Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

I did an oops, how do repair it?


Recommended Posts

Hi Ulfhere,

Try to download it again, most probably you have clicked on a sponsored link by mistake.

 

After clicking on Download@MajorGeeks at that linked page,

click the yellow band on top before saving the file to let IE to download the messengerdisable.zip file.

 

Cheers.

 

EDIT

Click HERE .

 

Cheers.:smile:

Link to comment
Share on other sites

After deleting windows messenger:

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)

 

have disappeared.

 

Trend micro report.

 

 

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

7-Zip 4.65

Adobe Flash Player 10 ActiveX

Adobe Reader 9.3.3

Advanced SystemCare 3

AVG Free 9.0

Bicycle® Bridge

Broadcom Management Programs

Conexant D850 56K V.9x DFVc Modem

Critical Update for Windows Media Player 11 (KB959772)

Dell Driver Reset Tool

getPlus®_ocx

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Image Expert

Intel® Extreme Graphics Driver

Internet Explorer Default Page

Jasc Paint Shop Pro 8 Dell Edition

Java 6 Update 7

Linksys Wireless-G PCI Adapter with SRX

Malwarebytes' Anti-Malware

MediaRing Talk Release 7.2.026

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML4 Parser

Nikon Message Center

OpenMG Limited Patch 4.4-06-13-19-01

OpenMG Secure Module 4.4.00

PowerDVD

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Skype™ 4.1

SUPERAntiSpyware

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Outlook 2007 Junk Email Filter (kb976884)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

WordPerfect Office 12

 

 

Lastly, anticipated you many need this from Trend:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:00:25 PM, on 7/26/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (filesize 1619296 bytes, MD5 9709500432501607C7DD32B9F2B07E1F)

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (filesize 169984 bytes, MD5 A81135541C9D4EBCE43EFA8AD31395B4)

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeC:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (filesize 604056 bytes, MD5 E003E1BE8780DD39DF02C3F06CDEDF04)

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (filesize 604056 bytes, MD5 E003E1BE8780DD39DF02C3F06CDEDF04)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll (filesize 1499136 bytes, MD5 26CB10FA893F940AB09713FF46DCDADE)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll (filesize 1499136 bytes, MD5 26CB10FA893F940AB09713FF46DCDADE)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (filesize 39464 bytes, MD5 AEF204E782BFA2C8448CB43A58960744)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (filesize 178040 bytes, MD5 68747446F9D982938DB6B110F2908271)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (filesize 91488 bytes, MD5 3D9895B981AFAC3CE2ABE9C0A63D949A)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (filesize 1959208 bytes, MD5 1E79B48BC50B99FDC0066860BCEFBC23)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLC:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllC:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgwdsvc.exe

 

--

End of file - 5264 bytes

Link to comment
Share on other sites

The reason why the scans are taking so long is probably because of the small amount of free space you have. You didn't tell me the size of your HDD. You're going to have to find a way to get more free space. You can uninstall these:

 

Java 6 Update 7

Malwarebytes' Anti-Malware

SUPERAntiSpyware

Viewpoint Media Player

 

=====================================

It's very important that you fix these lines in HJT.

 

Open HijackThis and select Do a system scan only

 

Place a check mark next to the following entries: (if there)

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5643

 

Important: Close all open windows except for HijackThis and then click Fix checked.

 

Once completed, exit HijackThis.

 

=====================================

 

Please run the Security Check as outlined in Reply # 24

Link to comment
Share on other sites

Unfortunately, I inherited this computer from my late uncle. He knew absolutely nothing about computers. He put a ton of photos and video on his 36 GB harddrive with his 256 RAM. He had more garbage on here which infected his computer that I am still clearing out. I just bought a dvd burner for it to clear out the photos, but it is not compatable without some more parts. Hopefully I can order them tomorrow. My computer (not this one) I parted out to get this one running because it was a newer machine. On that computer I have a 40 GB harddrive and never got over half the storage.

 

Since the photos are only on this computer, I can't delete them to make this easier on me. That is also why the scans took so long is due to how many files are on it. I'd say at least 27MB of the data on the hard drive is photos and video.

Link to comment
Share on other sites

Still have the virus.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:04:25 PM, on 7/27/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

 

--

End of file - 4000 bytes

 

 

See something in this last report?

Link to comment
Share on other sites

You could always put the 40 gb in as a slave and use it for storage. Just a matter of opening the case and hooking it up.

 

Still have the virus

What makes you say that?

 

See something in this last report?

Some of the bad stuff is gone.

 

These two programs should get you some space.

 

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

 

===============================

 

Please download PureRa by RaProducts from HERE

  • First, unzip the program.
  • Double click Purera.exe to open it.
  • When it opens, click the "Next" button to open up a menu of options.
  • Tick the box that says "Check All" and make sure the "Create Log" option is also checked.
  • Then press the "Clean" button to start the cleaning process.
  • It may look like nothing is happening, but let it run.
  • After it's done, it will make a log file of what it has removed.
  • Paste the log back here.

================================

 

Download ComboFix by sUBs from one of the below links.

 

Important! You MUST save ComboFix to your desktop

 

link # 1

Link # 2

 

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Double click on ComboFix.exe & follow the prompts.

 

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

When the scan completes it will open a text window.

 

Post the contents of that log in your next reply.

 

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

Link to comment
Share on other sites

PureRa

 

RaProducts' PureRa v1.6

Log created at 12:59 on 28/07/2010 (Maxwell Anderson)

 

C:\Config.MSI emptied.

C:\WINDOWS\system32\FNTCACHE.DAT <- Successfully deleted.

Recycle bin emptied.

C:\WINDOWS\SoftwareDistribution\DataStore\Logs emptied.

C:\WINDOWS\SoftwareDistribution\Download emptied.

C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default emptied.

C:\WINDOWS\SoftwareDistribution\WuRedir emptied.

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log <- The process cannot access the file because it is being used by another process.

C:\DOCUME~1\MAXWEL~1\LOCALS~1\Temp emptied.

C:\WINDOWS\TEMP emptied.

C:\WINDOWS\$NtServicePackUninstall$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB873339$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB885835$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB885836$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB923723$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB932823-v3$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB938464$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB938464_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941644$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941693$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB943055$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB943485$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB945553$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB946026$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB946648$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB946648_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB948590$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB948881$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950749$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950762$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950762_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950974$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950974_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951066$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951066_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951072-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951376-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951376-v2_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951698$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951698_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951748$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951748_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951978$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952287$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952287_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952954$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952954_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954211$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954211_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954600$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954600_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955069$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955069_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955759$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955839$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956802$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956802_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956803$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956803_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956841$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956841_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB957095$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB957095_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB957097$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB957097_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958644$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958644_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958687$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958687_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB959772_WM11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB967715$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB968389$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB970653-v3$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971737$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973687$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973815$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB976098-v2$ <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\mofcomp.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemcore.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemcore.lo_ <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemess.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemprox.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wmiadap.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wmiprov.log <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\Desktop\Pic1Complete\my pics\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\Desktop\Pic2Complete\misc\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\Desktop\Text&Pic1\Dr. Anderson & Assoc\DMAA\letter from marilyn_files\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\Desktop\Text&Pic1\Image Expert Images\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\Desktop\Text&Pic1\Image Expert Images\renaissance faire ga\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\Desktop\Text&Pic1\Jenn's Halloween Pics\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\Desktop\Text&Pic1\SCC Presentation\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\Desktop\Text&Pic1\stage door 2008\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\Local Settings\Application Data\IconCache.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\My Documents\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\My Documents\My Music\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\My Documents\My Music\music\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\My Documents\My Music\My Videos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\My Documents\My Pictures\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\My Documents\My Pictures\jocelyn pics\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\My Documents\My Pictures\lebuzz 2008\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\My Documents\My Pictures\Nikon Transfer\001_01\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Maxwell Anderson\My Documents\My Pictures\PictureProject\pics of me n friends\Thumbs.db <- Successfully deleted.

C:\I386\IconCache.db <- Successfully deleted.

C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\IconCache.db <- Successfully deleted.

 

Total space cleaned: 542621693 bytes

 

-=E.O.F=-

Link to comment
Share on other sites

Had a variety of issues, automatic updates downloaded Inter Explorer 8. Some component was not downloaded or blocked by the virus so I lost internet access. Tried multiple methods to repair it. I finally deleted IE8, and found the file to restore 7. Began running the program, but it was running extremely slow. It said it would take about 10 min to run but after 30 min still wasn't completed. I am afraid it is going to run 5 hrs like the other program so I stopped it. I'll run it when I go to bed.

Link to comment
Share on other sites

  • 3 weeks later...

ComboFix 10-08-16.04 - Maxwell Anderson 08/17/2010 7:06.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.685 [GMT -4:00]

Running from: c:\documents and settings\Maxwell Anderson\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\MAXWEL~1\LOCALS~1\Temp\3BC8.tmp

c:\documents and settings\Maxwell Anderson\Local Settings\Application Data\{6091DC9D-5A25-4EF3-9D03-84C13630DA3B}

c:\documents and settings\Maxwell Anderson\Local Settings\Application Data\{6091DC9D-5A25-4EF3-9D03-84C13630DA3B}\chrome.manifest

c:\documents and settings\Maxwell Anderson\Local Settings\Application Data\{6091DC9D-5A25-4EF3-9D03-84C13630DA3B}\chrome\content\_cfg.js

c:\documents and settings\Maxwell Anderson\Local Settings\Application Data\{6091DC9D-5A25-4EF3-9D03-84C13630DA3B}\chrome\content\overlay.xul

c:\documents and settings\Maxwell Anderson\Local Settings\Application Data\{6091DC9D-5A25-4EF3-9D03-84C13630DA3B}\install.rdf

c:\documents and settings\Maxwell Anderson\Local Settings\Temp\3BC8.tmp

c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server

c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf

c:\windows\system32\Sp3.dll

 

.

((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))

.

 

2010-07-28 14:35 . 2008-04-14 00:11 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-07-28 14:35 . 2008-04-14 00:11 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll

2010-07-26 20:04 . 2010-07-26 20:29 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-26 19:42 . 2010-07-26 19:42 -------- d--h--w- c:\windows\PIF

2010-07-26 08:37 . 2010-07-26 08:37 -------- d-----w- c:\program files\Trend Micro

2010-07-26 07:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-26 07:29 . 2010-07-26 07:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-26 07:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-26 01:44 . 2010-07-26 01:44 63488 ----a-w- c:\documents and settings\Maxwell Anderson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-07-26 01:44 . 2010-07-26 01:44 52224 ----a-w- c:\documents and settings\Maxwell Anderson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-07-26 01:43 . 2010-07-26 01:43 117760 ----a-w- c:\documents and settings\Maxwell Anderson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-07-26 01:42 . 2010-07-26 01:42 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-07-26 01:42 . 2010-07-26 01:42 -------- d-----w- c:\documents and settings\Maxwell Anderson\Application Data\SUPERAntiSpyware.com

2010-07-26 01:42 . 2010-07-26 01:42 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-07-25 21:37 . 2010-07-25 21:37 1615200 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-25 21:37 . 2010-07-25 21:37 1107296 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-25 21:37 . 2010-07-25 21:37 4368224 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-25 21:27 . 2010-07-25 21:27 -------- d-----w- c:\documents and settings\Maxwell Anderson\Application Data\Windows Search

2010-07-25 21:24 . 2010-07-25 21:24 -------- d-----w- c:\documents and settings\Maxwell Anderson\Application Data\Windows Desktop Search

2010-07-25 21:14 . 2010-07-25 21:14 -------- dc----w- C:\$AVG

2010-07-25 21:07 . 2010-07-25 21:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-25 21:07 . 2010-07-25 21:07 243024 -c--a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-25 21:07 . 2010-07-25 21:07 216400 -c--a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-25 21:07 . 2010-07-25 21:07 29584 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-07-25 21:07 . 2010-08-16 21:15 -------- d-----w- c:\windows\system32\drivers\Avg

2010-07-25 21:02 . 2010-07-26 08:33 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-25 02:26 . 2010-07-25 02:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-07-25 01:12 . 2010-07-25 01:12 -------- d-----w- c:\program files\Windows Desktop Search

2010-07-25 01:12 . 2010-07-25 01:12 -------- d-----w- c:\windows\system32\GroupPolicy

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-17 10:06 . 2010-02-25 00:35 -------- d-----w- c:\documents and settings\Maxwell Anderson\Application Data\Skype

2010-07-26 19:56 . 2004-10-15 20:53 -------- d-----w- c:\program files\Common Files\Real

2010-07-25 21:02 . 2008-10-26 01:28 -------- d-----w- c:\program files\AVG

2010-07-25 19:23 . 2010-06-26 01:15 120 ----a-w- c:\windows\Efirunumulopocit.dat

2010-07-25 08:01 . 2010-06-26 01:15 0 ----a-w- c:\windows\Omuzobog.bin

2010-07-24 08:42 . 2010-01-30 08:06 -------- d-----w- c:\documents and settings\Maxwell Anderson\Application Data\skypePM

2010-07-15 15:49 . 2010-07-14 20:41 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-15 14:31 . 2010-07-15 14:31 -------- d-----w- c:\documents and settings\Maxwell Anderson\Application Data\Uniblue

2010-07-13 23:32 . 2004-12-23 01:15 -------- d-----w- c:\program files\Common Files\Adobe

2010-07-10 13:28 . 2009-08-29 18:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-01 19:04 . 2004-12-23 00:09 100520 -c--a-w- c:\documents and settings\Maxwell Anderson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2005-06-25 04:36 . 2005-06-24 10:57 848 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-25 2065760]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-25 21:07 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Network Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk

backup=c:\windows\pss\Wireless Network Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxwell Anderson^Start Menu^Programs^Startup^..]

path=c:\documents and settings\Maxwell Anderson\Start Menu\Programs\Startup\..

backup=c:\windows\pss\..Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxwell Anderson^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Maxwell Anderson\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxwell Anderson^Start Menu^Programs^Startup^scandisk.dll]

path=c:\documents and settings\Maxwell Anderson\Start Menu\Programs\Startup\scandisk.dll

backup=c:\windows\pss\scandisk.dllStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxwell Anderson^Start Menu^Programs^Startup^scandisk.lnk]

path=c:\documents and settings\Maxwell Anderson\Start Menu\Programs\Startup\scandisk.lnk

backup=c:\windows\pss\scandisk.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\notepad]

. [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2010-01-06 20:33 2335952 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

2006-10-23 12:50 71216 -c--a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

2007-10-08 21:50 41824 ----a-w- c:\program files\Common Files\AOL\1131288590\ee\aolsoftware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-10-19 12:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-10-19 12:59 155648 -c--a-w- c:\windows\SYSTEM32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WMP54GXSVC"=2 (0x2)

"WANMiniportService"=2 (0x2)

"SPTISRV"=3 (0x3)

"PACSPTISVR"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"MSCSPTISRV"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

"IDriverT"=3 (0x3)

"WinDefend"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\America Online 9.0a\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1131288590\\ee\\aolsoftware.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [7/25/2010 5:07 PM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/25/2010 5:07 PM 243024]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/25/2010 5:05 PM 308136]

S3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys --> c:\windows\system32\Drivers\toywdm.sys [?]

S4 WMP54GXSVC;WMP54GXSVC;c:\program files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe [2/23/2010 10:02 AM 41025]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.aol.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

.

- - - - ORPHANS REMOVED - - - -

 

SafeBoot-WinDefend

MSConfigStartUp-Fmozawosafuz - c:\windows\ayekudegem.dll

MSConfigStartUp-Hregiwitatuxof - c:\windows\wmbhset.dll

MSConfigStartUp-jwjwbsbp - c:\documents and settings\Maxwell Anderson\Local Settings\Application Data\sxsbhdlqs\aijnnkbtssd.exe

MSConfigStartUp-Lexmark 1200 Series - c:\program files\Lexmark 1200 Series\lxczbmgr.exe

MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe

MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe

MSConfigStartUp-njphrqet - c:\documents and settings\Maxwell Anderson\Local Settings\Application Data\rcpqopnmd\udunxqntssd.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

MSConfigStartUp-tthvckld - c:\documents and settings\Maxwell Anderson\Local Settings\Application Data\qfihbbmho\trvwbhytssd.exe

MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-17 07:16

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(792)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

- - - - - - - > 'explorer.exe'(3760)

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\program files\AVG\AVG9\avgnsx.exe

.

**************************************************************************

.

Completion time: 2010-08-17 07:27:35 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-17 11:27

 

Pre-Run: 1,897,549,824 bytes free

Post-Run: 3,028,865,024 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

- - End Of File - - 06B713141EF690D112C8EFB968A10449

Link to comment
Share on other sites

It's been so long; how's your computer running.

 

Re-running ComboFix to remove infections:

 

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
     
    File::
    c:\windows\Efirunumulopocit.dat
    c:\windows\Omuzobog.bin
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe
     
    http://img19.imageshack.us/img19/5660/cfscriptb4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log from this script.

 

***************************************

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

C:\virus.400906875 probably a variant of Win32/Agent.DJDCXAZ trojan cleaned by deleting - quarantined

C:\virus.400908968 probably a variant of Win32/Opachki.I trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Maxwell Anderson\Local Settings\Application Data\{6091DC9D-5A25-4EF3-9D03-84C13630DA3B}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan cleaned by deleting - quarantined

 

 

ComboFix ran much faster.

ESETScan ran faster than when I first ran Combofix but still took hours to complete.

Link to comment
Share on other sites

I still keep getting odd errors after each cleaning

 

The most recent is:

 

Internet Explorer cannot open the site http//www.<insert site>.com/.

Operation aborted

 

This is occurring on sites I have been able to go to before that should be safe such as a retail store's website from a national chain.

Link to comment
Share on other sites

I cleared a little more space but I still get the error message. Otherwise, I have not been running slow except for these Anti-Virus programs. Have not deleted them since I did not want to redownload them until we were finished. That last one quarantined the viruses. Didn't know if the viruses would be released in any of these programs if we did not go back and delete them.

Link to comment
Share on other sites

Download the Fix IE Utility to your desktop.

 

Before running the utility, make sure that all your Internet Explorer windows are closed!

 

* Extract the contents of the .zip file to your desktop.

* Double click the Fix IE Utility button to run the tool.

* Click Run Utility

* Click OK when you see 'Re-registered all files'

* Open Internet Explorer and see how it works.

Link to comment
Share on other sites

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.

* Now type Combofix /uninstall in the runbox

* Make sure there's a space between Combofix and /Uninstall

* Then hit Enter

 

* The above procedure will:

* Delete the following:

* ComboFix and its associated files and folders.

* Reset the clock settings.

* Hide file extensions, if required.

* Hide System/Hidden files, if required.

* Set a new, clean Restore Point.

*********************************************

Download OTC by OldTimer and save it to your desktop.

 

1. Double-click OTC to run it.

2. Click the CleanUp! button.

3. Select Yes when the "Begin cleanup Process?" prompt appears.

4. If you are prompted to Reboot during the cleanup, select Yes

5. OTC should delete itself once it finishes, if not delete it yourself.

 

***********************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

 

*****************************************

 

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

****************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...