WorldStart Tip And Store Search
|
|
#1
06-12-2012, 04:15 AM
|
|||
|
|||
Broken Windows XP
First of all see this for my PC profile https://www.yousendit.com/download/Q...Z2pqV0N5VmNUQw
I am running Windows XP SP3 and am up-to-date with Windows Updates and use Norton as my A/V and Zonealarm as my firewall. My IE problems began when I noticed I could not use my golf club member login but everything was fine using my new tablet computer. At this point I asked my neighbour (mmfell on this forum) for assistance. Ran Malwarebytes and found & fixed 3 items (see attachment) and mentioned I was getting something called Babylon. Subsequent MBAM scans found nothing to report. Mmfell came over and found home page had been hijacked into search.nu.com/406 and we attempted to fix the PC following this http://www.uninstall-tool.com/remove...removal-guide/ we managed to delete the program files of the search and got the home page changed to google. PC is very slow and we have found that it will not install anything (we have tried to install Spybot) – it hangs and never gets off collecting info. Also trying the remove programs causes the PC to hang, and a forced reboot has to be used to stop the lockup. There are at least 3 toolbars installed in IE but cannot be removed due to removal lockup. We are tempted to use a sledgehammer approach and go for a system repair or even a reformat and re-install of XP. What do you think we should do at this time ?? Do a DDS scan ?? Try removals in safe mode with networking ?? We cannot do any install unless we try safe mode.
__________________
Win XP Home - SP2 - 2.4GHz Intel P4, 256MB RAM, 40GB HD, CD RW, DSL internet. M$ Office, Norton, ZA, Spybot/Adaware. 
|
| Sponsored Links |
|
#2
06-12-2012, 05:16 AM
|
||||
|
||||
|
Quote:
If you are already considering doing a format, I would go ahead and do it myself given all you have described.
__________________
Malwarebytes (free) Superantispyware(free) Spywareblaster(free) Avira AV free Online Armor(free) Firefox XP SP3 2gb memory Nvidia GeForce 7300 GT Video Card Ccleaner My Defrag  MY STICKY
|
|
#3
06-12-2012, 09:01 AM
|
||||
|
||||
|
Quote:
The files found and deleted likely are all Legitimate legal files from Norton. MBA-M flagged these files because it is so old it could never recognize NEW files from Norton and therefore it did what it was programmed to do, saw files it didn't believe were true Norton files and removed them. So your Norton program is now likely broken also and will have to be reinstalled. I agree with Mike, if you are fully prepared and comfortable with a reformat/reload, I would also do this. It likely will be faster to do this than attempt to "jump through the hoops" this infection will make you do in order to get it fully removed.
__________________
1. Dell Inspiron N5040; Windows 7 64bit IE9;WLM2011; Firefox v.21 2.Dell Inspiron N7010; Windows 7 64bit IE9;WLM2011; Firefox v.21 Cable/Wireless Avira Free; Windows Firewall; SpywareBlaster; MBA-M; SAS; SpyBot System Restore Essential Tools 2012 Stick with the Clean up
|
|
#4
06-12-2012, 09:16 AM
|
||||
|
||||
|
OK - will try the uninstall/install new version and updated MBAM.
__________________
2.67 GHz Intel Core2 Quad 2GB RAM, 150GB + 500GB + 2TB SATA + 1TB Ext, DVD-RW, WinXP Pro (SP3), IE7, Avira, Outpost Firewall, Nero 7, Office XP. Cable. Pics of my Radar & Parrish now retired therapy dogs below. Google is your friend
|
|
#5
06-12-2012, 09:50 AM
|
||||
|
||||
|
Quote:
Norton should definitely be Uninstalled now and then Reinstalled, AFTER the computer is clean, because it very likely has been damaged, either by the hijacker (therefore infected) or by the original run by the old MBA-M version. Safe Mode with Networking will be needed if possible in order to download, install and UPDATE MBA-M. If Safe Mode with Networking is not possible then of course the install file can be downloaded to a clean computer and then moved to the infected computer using either a flash drive or CD, however it will not likely be able to be updated so a Full scan would be needed without the definition update, though the new version would at least be 3 years newer than the one previously used so at least there you would be ahead of the game. All attempts should be made however to do an update to the program. Then it may likely have to be run first while in Safe Mode with Networking because the infection probably won't allow it to be run in Normal mode, and removal done, then a reboot to normal to attempt to do another Update and Full scan with MBA-M. Then a DDS scan done and posted. http://www.bleepingcomputer.com/download/dds/ Likely then multiple other tools will also be needed, but we won't know how many until these first logs are posted. Post, using copy/paste of course, the log from the new MBA-M. Then the DDS logs, two of them, will need to be posted also. After that it will be easier to determine if the other tools will be needed, chances are that they will be needed. EDIT: Something to seriously consider. I have to tell you here, found attempts to remove this hijacker on multiple threads from many good forums, including bleepingcomputer. Very few had an easy time of it, many, if not most, opted finally to do a reformat/reload. On many of the threads I have read no less than 7 different tools were used in an attempt to remove this infection and many of those tools just would not run at all, this would not count the DDS scan which is not a removal tool only a needed scanner and on some of those computers even DDS wouldn't run. If you choose to attempt to clean I'll be happy to help but just wanted you to be aware that it may very well not work.
__________________
1. Dell Inspiron N5040; Windows 7 64bit IE9;WLM2011; Firefox v.21 2.Dell Inspiron N7010; Windows 7 64bit IE9;WLM2011; Firefox v.21 Cable/Wireless Avira Free; Windows Firewall; SpywareBlaster; MBA-M; SAS; SpyBot System Restore Essential Tools 2012 Stick with the Clean up Last edited by jholland1964; 06-12-2012 at 10:16 AM. Reason: added info
|
|
#6
06-13-2012, 02:52 AM
|
||||
|
||||
|
My apologies Judy I only saw your post#3 after I posted recovery would be attempted.
Got PC booted up into safe mode with networking, removed old MBAM, installed newest version, updated and scanned - results Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.12.09 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 7.0.5730.13 User :: OWNER-23CFD3638 [administrator] 13/06/2012 11:44:56 AM mbam-log-2012-06-13 (11-44-56).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 332096 Time elapsed: 36 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 41 C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1043\A0142875.exe (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142998.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142999.exe (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143000.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143001.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143002.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143003.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143004.exe (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143005.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143006.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143007.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143008.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143009.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143010.exe (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143011.exe (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143012.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143013.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143014.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143015.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143016.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143017.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143018.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143019.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143020.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143022.exe (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143023.exe (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143024.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143025.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143027.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143039.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143040.exe (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143041.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143042.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143043.dll (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1046\A0143059.dll (PUP.MyWebSearch) -> No action taken. C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XM7Q6M72\Spybot%20Search%20&%20D estroy[1].exe (Trojan.Hoaxsms) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\020000000885cba6583C.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\020000000885cba6583O.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\020000000885cba6583P.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\020000000885cba6583S.manifest (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully. (end) Then I rebooted back into normal mode and scanned again, told onslaught to remove all thats found Results :- Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.12.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 User :: OWNER-23CFD3638 [administrator] 13/06/2012 12:28:06 PM mbam-log-2012-06-13 (12-28-06).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 333907 Time elapsed: 1 hour(s), 27 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 35 C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1043\A0142875.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142998.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142999.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143000.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143002.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143003.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143004.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143005.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143006.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143007.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143008.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143009.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143010.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143011.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143012.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143013.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143014.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143015.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143016.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143017.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143018.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143020.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143022.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143023.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143024.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143025.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143027.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143039.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143040.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143041.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143042.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143043.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143001.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143019.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1046\A0143059.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. (end) After onslaught has played golf and I have taken the dogs for a walk we propose to run a DDS scan. Meanwhile I will arrange for files etc to be backed up in case a reformat is necessary.
__________________
2.67 GHz Intel Core2 Quad 2GB RAM, 150GB + 500GB + 2TB SATA + 1TB Ext, DVD-RW, WinXP Pro (SP3), IE7, Avira, Outpost Firewall, Nero 7, Office XP. Cable. Pics of my Radar & Parrish now retired therapy dogs below. Google is your friend
|
|
#7
06-13-2012, 05:12 AM
|
||||
|
||||
|
Quote:
This can be done in Safe Mode with Networking Next do this: Please Run the ESET Online Scanner http://www.eset.com/onlinescan/scanner.php?i_agree=14 * You can use Internet Explorer to to complete this scan and you will need to allow an Active X to be installed or you may use Firefox * You will need to temporarily Disable your current Anti-virus program. * Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked. * When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log
__________________
Malwarebytes (free) Superantispyware(free) Spywareblaster(free) Avira AV free Online Armor(free) Firefox XP SP3 2gb memory Nvidia GeForce 7300 GT Video Card Ccleaner My Defrag MY STICKY
|
|
#8
06-13-2012, 08:47 AM
|
||||
|
||||
|
MM, I, like Mike, am extremely concerned about any files backed up from this computer, chances are those files will not be clean. I would be extremely suspicous about any of them. Each and every one of those will have to be thoroughly scanned before they are re-used and where ever the back up is done should also be thoroughly scanned and if even one of them is infected then don't use any of them. If they are backed up to a flash drive or an external drive I honestly would recommend those should also be reformatted once onslaught is finished with it.
Based on the number of infected files deleted from System Restore I also would trust absolutely nothing in there at all so I'm saying something I rarely do, you also need to turn off System Restore to clear out all restore points. Leave it turned off until the computer is hopefully clean. Based on the problems onslaught is having, I firmly believe that MBA-M didn't find everything and actually just "scratched the surface", even the one done in Normal Mode. Though that normal mode scan took longer as it should have, it only scanned 1001 more objects, which is rare, the number of objects scanned should really have been much higher. The one trojan found thus far was in Temp files. It was a fake installer for the program SpyBot Search and Destroy. So that program should be uninstalled immediately if it is on the computer because it likely is not the "real" Search and Destroy. That program should only be downloaded from the developer, Safer Networking.Org or one of their 6 mirror sites listed by them on their web site, no place else. To believe that one of their install files contains a trojan would be unheard of unless their entire site has been hacked and if it had been we would have heard about that by now. If it WAS the original program installed a long time ago then its likely that it is no longer the original and has been compromised by the infections on there. Uninstall SpyBot Search and Destroy and leave it off the computer until you are told the computer is clean and then it should be downloaded brand new from Safer Networking.Org. Do the ESET scan as requested by Mike and have it clean everything found and be sure to save the log, then do the DDS scan I previously requested and post all three logs, the one from ESET and the two produced by DDS. Then there will likely be a minimum of two other tools needed, possibly more, after those two programs are run.
__________________
1. Dell Inspiron N5040; Windows 7 64bit IE9;WLM2011; Firefox v.21 2.Dell Inspiron N7010; Windows 7 64bit IE9;WLM2011; Firefox v.21 Cable/Wireless Avira Free; Windows Firewall; SpywareBlaster; MBA-M; SAS; SpyBot System Restore Essential Tools 2012 Stick with the Clean up
|
|
#9
06-13-2012, 09:54 AM
|
||||
|
||||
|
OK will do the eset scan followed by DDS.
Files being backed up are going onto an external drive and I can scan that with my PC.
__________________
2.67 GHz Intel Core2 Quad 2GB RAM, 150GB + 500GB + 2TB SATA + 1TB Ext, DVD-RW, WinXP Pro (SP3), IE7, Avira, Outpost Firewall, Nero 7, Office XP. Cable. Pics of my Radar & Parrish now retired therapy dogs below. Google is your friend
|
|
#10
06-13-2012, 10:00 AM
|
||||
|
||||
|
Quote:
Actual personal stuff...pictures, documents are a different story of course, though all should still be scanned. But anything that can be "gotten or downloaded again" I would truly dump. You have no idea where these infections came from so anything that came from a download is highly suspicious and why take the chance.
__________________
1. Dell Inspiron N5040; Windows 7 64bit IE9;WLM2011; Firefox v.21 2.Dell Inspiron N7010; Windows 7 64bit IE9;WLM2011; Firefox v.21 Cable/Wireless Avira Free; Windows Firewall; SpywareBlaster; MBA-M; SAS; SpyBot System Restore Essential Tools 2012 Stick with the Clean up
|
|
#11
06-13-2012, 11:39 PM
|
|||
|
|||
|
ESET completed, found 7 items
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\Documents and Settings\User\Local Settings\Temp\YontooSetup-S.exe probably a variant of Win32/Adware.SLITAT application cleaned by deleting - quarantined C:\Documents and Settings\User\Local Settings\Temp\is1068456772\ezLooker-S-Setup_Suite1.exe probably a variant of Win32/Adware.DFJFHGU application cleaned by deleting - quarantined C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XM7Q6M72\speedupmypc[1].exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined C:\Downloads\software\registrybooster(1).exe Win32/RegistryBooster application deleted - quarantined C:\Downloads\software\registrybooster.exe Win32/RegistryBooster application deleted - quarantined C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined DDS scan follows in next post.
__________________
Win XP Home - SP2 - 2.4GHz Intel P4, 256MB RAM, 40GB HD, CD RW, DSL internet. M$ Office, Norton, ZA, Spybot/Adaware.
|
|
#12
06-13-2012, 11:41 PM
|
|||
|
|||
|
DDS scan is
. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by User at 14:29:17 on 2012-06-14 Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2002.1325 [GMT 10:00] . AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: ZoneAlarm Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\AMT\UNS.exe C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe C:\Program Files\Multimedia Combo Set\MouseDrv.exe C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> uSearchAssistant = hxxp://www.google.com/ie uCustomizeSearch = hxxp://search.joobers.com/toolbar/CustomizeSearch uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = ${SEARCH_URL_IE7} uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\watch football tv\tbhelper.dll uURLSearchHooks: TranslatorBar 3.3 Toolbar: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - c:\program files\translatorbar_3.3\prxtbTra2.dll uURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: TBSB05245 Class: {65c117be-6005-4b7e-811a-2e8a046c52a6} - c:\program files\watch football tv\tbcore3.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.7.1.5\ips\IPSBHO.DLL BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\Tru stCheckerIEPlugin.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx. dll BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\s wg.dll BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\user\application data\flashgetbho\FlashGetBHO3.dll BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: TranslatorBar 3.3 Toolbar: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - c:\program files\translatorbar_3.3\prxtbTra2.dll BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll TB: Watch Football TV: {8e114b8e-c041-4063-a432-ebbf454e9057} - c:\program files\watch football tv\tbcore3.dll TB: TranslatorBar 3.3 Toolbar: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - c:\program files\translatorbar_3.3\prxtbTra2.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\Tru stCheckerIEPlugin.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx. dll TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {252E8A9B-56BD-4FC4-B5C2-2A2A1F0975B0} - No File TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe" uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe" mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe" mRun: [WireLessMouse ] c:\program files\multimedia combo set\MouseDrv.exe mRun: [WireLessKeyboard ] c:\program files\multimedia combo set\PS2USBKbdDrv.exe mRun: [CreativeMouse ] c:\program files\mouse driver\MouseDrv.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ISW] dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: &Search - http://tbedits.videodownloadconverte...D&n=2012052623 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all by FlashGet3 - c:\documents and settings\user\application data\flashgetbho\GetAllUrl.htm IE: Download by FlashGet3 - c:\documents and settings\user\application data\flashgetbho\GetUrl.htm IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll TCP: DhcpNameServer = 10.0.0.138 TCP: Interfaces\{1DAC1A8F-2858-46CF-9666-25B614170B45} : DhcpNameServer = 10.0.0.138 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2012-5-7 133208] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1307010.005\ symds.sys [2012-5-18 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1307010 .005\symefa.sys [2012-5-18 905336] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\bashdefs\2 0120531.001\BHDrvx86.sys [2012-6-6 821880] R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1307010.00 5\ccsetx86.sys [2012-5-18 132744] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-5-7 11352] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-5-7 485808] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1307010.005 \ironx86.sys [2012-5-18 149624] R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-5-3 526608] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-4 27016] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-4 497280] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [2008-8-2 3712] R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232] R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.1.8\ccSvcHst.exe [2010-8-9 126904] R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-8-2 2514944] R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2012-4-20 285152] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-4 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\ipsdefs\20 120613.007\IDSXpx86.sys [2012-6-13 356792] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\virusdefs\ 20120613.019\NAVENG.SYS [2012-6-14 87928] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\virusdefs\ 20120613.019\NAVEX15.SYS [2012-6-14 1589752] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPl ayerUpdateService.exe [2012-4-13 257696] S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2008-8-2 36256] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-5 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-5 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-4-20 50704] S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2011-10-21 105216] S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2011-10-21 105216] . =============== Created Last 30 ================ . 2012-06-14 02:31:41 -------- d-----w- c:\program files\ESET 2012-06-13 02:22:49 54016 ----a-w- c:\windows\system32\drivers\jquxi.sys 2012-06-13 01:38:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-06 23:34:34 -------- d-----w- c:\documents and settings\user\application data\PriceGong 2012-06-06 21:18:57 -------- d-----w- c:\documents and settings\user\application data\searchqutoolbar 2012-06-06 21:08:01 -------- d-----w- c:\documents and settings\user\local settings\application data\WiseConvert 2012-06-06 21:07:51 -------- d-----w- c:\program files\WiseConvert 2012-06-06 01:44:34 -------- d-----w- c:\documents and settings\user\application data\SpeedyPC Software 2012-06-06 00:43:55 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software 2012-06-05 06:00:01 -------- d-----w- c:\documents and settings\user\application data\SpeedMaxPc 2012-06-05 05:59:34 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc 2012-05-29 01:24:10 -------- d-----w- c:\program files\DealPly 2012-05-29 01:23:36 -------- d-----w- c:\program files\Yontoo 2012-05-29 01:23:33 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer 2012-05-28 07:41:41 -------- d-----w- c:\documents and settings\user\application data\ElevatedDiagnostics 2012-05-27 03:11:50 -------- d-----w- c:\documents and settings\user\AppData 2012-05-27 03:11:48 -------- d-----w- c:\documents and settings\user\local settings\application data\Ilivid Player 2012-05-27 03:11:48 -------- d-----w- c:\documents and settings\user\application data\searchquband 2012-05-22 23:46:26 -------- d-----w- c:\documents and settings\all users\application data\DriverGenius 2012-05-18 07:32:54 388216 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symtdi .sys 2012-05-18 07:32:54 345208 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symtdi v.sys 2012-05-18 07:32:53 905336 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symefa .sys 2012-05-18 07:32:53 574072 ----a-w- c:\windows\system32\drivers\nav\1307010.005\srtsp. sys 2012-05-18 07:32:53 340088 ----a-r- c:\windows\system32\drivers\nav\1307010.005\symds. sys 2012-05-18 07:32:53 32888 ----a-w- c:\windows\system32\drivers\nav\1307010.005\srtspx .sys 2012-05-18 07:32:53 318584 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symnet s.sys 2012-05-18 07:32:52 149624 ----a-w- c:\windows\system32\drivers\nav\1307010.005\ironx8 6.sys 2012-05-18 07:32:52 132744 ----a-w- c:\windows\system32\drivers\nav\1307010.005\ccsetx 86.sys 2012-05-18 07:32:34 4782 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symvtc er.dat 2012-05-18 07:32:34 -------- d-----w- c:\windows\system32\drivers\nav\1307010.005 . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-04 23:51:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-04 23:51:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-15 23:04:26 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2012-04-15 23:04:26 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2008-08-05 02:59:39 16 ----a-w- c:\program files\temp.bat . ============= FINISH: 14:30:08.64 ===============
__________________
Win XP Home - SP2 - 2.4GHz Intel P4, 256MB RAM, 40GB HD, CD RW, DSL internet. M$ Office, Norton, ZA, Spybot/Adaware.
|
|
#13
06-13-2012, 11:42 PM
|
|||
|
|||
|
Attach log
. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 2/08/2008 10:35:48 AM System Uptime: 14/06/2012 8:05:28 AM (6 hours ago) . Motherboard: Intel Corporation | | DQ35JO Processor: Intel Pentium III Xeon processor | J1PR | 2989/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 121 GiB total, 40.432 GiB free. D: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Device ID: ACPI\WEC1000\4&376E3BFF&0 Manufacturer: Name: PNP Device ID: ACPI\WEC1000\4&376E3BFF&0 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . Adobe Flash Player 11 ActiveX Adobe Help Center 2.0 Adobe Photoshop Elements 4.0 Adobe Reader 9.5.1 AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoStudio 5.5 Audacity 1.2.6 Avery Wizard 3.1 AVS Video Converter 6 AVS4YOU Software Navigator 1.4 Belarc Advisor 6.1 BigPond ADSL SIK 5.5 Files BigPond Broadband ADSL Bonjour Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon CanoScan Toolbox 5.0 Canon G.726 WMP-Decoder Canon iP3600 series Printer Driver Canon PhotoRecord Canon PIXMA iP3000 Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities Easy-PhotoPrint Canon Utilities Easy-PhotoPrint EX Canon Utilities Easy-PrintToolBox Canon Utilities EOS Utility Canon Utilities My Printer Canon Utilities PhotoStitch Canon Utilities Solution Menu Canon Utilities ZoomBrowser EX CanoScan 8600F CDDRV_Installer Choice Guard Compatibility Pack for the 2007 Office system Conduit Engine Critical Update for Windows Media Player 11 (KB959772) Crystal Reports for .NET Framework 2.0 (x86) DealPly DesignPro 5 e-tax 2011 EASEUS Partition Master 5.0.1 Home Edition Easy-WebPrint Easy Media Player 1.1.12 Elf 1.13 Toolbar ERUNT 1.1j ESET Online Scanner ESET Online Scanner v3 EZTMM FastFox FlashGet 3.5 FW LiveUpdate Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Inkjet Printer/Scanner Extended Survey Program Intel(R) Graphics Media Accelerator Driver Intel(R) PRO Network Connections 12.1.12.0 Intel® Active Management Technology Intel® Management Engine Interface iPhone Configuration Utility iTunes Java Auto Updater Java(TM) 6 Update 24 Join ME jZip K-Lite Codec Pack 7.0.0 (Standard) KeyBlaze Typing Tutor KhalInstallWrapper LoadIt Logitech Desktop Messenger Logitech SetPoint MailWasher Free 6.1 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft LifeCam Microsoft National Language Support Downlevel APIs Microsoft Office 97, Professional Edition Microsoft Office Word Viewer 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel Mouse Driver MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Multimedia Combo Set Nero 7 Essentials Nero Suite neroxml NETGEAR WNA3100 wireless USB 2.0 adapter Norton AntiVirus Norton Safe Web Lite Picasa 3 Presto! PageManager 7.15.13 Prism Video Converter Quicken 2010 QuickTime Realtek High Definition Audio Driver Recuva (remove only) Safari SAMSUNG Mobile Composite Device Software SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software SAMSUNG PC Studio 2.0.9 Samsung PC Studio 3 Samsung PC Studio 3 USB Driver Installer ScanSoft OmniPage SE 4.0 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB2675157) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI Skype™ 4.2 SpeedTouch USB Software Spelling Dictionaries Support For Adobe Reader 9 SyncBack TranslatorBar 3.3 Toolbar Uninstall Startup Inspector Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC 9.0 Runtime VideoPad Video Editor VLC media player 1.1.8 Watch Football TV WebFldrs XP Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131) Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7) Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007) Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell(TM) 1.0 Windows XP Service Pack 3 WiseConvert Toolbar Yontoo 1.10.02 ZoneAlarm Antivirus ZoneAlarm Firewall ZoneAlarm Free Antivirus + Firewall ZoneAlarm LTD Toolbar ZoneAlarm Security ZoneAlarm Spy Blocker . ==== Event Viewer Messages From Past Week ======== . 7/06/2012 7:51:00 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: Access is denied. 13/06/2012 11:37:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 13/06/2012 11:35:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt BHDrvx86 ccSet_NAV eeCtrl Fips intelppm KLIF SRTSP SRTSPX StarOpen SymIRON SYMTDI 13/06/2012 11:34:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 13/06/2012 11:34:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/06/2012 2:12:37 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 10/06/2012 10:06:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2690729). . ==== End Of File ===========================
__________________
Win XP Home - SP2 - 2.4GHz Intel P4, 256MB RAM, 40GB HD, CD RW, DSL internet. M$ Office, Norton, ZA, Spybot/Adaware.
|
|
#14
06-13-2012, 11:47 PM
|
||||
|
||||
|
That was not the Full ESET log, it should have been fully posted from top to bottom. If full logs are requested then they must be posted, from the first line to the last. We ask this for very specific reasons. The items found are not the only pieces of information we get from these logs. Please, from now on if full logs are requested then please post them in full.
Based on what I see in the DDS.txt log, you have at least two anti-virus programs installed and running on the computer and the absolute rule is only ONE. There are multiple other very dangerous and very questionable programs showing in that log also. Based on that log and the Attach.txt log I have to say I believe that the computer truly, even with the scans run thus far is still very likely grossly infected and based on what shows in the log, most of these infected files began entering the computer on or after May 27th. One thing also I see is Akamai NetSession Interface that is autostarting with each boot of the computer. This needs to be Stopped immediately, ask MM to help you with this, it Must be removed from auto start before anything else is done. This is a client-side networking technology that enhances networking protocols for delivery of software and media. There is no reason in the world this should be auto starting. You have the following anti-virus programs and firewall installed and they all must be Uninstalled using Add/Remove Norton AntiVirus Norton Safe Web Lite ZoneAlarm Antivirus ZoneAlarm Firewall ZoneAlarm Free Antivirus + Firewall ZoneAlarm LTD Toolbar ZoneAlarm Security ZoneAlarm Spy Blocker The DDS log also shows at least remnants of at least one Kaspersky security program, though Kaspersky does not show in the installed programs log, the files are showing so a manual search for Kaspersky files must be done and if any are found they must be deleted. These programs show in Add/Remove and absolutely, positively must be Uninstalled using Add/Remove. I would recommend doing this in Safe Mode in hopes of eliminating interference by other programs. Choice Guard Conduit Engine DealPly ERUNT 1.1j jZip TranslatorBar 3.3 Toolbar Watch Football TV WiseConvert Toolbar Yontoo 1.10.02 These programs show clearly in the DDS.txt log but do not show in Add/Remove, which will make their Uninstall very, very difficult and they absolute DO have to go, they are all KNOWN Bad programs. SpeedyPC Software PriceGong searchqutoolbar SpeedMaxPc Ilivid Player You probably need to get MM to help you with all of these removals of the programs not listed in Add/Remove. Frankly don't know how easy this is going to be, it's likely going to require a manual search and removal probably again in Safe Mode. A safe mode removal of all may be the way you will have to go on these. I will let MM make that decision. After those removals are complete, please make note of any that you have either not found or have not been able to remove, then you will have to do the following: Please download ComboFix by sUBs from http://www.bleepingcomputer.com/down...virus/combofix Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page. • You must download it to and run it from your Desktop If it is NOT run from the desktop then it will not work correctly. So it MUST be ON the desktop, NOT located in a folder someplace. • Physically disconnect from the internet. • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. • Double click combofix.exe & follow the prompts. • When ComboFix has finished running, you will see a screen stating that it is preparing the log report • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. • Re-enable all the programs that were disabled during the running of ComboFix.. Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Run Combofix ONCE only!! Post back here with the Full Combofix Log from top to bottom, every single line and every single section is vitally important so please be sure you do not leave one single thing out. It must be copy/pasted also. Do nothing else after the run of Combofix and posting of the log. I will give you the next set of instructions after reading that log.
__________________
1. Dell Inspiron N5040; Windows 7 64bit IE9;WLM2011; Firefox v.21 2.Dell Inspiron N7010; Windows 7 64bit IE9;WLM2011; Firefox v.21 Cable/Wireless Avira Free; Windows Firewall; SpywareBlaster; MBA-M; SAS; SpyBot System Restore Essential Tools 2012 Stick with the Clean up
|
|
#15
06-14-2012, 01:05 AM
|
||||
|
||||
|
Also uninstall
Java Auto Updater Java(TM) 6 Update 24 It is way out of date.
__________________
1. Dell Inspiron N5040; Windows 7 64bit IE9;WLM2011; Firefox v.21 2.Dell Inspiron N7010; Windows 7 64bit IE9;WLM2011; Firefox v.21 Cable/Wireless Avira Free; Windows Firewall; SpywareBlaster; MBA-M; SAS; SpyBot System Restore Essential Tools 2012 Stick with the Clean up
|
|
#16
06-14-2012, 02:52 AM
|
||||
|
||||
|
Thanks Judy, sorry about the eset log - its my fault.
I will consult with onslaught and I think a reformat reinstall is the way to go.
__________________
2.67 GHz Intel Core2 Quad 2GB RAM, 150GB + 500GB + 2TB SATA + 1TB Ext, DVD-RW, WinXP Pro (SP3), IE7, Avira, Outpost Firewall, Nero 7, Office XP. Cable. Pics of my Radar & Parrish now retired therapy dogs below. Google is your friend
|
|
#17
06-14-2012, 09:24 AM
|
||||
|
||||
|
Quote:
Think also that reformat is the way to go to but if onslaught wants to continue to attempt a clean up just post the logs and we can go from there.
__________________
1. Dell Inspiron N5040; Windows 7 64bit IE9;WLM2011; Firefox v.21 2.Dell Inspiron N7010; Windows 7 64bit IE9;WLM2011; Firefox v.21 Cable/Wireless Avira Free; Windows Firewall; SpywareBlaster; MBA-M; SAS; SpyBot System Restore Essential Tools 2012 Stick with the Clean up
|
|
#18
06-19-2012, 09:41 PM
|
|||
|
|||
|
Judy:
I was just browsing your stuff with Onslaught and noticed something that you might just already know. But here is a quote from A/V Software Review for your info: If you already know this, just ignore my comments: Most people do not know that ZoneAlarm sports the goodness of the Kaspersky virus-scanning engine under the hood.
__________________
trapper
|
|
#19
06-19-2012, 10:33 PM
|
||||
|
||||
|
Quote:
 Very good catch!!!
__________________
1. Dell Inspiron N5040; Windows 7 64bit IE9;WLM2011; Firefox v.21 2.Dell Inspiron N7010; Windows 7 64bit IE9;WLM2011; Firefox v.21 Cable/Wireless Avira Free; Windows Firewall; SpywareBlaster; MBA-M; SAS; SpyBot System Restore Essential Tools 2012 Stick with the Clean up
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT -5. The time now is 02:37 AM.