Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91813 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] "c:\winnt\system32\comres.dll is infec


  • This topic is locked This topic is locked
45 replies to this topic

#16 Step_By_Step

Step_By_Step

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 06 October 2009 - 02:25 PM

Hi Tomk: I did as you instructed. Sadly, I don't understand...............What are Host file(s)?

    Advertisements

Register to Remove


#17 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 06 October 2009 - 03:49 PM

Step_By_Step,

Here is an article on what a hosts file is: http://en.wikipedia....wiki/Hosts_file

After re-starting SpywareBlaster I repeatedly notice under "SpywareBlaster Protection Status" on the "Restricted Sites" line the following message..........
"1 items have protection disabled".
The item is as follows:
ITEM NAME: AntiMalwareGuard
ADDRESS: antimalwareguard.com

AntiMalwareGuard is a malicious program. SpywareBlaster blocks you from accessing it's site (that's why it is on the Restricted sites list). Hosts files can be used to keep you from accidentally going to bad sites, or can be manipulated by malware to take you to bad sites.

What you have done so far is reset your Hosts file to Factory default. Now let's merge a hosts file on your system that will help block the unwanted sights (similiar to what SpywareBlaster is doing).

  • Double click on HostsXpert.exe to launch the program.
  • Click on Download
  • Click on MVPs Hosts...
  • Click on Merge File
  • Then press OK to download and Merge Hosts file
When it is finished you can get out of HostsXpert.

Then please give your system a workout and let me know if you have any continuing issues.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#18 Step_By_Step

Step_By_Step

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 06 October 2009 - 08:05 PM

Hi Tomk:
I tried (in vain) to follow your instructions:
* Double click on HostsXpert.exe to launch the program. (This step appears to work.)
* Click on Download (This step appears to work.)
* Click on MVPs Hosts... (This step does Not appear to be responding.)
* Click on Merge File (This step I simply don't see.)
* Then press OK to download and Merge Hosts file
What now?
Do I need to click on "Make Writeable?" prior to following your above instructions?
Why isn't this working?

Edited by Step_By_Step, 06 October 2009 - 08:11 PM.


#19 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 06 October 2009 - 11:41 PM

Step_By_Step, Yes. Please try making writable first.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#20 Step_By_Step

Step_By_Step

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 07 October 2009 - 01:26 PM

Hi Tomk:
After clicking on "Make Writeable?"..................The HostsXpert program now allows me to click on: "MVPs Hosts". Then a drop down selection of choices becomes available including: "Merge File".
However after clicking on "Merge File" the following warning pops up:
Posted Image
What now?


#21 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 07 October 2009 - 01:54 PM

Step_By_Step, Select OK.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#22 Step_By_Step

Step_By_Step

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 07 October 2009 - 09:43 PM

Hi Tomk:
We seem to be having bad luck here.
Is Windows 2000 Professional fully compatible with HostsXpert and related downloads?
Posted Image

Following is an image of the inside of my HostsXpert folder:
Posted Image

Sadly, the computer seems to be experiencing additional issues now:
The desktop shortcuts disappeared and later reappeared. Then the computer repeatedly hung or froze. Then I had to Shut Down and then restart it. It also seems to be running a bit slower.

Edited by Step_By_Step, 07 October 2009 - 09:55 PM.


#23 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 08 October 2009 - 12:31 AM

Step_By_Step,

It should be 100% compatible and I've never heard of an issue before. It's not really a "program". It's just a special text file. It shouldn't have any effect on your desktop.

Let's get some info again.

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#24 Step_By_Step

Step_By_Step

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 08 October 2009 - 02:54 PM

Hi Tomk:
I was able to download and run DDS.scr without disabling anti virus and or related security programs. Results follow:


DDS Attach Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows 2000 Professional
Boot Device: \Device\Harddisk0\Partition1
Install Date:
System Uptime: 10/8/2009 12:36:14 PM (4 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2386/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 29.614 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 24.344 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_2443&SUBSYS_010D1028&REV_04\3&172E68DD&0&FB
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_2443&SUBSYS_010D1028&REV_04\3&172E68DD&0&FB
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ACDSee 5.0 PowerPack
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Ahead Nero Burning ROM
AI RoboForm (All Users)
Apple Software Update
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera TWAIN Driver
Canon Camera TWAIN Driver 6.6
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon ScanGear Toolbox CS 2.2
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCleaner (remove only)
DirectX 9 Hotfix - KB839643
Diskeeper Professional Edition
ESET NOD32 Antivirus
ESET Online Scanner v3
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB927779)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB947748)
hp LaserJet 2300 Uninstaller
Java™ 6 Update 15
Java™ 6 Update 6
Java™ 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
MovieEdit Task
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Windows 2000/XP Display Drivers
PhotoStitch
QuickTime
RAW Image Task 2.1
Real Alternative 1.9.0
Rosetta Stone Version 3
Security Update for DirectX 9 (KB941568)
Security Update for DirectX 9 (KB951698)
Security Update for DirectX 9.0 (KB971633)
Security Update for DirectX 9.0b (KB961373)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 6.4 (KB954600)
Security Update for Windows Media Player 7.1 (KB936782)
Shipping Assistant 3.6
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Update Rollup 1 for Windows 2000 SP4
VideoLAN VLC media player 0.8.5
ViewSonic Monitor Drivers
WebFldrs
Windows 2000 Hotfix - KB833407
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923561
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938464
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941568
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB941693
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB947864
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB948881
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950759
Windows 2000 Hotfix - KB950760
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951066
Windows 2000 Hotfix - KB951748
Windows 2000 Hotfix - KB952004
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB953838
Windows 2000 Hotfix - KB953839
Windows 2000 Hotfix - KB954211
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB956390
Windows 2000 Hotfix - KB956391
Windows 2000 Hotfix - KB956802
Windows 2000 Hotfix - KB956844
Windows 2000 Hotfix - KB957095
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958215
Windows 2000 Hotfix - KB958470
Windows 2000 Hotfix - KB958644
Windows 2000 Hotfix - KB958687
Windows 2000 Hotfix - KB958690
Windows 2000 Hotfix - KB959426
Windows 2000 Hotfix - KB960225
Windows 2000 Hotfix - KB960714
Windows 2000 Hotfix - KB960715
Windows 2000 Hotfix - KB960803
Windows 2000 Hotfix - KB960859
Windows 2000 Hotfix - KB961371
Windows 2000 Hotfix - KB961371-V2
Windows 2000 Hotfix - KB961501
Windows 2000 Hotfix - KB963027
Windows 2000 Hotfix - KB967715
Windows 2000 Hotfix - KB968537
Windows 2000 Hotfix - KB969897
Windows 2000 Hotfix - KB969898
Windows 2000 Hotfix - KB970238
Windows 2000 Hotfix - KB971557
Windows 2000 Hotfix - KB971961
Windows 2000 Hotfix - KB972260
Windows 2000 Hotfix - KB973346
Windows 2000 Hotfix - KB973354
Windows 2000 Hotfix - KB973507
Windows 2000 Hotfix - KB973869
Windows Installer 3.1 (KB893803)
Windows Media Player 7.1
Windows Media Player Hotfix [See Q828026 for more information]
WinRAR archiver
WinZip

==== End Of File ===========================




________________________________________________________________________________
__________________

DDS Notepad Log

DDS (Ver_09-09-29.01) - NTFSx86
Run by v at 16:47:01.64 on Thu 10/08/2009
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.1535.1041 [GMT -4:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\v\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroCheck] c:\winnt\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238646850718
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238646834468
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\v\applic~1\mozilla\firefox\profiles\jzbmtgoq.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\real_player_alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\real_player_alternative\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [2009-9-11 96408]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 74480]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2008-6-3 61712]
R3 FA311;Netgear FA311 NDIS 5.0 Miniport Driver;c:\winnt\system32\drivers\FA311ND5.SYS [2000-2-28 21728]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 esiasdrv;esiasdrv;\??\c:\docume~1\v\locals~1\temp\esiasdrv.sys --> c:\docume~1\v\locals~1\temp\esiasdrv.sys [?]

=============== Created Last 30 ================

2009-10-08 16:47 16,384 a------t c:\winnt\system32\Perflib_Perfdata_2a0.dat
2009-10-08 16:38 16,384 a------t c:\winnt\system32\Perflib_Perfdata_204.dat
2009-10-07 22:55 16,384 a------t c:\winnt\system32\Perflib_Perfdata_21c.dat
2009-10-02 15:32 <DIR> --d----- C:\Rooter$
2009-09-30 00:46 <DIR> --d----- c:\program files\Real_Player_Alternative
2009-09-28 16:42 <DIR> --d----- c:\program files\Trend Micro
2009-09-27 21:20 16,384 a------t c:\winnt\system32\Perflib_Perfdata_1fc.dat
2009-09-25 21:50 1,013,498 ----h--- c:\winnt\ShellIconCache
2009-09-24 00:14 229,888 a------- c:\winnt\PEV.exe
2009-09-11 07:26 96,408 a------- c:\winnt\system32\drivers\epfwtdir.sys
2009-09-11 07:23 108,792 a------- c:\winnt\system32\drivers\ehdrv.sys
2009-09-11 07:17 116,008 a------- c:\winnt\system32\drivers\eamon.sys

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 18,520 a------- c:\winnt\system32\drivers\mbam.sys
2009-08-05 01:04 90,164 a------- c:\winnt\system32\atl.dll
2009-07-27 07:27 165,136 a------- c:\winnt\system32\t2embed.dll
2009-07-27 07:27 81,168 a------- c:\winnt\system32\fontsub.dll
2009-07-25 05:23 411,368 a------- c:\winnt\system32\deploytk.dll
2009-07-13 09:13 78,608 a------- c:\winnt\system32\avifil32.dll
2008-06-03 21:13 271 ----h--- c:\program files\desktop.ini
2001-05-08 08:00 32,528 a------- c:\winnt\inf\wbfirdma.sys

============= FINISH: 16:47:23.96 ===============

Edited by Step_By_Step, 08 October 2009 - 03:01 PM.


#25 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 08 October 2009 - 05:43 PM

Old Java versions leave you vulnerable. Please uninstall:
Java™ 6 Update 6
Java™ 6 Update 7


Other than that, I'm not seeing any malware. I suggest that you post your problem in the Windows forum and see if the Tech Team can find something. When you post there, please provide a link back to this thread so that the tech team can see what information you have posted here.

Meanwhile, Log looks good :D


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

Please re-enable any security that was disabled.

Now to remove most of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#26 Step_By_Step

Step_By_Step

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 08 October 2009 - 10:10 PM

Hi Tomk:
I have a few questions:
1) Despite it failing to add the download............Should I permanently keep "HostsXpert.exe" and set it to "Make ReadOnly?"
2) Should I permanently Delete the "HostXpert" folder and all of its contents?
3) Exactly How can I (Should I?) Delete (See the following image) MSDOS - dds as it appears to be a shortcut only.
Posted Image
PS. Please don't close this issue until these matters are successfully resolved.
________________________________________________________________________________
________________
Additional programs:
Per your general instructions:
1) Should I also download "ThreatFire" as I already have so many security programs?
2) As I'm currently using a Cable Modem.........Should I also use a software firewall? If yes...Which one and why?

3) Which of the following (If any) should I download and routinely use?:
"Blocking & Other Tools

* WinPatrol
* MVPS Hosts file (Is this the same as "HostsXpert.exe"?)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
* McAfee Site Advisor
McAfee Site Advisor protects your browser against malicious sites and warns you when you attempt go to one.

Edited by Step_By_Step, 08 October 2009 - 11:01 PM.


#27 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 08 October 2009 - 11:11 PM

Step_By_Step,

  • Start | Run (type) "services.msc" (no quotes)
  • Scroll down to "DNS Client", Right-click and select: Properties
  • Click the drop-down arrow for "Startup type"
  • Select: Manual, or Disabled (recommended) click Apply/Ok and restart

Then try to install the hosts file again.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#28 Step_By_Step

Step_By_Step

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 09 October 2009 - 01:21 AM

Hi Tomk:
I tried again as you wrote:
* Start | Run (type) "services.msc" (no quotes)
* Scroll down to "DNS Client", Right-click and select: Properties
* Click the drop-down arrow for "Startup type"
* Select: Manual, or Disabled (recommended) click Apply/Ok and restart
Then try to install the hosts file again.

This initially failed.
Then, I tried again. However, this time I selected "Manual" for "Startup type".
Then I clicked Ok and restarted the computer.
I then:
* Double click on HostsXpert.exe to launch the program.
* Click on Download
* Click on MVPs Hosts.
* Click on Merge File
* Then press OK to download and Merge Hosts file
Wow. It appears to have worked.
1.) Should I make it "ReadOnly?"
2.) Must I then keep HostsXpert.exe on my computer in order for it to function (in a protective manner)?
3.) Should I then return the "DNS Client" "Startup type" to "Automatic" and then click Apply/Ok and restart the computer?

Edited by Step_By_Step, 09 October 2009 - 01:44 AM.


#29 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 09 October 2009 - 08:12 AM

Step_By_Step, For Windows 2000 it is recommended that you leave DNS client disabled. (Manual is fine). It won't really hurt anything if it was turned back on but it will induce a "lag" when browsing. I suggest you leave it set as is. Yes. Go ahead and make it ReadOnly. You do not need to keep HostsXpert on your computer. Now that you have the hosts file set, it will do it's job. However, the MVPS Hosts file is updated and it would be a good idea to update it on your computer at least once a year. Basically HostsXpert is just a tool to help you manipulate your hosts file and/or download and install a custom one such as MVPS hosts file. You do not need to keep HostsXpert on your desktop but it might be handy to have somewhere. I see I missed some additional questions last night. You have enough security programs installed. If you are happy with what you are running, keep them. You should install a firewall. Any of those listed will be fine. It comes down to personal preference. Use one you are comfortable with. Start with Online Armour. If you get it up and running relatively trouble free, keep it and get on with your life. If it drives you nuts, remove it and try a different one. Yes. You did just use HostsXpert to install the MVPS hosts file. That's it. I don't think I'd add anything else.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#30 Step_By_Step

Step_By_Step

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 09 October 2009 - 01:31 PM

Hi Tomk:
1.) What should I do in order to delete the MSDOS-dds that we installed (see shortcut) as shown in the following image.
Posted Image
Note: In a prior posting #26.........I'm uncertain if I phrased my prior question clearly. What I was trying to say is as follows:
I was told that since I was using a cable modem to connect to the internet that my computer was essentially invisible to persons with negative intentions (Malware; Spyware; Adware; etc.). I was told that they could only see the address of the cable modem and not my computers address. Therefore..................................................
2.) Why would you recommend that I utilize a software firewall?
PS. My computer suddenly appears to have stopped hanging / freezing / running slower than usual. I'm obviously pleased with this However, I'm also a bit confused. Why has this suddenly occurred?

Edited by Step_By_Step, 09 October 2009 - 01:36 PM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users