Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91680 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] b.exe virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 eqbound

eqbound

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 23 September 2009 - 10:23 AM

I have very very very basic computer knowledge. Somehow, as of 12:40 p.m. yesterday I can't open up internet explorer (and who knows what else) because of a b.exe application error. Using Safari I googled b.exe and found it to be a virus. I downloaded the free avira antivirus but the b.exe still comes up and explorer still can't be used. I've rebooted several times. Please someone walk me through what to do!

    Advertisements

Register to Remove


#2 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 23 September 2009 - 07:58 PM

Hello.

Please read the instructions here first: http://forums.whatth...rs_t106388.html

Post the results once done.

~Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#3 eqbound

eqbound

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 September 2009 - 04:24 PM

I went to "welcome new members" and did the ERUNT. I saved the ReadMe file on my desktop if you need that. I disabled the AVIRA antivirus software. I tried all three of the links to download dds but couldn't. A black screened window pops up for almost a second, disappears and then nothing happens. I downloaded and ran rootrepeal. The log is below. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/24 15:16 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8B864000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8B859000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x99F3B000 Size: 49152 File Visible: No Signed: - Status: - Name: win32k.sys:1 Image Path: C:\Windows\win32k.sys:1 Address: 0x8B885000 Size: 20480 File Visible: No Signed: - Status: - Name: win32k.sys:2 Image Path: C:\Windows\win32k.sys:2 Address: 0x8B88A000 Size: 61440 File Visible: No Signed: - Status: - Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1292 Status: Locked to the Windows API! SSDT ------------------- #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x95a4dd6c #: 194 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x95a4dd58 #: 201 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x95a4dd5d #: 334 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x95a4dd67 ==EOF====EOF==

#4 eqbound

eqbound

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 September 2009 - 04:40 PM

I also noticed that I can run other programs as well, not just internet explorer (itunes as well). Thank you for taking the time to help me.

#5 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 24 September 2009 - 05:56 PM

Hello.

Seems your infected with one the newer rootkits out there these days.

Regarding rootkits...

Posted ImageRootkit Threat

Unfortunatly One or more of the identified infections is a Rootkit/backdoor trojan.

IMPORTANT NOTE: Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read: Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Tell me what you want to do.

If you wish to continue, please follow the instructions below please...

Download and Run ComboFix (Rename Before Saving)


Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below. You must rename it before saving it.

rename it to: Svchost.exe before saving it to your desktop.

Link 1
Link 2

Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it. Refer to this page if you are unsure how.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.

Double click on Svchost.exe & follow the prompts.

When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.

Do not mouseclick the ComboFix window while it's running. That may cause it to stall.

With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#6 eqbound

eqbound

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 September 2009 - 07:03 PM

Downloaded combofix and it looks like it worked!!!! I'll keep opening things to make sure. I've copied and pasted the log below. THANK YOU THANK YOU THANK YOU!!! ComboFix 09-09-23.02 - Clarissa 09/24/2009 17:27.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.893.291 [GMT -7:00] Running from: c:\users\Clarissa\Desktop\ComboFix.exe SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2012173098-1469914568-2948075190-500 c:\program files\RichVideoCodec c:\windows\COUPON~1.OCX c:\windows\CouponPrinter.ocx c:\windows\Installer\WMEncoder.msi c:\windows\msa.exe c:\windows\msb.exe Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 ))))))))))))))))))))))))))))))) . 2009-09-25 00:39 . 2009-09-25 00:45 -------- d-----w- c:\users\Clarissa\AppData\Local\temp 2009-09-25 00:39 . 2009-09-25 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-24 22:07 . 2009-09-24 22:07 -------- d-----w- c:\program files\ERUNT 2009-09-23 22:12 . 2009-09-23 22:12 -------- d-----w- c:\program files\Trend Micro 2009-09-23 03:32 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-23 03:32 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-23 03:31 . 2009-09-23 03:31 -------- d-----w- c:\programdata\Avira 2009-09-23 03:31 . 2009-09-23 03:31 -------- d-----w- c:\program files\Avira 2009-09-23 02:21 . 2009-09-23 02:21 -------- d-----w- c:\users\Clarissa\AppData\Roaming\Malwarebytes 2009-09-23 02:20 . 2009-09-23 02:20 -------- d-----w- c:\programdata\Malwarebytes 2009-09-22 22:58 . 2009-09-22 22:58 -------- d-----w- c:\program files\AVG 2009-09-22 22:58 . 2009-09-23 03:12 -------- d-----w- c:\programdata\avg8 2009-09-22 22:43 . 2009-09-22 22:43 -------- d-----w- c:\users\Clarissa\AppData\Roaming\AVG8 2009-09-22 19:39 . 2009-09-24 21:51 0 ----a-r- c:\windows\win32k.sys 2009-09-17 17:03 . 2009-09-17 17:03 1686272 ----a-w- c:\users\Clarissa\MoveMediaPlayerWin_071503000010.exe 2009-09-11 05:09 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-11 05:09 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-09-11 05:07 . 2009-09-11 05:07 -------- d-----w- c:\program files\iPod 2009-09-11 05:06 . 2009-09-11 05:09 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-11 05:06 . 2009-09-11 05:09 -------- d-----w- c:\program files\iTunes 2009-09-11 05:02 . 2009-09-11 05:03 -------- d-----w- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 20:49 . 2007-12-18 03:39 97216 ----a-w- c:\users\Clarissa\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-22 20:38 . 2007-09-18 23:44 -------- d-----w- c:\programdata\Microsoft Help 2009-09-17 17:04 . 2007-12-27 04:51 -------- d-----w- c:\users\Clarissa\AppData\Roaming\Move Networks 2009-09-11 18:24 . 2007-12-25 23:50 -------- d-----w- c:\users\Clarissa\AppData\Roaming\Apple Computer 2009-09-11 05:07 . 2007-12-25 23:45 -------- d-----w- c:\program files\Common Files\Apple 2009-08-20 04:03 . 2009-08-20 03:57 -------- d-----w- c:\users\Clarissa\AppData\Roaming\Stamps.com Internet Postage 2009-08-20 03:57 . 2009-08-20 03:54 36 ---ha-w- c:\windows\system32\f9t.dat 2009-08-20 03:57 . 2009-08-20 03:54 -------- d-----w- c:\program files\Stamps.com Internet Postage 2009-08-20 03:55 . 2009-08-20 03:55 -------- d-----w- c:\programdata\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B} 2009-08-20 03:54 . 2009-08-20 03:54 -------- d-----w- c:\programdata\{92D9D9C1-B27F-45B5-BC1E-C7896D0B2FAA} 2009-08-03 22:07 . 2009-08-03 22:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 22:07 . 2009-08-03 22:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 22:07 . 2009-08-03 22:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-30 16:17 . 2009-03-22 22:48 -------- d-----w- c:\users\Clarissa\AppData\Roaming\U3 2009-07-21 21:52 . 2009-07-31 15:58 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-31 15:58 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-31 15:58 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-31 15:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-22 1862144] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-10 4702208] "NDSTray.exe"="NDSTray.exe" [BU] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8CCCB4E4-94F0-4D1C-89D0-5367FD8AC425}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{85396D12-A156-4C5C-B5EF-4513EFBC0E41}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{88CA26A1-D3C9-49A6-A2F1-59C6008C267A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{3A6F0A09-641D-41B4-A46F-E68A589AC55C}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{2F3DB17A-92B4-4EBF-A51B-75FA37BD6300}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{5005338F-4FE7-4D30-A76A-D513C150C252}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer "{EAD75B8A-3074-4A55-AE3C-DE570D4AD691}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer "{CA72B12B-2DBA-4F6D-83CF-23FA0777C590}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service "{98277749-8D3D-4A49-AD7D-78E14CE1E727}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service "{1016A06A-ABA1-4FAE-BE6B-D4ED056921E3}"= UDP:c:\program files\Common Files\AOL\1199305828\ee\aolsoftware.exe:AOL Shared Components "{A21B9D30-2201-4A14-BCA1-4CB3825C4189}"= TCP:c:\program files\Common Files\AOL\1199305828\ee\aolsoftware.exe:AOL Shared Components "{7DD5A48E-5317-4EC6-B492-444048897236}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{5079D76D-1171-4373-A1DE-850512A87B82}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{6CA2641B-0F75-4CD8-85C1-AA9D3B07F38A}"= UDP:c:\program files\Common Files\AOL\1199305828\ee\AOLDesktop.exe:AOL Desktop "{D19D89B9-1127-49C0-9BFF-5413186B4DAF}"= TCP:c:\program files\Common Files\AOL\1199305828\ee\AOLDesktop.exe:AOL Desktop "{6D87EE49-0551-4549-A3B5-8311F0DCFEFA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{027CC9AC-DC09-49BA-858F-630FA3861455}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{FACE1F6C-74A0-401D-9081-A6476F372B69}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{BAAFE0BC-693E-44B7-98B4-03ED3D650844}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/22/2007 12:53 PM 7168] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [9/18/2007 4:56 PM 252416] S3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [3/28/2007 7:51 AM 43008] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-02 20:32] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-02 20:32] 2009-09-25 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-12-29 17:58] 2009-05-21 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-12-29 17:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.toshibadirect.com/dpdstart IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: topproducer8i.com\www DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-Move Networks Player - IE - c:\users\Clarissa\AppData\Roaming\Move Networks\ie_bin\Uninst.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\windows\System32\agrsmsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Toshiba\ConfigFree\CFSvcs.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\toshiba\IVP\ISM\pinger.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\System32\TODDSrv.exe c:\program files\Toshiba\Power Saver\TosCoSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\program files\Toshiba\ConfigFree\NDSTray.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\windows\ehome\ehmsas.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\McAfee\MSC\mcuimgr.exe c:\program files\Synaptics\SynTP\SynToshiba.exe c:\program files\iPod\bin\iPodService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Toshiba\ConfigFree\CFSwMgr.exe c:\windows\System32\sdclt.exe . ************************************************************************** . Completion time: 2009-09-25 17:54 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-25 00:54 Pre-Run: 104,429,182,976 bytes free Post-Run: 104,111,214,592 bytes free 247 --- E O F --- 2009-09-24 10:10

#7 eqbound

eqbound

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 25 September 2009 - 09:03 AM

Okay, it looks like I'm good to go. Is there anything else I need to do? Thank you so much!!

#8 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 25 September 2009 - 09:16 AM

Hello.

No. We are not done yet and you're not good to go. Still some more things we need to accomplish before I give you the all-clean.

Please be patient. Just because things feel better doesn't mean you're completely clean.

Please run a scan with Malwarebytes followed by taking a new DDS run and post back with the logs.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

~EB
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#9 eqbound

eqbound

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 25 September 2009 - 02:55 PM

I downloaded and ran malwares. Here's the log. Let me know the next step. Malwarebytes' Anti-Malware 1.41 Database version: 2860 Windows 6.0.6001 Service Pack 1 9/25/2009 1:31:22 PM mbam-log-2009-09-25 (13-31-22).txt Scan type: Quick Scan Objects scanned: 87245 Time elapsed: 8 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

#10 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 25 September 2009 - 08:00 PM

Thanks for the Malwarebytes log but what about the other half?

..followed by taking a new DDS run and post back with the logs.


Thanks.

~Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

    Advertisements

Register to Remove


#11 eqbound

eqbound

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 25 September 2009 - 10:06 PM

Sorry! Here they are. DDS (Ver_09-06-26.01) - NTFSx86 Run by Clarissa at 21:01:13.62 on Fri 09/25/2009 Internet Explorer: 8.0.6001.18813 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.893.231 [GMT -7:00] SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Toshiba\IVP\ISM\pinger.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc c:\Toshiba\IVP\swupdate\swupdtmr.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Toshiba\IVP\ISM\ivpsvmgr.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Clarissa\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.toshibadirect.com/dpdstart BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Skytel] Skytel.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: topproducer8i.com\www DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll ============= SERVICES / DRIVERS =============== R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-22 108289] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-9-18 252416] S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008] SUnknown getPlusHelper;getPlusHelper; [x] =============== Created Last 30 ================ 2009-09-25 13:19 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-25 13:19 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-25 13:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-24 18:24 <DIR> --d----- c:\program files\iPod 2009-09-24 18:24 <DIR> --d----- c:\program files\iTunes 2009-09-24 17:45 <DIR> --dsh--- C:\$RECYCLE.BIN 2009-09-24 17:23 229,888 a------- c:\windows\PEV.exe 2009-09-24 17:23 161,792 a------- c:\windows\SWREG.exe 2009-09-24 17:23 98,816 a------- c:\windows\sed.exe 2009-09-23 15:12 <DIR> --d----- c:\program files\Trend Micro 2009-09-22 20:32 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-09-22 20:31 <DIR> --d----- c:\programdata\Avira 2009-09-22 20:31 <DIR> --d----- c:\program files\Avira 2009-09-22 20:31 <DIR> --d----- c:\progra~2\Avira 2009-09-22 19:21 <DIR> --d----- c:\users\clarissa\appdata\roaming\Malwarebytes 2009-09-22 19:20 <DIR> --d----- c:\programdata\Malwarebytes 2009-09-22 19:20 <DIR> --d----- c:\progra~2\Malwarebytes 2009-09-22 15:58 <DIR> --d----- c:\program files\AVG 2009-09-22 15:58 <DIR> --d----- c:\programdata\avg8 2009-09-22 15:58 <DIR> --d----- c:\progra~2\avg8 2009-09-22 15:43 <DIR> --d----- c:\users\clarissa\appdata\roaming\AVG8 2009-09-17 10:03 1,686,272 a------- c:\users\clarissa\MoveMediaPlayerWin_071503000010.exe 2009-09-10 22:09 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-09-10 22:09 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-10 22:06 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-10 22:06 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx 2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts ==================== Find3M ==================== 2009-09-10 21:58 143,360 a------- c:\windows\inf\infstrng.dat 2009-09-10 21:58 86,016 a------- c:\windows\inf\infstor.dat 2009-09-10 21:58 51,200 a------- c:\windows\inf\infpub.dat 2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll 2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll 2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe 2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-06-01 17:09 726,008 a------- c:\users\clarissa\gotomypc_438.exe 2008-09-18 09:44 174 a--sh--- c:\program files\desktop.ini 2008-09-18 09:27 665,600 a------- c:\windows\inf\drvindex.dat 2008-09-17 23:13 20,653,064 a------- c:\users\clarissa\RhapsodyVcast.exe 2008-09-17 22:30 1,471,400 a------- c:\users\clarissa\LGUSBModemDriver_WHQL_Eng_Ver_4.8.1.exe 2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 21:02:00.24 ===============

Attached Files



#12 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 27 September 2009 - 03:20 PM

Hello.

Sorry for the delay. I apologize.

Let's continue.

Update Java to Version 6 Update 16

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

IF Kaspersky doesn't work let me know.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#13 eqbound

eqbound

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 28 September 2009 - 11:18 AM

I'm a little confused. I had uninstalled the older versions of Java and installed the newer 16 java. But when I went (three times) to do the kapersky webscan it wouldn't let me. It kept trying to install active x but then wouldn't let it go through and the error window said the publisher couldn't be identified. I did run a dds file. They're below and attached. Overall my computer seems to be running well. DDS (Ver_09-06-26.01) - NTFSx86 Run by Clarissa at 10:14:11.10 on Mon 09/28/2009 Internet Explorer: 8.0.6001.18813 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.893.102 [GMT -7:00] SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Toshiba\IVP\ISM\pinger.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc c:\Toshiba\IVP\swupdate\swupdtmr.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Toshiba\IVP\ISM\ivpsvmgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Sun\SDK\jdk\bin\java.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Clarissa\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.toshibadirect.com/dpdstart BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Skytel] Skytel.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\clarissa\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: topproducer8i.com\www DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll ============= SERVICES / DRIVERS =============== R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-22 108289] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-9-18 252416] S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008] SUnknown getPlusHelper;getPlusHelper; [x] =============== Created Last 30 ================ 2009-09-27 21:14 24,724 a------- c:\windows\system32\productregistry 2009-09-27 21:11 <DIR> --d----- C:\Sun 2009-09-25 13:19 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-25 13:19 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-25 13:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-24 18:24 <DIR> --d----- c:\program files\iPod 2009-09-24 18:24 <DIR> --d----- c:\program files\iTunes 2009-09-24 17:45 <DIR> --dsh--- C:\$RECYCLE.BIN 2009-09-24 17:23 229,888 a------- c:\windows\PEV.exe 2009-09-24 17:23 161,792 a------- c:\windows\SWREG.exe 2009-09-24 17:23 98,816 a------- c:\windows\sed.exe 2009-09-23 15:12 <DIR> --d----- c:\program files\Trend Micro 2009-09-22 20:32 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-09-22 20:31 <DIR> --d----- c:\programdata\Avira 2009-09-22 20:31 <DIR> --d----- c:\program files\Avira 2009-09-22 20:31 <DIR> --d----- c:\progra~2\Avira 2009-09-22 19:21 <DIR> --d----- c:\users\clarissa\appdata\roaming\Malwarebytes 2009-09-22 19:20 <DIR> --d----- c:\programdata\Malwarebytes 2009-09-22 19:20 <DIR> --d----- c:\progra~2\Malwarebytes 2009-09-22 15:58 <DIR> --d----- c:\program files\AVG 2009-09-22 15:58 <DIR> --d----- c:\programdata\avg8 2009-09-22 15:58 <DIR> --d----- c:\progra~2\avg8 2009-09-22 15:43 <DIR> --d----- c:\users\clarissa\appdata\roaming\AVG8 2009-09-17 10:03 1,686,272 a------- c:\users\clarissa\MoveMediaPlayerWin_071503000010.exe 2009-09-10 22:09 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-09-10 22:09 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-10 22:06 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-10 22:06 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx 2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts ==================== Find3M ==================== 2009-09-10 21:58 143,360 a------- c:\windows\inf\infstrng.dat 2009-09-10 21:58 86,016 a------- c:\windows\inf\infstor.dat 2009-09-10 21:58 51,200 a------- c:\windows\inf\infpub.dat 2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll 2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll 2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe 2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-06-01 17:09 726,008 a------- c:\users\clarissa\gotomypc_438.exe 2008-09-18 09:44 174 a--sh--- c:\program files\desktop.ini 2008-09-18 09:27 665,600 a------- c:\windows\inf\drvindex.dat 2008-09-17 23:13 20,653,064 a------- c:\users\clarissa\RhapsodyVcast.exe 2008-09-17 22:30 1,471,400 a------- c:\users\clarissa\LGUSBModemDriver_WHQL_Eng_Ver_4.8.1.exe 2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 10:14:51.46 ===============

Attached Files



#14 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 28 September 2009 - 02:28 PM

Hello.

Try the ESET Scan instead...

Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#15 eqbound

eqbound

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 28 September 2009 - 05:57 PM

Here's the report. What do I do now? Thanks for all your help by the way... C:\Qoobox\Quarantine\C\Windows\msa.exe.vir Win32/TrojanDownloader.FakeAlert.AJK trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\msb.exe.vir Win32/TrojanDownloader.FakeAlert.AJK trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\System32\cngaudit.dll.vir a variant of Win32/Kryptik.YQ trojan cleaned by deleting - quarantined C:\Users\Clarissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7b20bc55-735a28ef a variant of Win32/Kryptik.AMS trojan cleaned by deleting - quarantined

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users