Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[email protected](rtk)


  • This topic is locked This topic is locked

#16
Zeeker1217

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 11-05-18.04 - Julie 05/20/2011 23:19:10.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.499 [GMT -5:00]
Running from: c:\documents and settings\Julie\Desktop\mytool.exe
Command switches used :: c:\documents and settings\Julie\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-19 21:59 . 2011-05-19 21:59 -------- d-----w- C:\mytool
2011-05-17 14:49 . 2011-05-17 14:49 -------- d-----w- c:\documents and settings\Julie\Application Data\SUPERAntiSpyware.com
2011-05-17 14:23 . 2011-05-17 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-17 14:23 . 2011-05-17 14:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-05-17 14:22 . 2011-05-17 14:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-17 14:10 . 2011-05-17 14:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-13 18:48 . 2011-05-13 19:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-13 18:43 . 2011-05-13 19:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-13 18:43 . 2011-05-13 18:52 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\Temp
2011-05-13 18:43 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-13 18:43 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-13 18:43 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-13 18:43 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-13 18:43 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-13 18:43 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-13 18:43 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-13 18:43 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-13 18:43 . 2011-05-13 18:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-05-13 18:43 . 2011-05-13 18:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-05-13 18:42 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-13 18:42 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-13 18:42 . 2011-05-13 18:42 -------- d-----w- c:\program files\AVAST Software
2011-05-13 18:42 . 2011-05-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-13 15:20 . 2011-05-13 15:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-11 19:36 . 2011-05-21 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-09 17:31 . 2011-05-09 17:31 1409 ----a-w- c:\windows\QTFont.for
2011-05-07 15:00 . 2011-05-07 15:00 -------- d-----w- c:\documents and settings\Julie\Application Data\Malwarebytes
2011-05-07 14:59 . 2011-05-07 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-07 14:59 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 14:59 . 2011-05-07 15:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-07 14:59 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 19:29 . 2011-05-06 19:29 -------- d-----w- c:\program files\AVG
2011-05-05 22:11 . 2011-05-05 22:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-05-05 22:11 . 2011-05-05 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-05 20:48 . 2011-05-05 20:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-05-05 17:01 . 2011-05-05 17:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-17 14:27 . 2005-08-16 09:18 26112 ----a-w- c:\windows\system32\userinit.exe
2011-03-07 05:33 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-08-16 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-08-16 09:18 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2005-08-16 09:18 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2005-08-16 09:18 385024 ------w- c:\windows\system32\html.iec
.
<pre>
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\ScanSoft\PaperPort\IndexSearch .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
</pre>
.
((((((((((((((((((((((((((((( [email protected]_16.12.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-21 04:04 . 2011-05-21 04:04 16384 c:\windows\temp\Perflib_Perfdata_19c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SN0XRCV"="c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV.exe" [2005-09-13 102400]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
logon.cmd [2007-7-12 78]
QuickBooks Remote Access.LNK - c:\windows\DOWNLO~1\MyWebEx\319\raagtx.exe [2009-3-9 38200]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell\\Dell Laser MFP 1815\\NetworkScan\\DNSCST.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SN0XNJR.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/13/2011 1:43 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/13/2011 1:43 PM 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/13/2011 1:43 PM 19544]
R2 atnthost;WebEx Remote Access Agent;c:\windows\DOWNLO~1\MyWebEx\319\atnthost.exe [3/9/2009 5:35 PM 16792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 1:43 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 1:43 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUC2C1~1\QBDBMgrN.exe -hvQuickBooksDB20 --> c:\progra~1\Intuit\QUC2C1~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 18:43]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 18:43]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.keloland.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-20 23:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a9,c0,e3,89,8e,94,48,91,24,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a9,c0,e3,89,8e,94,48,91,24,01,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,57,54,30,
51,70,f6,93,b4,f8,df,3c,dd,68,a3,d9,2a,dc,cf,1b,c4,1f,0f,5e,a4,db,28,03,33,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{286D4131-3821-6CBF-08770360589374C2}\{48BEB065-0DEC-1314-6E019AD5B66531AE}\{E2D4EA90-E228-BF00-D20DE2AD05099BA2}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,57,54,30,
51,70,f6,93,b4,f8,df,3c,dd,68,a3,d9,2a,dc,cf,1b,c4,1f,0f,5e,a4,db,28,03,33,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9807A10-4727-9AC7-5739BD03864C7141}\{F4D35AF9-854F-CCC6-B4221006081D3FF5}\{1DA5733C-531E-5F12-5A70B13F4DD5DE9D}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-20 23:34:32
ComboFix-quarantined-files.txt 2011-05-21 04:34
ComboFix2.txt 2011-05-19 22:18
ComboFix3.txt 2011-05-19 16:17
ComboFix4.txt 2011-01-12 22:33
.
Pre-Run: 78,297,206,784 bytes free
Post-Run: 78,274,887,680 bytes free
.
- - End Of File - - 5FE0EF98ABE38487690B72D1C290B83B
  • 0

Advertisements


#17
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hi Zeeker 1217

That’s fine.

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan


1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.


3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish
If a log has been produced post it in your next reply.

Please let me know if there are any remaining problems

Satchfan
  • 0

#18
Zeeker1217

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cp3.jar-2708929a-6895df87.zip Java/Agent.U trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\rox.jar-429d888f-7f35dd0e.zip multiple threats deleted - quarantined
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP19\A0019643.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP19\A0019645.dll Win32/NoAdware application cleaned by deleting - quarantined
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0029145.dll Win32/NoAdware application cleaned by deleting - quarantined
  • 0

#19
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Looks good Zeeker1217

Any remaining problems?
  • 0

#20
Zeeker1217

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Nope seem to be running smooth. No blue screen in a couple days now. Thank so much for ur help.
  • 0

#21
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hi zeeker 1217

Thank so much for ur help.

You‘re welcome.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

===================================================

Uninstall Combofix

Follow these steps to uninstall Combofix


• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK.
Note the space between the X and the /, it needs to be there.
Posted Image


• Please follow the prompts to uninstall Combofix.
• Once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.===================================================

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 24 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 24 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u24 with JavaFX 1 License Agreement". Click on Continue. The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked


      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
===================================================

Firewall

You appear to have no firewall. Windows Firewall is not adequate protection and you should use an independent one. The main reason you should use a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop Outgoing signals (possibly ones that could intrude your privacy) from sending information to the Internet or to other networks. That means if malware happens to compromise your PC again, it will be able to SEND OUT your credit card data and any other personal information.

I suggest you install a robust third party firewall that filters both incoming and outgoing traffic.

Download and install one of the following freeware firewalls from below:

Sygate Personal Firewall Free Edition:
Zone Alarm Free:
Comodo Personal Firewall:

NOTE only install one firewall. Having more than one could cause many programs to stop working altogether. Also, the firewalls may get in each others' way and cause some security holes that would not be there with just one firewall.

When you have done that:

Make sure Windows firewall is disabledl:

  • Click on Start, Settings and then Control Panel
  • Click on the Security Center icon.
  • Click on the Windows Firewall icon
  • Click Off (not recommended) and then click OK.
You should take the time to read Understanding and Using Firewalls

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

===================================================

Update and run Malwarebytes. This really is an excellent program that you should update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Safe computing

Satchfan
  • 0

#22
Zeeker1217

Zeeker1217

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
isnt java 25 the latest version? So do you want me to do v24 or v25?
  • 0

#23
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
My apologies - hadn't updated. :) Yes, download version 25
  • 0

#24
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP