Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win 32 virus - HELP! pop-ups

Started by Krueg9651 , Nov 25 2009 06:15 PM

  • Please log in to reply

#1
Krueg9651
Posted 25 November 2009 - 06:15 PM

Krueg9651

    Member

  • Member
  • PipPipPip
  • 136 posts
Hi, I have been getting this fake program that constantly pops up called Antivirus System PRO that will not shut down! Here is my SmitFraudFix and DSS info

Deckard's System Scanner v20071014.68
Run by Andrew Krueger on 2009-11-25 18:08:34
Computer is in Safe Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Andrew Krueger.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:54 PM, on 11/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Documents and Settings\Andrew Krueger\Desktop\Virus - what to use\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ANDREW~1.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [tsacedna] C:\Documents and Settings\Andrew Krueger\Local Settings\Application Data\oiklso\alfdsysguard.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andrew Krueger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tsacedna] C:\Documents and Settings\Andrew Krueger\Local Settings\Application Data\oiklso\alfdsysguard.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7653 bytes

-- Files created between 2009-10-25 and 2009-11-25 -----------------------------

2009-11-19 03:08:44 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-11-18 01:06:38 0 d-------- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2009-11-25 17:59:42 4930 --a------ C:\WINDOWS\system32\tmp.reg
2009-11-25 17:32:20 0 d-------- C:\Documents and Settings\Andrew Krueger\Application Data\ATTToolbar
2009-11-21 18:20:33 0 d-------- C:\Documents and Settings\Andrew Krueger\Application Data\Mozilla
2009-11-19 03:06:15 0 d-------- C:\Program Files\Microsoft Works
2009-10-21 19:52:20 82196 --ah----- C:\WINDOWS\system32\mlfcache.dat
2009-10-18 17:58:49 0 d-------- C:\Program Files\EasyPlanner
2009-10-18 16:26:47 0 d-------- C:\Documents and Settings\Andrew Krueger\Application Data\Apple Computer
2009-10-18 16:20:45 0 d-------- C:\Program Files\iTunes
2009-10-18 16:16:17 0 d-------- C:\Program Files\iPod
2009-10-18 16:16:13 0 d-------- C:\Program Files\Common Files\Apple
2009-10-18 16:08:46 0 d-------- C:\Program Files\Bonjour
2009-10-18 16:06:18 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]
05/23/2008 10:40 AM 1865544 --a------ C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}"= C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL [05/23/2008 10:40 AM 1865544]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]
[HKEY_CLASSES_ROOT\ATTToolbar.ATTTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 06:42 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 03:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 12:05 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 03:15 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 12:02 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 02:49 PM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [03/15/2005 07:58 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 08:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 08:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 08:36 AM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 02:24 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 02:14 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/19/2006 07:06 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 08:03 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [10/11/2007 06:03 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [10/11/2007 06:01 PM]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [08/31/2007 08:01 AM]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [11/05/2007 08:34 PM]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [10/30/2007 02:05 PM]
"Mouse Suite 98 Daemon"="ICO.EXE" [10/23/2006 12:54 PM C:\WINDOWS\system32\ico.exe]
"ATT-SST_McciTrayApp"="C:\Program Files\ATT-SST\McciTrayApp.exe" [09/18/2008 07:11 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [09/05/2009 12:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/21/2009 03:36 PM]
"tsacedna"="C:\Documents and Settings\Andrew Krueger\Local Settings\Application Data\oiklso\alfdsysguard.exe" [11/25/2009 05:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/08/2005 01:44 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"Google Update"="C:\Documents and Settings\Andrew Krueger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [04/11/2009 11:19 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 06:12 PM]
"tsacedna"="C:\Documents and Settings\Andrew Krueger\Local Settings\Application Data\oiklso\alfdsysguard.exe" [11/25/2009 05:30 PM]

C:\Documents and Settings\Andrew Krueger\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 11:04:08 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/24/2005 10:11:50 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 6:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 6:50:52 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 10:59:36 AM]
Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [7/24/2005 10:11:13 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74012a1d-667b-11de-b277-0014a5075f83}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99dc22c4-b473-11dd-b1f0-0014a5075f83}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f29ce3a-0ef9-11de-b245-0014a5075f83}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed05ff0f-82a6-11de-b28e-0014a5075f83}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2009-11-25 18:09:21 ------------

SmitFraudFix v2.301

Scan done at 17:56:08.46, Wed 11/25/2009
Run from C:\Documents and Settings\Andrew Krueger\Desktop\Virus - what to use\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Andrew Krueger


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Andrew Krueger\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ANDREW~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE8D045D-350D-4E06-A2B7-573FFA9369BE}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE8D045D-350D-4E06-A2B7-573FFA9369BE}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CE8D045D-350D-4E06-A2B7-573FFA9369BE}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements

#2
RKinner
Posted 26 November 2009 - 01:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Run Hijackthis in Safe Mode, scan only and check the boxes in front of these and then Fix Checked:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 - HKCU\..\Run: [tsacedna] C:\Documents and Settings\Andrew Krueger\Local Settings\Application Data\oiklso\alfdsysguard.exe
O4 - HKCU\..\Run: [tsacedna] C:\Documents and Settings\Andrew Krueger\Local Settings\Application Data\oiklso\alfdsysguard.exe

Then

Run:

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:




1.Contents of C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

2. Contents of C:\Combofix.txt;


Ron
PS If you can't get to the download sites, have a friend download the files and put them on a CD. Don't use a USB drive unless it's never been on your PC and you can leave it in until we finish. Copy the tools to your desktop and then proceed as above.
  • 0

#3
Krueg9651
Posted 26 November 2009 - 11:44 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Thanks for your quick response, Ron! Here are the two logs you requested: Malwarebytes and Combofix:

Malwarebytes' Anti-Malware 1.41
Database version: 3239
Windows 5.1.2600 Service Pack 3 (Safe Mode)

11/26/2009 9:45:26 PM
mbam-log-2009-11-26 (21-45-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 215493
Time elapsed: 1 hour(s), 28 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\adwarealert\(default) (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\adwarealert\filterdrv\(default) (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\programs\adwarealert\(default) (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\vsfocevtcxxiug.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP452\A0247823.exe (Rogue.AVCare) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP452\A0247824.exe (Rogue.AVCare) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\08082009_132641\Program Files\AV Care\Uninstall.exe (Rogue.AVCare) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd (Malware.Trace) -> Quarantined and deleted successfully.

ComboFix 09-11-25.05 - Andrew Krueger 11/26/2009 21:57.10.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.368 [GMT -6:00]
Running from: c:\documents and settings\Andrew Krueger\Desktop\Virus - what to use\george.exe
.

((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-27 02:09 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 02:09 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 04:40 . 2009-11-26 04:40 -------- d-----w- c:\program files\ESET
2009-11-26 04:29 . 2009-11-26 18:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-19 09:08 . 2009-11-19 09:08 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-19 01:35 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-19 01:35 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-18 07:06 . 2009-11-18 07:06 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-11 06:28 . 2009-11-11 06:28 247280 ----a-w- c:\documents and settings\Andrew Krueger\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 05:45 . 2007-05-19 00:29 -------- d-----w- c:\program files\ProfileWatcher
2009-11-26 03:41 . 2009-09-19 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2009-11-26 00:03 . 2009-08-08 18:17 -------- d-----w- c:\program files\ERUNT
2009-11-25 23:32 . 2009-09-19 21:03 -------- d-----w- c:\documents and settings\Andrew Krueger\Application Data\ATTToolbar
2009-11-19 11:42 . 2005-07-31 17:24 100272 ----a-w- c:\documents and settings\Andrew Krueger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-19 09:06 . 2005-07-27 01:43 -------- d-----w- c:\program files\Microsoft Works
2009-10-22 01:52 . 2009-10-22 01:52 82196 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-18 23:58 . 2009-07-02 00:29 -------- d-----w- c:\program files\EasyPlanner
2009-10-18 22:26 . 2005-08-16 02:41 -------- d-----w- c:\documents and settings\Andrew Krueger\Application Data\Apple Computer
2009-10-18 22:20 . 2009-10-18 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-18 22:20 . 2009-10-18 22:15 -------- d-----w- c:\program files\iTunes
2009-10-18 22:16 . 2009-10-18 22:16 -------- d-----w- c:\program files\iPod
2009-10-18 22:16 . 2007-12-02 06:00 -------- d-----w- c:\program files\Common Files\Apple
2009-10-18 22:08 . 2009-10-18 22:08 -------- d-----w- c:\program files\Bonjour
2009-10-18 22:06 . 2009-10-18 22:03 -------- d-----w- c:\program files\QuickTime
2009-09-25 05:37 . 2004-08-10 17:51 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-21 22:09 . 2009-09-21 22:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-11 14:18 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-26_00.22.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-26 19:13 . 2009-11-26 19:13 188416 c:\windows\ERDNT\AutoBackup\11-26-2009\Users\00000002\UsrClass.dat
+ 2009-11-26 19:13 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\11-26-2009\ERDNT.EXE
+ 2009-11-26 19:13 . 2009-11-26 19:13 6299648 c:\windows\ERDNT\AutoBackup\11-26-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Google Update"="c:\documents and settings\Andrew Krueger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe " [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-20 180269]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\_otm\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2006-10-23 56128]

c:\documents and settings\Andrew Krueger\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-24 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2005-7-24 917611]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Andrew Krueger\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Andrew Krueger\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10446:TCP"= 10446:TCP:BitComet 10446 TCP
"10446:UDP"= 10446:UDP:BitComet 10446 UDP

R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [8/9/2009 1:00 AM 18944]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [8/9/2009 1:00 AM 17920]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [7/24/2005 10:11 PM 57344]
.
Contents of the 'Scheduled Tasks' folder

2009-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-362017017-1716257123-2720378627-1006Core.job
- c:\documents and settings\Andrew Krueger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-12 05:19]

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-362017017-1716257123-2720378627-1006UA.job
- c:\documents and settings\Andrew Krueger\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-12 05:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\patttbc.att
FF - ProfilePath - c:\documents and settings\Andrew Krueger\Application Data\Mozilla\Firefox\Profiles\h9pf4u90.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://es.msn.com/
FF - plugin: c:\documents and settings\Andrew Krueger\Application Data\Mozilla\Firefox\Profiles\h9pf4u90.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\Andrew Krueger\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Andrew Krueger\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 22:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(216)
c:\windows\system32\PRISMAPI.dll
.
Completion time: 2009-11-26 22:19
ComboFix-quarantined-files.txt 2009-11-27 04:17
ComboFix2.txt 2009-11-26 04:10
ComboFix3.txt 2009-11-26 00:31
ComboFix4.txt 2009-08-10 05:40
ComboFix5.txt 2009-11-27 03:55

Pre-Run: 46,939,791,360 bytes free
Post-Run: 46,903,083,008 bytes free

- - End Of File - - D99480E0F55AAF7D1AAB430E3ACB7021
  • 0

#4
RKinner
Posted 27 November 2009 - 12:44 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Looks like we got it. Both logs look pretty clean now. Is it working OK? Any more problems?

Ron
  • 0

#5
Krueg9651
Posted 27 November 2009 - 01:07 AM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Works great!!! Thank you so much!! I love geekstogo.com! Definitely recommending this site to other people
:)
  • 0

#6
RKinner
Posted 27 November 2009 - 09:28 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Glad to hear it's working OK.

You can uninstall or delete any tools we had you download and their logs. You can manually remove C:\george, C:\qoobox then put your system back the way it was (tho I would leave the hide extensions option unchecked.)

Since you didn't run OTL like we ask I can't tell you if you have old versions of Java that need to be removed. I expect you do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp

See the instructions at:

http://aumha.net/vie...hp?f=26&t=38344

before installing as they now try to give you extra stuff you don't need.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I recommend uninstalling Limewire and bit comet. P2P programs like limewire are dangerous. No telling where a file has been or what's been done to it. If you must use it, it would be wise to submit the files you find to virustotal.com before using them. Virustotal will check the file against all of the major antivirus companies. Not a 100% guarantee but better than relying on your own antivirus.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP