Jump to content
Sign in to follow this  
lechau

McAfee Disabled at Startup(Resolved)

Recommended Posts

Thanks for helping me with this, Juliet, I really appreciate it.

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Owner at 22:17:13.54 on Wed 07/08/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1329 [GMT -4:00]

 

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

 

============== Running Processes ===============

 

E:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

E:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Bonjour\mDNSResponder.exe

E:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

E:\Program Files\McAfee\Common Framework\FrameworkService.exe

E:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

E:\WINDOWS\system32\mfevtps.exe

E:\WINDOWS\System32\svchost.exe -k imgsvc

E:\WINDOWS\system32\Wacom_Tablet.exe

E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

E:\Program Files\Viewpoint\Common\ViewpointService.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

E:\WINDOWS\system32\Wacom_Tablet.exe

E:\Program Files\McAfee\Common Framework\udaterui.exe

E:\Program Files\McAfee\Common Framework\McTray.exe

E:\WINDOWS\system32\igfxpers.exe

E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

E:\Program Files\Google\Gmail Notifier\gnotify.exe

E:\Program Files\Audio Deck\EnMixCPL.exe

E:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

E:\Program Files\Windows Desktop Search\WindowsSearch.exe

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\System32\svchost.exe -k HTTPFilter

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\WINDOWS\system32\SearchProtocolHost.exe

E:\Documents and Settings\Owner\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - e:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - e:\program files\mcafee\virusscan enterprise\scriptsn.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe

uRun: [TomTomHOME.exe] "e:\program files\tomtom home 2\TomTomHOMERunner.exe"

mRun: [McAfeeUpdaterUI] "e:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [igfxtray] e:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] e:\windows\system32\hkcmd.exe

mRun: [igfxpers] e:\windows\system32\igfxpers.exe

mRun: [Ad-Watch] e:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\program files\google\gmail notifier\gnotify.exe

mRun: [EnvyHFCPL] e:\program files\audio deck\EnMixCPL.exe 1

mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [shStatEXE] "e:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRunOnce: [Malwarebytes' Anti-Malware] e:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - e:\program files\windows desktop search\WindowsSearch.exe

IE: &D&ownload &with BitComet - e:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - e:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - e:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://e:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

TCP: NameServer = 85.255.112.62,85.255.112.231

TCP: {62F75B13-C052-4234-8E99-E44D54B68018} = 85.255.112.62,85.255.112.231

TCP: {F532C29E-0658-4877-8F96-160B98F17ABE} = 85.255.112.62,85.255.112.231

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - e:\program files\windows desktop search\MSNLNamespaceMgr.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - e:\docume~1\owner\applic~1\mozilla\firefox\profiles\79qo1owr.default\

FF - prefs.js: browser.startup.homepage - www.deviantart.com

FF - component: e:\program files\mozilla firefox\components\Scriptff.dll

FF - plugin: e:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: e:\program files\viewpoint\viewpoint media player\npViewpoint.dll

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-2-14 64160]

R0 mfehidk;McAfee Inc. mfehidk;e:\windows\system32\drivers\mfehidk.sys [2009-6-29 340592]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]

R2 McAfeeEngineService;McAfee Engine Service;e:\program files\mcafee\virusscan enterprise\engineserver.exe [2008-9-29 19456]

R2 McAfeeFramework;McAfee Framework Service;e:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]

R2 McTaskManager;McAfee Task Manager;e:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-9-29 62800]

R2 mfevtp;McAfee Validation Trust Protection Service;e:\windows\system32\mfevtps.exe [2009-6-29 67904]

R2 TabletServiceWacom;TabletServiceWacom;e:\windows\system32\Wacom_Tablet.exe [2009-2-15 2749224]

R2 TomTomHOMEService;TomTomHOMEService;e:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]

R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\viewpoint\common\ViewpointService.exe [2009-2-14 24652]

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);e:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]

R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;e:\windows\system32\drivers\Envy24HF.sys [2009-4-11 577664]

R3 wacmoumonitor;Wacom Mode Helper;e:\windows\system32\drivers\wacmoumonitor.sys [2009-2-15 15656]

S2 McShield;McAfee McShield;e:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-9-29 143088]

S3 mfeavfk;McAfee Inc. mfeavfk;e:\windows\system32\drivers\mfeavfk.sys [2009-6-29 90360]

S3 mfebopk;McAfee Inc. mfebopk;e:\windows\system32\drivers\mfebopk.sys [2009-6-29 42424]

S3 mferkdet;McAfee Inc. mferkdet;e:\windows\system32\drivers\mferkdet.sys [2009-6-29 64432]

 

=============== Created Last 30 ================

 

2009-07-07 18:51 38,160 a------- e:\windows\system32\drivers\mbamswissarmy.sys

2009-07-07 18:51 19,096 a------- e:\windows\system32\drivers\mbam.sys

2009-07-07 18:51 <DIR> --d----- e:\program files\Malwarebytes' Anti-Malware

2009-07-07 18:51 <DIR> --d----- e:\docume~1\alluse~1\applic~1\Malwarebytes

2009-06-29 16:54 340,592 a------- e:\windows\system32\drivers\mfehidk.sys

2009-06-29 16:54 90,360 a------- e:\windows\system32\drivers\mfeavfk.sys

2009-06-29 16:54 74,648 a------- e:\windows\system32\drivers\mfeapfk.sys

2009-06-29 16:54 64,432 a------- e:\windows\system32\drivers\mferkdet.sys

2009-06-29 16:54 62,704 a------- e:\windows\system32\drivers\mfetdik.sys

2009-06-29 16:54 42,424 a------- e:\windows\system32\drivers\mfebopk.sys

2009-06-29 16:54 67,904 a------- e:\windows\system32\mfevtps.exe

2009-06-28 19:18 5,632 a------- e:\windows\system32\ptpusb.dll

2009-06-28 19:18 159,232 a------- e:\windows\system32\ptpusd.dll

2009-06-13 22:01 <DIR> --d----- e:\docume~1\alluse~1\applic~1\TomTom

2009-06-13 21:59 <DIR> --d----- e:\docume~1\owner\applic~1\TomTom

2009-06-13 21:59 <DIR> --d----- e:\program files\TomTom International B.V

2009-06-13 21:58 <DIR> --d----- e:\program files\TomTom HOME 2

 

==================== Find3M ====================

 

 

============= FINISH: 22:17:35.23 ===============

 

 

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-06-26.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 2/14/2009 3:56:12 PM

System Uptime: 7/8/2009 3:39:37 PM (7 hours ago)

 

Motherboard: Dell Computer Corp. | | 0K8980

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 466 GiB total, 465.661 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 149 GiB total, 109.199 GiB free.

F: is FIXED (FAT32) - 233 GiB total, 6.37 GiB free.

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Multimedia Audio Controller

Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_019D1028&REV_02\3&172E68DD&0&FD

Manufacturer:

Name: Multimedia Audio Controller

PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_019D1028&REV_02\3&172E68DD&0&FD

Service:

 

==== System Restore Points ===================

 

No restore point in system.

 

==== Installed Programs ======================

 

Acrobat.com

Ad-Aware

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader 9.1.2

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AIM 6

BitComet 1.09

Choice Guard

CINEMA 4D Release 11

Combined Community Codec Pack 2008-09-21 16:18

Conexant D850 56K V.9x DFVc Modem

Critical Update for Windows Media Player 11 (KB959772)

Google Gmail Notifier

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Macromedia Dreamweaver 8

Macromedia Extension Manager

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Macromedia Flash Player 8

Malwarebytes' Anti-Malware

McAfee Agent

McAfee AntiSpyware Enterprise Module

McAfee VirusScan Enterprise

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mozilla Firefox (3.0.11)

MSVCRT

NET Render Release 11

PDF Settings

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Segoe UI

TomTom HOME 2.6.4.1641

TomTom HOME Visual Studio Merge Modules

UnInstall Envy24 Family Audio Device Driver

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Viewpoint Media Player

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wacom Tablet

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

WinRAR archiver

 

==== Event Viewer Messages From Past Week ========

 

7/7/2009 3:32:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hi and welcome

 

 

Download worksnow from HERE:

 

* IMPORTANT !!! Save worksnow to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

     

  • Double click on worksnow & follow the prompts.

     

    Note: worksnow will run without the Recovery Console installed.

  • As part of it's process, combofix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

     

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

Posted Image

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

"copy/paste" a new HijackThis log file into this thread as well.

 

Notes:

 

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

Give it atleast 20-30 minutes to finish if needed.

 

 

 

In your next reply post:

C:\ComboFix.txt

new DDS log

Share this post


Link to post
Share on other sites

ComboFix 09-07-08.08 - Owner 07/09/2009 11:00.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1669 [GMT -4:00]

Running from: e:\documents and settings\Owner\Desktop\worksnow.exe

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

e:\windows\system32\drivers\gaopdxqptkiqllnstyqxotobwucbfxmepfdjws.sys

e:\windows\system32\gaopdxbwxirnxxypdbegeepvpbexuaktimxsiv.dll

e:\windows\system32\gaopdxcounter

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_gaopdxserv.sys

 

 

((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))

.

 

2009-07-07 22:51 . 2009-06-17 15:27 38160 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2009-07-07 22:51 . 2009-07-08 19:42 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2009-07-07 22:51 . 2009-07-07 22:51 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-07 22:51 . 2009-06-17 15:27 19096 ----a-w- e:\windows\system32\drivers\mbam.sys

2009-06-29 20:54 . 2008-09-29 12:07 90360 ----a-w- e:\windows\system32\drivers\mfeavfk.sys

2009-06-29 20:54 . 2008-09-29 12:07 74648 ----a-w- e:\windows\system32\drivers\mfeapfk.sys

2009-06-29 20:54 . 2008-09-29 12:07 64432 ----a-w- e:\windows\system32\drivers\mferkdet.sys

2009-06-29 20:54 . 2008-09-29 12:07 62704 ----a-w- e:\windows\system32\drivers\mfetdik.sys

2009-06-29 20:54 . 2008-09-29 12:07 42424 ----a-w- e:\windows\system32\drivers\mfebopk.sys

2009-06-29 20:54 . 2008-09-29 12:07 340592 ----a-w- e:\windows\system32\drivers\mfehidk.sys

2009-06-29 20:54 . 2008-09-29 12:07 67904 ----a-w- e:\windows\system32\mfevtps.exe

2009-06-28 23:18 . 2001-08-18 02:36 5632 ----a-w- e:\windows\system32\ptpusb.dll

2009-06-28 23:18 . 2008-04-14 09:42 159232 ----a-w- e:\windows\system32\ptpusd.dll

2009-06-23 04:45 . 2009-06-23 04:45 -------- d-----w- e:\documents and settings\Owner\Local Settings\Application Data\AOL OCP

2009-06-23 04:45 . 2009-06-23 04:45 -------- d-----w- e:\documents and settings\Owner\Local Settings\Application Data\AOL

2009-06-14 02:01 . 2009-06-14 02:01 -------- d-----w- e:\documents and settings\All Users\Application Data\TomTom

2009-06-14 01:59 . 2009-06-14 01:59 -------- d-----w- e:\documents and settings\Owner\Local Settings\Application Data\TomTom

2009-06-14 01:59 . 2009-06-14 01:59 -------- d-----w- e:\documents and settings\Owner\Application Data\TomTom

2009-06-14 01:59 . 2009-06-14 01:59 -------- d-----w- e:\program files\TomTom International B.V

2009-06-14 01:58 . 2009-06-14 01:58 -------- d-----w- e:\program files\TomTom HOME 2

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-09 14:57 . 2009-02-16 00:11 -------- d-----w- e:\documents and settings\Owner\Application Data\WTablet

2009-07-09 14:57 . 2009-02-17 19:53 -------- d-----w- e:\documents and settings\LocalService\Application Data\WTablet

2009-06-28 02:39 . 2009-04-11 00:21 -------- d-----w- e:\documents and settings\Bach Tran\Application Data\WTablet

2009-06-18 02:31 . 2009-02-14 22:02 -------- d-----w- e:\program files\BitComet

2009-06-13 04:36 . 2009-02-15 00:37 -------- d-----w- e:\program files\Common Files\Adobe

2009-04-11 00:21 . 2009-04-11 00:21 15712 ----a-w- e:\documents and settings\Bach Tran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-09-29 12:07 . 2009-05-16 22:55 22576 ----a-w- e:\program files\mozilla firefox\components\Scriptff.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"TomTomHOME.exe"="e:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"McAfeeUpdaterUI"="e:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]

"igfxtray"="e:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="e:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="e:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"Ad-Watch"="e:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="e:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"EnvyHFCPL"="e:\program files\Audio Deck\EnMixCPL.exe" [2004-12-09 3895296]

"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"ShStatEXE"="e:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]

 

e:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - e:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "e:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"enablefirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"e:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"e:\\Program Files\\AIM6\\aim6.exe"=

"e:\\Program Files\\Messenger\\msmsgs.exe"=

"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"e:\\Program Files\\BitComet\\BitComet.exe"=

"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12829:TCP"= 12829:TCP:BitComet 12829 TCP

"12829:UDP"= 12829:UDP:BitComet 12829 UDP

 

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2/14/2009 4:59 PM 64160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 951632]

R2 McAfeeEngineService;McAfee Engine Service;e:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 8:07 AM 19456]

R2 mfevtp;McAfee Validation Trust Protection Service;e:\windows\system32\mfevtps.exe [6/29/2009 4:54 PM 67904]

R2 TabletServiceWacom;TabletServiceWacom;e:\windows\system32\Wacom_Tablet.exe [2/15/2009 8:10 PM 2749224]

R2 TomTomHOMEService;TomTomHOMEService;e:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 8:46 AM 92008]

R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\Viewpoint\Common\ViewpointService.exe [2/14/2009 4:38 PM 24652]

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);e:\windows\system32\drivers\A3AB.sys [5/23/2007 5:15 AM 547744]

R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;e:\windows\system32\drivers\Envy24HF.sys [4/11/2009 2:20 PM 577664]

R3 wacmoumonitor;Wacom Mode Helper;e:\windows\system32\drivers\wacmoumonitor.sys [2/15/2009 8:10 PM 15656]

S3 mferkdet;McAfee Inc. mferkdet;e:\windows\system32\drivers\mferkdet.sys [6/29/2009 4:54 PM 64432]

.

Contents of the 'Scheduled Tasks' folder

 

2009-07-06 e:\windows\Tasks\Ad-Aware Update (Weekly).job

- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 20:02]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: &D&ownload &with BitComet - e:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - e:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - e:\program files\BitComet\BitComet.exe/AddAllLink.htm

FF - ProfilePath - e:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\79qo1owr.default\

FF - prefs.js: browser.startup.homepage - www.deviantart.com

FF - component: e:\program files\Mozilla Firefox\components\Scriptff.dll

FF - plugin: e:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: e:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-09 11:06

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(728)

e:\windows\system32\sirenacm.dll

.

Completion time: 2009-07-09 11:09

ComboFix-quarantined-files.txt 2009-07-09 15:09

 

Pre-Run: 117,156,925,440 bytes free

Post-Run: 117,197,443,072 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

 

145 --- E O F --- 2009-03-19 07:01

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:15:42 AM, on 7/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Bonjour\mDNSResponder.exe

E:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

E:\Program Files\McAfee\Common Framework\FrameworkService.exe

E:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

E:\WINDOWS\system32\mfevtps.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\Wacom_Tablet.exe

E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

E:\Program Files\Viewpoint\Common\ViewpointService.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

E:\WINDOWS\system32\Wacom_Tablet.exe

E:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe

E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

E:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

E:\WINDOWS\system32\notepad.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\explorer.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\WINDOWS\system32\SearchProtocolHost.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Ad-Watch] E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [EnvyHFCPL] E:\Program Files\Audio Deck\EnMixCPL.exe 1

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "E:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - Global Startup: Windows Search.lnk = E:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - E:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - E:\WINDOWS\system32\mfevtps.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - E:\WINDOWS\system32\Wacom_Tablet.exe

O23 - Service: TomTomHOMEService - TomTom - E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 6340 bytes

Share this post


Link to post
Share on other sites

Welcome back

 

 

Presence of a nasty rootkit on the machine.

Your System is Infected with a Backdoor!!

Backdoors infections can cause severe damage to windows' internals, and allow an attacker complete control over the infected system. Several experts in the security community believe that once a system is infected with one of these types of backdoors, the system itself can never be trusted again.

Because such malware can read all of your passwords, bank account numbers, etc. from your keystrokes, I would recomend contacting banking institutions accessed from this machine to ensure your accounts are secure. Most banks will not charge to send you new credit/debit cards, and getting these numbers replaced would be a good idea. It would also be a good idea to change passwords for anything you commonly use online. Online stores, Facebook/Myspace, Email, etc. If it has been on that machine it may have been read by someone else. Don't do it from this machine, as it is now compromised. Do it from another known clean machine.

 

 

If you would like to continue and clean the computer we'll proceed.

 

 

Please print or copy these instructions to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

NEXT**

Please download OTM

  • Save it to your desktop.
  • Double click the Posted Image icon on your desktop. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    . ( Make sure you include :Processes )

:Processes
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1D151405-7CDE-478A-B226-921BFC30DCCC}]
"NameServer"=""
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Paste the following code under the Posted Image area. Do not include the word "Code"
  • - Close ALL open windows (especially Internet Explorer!)-
  • Click Push the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.

  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

     

  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

If the machine reboots, the Results log can also be found here:

 

A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

Where mmddyyyy_hhmmss is the date of the tool run.

 

 

 

 

NEXT**

Attempt to start and update Malwarebytes AntiMalware and let's see if we can get a scan from that now.

 

 

 

 

In your next reply post:

OTM log

MBAM log

new HJT log

Share this post


Link to post
Share on other sites

Oh man, I can't believe it was that bad. I'll definitely work on cleaning it, but do you think for the long run it should be wiped?

 

All processes killed

========== PROCESSES ==========

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1D151405-7CDE-478A-B226-921BFC30DCCC}\\"NameServer"|"" /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Bach Tran

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->FireFox cache emptied: 15730914 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Owner

->Temp folder emptied: 3862 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 88487578 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1138887 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

Windows Temp folder emptied: 49909760 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 148.18 mb

 

 

OTM by OldTimer - Version 3.0.0.4 log created on 07092009_155820

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

 

 

Malwarebytes' Anti-Malware 1.38

Database version: 2400

Windows 5.1.2600 Service Pack 3

 

7/9/2009 5:51:19 PM

mbam-log-2009-07-09 (17-51-19).txt

 

Scan type: Full Scan (C:\|E:\|F:\|)

Objects scanned: 229981

Time elapsed: 1 hour(s), 0 minute(s), 32 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:53:25 PM, on 7/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Bonjour\mDNSResponder.exe

E:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

E:\Program Files\McAfee\Common Framework\FrameworkService.exe

E:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

E:\WINDOWS\system32\mfevtps.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\Wacom_Tablet.exe

E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

E:\Program Files\Viewpoint\Common\ViewpointService.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

E:\WINDOWS\system32\Wacom_Tablet.exe

E:\Program Files\McAfee\Common Framework\udaterui.exe

E:\WINDOWS\system32\hkcmd.exe

E:\WINDOWS\system32\igfxpers.exe

E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

E:\Program Files\McAfee\Common Framework\McTray.exe

E:\Program Files\Google\Gmail Notifier\gnotify.exe

E:\Program Files\Audio Deck\EnMixCPL.exe

E:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

E:\Program Files\Windows Desktop Search\WindowsSearch.exe

E:\WINDOWS\system32\SearchProtocolHost.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Ad-Watch] E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [EnvyHFCPL] E:\Program Files\Audio Deck\EnMixCPL.exe 1

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "E:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - Global Startup: Windows Search.lnk = E:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - E:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - E:\WINDOWS\system32\mfevtps.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - E:\WINDOWS\system32\Wacom_Tablet.exe

O23 - Service: TomTomHOMEService - TomTom - E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 6518 bytes

Share this post


Link to post
Share on other sites

Oh man, I can't believe it was that bad. I'll definitely work on cleaning it, but do you think for the long run it should be wiped?

Thats a decision you have to make. Although it appears it's being removed, damage may have occurred.

From what I'm seeing now, let's hold off on that for right now.

 

 

 

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.

Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.

 

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the lot, check "Select All".

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program

as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

========================

 

 

 

 

 

 

NEXT**

I'd like for you to run this next online scan to check for remnants or anything that might be hidden.

The below scan can take up to an hour or longer, so please be patient.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

 

 

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

 

Ensure your external and/or USB/Flash or Pen drives are inserted during the scan.

 

 

Other available links

Kaspersky Online Scanner or from here

http://www.kaspersky.com/virusscanner

 

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition

    files.

  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)

    * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

    * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

  • Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:

Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in

your reply.

 

Animated tutorial

http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

 

(Note.. for Internet Explorer 7 users:

If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

 

 

In your next reply post:

Kaspersky log

New HJT log taken after the above scans have run

 

 

You may need several replies to post the requested logs, otherwise they might get cut off.

 

 

How's your computer now?

Share this post


Link to post
Share on other sites

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Friday, July 10, 2009

Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Friday, July 10, 2009 17:25:35

Records in database: 2456950

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

 

Scan statistics:

Files scanned: 144254

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 02:16:15

 

 

File name / Threat name / Threats count

E:\Qoobox\Quarantine\E\WINDOWS\system32\drivers\_gaopdxqptkiqllnstyqxotobwucbfxmepfdjws_.sys.zip Infected: Trojan.Win32.Tdss.zos 1

 

The selected area was scanned.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:10:27 PM, on 7/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Bonjour\mDNSResponder.exe

E:\Program Files\Java\jre6\bin\jqs.exe

E:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

E:\Program Files\McAfee\Common Framework\FrameworkService.exe

E:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

E:\WINDOWS\system32\mfevtps.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\Wacom_Tablet.exe

E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

E:\Program Files\Viewpoint\Common\ViewpointService.exe

E:\WINDOWS\system32\SearchIndexer.exe

E:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

E:\WINDOWS\system32\Wacom_Tablet.exe

E:\Program Files\McAfee\Common Framework\udaterui.exe

E:\WINDOWS\system32\hkcmd.exe

E:\WINDOWS\system32\igfxpers.exe

E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

E:\Program Files\Google\Gmail Notifier\gnotify.exe

E:\Program Files\Audio Deck\EnMixCPL.exe

E:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

E:\Program Files\McAfee\Common Framework\McTray.exe

E:\Program Files\Java\jre6\bin\jusched.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

E:\Program Files\Windows Desktop Search\WindowsSearch.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\Java\jre6\bin\java.exe

E:\WINDOWS\system32\NOTEPAD.EXE

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Ad-Watch] E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] E:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [EnvyHFCPL] E:\Program Files\Audio Deck\EnMixCPL.exe 1

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "E:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - Global Startup: Windows Search.lnk = E:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - E:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - E:\WINDOWS\system32\mfevtps.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - E:\WINDOWS\system32\Wacom_Tablet.exe

O23 - Service: TomTomHOMEService - TomTom - E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 7157 bytes

 

 

My computer is running a lot better now. McAfee isn't getting disabled anymore.

Share this post


Link to post
Share on other sites

My computer is running a lot better now. McAfee isn't getting disabled anymore.

 

Yes, looking good now :tup:

 

 

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

A side note about AIM Messenger, AOL user's and Viewpoint Manager. Viewpoint is one of the graphic engines that AOL uses and it is bundled with the application.

If you continue to use AIM Messenger, it would likely be reinstalled. Or if you recieve some of the AOL E-cards it may ask you to download and run this program to view and run the graphics in E-cards.

Your call

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the

following programs if present:

 

Viewpoint

Viewpoint Manager

Viewpoint Media Player

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

 

O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\system32\hkcmd.exe

(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

 

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\"

(Description: Adobe reader startup - unnecessarily uses system resources.)

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] \"E:\Program Files\Java\jre6\bin\jusched.exe\"

(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Don't miss or skip this next step, this will remove those malicious files from quarantine and set a clean restore point.

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.
Example below

 

 

Posted Image

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Next open OTM, then click on "CleanUp". If you receive a warning from your Firewall please allow...In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OTMoveIt will delete them.

Do not edit anything in that Window!

Don't worry if it displays some tools you didn't download/use.

Click Yes when it asks to Begin cleanup process.

 

Then reboot your computer.

 

 

 

 

Your good to go, good job!

 

 

 

Please take the time to read over a few of my preventive tips.

 

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

 

How to prevent Malware: Created by Miekiemoes

 

Here are some additional utilities that will further enhance your safety.

# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

Scan your computer regularly for malware

Scan on a regular basis to keep your computer clean, free software such as Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware-

Please note that these products can also be run as free without a licience as a scan on demand scanner.

 

Please read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

 

Free Antivirus-AntiSpyware-Firewall Software

 

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

Slow Computer May Not Be Malware Related, Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-c...-do-i-need.html

 

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

This site offers people who have been (or are) victims of malware the opportunity to document their story.

 

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

Share this post


Link to post
Share on other sites

Glad we could help. :)Posted Image

 

Since this issue appears resolved ... this Topic is closed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×