Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91979 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Windows Police Pro and Blue Screen of Death


  • This topic is locked This topic is locked
60 replies to this topic

#46 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 28 September 2009 - 10:33 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    proquota.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

    Advertisements

Register to Remove


#47 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 28 September 2009 - 10:46 PM

Here is the system look txt SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 21:42 on 28/09/2009 by Owner (Administrator - Elevation successful) ========== filefind ========== Searching for "proquota.exe" C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe --a--- 50176 bytes [05:27 17/08/2008] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8 -=End Of File=- Fred

#48 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 28 September 2009 - 10:55 PM

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    SkipFix::
    
    FCopy::
    C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe | c:\windows\system32\proquota.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#49 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 28 September 2009 - 11:10 PM

Here's the next CF.txt file

ComboFix 09-09-28.01 - Owner 09/28/2009 22:03.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1527.825 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: E:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-29 05:03 . 2009-09-29 05:03 -------- d-----w- c:\windows\LastGood
2009-09-29 05:03 . 2004-08-04 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-29 05:03 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-29 04:20 . 2009-09-29 04:21 -------- d-----w- C:\New Folder
2009-09-26 06:33 . 2009-09-26 06:33 -------- d-----w- C:\found.000
2009-09-24 05:57 . 2009-09-24 05:14 71680 ----a-w- C:\mbr.exe
2009-09-13 05:42 . 2009-09-13 05:42 -------- d-----w- c:\documents and settings\Cory\Application Data\Malwarebytes
2009-09-12 04:24 . 2009-09-12 04:24 -------- d-----w- c:\documents and settings\Freddie\Application Data\Malwarebytes
2009-09-09 04:57 . 2009-09-09 04:57 -------- d-----w- c:\documents and settings\Owner\Application Data\GOL_byHasbro
2009-09-09 04:47 . 2009-09-09 04:47 -------- d-----w- C:\GameHouse Games
2009-09-09 04:45 . 2009-09-09 04:45 -------- d-----w- c:\program files\RealArcade
2009-09-07 17:57 . 2009-09-07 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\kds_kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 04:05 . 2008-05-27 03:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 21:54 . 2008-08-17 19:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2008-05-27 03:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 04:24 . 2008-09-07 04:19 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 04:41 . 2007-01-23 22:27 -------- d-----w- c:\program files\IKEA HomePlanner
2009-09-07 23:46 . 2006-09-17 17:57 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-09-07 21:57 . 2004-11-16 04:32 -------- d-----w- c:\program files\Notebook Maximizer
2009-09-07 18:22 . 2008-08-17 20:53 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2009-08-29 03:31 . 2007-07-04 15:49 37592 -c--a-w- c:\documents and settings\Freddie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 05:46 . 2008-01-01 21:37 37592 ----a-w- c:\documents and settings\Cory\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 02:24 . 2006-08-25 20:58 37592 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 10:16 . 2009-08-25 10:16 -------- d-----w- c:\program files\MSBuild
2009-08-25 10:16 . 2009-08-25 10:16 -------- d-----w- c:\program files\Reference Assemblies
2009-08-25 10:03 . 2009-08-25 10:03 -------- d-----w- c:\program files\MSXML 6.0
2009-08-25 03:26 . 2008-10-27 01:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 03:26 . 2008-10-27 01:38 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 03:26 . 2008-10-27 01:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-18 18:04 . 2009-08-18 18:04 -------- d-----w- c:\program files\Marvell
2009-08-06 08:10 . 2009-08-06 08:10 282624 ----a-w- c:\windows\system32\yk51x86.dll
2009-08-06 08:10 . 2004-11-16 03:20 297728 ----a-w- c:\windows\system32\drivers\yk51x86.sys
2009-08-05 09:11 . 2004-11-15 23:32 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-11-15 23:32 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-11-15 23:33 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2008-02-10 04:01 . 2008-02-10 04:01 10752 --sha-w- c:\program files\Thumbs.db
2007-12-10 02:53 . 2007-12-10 02:41 1679619 ----a-w- c:\program files\Uninst.isu
2006-10-21 16:09 . 2006-10-21 16:09 985904 ----a-w- c:\program files\FreecorderSetup.exe
2001-09-02 00:01 . 2007-12-10 02:43 1486848 ----a-r- c:\program files\TONKA Monster Trucks.exe
2001-08-31 05:59 . 2007-12-10 02:43 21139 ------w- c:\program files\Readme.txt
2001-08-28 02:14 . 2007-12-10 02:43 40960 ------w- c:\program files\TONKA MONSTER TRUCKS Install Guide.DOC
2001-08-15 22:39 . 2007-12-10 02:43 2202 ------w- c:\program files\Tonka Monster Trucks.ico
.

((((((((((((((((((((((((((((( SnapShot@2009-09-29_03.12.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-29 05:03 . 2008-04-14 00:12 50176 c:\windows\LastGood\system32\proquota.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 01:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 16:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 94208]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-06 184320]
"AGRSMMSG"="c:\windows\AGRSMMSG.exe" [2004-10-28 88363]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 73728]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"TPSMain"="c:\windows\system32\TPSMain.exe" [2004-08-27 278528]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-01-27 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-01-27 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-01-27 356352]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-25 2007832]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-11-13 1052672]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-12-15 368640]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 135168]
"PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 634949]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"TFncKy"="TFncKy.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-12-7 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2006-01-27 13:12 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 03:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TONKA« Construction 2 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\TONKA« Construction 2 Registration.lnk
backup=c:\windows\pss\TONKA« Construction 2 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/26/2008 6:38 PM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/26/2008 6:38 PM 297752]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [12/13/2007 12:07 PM 18944]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [3/5/2004 12:53 PM 204816]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [2/17/2004 3:57 PM 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/5/2004 12:53 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [2/17/2004 3:58 PM 204873]
.
Contents of the 'Scheduled Tasks' folder

2009-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 22:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3104)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2009-09-29 22:05
ComboFix-quarantined-files.txt 2009-09-29 05:05
ComboFix2.txt 2009-09-29 04:17
ComboFix3.txt 2009-09-29 03:17

Pre-Run: 21,402,832,896 bytes free
Post-Run: 21,385,822,208 bytes free

190 --- E O F --- 2009-09-09 05:16


Fred

#50 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 28 September 2009 - 11:12 PM

1) MBAM
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

2) ESET
You can use either Internet Explorer or Mozilla FireFox for this scan.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

3) What You Will Need To Post:
  • MBAM log
  • ESET log
  • Contents of C:\Qoobox\Add-Remove Programs.txt

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#51 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 28 September 2009 - 11:33 PM

Here's the MBAM log, good stuff!! Will continue with ESET. Malwarebytes' Anti-Malware 1.41 Database version: 2870 Windows 5.1.2600 Service Pack 2 9/28/2009 10:29:08 PM mbam-log-2009-09-28 (22-29-08).txt Scan type: Quick Scan Objects scanned: 121259 Time elapsed: 5 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Want to thank you for sticking with this, it's been a real pain and I wasn't sure we were going to get there, it looks promising from what my untrained eye is seeing but we're now getting success in the malware tools to eradicate. Fred

#52 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 29 September 2009 - 01:19 AM

Here's the ESET log and the Qoobox file requested. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=3a07b283b7de5444b9d9192cdbf30adf # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-09-29 07:06:56 # local_time=2009-09-29 12:06:56 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1026 37 83 100 30372383851078 # scanned=153229 # found=22 # cleaned=0 # scan_time=5043 C:\Documents and Settings\All Users\Desktop\Downloads\OmarSharifBridgeII-dm[1].exe Win32/Adware.Trymedia application 00000000000000000000000000000000 I C:\My Downloads\adam lambert ring of fire - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\My Downloads\Software\1 CLICK DVD COPY PRO 2006 v.2.1.0.5 retail crack included (4.41 mb).zip a variant of Win32/HackTool.Patcher.A application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\[4]-Submit_2009-09-28_21.02.00.zip probably a variant of Win32/Olmarik.MT trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\dbsinit.exe.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\svchast.exe.vir Win32/Adware.WindowsAntivirusPro application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir a variant of Win32/Kryptik.YQ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkybpkbwute.dll.vir Win32/Olmarik.MF trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\net.net.vir Win32/TrojanClicker.Punad.AA trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gasfkyrnsixdny.sys.vir probably a variant of Win32/Olmarik.MT trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gasfkywxwheexy.sys.vir probably a variant of Win32/Olmarik.MT trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACyuijpyxevr.sys.vir a variant of Win32/Olmarik.HI trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP601\A0137217.sys probably a variant of Win32/Olmarik.MT trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP601\A0137218.sys probably a variant of Win32/Olmarik.MT trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP601\A0137221.dll Win32/Olmarik.MF trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP603\A0137642.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP603\A0137643.exe Win32/Adware.WindowsAntivirusPro application 00000000000000000000000000000000 I C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP603\A0137645.sys probably a variant of Win32/Olmarik.MT trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP603\A0137646.sys a variant of Win32/Olmarik.HI trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP603\A0137649.dll a variant of Win32/Kryptik.YQ trojan 00000000000000000000000000000000 I 1001 Ultimate Word Games 7-Zip 4.65 Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Reader 8 Adobe Shockwave Player Adobe® Photoshop® Album Starter Edition 3.0 aiofw aioocr aioprnt aioscnnr AnswerWorks 4.0 Runtime - English AOL Toolbar AOL You've Got Pictures Screensaver Apple Mobile Device Support Apple Software Update ArcSoft Software Suite Ask Toolbar AT&T Connection Services Manager Audit Support Center 1.0 AVG Free 8.5 Azureus Azureus Launcher Bejeweled 2 Deluxe 1.0 Bonjour BookWorm Deluxe 1.03 Bugdom v1.24 Buzz Lightyear of Star Command CD/DVD Drive Acoustic Silencer Cda Product Service - shared component center Checkers Colors of War Special Edition Creative MediaSource Creative Removable Disk Manager Creative System Information Creative Zen Sleek (for PlaysForSure devices) Critical Update for Windows Media Player 11 (KB959772) DiMAGE Master Lite Disney's Extremely Goofy Skateboarding DivX Content Uploader DivX Web Player DVD-RAM Driver ebgcInfra ebgcRes ebgcSDK EPSON ESPR220 Reference Guide EPSON Print CD EPSON Printer Software ERUNT 1.1j ESET Online Scanner FinePixViewer Ver.4.2 Foto Breakout Four Field Kono Freecorder 2.3 (with Skype Call Recording) FUJIFILM USB Driver Galaxy of Games 201 GameHouse Halma Help_CTR helptut helpug Hijackthis 1.99.1 Hot Wheels™ Velocity X Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hoyle Card Games 2005 HP Deskjet 3840 HP Software Update IKEA Home Planner ImageMixer VCD2 for FinePix Intel® Graphics Media Accelerator Driver for Mobile Intel® PROSet/Wireless Software InterActual Player InterVideo WinDVD Creator 2 InterVideo WinDVD for TOSHIBA iTunes IZArc 4.0 beta 1 J2SE Runtime Environment 5.0 Jigsaw USA Special Edition K-Lite Codec Pack 2.74 Full Kaspersky Online Scanner KODAK All-in-One Printer Software ksdip Learn2 Player (Uninstall Only) LEGO Digital Designer Marvell Miniport Driver mCore mDrWiFi mEoU.msi mHelp Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 5.5 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Live Meeting 2005 Microsoft Office OneNote 2003 Microsoft Office Standard Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works MicroStaff WINASPI Mini Car Racing mIWA mIWCA mLogView mMHouse Morris mPfMgr mPfWiz MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6 Service Pack 2 (KB954459) mXML MyPublisher BookMaker mZConfig Nero 7 Ultra Edition netbrdg NickToons Winners Cup Racing Notebook Maximizer PageFix 2.0 PC Pitstop Optimize2 2.0 Petz 5 Pokémon Masters Arena Punch! Professional Home Design - Platinum Pure Networks Network Magic Putt-Putt Travels Through Time Quicken 2005 QuickTime RadLight 4.0 FINAL RAW FILE CONVERTER LE RC Daredevil RealPlayer Scooby-Doo™, Case File #1 The Glowing Bug Man SD Secure Module Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) SFR SkyTeam Travel Timetable Sonic DLA Sonic RecordNow! SoundMAX SpongeBob SquarePants® Operation Krabby Patty Spybot - Search & Destroy 1.4 Super 1 Karting Synaptics Pointing Device Driver Tafl Tetris (remove only) Texas Instruments PCIxx21/x515 drivers. The Digital Arts and Crafts Studio THE GAME OF LIFE™ by Hasbro The Incredibles - When Danger Calls TicTacToe TIxx21/x515 Tonka Construction 2 Tonka Power Tools TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Controls TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Saver Toshiba Registration TOSHIBA SD Memory Card Format TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 Toshiba Tbiosdrv Driver TOSHIBA TouchPad ON/Off Utility TOSHIBA Utilities TOSHIBA Virtual Sound TOSHIBA Zooming Utility Touch and Launch Trend Micro Antivirus Trojan Remover 6.7.9 TurboTax 2008 TurboTax 2008 wcaiper TurboTax 2008 WinPerFedFormset TurboTax 2008 WinPerProgramHelp TurboTax 2008 WinPerReleaseEngine TurboTax 2008 WinPerTaxSupport TurboTax 2008 WinPerUserEducation TurboTax 2008 wrapper TurboTax Deluxe Deduction Maximizer 2006 TurboTax ItsDeductible 2005 TurboTax ItsDeductible 2006 TurnOff Uninstall TONKA Monster Trucks Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB973815) Viewpoint Media Player WebFldrs XP WexTech AnswerWorks Wild Wheels Special Edition Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Live OneCare safety scanner Windows Media Connect Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB884018 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver That's it for me tonite. Thanks Fred

#53 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 29 September 2009 - 01:45 AM

1) Batch File
Launch Notepad, and copy/paste everything in the codebox below into the new document. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as runme.bat.

@echo off
if exist results.txt del results.txt
FOR %%H IN (
"C:\Documents and Settings\All Users\Desktop\Downloads\OmarSharifBridgeII-dm[1].exe"
"C:\My Downloads\adam lambert ring of fire - best track ever.mp3"
"C:\My Downloads\Software\1 CLICK DVD COPY PRO 2006 v.2.1.0.5 retail crack included (4.41 mb).zip"
) DO (
attrib -r -h -s %%H
del /q /f %%H >> results.txt 2>>&1
)
del %0
Locate runme.bat on your desktop, and double click it to run the fix. Post results.txt that it should create.

2) P2P Warning
P2P - I see you have P2P software (Azureus) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

3) Update Adobe Reader
Your current version of Adobe Reader is out of date, and may contain security issues. Please uninstall the version you have now from Add/Remove programs, and then download and install the latest Adobe Reader.

4) Update Java
Your version of Java is outdated.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

5) What You Will Need To Post:
  • Results.txt
  • If your are still experiencing any issues

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#54 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 29 September 2009 - 09:58 PM

Here's the results from the scan. Could Not Find C:\My Downloads\Software\1 CLICK DVD COPY PRO 2006 v.2.1.0.5 retail crack included (4.41 mb).zip I saw the results and tried again here it is. Could Not Find C:\Documents and Settings\All Users\Desktop\Downloads\OmarSharifBridgeII-dm[1].exe Could Not Find C:\My Downloads\adam lambert ring of fire - best track ever.mp3 Could Not Find C:\My Downloads\Software\1 CLICK DVD COPY PRO 2006 v.2.1.0.5 retail crack included (4.41 mb).zip Await your thoughts. BTW, I can go to the software folder and find 1 CLICK DVD COPY PRO 2006 v.2.1.0.5 retail crack included (4.41 mb).zip, is it something i should delete or do I get the same effect? I can't find the exact adam lambert file, I find Adam Lambert - Ring of Fire [Studio Version American Idol Performance Top 11 Week].mp3 I go thru the above link and I don't find the exact file, I find OmarSharifBridgeII.exe. Just thought i'd pass this on. Just started using the computer and it starts up fine. Still haven't initiated AVG Resident shield. I'm notusing the other computer, I'm on it now. Been going into task manager and looking at apps for police pro and process' for svchast and they're not there.

#55 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 30 September 2009 - 12:24 AM

That's fine - they're gone now. :) In that case... congratulations!

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Posted Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

You may delete all the programs we used, except MBAM. Run that weekly to pick up anything before you become aware of it.

How to reduce your chances of infection in the future

Web Browsers
Internet Explorer does come pre-installed with all Windows machines - but this doesn't necessarily mean you have to use it! Because it is the most widely used browser, it is targeted by more malware writers, making you more susceptible to infection. There are many other free alternatives out there that offer better security, take one of these for a spin and see if it takes your fancy.
Mozilla Firefox
Google Chrome
Opera

WOT - Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop
WOT has an addon available for both Firefox and Internet Explorer.

If you are too attached to leave Internet Explorer, follow these additional steps to make the browser more secure.
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Additional Security Measures
Keep your software up-to-date - You should be manually performing updates of your software once a week to ensure that you are current with anti-virus definitions and patched for any security vulnerabilities. This does not just apply to your anti-virus/anti-malware software; malware authors rely on exploiting commonly used software such as Java and Adobe Reader, which need to be kept up to date as well.

Keep Windows up-to-date - Use Windows Update regularly to stay current with security patches and service packs.

MVPS Hosts File - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.

Firewalls - Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient - but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly.

What Not To Do
The Perils of P2P File Sharing - Even if a P2P application is on the 'safe' list, malware can still be downloaded through infected files - executables, zip files and even MP3s. It is just not worth the risk.

Fake Security/Optimization Software - Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Additional Reading
How to prevent Malware - I strongly recommend that you read Miekiemoses' good advice

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

    Advertisements

Register to Remove


#56 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 30 September 2009 - 10:53 PM

Hi Raktor, I just logged on and my resident shield alert came up with 3 hits; "C:\System Volume Information\_restore{145A78D9-30F3-4441-A76F-9F54405CDEA6}\RP603\A0137643.exe";"Trojan horse Generic14.BLYE";"Moved to Virus Vault" the other 2 the result is deleted. If I click each one and highlight it, in the lower left corner of the resident shield alert box is "Process name" The first highlighted one, the process name says "system" The second one , the process name says "C:\windows\system32\svchost.exe" The third again says "system" Am I to assume, AVG did it's job and I'm ok that they got caught there and i'm still good? Right now i'm kindof paranoid given all the fun we've been having. I'll probably go ahead and run a MBAM just for fun. Please advise. I'll run the "house keeping" and MBAM. I just want to say thanks, it was very hairy for me throughout this ordeal, I hope your other tech's that you work with probably know how difficult it is to do this and you were great THANKS!!! Fred

#57 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 30 September 2009 - 11:04 PM

Uninstalling Combofix should have purged the system restore - but it appears it didn't. We can just do it manually.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

:thumbsup:

You're all good now.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#58 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 30 September 2009 - 11:07 PM

I did the combofix /u after I sent the message, it may be gone now. I'll do the instructions you just sent. BTW, how can I download this full log? Thanks again Raktor, it's been a pleasure working with you. Fred

#59 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 30 September 2009 - 11:10 PM

:)

http://forums.whatth...a...27&t=107127
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#60 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 30 September 2009 - 11:12 PM

Thanks again, I think we can close this one up!! Fred

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users