Jump to content
Sign in to follow this  
ewintr

Something Highjacking My Computer(Resolved)

Recommended Posts

I don't know how the computer is right now, I have not done anything except run the scans and do the things you have been telling me to do. I haven't shut it down myself or gone to any web sites since we started doing things earlier today.

Share this post


Link to post
Share on other sites

Superantispyware (free version),

MBAM (free version), and

Spyware Blaster

 

The above should cause no problems.

 

 

I don't know how the computer is right now, I have not done anything except run the scans and do the things you have been telling me to do. I haven't shut it down myself or gone to any web sites since we started doing things earlier today.

 

After you run the CFScript (it should reboot the computer) you'll need to do a quick test as to how it's behaving.

Share this post


Link to post
Share on other sites

Sorry for the delay, busy weekend. And that Kaspersky scan took 7 (seven!!) hours to scan this computer, wow!

 

Here is the combofix log -

 

ComboFix 10-07-10.01 - XP 07/10/2010 21:05:46.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2053 [GMT -4:00]

Running from: c:\documents and settings\XP\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\XP\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Alwil Software

c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\log\Chest.log

c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\log\usntr.log

c:\program files\Alwil Software

c:\program files\Alwil Software\Avast5\Setup\setup.ini

 

.

((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))

.

 

2010-07-10 22:38 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\XP\Application Data\mjusbsp\in00000\setup.exe

2010-07-10 22:38 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\XP\Application Data\mjusbsp\ar00000\install.exe

2010-07-10 21:50 . 2010-07-10 21:50 -------- d-----w- C:\_OTM

2010-07-10 19:11 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-10 19:11 . 2010-07-10 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-10 19:11 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-09 19:54 . 2010-07-09 19:55 -------- d-----w- C:\HJT

2010-07-09 13:58 . 2010-07-10 19:01 63488 ----a-w- c:\documents and settings\XP\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-07-09 13:58 . 2010-07-09 13:58 52224 ----a-w- c:\documents and settings\XP\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-07-09 13:58 . 2010-07-10 19:01 117760 ----a-w- c:\documents and settings\XP\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-07-09 13:58 . 2010-07-09 13:58 -------- d-----w- c:\documents and settings\XP\Application Data\SUPERAntiSpyware.com

2010-07-09 12:36 . 2010-07-09 13:48 -------- d-----w- c:\documents and settings\XP\Local Settings\Application Data\epdbglheg

2010-07-08 00:33 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-07-08 00:28 . 2010-07-08 00:28 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-07-08 00:28 . 2010-07-08 00:28 -------- d-----w- c:\documents and settings\XP\log

2010-07-07 09:13 . 2010-07-07 19:25 -------- d-----w- c:\documents and settings\XP\Local Settings\Application Data\cyqvpqoqt

2010-07-05 04:48 . 2010-07-05 19:15 -------- d-----w- c:\documents and settings\XP\Local Settings\Application Data\hfipygujl

2010-06-23 12:45 . 2010-06-23 12:45 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb67.tmp.exe

2010-06-14 16:02 . 2010-06-14 16:02 -------- d-----w- c:\program files\MSECache

2010-06-11 18:24 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-10 22:39 . 2010-03-13 13:19 -------- d-----w- c:\documents and settings\XP\Application Data\mjusbsp

2010-07-09 13:58 . 2009-04-01 04:08 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-07-07 22:20 . 2009-04-01 03:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-07 22:19 . 2009-04-01 03:44 -------- d-----w- c:\program files\SpywareBlaster

2010-06-14 20:34 . 2009-03-29 00:27 75976 ----a-w- c:\documents and settings\XP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-03 12:28 . 2009-07-22 20:25 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 12:28 . 2009-07-22 20:25 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-06-02 13:04 . 2009-09-08 18:50 -------- d-----w- c:\program files\AutoCAD LT 97

2010-05-30 19:06 . 2009-07-22 20:25 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-05-30 19:06 . 2009-07-22 20:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-05-30 19:03 . 2010-05-30 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-05-30 19:03 . 2009-07-22 20:24 -------- d-----w- c:\program files\AVG

2010-05-25 03:12 . 2010-05-25 03:12 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-14 04:28 . 2010-05-14 04:28 0 ----a-w- c:\program files\extra2.dat

2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-30 39408]

"cdloader"="c:\documents and settings\XP\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 868352]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ImageMixer 3 SE Camera Monitor Ver.4.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe [2010-3-30 253952]

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-2-28 81920]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-05-30 19:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZyXEL G-220v3 Wireless USB Adapter Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ZyXEL G-220v3 Wireless USB Adapter Utility.lnk

backup=c:\windows\pss\ZyXEL G-220v3 Wireless USB Adapter Utility.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\XP\\Application Data\\mjusbsp\\magicJack.exe"=

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/7/2010 8:33 PM 28552]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/22/2009 4:25 PM 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/22/2009 4:25 PM 242896]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/30/2010 3:04 PM 308064]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 2:13 PM 38144]

R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [12/11/2009 9:33 PM 735232]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 3:52 PM 135664]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 4:02 PM 287232]

.

Contents of the 'Scheduled Tasks' folder

 

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:52]

 

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:52]

 

2010-07-10 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyServer = http=127.0.0.1:5577

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-10 21:09

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

@=""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

@=""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(856)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2010-07-10 21:11:00

ComboFix-quarantined-files.txt 2010-07-11 01:10

ComboFix2.txt 2010-07-10 22:42

 

Pre-Run: 13,843,918,848 bytes free

Post-Run: 13,826,760,704 bytes free

 

- - End Of File - - F97659395B0F7158E8B152A6ADA35E9E

Share this post


Link to post
Share on other sites

Here is the Kaspersky report----

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, July 12, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Monday, July 12, 2010 00:12:13

Records in database: 4231063

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

G:\

H:\

 

Scan statistics:

Objects scanned: 116355

Threats found: 2

Infected objects found: 3

Suspicious objects found: 0

Scan duration: 07:00:30

 

 

File name / Threat / Threats count

D:\WINDOWS\Temporary Internet Files\Content.IE5\CLIZO9QB\img[1] Infected: Trojan-Clicker.HTML.IFrame.aiw 1

D:\WINDOWS\Temporary Internet Files\Content.IE5\WPAVC1IV\img[1] Infected: Trojan-Clicker.HTML.IFrame.aiw 1

D:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:Monitor.Win32.Agent.c 1

 

Selected area has been scanned.

Share this post


Link to post
Share on other sites

And here is a new HJT log run after the other two scans were done----

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:53:24 AM, on 7/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\XP\Application Data\mjusbsp\magicJack.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Java\jre6\bin\java.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\XP\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238555054312

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238555048234

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

 

--

End of file - 8111 bytes

 

 

Do I have a big mess....?

Share this post


Link to post
Share on other sites

Also, something new has started to happen. When this computer starts up now, it brings up a blue screen with a message that says something about checking the D: disk consistency......then scans the D: drive I think. Then the computer starts up like normal after that.

 

What is happening now?

Share this post


Link to post
Share on other sites

Also, something new has started to happen. When this computer starts up now, it brings up a blue screen with a message that says something about checking the D: disk consistency......then scans the D: drive I think. Then the computer starts up like normal after that.

 

What is happening now?

Let's continue with instructions first, then if this reappears:

 

When it advised the disk needs to be checked is there and option to press any key to skip chkdisk?

 

Go to my computer icon, right click your C: drive/local drive. Select the tools tab, under error checking select "Check now". Check mark the box that reads " Scan for and attempt recovery of bad sectors " only; not the automatically fix box. Then hit start.

 

http://windows.microsoft.com/en-US/windows-vista/Check-your-hard-disk-for-errors

 

Do I have a big mess....?

I don't think so.

 

 

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.

 

 

**********

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

 

 

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

 

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

(Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly.)

 

 

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\"

(Description: Adobe reader startup - unnecessarily uses system resources.)

 

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Not required at bootup. Can be updated manually)

 

O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe

(Not required at bootup.)

 

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

(Not required - often infrequently used tasks that can be started manually, if necessary)

 

 

 

If there are internet issues afterward:

 

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

 

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

 

 

Download OTM by OldTimer Here & save it to your desktop.

  • Double click on OTM.exe to run it
  • Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error

 

:Files
D:\WINDOWS\Temporary Internet Files\Content.IE5\CLIZO9QB\img[1]
D:\WINDOWS\Temporary Internet Files\Content.IE5\WPAVC1IV\img[1]
D:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\documents and settings\XP\Local Settings\Application Data\cyqvpqoqt
c:\documents and settings\XP\Local Settings\Application Data\hfipygujl
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.

A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

 

 

 

 

In your next reply post:

OTM log

new HJT log

 

 

Please let me know how the computer is now.

Share this post


Link to post
Share on other sites

here is the otm log-----

 

All processes killed

Error: Unable to interpret <:FilesD:\WINDOWS\Temporary Internet Files\Content.IE5\CLIZO9QB\img[1]D:\WINDOWS\Temporary Internet Files\Content.IE5\WPAVC1IV\img[1]D:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLLc:\documents and settings\XP\Local Settings\Application Data\cyqvpqoqtc:\documents and settings\XP\Local Settings\Application Data\hfipygujl:Commands[purity][resethosts][emptytemp][EMPTYFLASH][Reboot]> in the current context!

 

OTM by OldTimer - Version 3.1.14.0 log created on 07122010_083824

Share this post


Link to post
Share on other sites

here is the new hjt log-----

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:41:21 AM, on 7/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\XP\Application Data\mjusbsp\st00000\mjsetup.exe

C:\Documents and Settings\XP\Application Data\mjusbsp\magicJack.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\XP\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238555054312

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238555048234

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

 

--

End of file - 7103 bytes

Share this post


Link to post
Share on other sites

The computer is definitely running faster and no blue screen came up when otm rebooted it.

 

Good deal!

 

We've got a copy and paste error from trying to run that last script for OTM, let's try it again.

 

When copying, do it one line at a time from the code box (including :Files) and paste it one line at a time into the Paste Instructions for Items to be Moved

 

 

  • Double click on OTM.exe to run it
  • Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error

 

:Files
D:\WINDOWS\Temporary Internet Files\Content.IE5\CLIZO9QB\img[1]
D:\WINDOWS\Temporary Internet Files\Content.IE5\WPAVC1IV\img[1]
D:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\documents and settings\XP\Local Settings\Application Data\cyqvpqoqt
c:\documents and settings\XP\Local Settings\Application Data\hfipygujl
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.

A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

 

 

 

 

In your next reply post:

OTM log

Share this post


Link to post
Share on other sites

new otm log---

 

All processes killed

========== FILES ==========

D:\WINDOWS\Temporary Internet Files\Content.IE5\CLIZO9QB\img[1] moved successfully.

D:\WINDOWS\Temporary Internet Files\Content.IE5\WPAVC1IV\img[1] moved successfully.

DllUnregisterServer procedure not found in D:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

D:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL moved successfully.

File/Folder c:\documents and settings\XP\Local Settings\Application Data\cyqvpqoqtc:\documents and settings\XP\Local Settings\Application Data\hfipygujl not found.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 180358 bytes

->Flash cache emptied: 1375 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 21074 bytes

->Flash cache emptied: 16856 bytes

 

User: XP

->Temp folder emptied: 110814353 bytes

->Temporary Internet Files folder emptied: 16973976 bytes

->Java cache emptied: 13888678 bytes

->Flash cache emptied: 62451 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2832913 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18865 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 520192 bytes

 

Total Files Cleaned = 141.00 mb

 

 

OTM by OldTimer - Version 3.1.14.0 log created on 07122010_093305

 

Files moved on Reboot...

C:\Documents and Settings\XP\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.

File C:\Documents and Settings\XP\Local Settings\Temp\~DFF013.tmp not found!

File C:\Documents and Settings\XP\Local Settings\Temp\~DFF01E.tmp not found!

File C:\Documents and Settings\XP\Local Settings\Temp\~DFF08E.tmp not found!

File C:\Documents and Settings\XP\Local Settings\Temp\~DFF099.tmp not found!

File C:\Documents and Settings\XP\Local Settings\Temp\~DFF19A.tmp not found!

File C:\Documents and Settings\XP\Local Settings\Temp\~DFF1A5.tmp not found!

C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\32MGLZ7G\index[5].php moved successfully.

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

OK, it worked this time.

 

Things look good to me, how are they on your end?

 

I think we're ready for final cleanup and preventive tips?

Share this post


Link to post
Share on other sites

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

 

Go to Start > Run > copy and paste the full text path in the run box

 

Start > Run & typing in ComboFix /Uninstall

 

Note the space between the x and the /U, it needs to be there.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

 

Your Emulation drivers are now re-enabled.

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Your good to go, good job!

 

 

Please take the time to read over a few of my preventive tips.

 

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

 

How to prevent Malware: Created by Miekiemoes

 

Here are some additional utilities that will further enhance your safety.

# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

Scan your computer regularly for malware

Scan on a regular basis to keep your computer clean, free software such as Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware-

Please note that these products can also be run as free without a licience as a scan on demand scanner.

 

Backup regularly

 

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

 

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

 

Avoid P2P

 

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

 

Please read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

 

Free Antivirus-AntiSpyware-Firewall Software

 

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

Slow Computer May Not Be Malware Related, Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html

 

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

This site offers people who have been (or are) victims of malware the opportunity to document their story.

 

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

Share this post


Link to post
Share on other sites

oh dear, i'm already confused on the first step.....

 

it says

"Go to Start > Run > copy and paste the full text path in the run box

 

Start > Run & typing in ComboFix /Uninstall"

 

 

What is the "full text path"? What do I "copy/paste"?

 

Are the above two separate steps or is the second one a repetition of the first, except it says 'typing in' instead of copy/paste?

Share this post


Link to post
Share on other sites

Go to Start > Run > now copy and paste

 

ComboFix /Uninstall

 

in the run box that opens

Note the space between the x and the /U, it needs to be there.

 

 

Help?

Share this post


Link to post
Share on other sites

I did the combofix uninstall, the defogger, and the otc.

 

What about removing the hjt folder?

 

...and the second IE that one of the things put on my computer (you had mentioned it would be gone after we were done).

 

I assume it is ok to delete all the log text files that were saved to my desktop??

Share this post


Link to post
Share on other sites

I did the combofix uninstall, the defogger, and the otc.

 

What about removing the hjt folder?

 

...and the second IE that one of the things put on my computer (you had mentioned it would be gone after we were done).

 

I assume it is ok to delete all the log text files that were saved to my desktop??

 

The exra IE icon is still there?

After you ran CF Uninstall did you reboot the computer?

 

those logs are OK to delete now.

Share this post


Link to post
Share on other sites

yes, i did reboot after doing the cf uninstall. cf didn't do it, but since you mentioned that cf would do it, i figured i should do it anyway, so i did.

Share this post


Link to post
Share on other sites

Click on both and make sure both function....

 

If both are the same, just right click on one and send it to the recycle bin.

Share this post


Link to post
Share on other sites

Everthing seems fine now! THANK YOU, THANK YOU SO VERY VERY MUCH!!!!! Your time and knowledge are SINCERELY appreciated, by me, and I'm sure by all the others you help. Thank you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...