Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] continued for inzanity


  • This topic is locked This topic is locked
37 replies to this topic

#31 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 11 November 2009 - 12:24 AM

Hi,

Let's try ESET instead. We need to have a log to confirm if there are no more malwares residing in your computer.

Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

--Next--

Please run another DDS scan for me please. Thank you.

To post in your next reply:
1. ESET log.
2. DDS logs.
3. How is your computer running?

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

    Advertisements

Register to Remove


#32 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 12 November 2009 - 08:23 PM

Hi, Do you still need help on this?

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#33 supertel334

supertel334

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 13 November 2009 - 10:56 PM

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=0 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=b427dcc30ef9a94889bf7c5b8428459b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-14 04:50:16 # local_time=2009-11-13 11:50:16 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 586647 586647 0 0 # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=3073 16777173 80 89 0 1412952 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0

#34 supertel334

supertel334

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 13 November 2009 - 11:02 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-26.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 10/27/2009 1:13:16 PM System Uptime: 11/13/2009 6:26:36 PM (6 hours ago) Motherboard: Hewlett-Packard | | 3085 Processor: AMD Athlon™ 64 Processor 3200+ | U23 | 1993/mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 75 GiB total, 69.23 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 10/27/2009 2:08:37 PM - System Checkpoint RP2: 10/27/2009 2:18:13 PM - Installed Athlon 64 Processor Driver RP3: 10/27/2009 2:19:39 PM - Installed TIxx21 RP4: 10/27/2009 2:20:19 PM - Installed REALTEK Gigabit and Fast Ethernet NIC Driver RP5: 10/27/2009 1:56:59 PM - Software Distribution Service 3.0 RP6: 10/27/2009 5:35:44 PM - Software Distribution Service 3.0 RP7: 10/28/2009 12:54:06 AM - Software Distribution Service 3.0 RP8: 10/28/2009 7:21:11 PM - Software Distribution Service 3.0 RP9: 10/28/2009 10:11:44 PM - Software Distribution Service 3.0 RP10: 10/29/2009 8:49:40 AM - Software Distribution Service 3.0 RP11: 10/29/2009 10:58:20 AM - Installed Java™ 6 Update 16 RP12: 10/29/2009 10:59:09 AM - Installed Java Runtime Environment RP13: 10/30/2009 2:20:11 PM - System Checkpoint RP14: 10/30/2009 8:35:47 PM - Installed COWON Media Center - jetAudio Basic RP15: 10/31/2009 9:21:21 PM - System Checkpoint RP16: 11/1/2009 10:07:42 PM - Removed COWON Media Center - jetAudio Basic RP17: 11/3/2009 4:36:30 PM - System Checkpoint RP18: 11/5/2009 10:31:16 AM - Software Distribution Service 3.0 RP19: 11/6/2009 10:41:45 AM - Software Distribution Service 3.0 RP20: 11/7/2009 11:07:18 AM - System Checkpoint RP21: 11/8/2009 6:57:48 PM - System Checkpoint RP22: 11/9/2009 7:28:31 PM - System Checkpoint RP23: 11/11/2009 12:15:41 PM - System Checkpoint RP24: 11/12/2009 9:43:28 AM - Software Distribution Service 3.0 RP25: 11/13/2009 10:01:45 AM - System Checkpoint ==== Installed Programs ====================== 32 Bit HP CIO Components Installer 4500_Help Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Athlon 64 Processor Driver ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver BPD_HPSU bpd_scan BPDSoftware BPDSoftware_Ini Broadcom 802.11 Wireless LAN Adapter COMODO Internet Security Conexant AC-Link Audio Data Fax SoftModem with SmartCP Fax HijackThis 2.0.2 Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) HP Officejet J4500 Series J4500 Java™ 6 Update 16 Malwarebytes' Anti-Malware Mozilla Firefox (3.5.5) MSXML 4.0 SP2 (KB954430) ProductContext REALTEK Gigabit and Fast Ethernet NIC Driver Scan Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515 drivers. TIxx21 Toolbox Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976749) Update for Windows XP (KB951978) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) WebFldrs XP WebReg Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 11/9/2009 9:17:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. 11/13/2009 9:03:31 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0014A5201774 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). ==== End Of File ===========================

#35 supertel334

supertel334

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 13 November 2009 - 11:03 PM

DDS (Ver_09-10-26.01) - NTFSx86 Run by HOANG at 23:58:39.21 on Fri 11/13/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.275 [GMT -5:00] AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\HOANG\Local Settings\Temporary Internet Files\Content.IE5\0H270HEF\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://yahoo.com/ BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\guard32.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hoang\applic~1\mozilla\firefox\profiles\jirkg7sk.default\ FF - prefs.js: browser.startup.homepage - yahoo.com FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-27 132296] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-27 25160] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-10-27 200192] =============== Created Last 30 ================ 2009-11-14 04:36:49 0 d-----w- c:\program files\ESET 2009-11-06 14:41:59 0 d-----w- c:\program files\MSXML 4.0 2009-11-04 15:20:15 0 d-----w- c:\program files\common files\HP 2009-11-04 15:20:14 0 d-----w- c:\program files\common files\Hewlett-Packard 2009-11-04 15:19:07 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll 2009-11-04 15:18:06 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys 2009-11-04 15:18:05 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2009-11-04 15:18:05 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2009-11-04 15:18:03 271704 ----a-w- c:\windows\system32\hpzids01.dll 2009-11-04 15:17:22 0 d-----w- c:\program files\HP 2009-11-04 15:15:01 997 ----a-w- c:\windows\hpwmdl19.dat 2009-11-04 15:15:01 176496 ----a-w- c:\windows\hpwins19.dat 2009-11-02 03:34:26 0 d-----w- c:\windows\pss 2009-11-01 04:25:12 499712 ----a-w- c:\windows\system32\MSVCP71.dll 2009-11-01 04:25:12 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2009-11-01 04:25:12 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-10-31 00:49:08 0 d-----w- c:\docume~1\hoang\applic~1\COWON 2009-10-29 20:44:40 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-10-29 20:44:40 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-10-29 19:56:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-10-29 19:56:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-10-29 14:58:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-10-29 14:58:53 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-29 02:53:15 0 d-----w- c:\windows\system32\scripting 2009-10-29 02:53:14 0 d-----w- c:\windows\l2schemas 2009-10-29 02:53:11 0 d-----w- c:\windows\system32\en 2009-10-29 02:53:06 0 d-----w- c:\windows\system32\bits 2009-10-29 02:43:13 0 d-----w- c:\windows\network diagnostic 2009-10-29 02:17:46 0 d-----w- c:\windows\EHome 2009-10-28 04:25:03 0 d-sh--w- c:\documents and settings\hoang\IECompatCache 2009-10-27 22:37:38 0 d-sh--w- c:\documents and settings\hoang\PrivacIE 2009-10-27 22:31:57 0 d-sh--w- c:\documents and settings\hoang\IETldCache 2009-10-27 22:26:45 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-10-27 22:26:07 0 d-----w- c:\windows\ie8updates 2009-10-27 22:25:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-10-27 22:25:19 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-10-27 22:25:19 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-27 22:25:19 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-10-27 22:25:18 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-27 22:25:18 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-10-27 22:23:16 0 dc-h--w- c:\windows\ie8 2009-10-27 21:41:47 0 d-----w- c:\windows\ServicePackFiles 2009-10-27 21:16:01 73216 ------w- c:\windows\system32\drivers\atintuxx.sys 2009-10-27 19:51:14 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat 2009-10-27 18:59:53 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-10-27 18:59:53 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-10-27 18:34:54 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-10-27 18:34:14 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-10-27 18:33:22 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-10-27 18:32:18 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-27 18:31:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo 2009-10-27 18:31:21 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-10-27 18:31:21 179792 ----a-w- c:\windows\system32\guard32.dll 2009-10-27 18:31:21 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-10-27 18:31:18 0 d-----w- c:\program files\COMODO 2009-10-27 18:31:17 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-10-27 18:23:53 69724 ----a-w- c:\windows\system32\SynTPFcs.dll 2009-10-27 18:23:51 90204 ----a-w- c:\windows\system32\SynTPAPI.dll 2009-10-27 18:23:51 82015 ----a-w- c:\windows\system32\SynCOM.dll 2009-10-27 18:23:51 81920 ----a-w- c:\windows\system32\SynTPCo2.dll 2009-10-27 18:23:51 191456 ----a-w- c:\windows\system32\drivers\SynTP.sys 2009-10-27 18:23:51 114688 ----a-w- c:\windows\system32\SynCtrl.dll 2009-10-27 18:23:50 0 d-----w- c:\program files\Synaptics 2009-10-27 18:23:27 69632 ----a-w- c:\windows\system32\bcmwlD2K.EXE 2009-10-27 18:23:27 176128 ----a-w- c:\windows\system32\bcmwlu00.EXE 2009-10-27 18:23:26 371712 ------w- c:\windows\system32\drivers\BCMWL5.SYS 2009-10-27 18:22:01 9684 ----a-r- c:\windows\system32\atifglpf.xml 2009-10-27 18:22:01 299008 ----a-r- c:\windows\system32\atiiiexx.dll 2009-10-27 18:22:00 81342 ----a-r- c:\windows\system32\atiicdxx.dat 2009-10-27 18:21:34 0 d-----w- c:\program files\ATI Technologies 2009-10-27 18:21:00 0 d-----w- c:\program files\CONEXANT 2009-10-27 18:20:55 86016 ----a-w- c:\windows\system32\mdmxsdk.dll 2009-10-27 18:20:55 39018 ----a-w- c:\windows\system32\hsfci012.dll 2009-10-27 18:20:55 200192 ----a-w- c:\windows\system32\drivers\HSFHWATI.sys 2009-10-27 18:20:55 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys 2009-10-27 18:20:55 129045 ----a-w- c:\windows\system32\drivers\HSFProf.cty 2009-10-27 18:20:54 703232 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys 2009-10-27 18:20:54 1038208 ----a-w- c:\windows\system32\drivers\HSF_DP.sys 2009-10-27 18:20:20 69760 ----a-w- c:\windows\system32\drivers\Rtlnicxp.sys 2009-10-27 18:20:19 0 d-----w- c:\windows\OPTIONS 2009-10-27 18:19:42 0 d-----w- c:\windows\tiinst 2009-10-27 18:19:09 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2009-10-27 18:19:08 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2009-10-27 18:19:06 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2009-10-27 18:19:02 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2009-10-27 18:19:00 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2009-10-27 18:18:13 0 d-----w- c:\program files\AMD 2009-10-27 18:16:36 0 d-----w- C:\SYSTEM.SAV 2009-10-27 18:08:58 0 d-----w- c:\docume~1\hoang\applic~1\Malwarebytes 2009-10-27 18:08:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-27 18:08:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-27 18:07:54 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-10-27 18:07:54 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-10-27 17:52:49 0 d-----w- c:\program files\Trend Micro 2009-10-27 17:10:06 0 d-sh--w- c:\documents and settings\all users\DRM 2009-10-27 17:09:46 0 d--h--w- c:\program files\WindowsUpdate 2009-10-27 17:08:39 0 d-----w- c:\program files\common files\MSSoap 2009-10-27 17:07:03 0 d-----w- c:\program files\Online Services 2009-10-27 17:06:57 0 d-----w- c:\program files\Messenger 2009-10-27 17:06:52 0 d-----w- c:\program files\MSN Gaming Zone 2009-10-27 17:06:02 0 d-----w- c:\program files\Windows NT 2009-10-27 09:01:16 0 d-----w- c:\program files\common files\ODBC 2009-10-27 09:01:11 0 d-----w- c:\program files\common files\SpeechEngines 2009-10-27 08:58:30 0 d-----r- c:\documents and settings\all users\Documents ==================== Find3M ==================== 2009-10-27 17:07:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll ============= FINISH: 0:01:13.75 ===============

#36 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 14 November 2009 - 05:55 PM

Hi,

Please do the following:

Delete DDS, Systemlook and RootRepeal and all the logs we've created.

--Next--

You can keep Malwarebytes, it is an excellent malware removal tool. Update atleast once a week then run a complete scan.

--Next--

You need to create a new Clean restore point.
Click Start Menu > Run > copy and paste

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

--Next--

Adobe
You can get the latest version here.
Or you can download and install Foxit Reader.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Settings... button
  • click the Delete Files button.
  • There are two options in the window to clear the cache - Leave both Checked
    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Settings
  • Click OK to leave the Java Control Panel.


JAVA DOWNLOADS PAGE - http://www.java.com/...load/manual.jsp

The latest update is Java 6 Update 17

--Next--

To keep your operating system up to date visit

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer More Secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. SpywareBlaster - Download and install SpywareBlaster. This program prevents the installation of ActiveX-based spyware and other potentially unwanted programs.

7. Protect your computer from internet threats with SandboxIE. This program isolates Internet Explorer from the rest of your operating system, 'sandboxing' it away - so malicious websites can't do damage to the rest of your system. There is a Getting Started guide on their website.

8. Some excellent free firewalls. Note: Use only one firewall at a time.
Agnitum Outpost Firewall
Comodo Firewall - If you are installing this and already have an anti spyware then please do not install Comodo's anti spyware program.
Online Armor Personal Firewall

9. And finally, please read these excellent articles:
Malware: Help prevent the Infection by Sandi Hardmeier,
Preventing Malware - Tools and Practices for Safe Computing

For more safe computing tips please read the guide by Rorschach112 on how to prevent malware and about safe computing here.



Goodluck, happy computing and stay clean! ^_^

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#37 supertel334

supertel334

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 14 November 2009 - 10:58 PM

thank you so much for your time :notworthy:

#38 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 18 November 2009 - 12:15 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users