Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] help. ..my computer is infected with many programs


  • This topic is locked This topic is locked
8 replies to this topic

#1 kitzie

kitzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 26 September 2009 - 07:52 AM

I have been using spyware doctor, stopzilla, and a squared free. Each time I scan I have may infections but they seem to continue to come back. I am a frequent facebook user, and I know they must be mainly from there. My computer is very slow, sometimes my firefox browser wont even open. I thought I have been using anti spyware, malware programs, but these things continue to appear. Please help as I know you can, and thank you in advance. Here are the logs you request to begin with, hopefully, I did them ok. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/26 08:40 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0xA677D000 Size: 479232 File Visible: No Signed: - Status: - Name: mchInjDrv.sys Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys Address: 0xF7AB9000 Size: 2560 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA3909000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "PCTCore.sys" at address 0xf7888d72 #: 047 Function Name: NtCreateProcess Status: Hooked by "PCTCore.sys" at address 0xf78699a6 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "PCTCore.sys" at address 0xf7869b98 #: 063 Function Name: NtDeleteKey Status: Hooked by "PCTCore.sys" at address 0xf7889568 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "PCTCore.sys" at address 0xf7889820 #: 119 Function Name: NtOpenKey Status: Hooked by "PCTCore.sys" at address 0xf7887a80 #: 192 Function Name: NtRenameKey Status: Hooked by "PCTCore.sys" at address 0xf7889c8a #: 247 Function Name: NtSetValueKey Status: Hooked by "PCTCore.sys" at address 0xf7889036 #: 257 Function Name: NtTerminateProcess Status: Hooked by "PCTCore.sys" at address 0xf7869656 ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by kathy weigel at 8:34:53.71 on Sat 09/26/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2333 [GMT -5:00] AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98} AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\My Documents\a-squared Free\a2service.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Documents and Settings\kathy weigel\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.att.net uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uLocal Page = \blank.htm uSearch Bar = hxxp://search.myidentitydefender.com/smallsearch.html mStart Page = hxxp://www.comcast.net/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html mWindow Title = Windows Internet Explorer provided by Comcast uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com uURLSearchHooks: H - No File BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto IE: &Search IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll Trusted Zone: motive.com\patttbc.att DPF: Microsoft XML Parser for Java DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235225359187 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235225345796 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kathyw~1\applic~1\mozilla\firefox\profiles\default.ufx\ FF - prefs.js: browser.startup.homepage - hxxp://www.wmctv.com/ FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-24 206256] R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2008-12-2 54656] R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2004-7-23 120320] R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [2004-7-23 75264] R2 a2free;a-squared Free Service;c:\my documents\a-squared free\a2service.exe [2009-5-24 1852488] R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-5-25 21904] R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-5-25 826600] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-24 348752] R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-24 1097096] R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-5-25 28560] S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-9-3 24416] S3 SMC2862W;SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter Driver;c:\windows\system32\drivers\2862wicb.sys --> c:\windows\system32\drivers\2862WICB.sys [?] UnknownUnknown CDAVFS;CDAVFS; [x] =============== Created Last 30 ================ 2009-09-26 07:51 <DIR> --d----- C:\12aec1b0323fc9f46acfe3 2009-09-26 07:37 5,288 a------- c:\windows\system32\drivers\kgpcpy.cfg 2009-09-26 06:37 7,396 a------- c:\windows\system32\drivers\pctcore.cat 2009-09-03 17:28 24,416 a------- c:\windows\system32\drivers\regguard.sys 2009-09-03 07:17 2 a--shrot c:\windows\winstart.bat 2009-09-03 07:16 <DIR> --d----- c:\program files\Greatis 2009-08-31 22:20 62 a------- c:\windows\st_affiliate.ini 2009-08-31 22:09 <DIR> --d----- c:\program files\Perfect World Entertainment 2009-08-31 19:31 <DIR> --d----- c:\docume~1\kathyw~1\applic~1\GetRightToGo ==================== Find3M ==================== 2009-09-26 06:37 206,256 a------- c:\windows\system32\drivers\PCTCore.sys 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-04-01 18:07 0 a------- c:\program files\temp01 2007-08-26 11:30 60,968 a------- c:\documents and settings\kathy weigel\GoToAssistDownloadHelper.exe 2006-09-22 18:04 774,144 a------- c:\program files\RngInterstitial.dll 2004-09-23 22:38 560 a------- c:\documents and settings\kathy weigel\PCDOC.BAT 2006-09-04 14:13 10,022 a--sh--- c:\windows\system32\KGyGaAvL.sys 2008-08-10 11:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081020080811\index.dat 2009-06-15 06:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 8:35:41.10 ===============

Attached Files


    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 29 September 2009 - 12:26 PM

Hi kitzie,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Then

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also please describe how your computer behaves at the moment.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 kitzie

kitzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 30 September 2009 - 05:27 AM

I ran the TFC and I already have the Malwarebyte's program and ran it. Here is the log from itl Malwarebytes' Anti-Malware 1.41 Database version: 2874 Windows 5.1.2600 Service Pack 3 9/29/2009 9:59:40 PM mbam-log-2009-09-29 (21-59-40).txt Scan type: Quick Scan Objects scanned: 103136 Time elapsed: 3 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) My computer seems to be running pretty good at the moment. Some programs seem to hang up and run for a long time before actually opening. I seem to get things on a daily basis from Facebook, I know it and the games there all seem to have these problems. I am using Stopzilla, PC Spyware Doctor and I run Adaware, Malwarebytes, and a squared free all the time. Each time, they pick up some problems. ANd when an offer comes in to Clean your PC. and you get that free scan, and then it lists like 300 infections or some such number, but wont fix them unless you buy it, I get rather confused. Are they accurate programs....and if not, then which can I trust? Thanks for your time..............

#4 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 30 September 2009 - 10:21 AM

kitzie,

You want to have one and only one Anti-Virus program. Otherwise they will interfere with each other. I suggest that you keep either AVG or PC Tools Anti-Virus. Please go to Add or Remove programs in your control panel and uninstall the one you're not going to keep. Also, uninstall A-squared. Pesonally, I don't care for Stopzilla. I believe I would uninstall it as well as Ad-aware. For Adware protection, I would just update and run Malwarebytes' once a week.

ANd when an offer comes in to Clean your PC. and you get that free scan, and then it lists like 300 infections or some such number, but wont fix them unless you buy it, I get rather confused.

Never take them up on that offer. 99.9% of the time these offers come from rogue programs. They are fake. They will download traces onto your computer and then find them in their attempt to prove to you how good they are. In the worst cases, they are more than rogue, they are malicious. There are several of these "offers" out there that will download trojans and rootkits onto your system. These are often accompanied by backdoors that will attempt to steal your information.

Here is some information for you to look at: Preventing Malware - Tools and Practices for Safe Computing. Have a look through the information there and then come back here and ask me questions that you will probably have.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#5 kitzie

kitzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 30 September 2009 - 11:48 AM

OK, I dont have the AVG program installed anymore, those were two files that were left behind when I uninstalled it, and I have now deleted them also. So PC tools Anti Virus is the only program I have. If Malwarebytes is the only adaware program I need, then I will keep and run that as stated. Why do you want me to uninstall A-Square? Just curious. I read the article and I am good with it, until the scan with the Secunia Personal Inspector. It shows 9 threats. Should I download each solution and run it as it suggests. I also do not use IE, hardly ever, but Mozilla seems to be acting up. Which do you prefer? Thanks for your help again, Kitzie

#6 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 30 September 2009 - 01:07 PM

kitzie,

A-square is an Anti-Virus and at minimum may get you some false positive detections. Worst case having two anti-virus programs could cause them to actually target each other which could render a portion of your protection inoperative.

Go ahead and follow the Secunia advice. Updates of those programs largely plug security "holes" in the programs that make them vulnerable to infection.

I prefer Firefox for several reasons. However, you can't get rid of IE. It is integrated into windows so you need it for things like updates. Therefore, even if it seems like you don't need it, you need to keep it protected.

Now back to your logs. I'm not seeing any signs of infections. I'd like you to run an online scan for me. Do this when you don't need to use your computer. It will take several hours to run.


Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#7 kitzie

kitzie

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 02 October 2009 - 08:11 AM

I ran the Kapersky, but I somehow I lost the report, only there were no threats or infections on it. It was totally blank, so I guess all is good. I will continue to run the malwarebytes weekly, and maintain the virus program. If you dont have any other things for me to do, and feel like its all ok, then thanks again. Keep up the good work....Kitzie

#8 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 02 October 2009 - 08:31 AM

kitzie,

Log looks good :D


You need to create a new Clean restore point:

Click Start Menu > Run > copy and paste

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

Now to remove most of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#9 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 08 October 2009 - 09:45 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users