:17 -------- d-----w- C:\_OTL
2010-09-23 21:21 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 21:21 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-23 01:49 . 2010-09-23 01:49 -------- d-----w- c:\program files\ERUNT
2010-09-22 22:53 . 2010-09-22 22:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 22:31 . 2008-05-07 23:28 -------- d-----w- c:\program files\Trimble
2010-09-29 22:31 . 2006-04-28 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-29 22:30 . 2006-05-03 18:50 37144 ----a-w- c:\documents and settings\Denise\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-29 22:29 . 2007-12-08 03:14 -------- d-----w- c:\program files\NCH Swift Sound
2010-09-29 22:26 . 2006-04-28 22:00 -------- d-----w- c:\program files\Java
2010-09-29 22:21 . 2006-04-28 22:14 -------- d-----w- c:\program files\Common Files\Real
2010-09-29 22:17 . 2008-08-08 01:29 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-29 22:17 . 2008-08-08 01:29 -------- d-----w- c:\program files\PC Tools Internet Security
2010-09-29 22:14 . 2007-12-08 03:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-29 22:09 . 2008-08-08 18:03 -------- d-----w- c:\program files\Browser Defender
2010-09-29 22:04 . 2006-07-29 22:14 -------- d-----w- c:\documents and settings\Denise\Application Data\Lavasoft
2010-09-29 17:38 . 2006-05-03 15:42 38720 ----a-w- c:\documents and settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-29 04:23 . 2008-05-26 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-27 02:39 . 2008-07-31 17:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 16:54 . 2010-08-10 16:54 7406 ----a-r- c:\documents and settings\Denise\Application Data\Microsoft\Installer\{34545DDC-850D-4636-ACAC-A7BAD2280A13}\ARPPRODUCTICON.exe
2010-08-10 16:40 . 2010-08-10 16:40 -------- d-----w- c:\program files\DreamCatcher
2010-08-01 17:57 . 2006-05-03 23:22 -------- d-----w- c:\program files\Google
2006-05-13 00:48 . 2006-05-02 21:02 88 --sh--r- c:\windows\system32\E08F8332E2.sys
2007-07-04 00:49 . 2006-05-03 17:23 56 --sh--r- c:\windows\system32\E232838FE0.sys
2007-07-04 00:49 . 2006-05-02 21:02 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-27_22.35.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-16 09:27 . 2010-09-29 22:35 169096 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Denise\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-28 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-28 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Leica HDS Server;Leica HDS Server;c:\program files\Leica Geosystems\Cyclone\ptserv32.exe [5/16/2008 9:25 AM 577655]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [3/21/2008 1:20 AM 327800]
S2 CycloneLicenseServer;Cyclone License Server;c:\program files\Leica Geosystems\Cyclone\CyraLicense.exe [5/16/2008 9:25 AM 1339392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2010 10:58 AM 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\37.tmp --> c:\windows\system32\37.tmp [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 5:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 5:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-26 14:20]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 17:57]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 17:57]

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3197684258-2729217608-2040274190-1006Core.job
- c:\documents and settings\Denise\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 03:42]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3197684258-2729217608-2040274190-1006UA.job
- c:\documents and settings\Denise\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 03:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-issetup - c:\documents and settings\Denise\Desktop\issetup.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 15:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\37.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1620)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-29 15:50:39
ComboFix-quarantined-files.txt 2010-09-29 22:50
ComboFix2.txt 2010-09-27 22:39

Pre-Run: 34,807,111,680 bytes free
Post-Run: 34,783,948,800 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - A0EE2DD42428973249B8EC2A8722F72D
  • 0

#55
andrewuk
Posted 29 September 2010 - 05:00 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
looks like you were able to run combofix in normal mode.

are you also able to run malwarebytes in normal mode?
  • 0

Advertisements

#56
TmlGuy
Posted 29 September 2010 - 05:01 PM

TmlGuy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
BTW, I unplugged the router, rebooted and NO messages!
  • 0

#57
TmlGuy
Posted 29 September 2010 - 05:02 PM

TmlGuy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
YES! perform a full scan?
  • 0

#58
andrewuk
Posted 29 September 2010 - 05:08 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
lets first play it safe and get an antivirus program on your machine.

====STEP 1====
firstly, there is still a remnant of norton left:

Go HERE and choose the product that is installed and then download the removal tool.
Run it and reboot.
This should get rid of Norton.


====STEP 2====
Go http://www.avast.com...avast-home.html and download the free version.

install it and follow the instructions from there, and give it a run.

avast! antivirus Home Edition is FREE to use but it is necessary to register before the end of the initial 60 day trial period. Following the registration you will receive by e-mail a license key valid for a period of 1 year. After you have downloaded and installed the program, the license key must be inserted into it within 60 days. The registration process is very easy, and it will take you only a couple of minutes.

also, each time you run the program you may be presented with a window offering to update you to the premium (paid) version. just close it.


let me know when you have done that.

andrewuk
  • 0

#59
TmlGuy
Posted 29 September 2010 - 05:09 PM

TmlGuy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I read back... plugged in router updated MalwareBytes and now running full scan
  • 0

#60
TmlGuy
Posted 29 September 2010 - 05:12 PM

TmlGuy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I'm sorry for not waiting for your reply. As soon as Malware bytes is finished, I will follow your last instructions. Should I open this forum on that computer to follow the link for the norton removal program and avast? I have been avoiding opening a browser.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP