Think I removed "Total Security;" please look at log files

View previous topic View next topic Go down

Think I removed "Total Security;" please look at log files

Post by Will Whateley on 7th October 2009, 2:58 pm

Hi, I recently was infected with an unknown no. of virus/spy/malware, including the "total security" malware that is discussed in recent threads here. I initially tried to use MalwareBytes, however, the system kept crashing as soon as I started the program. I then used ComboFix, which seemed to clean things up (at least it let me run MalWareBytes!)

Would someone please take a look at my Log files and let me know if there is anything else I should do?

Thanks

Will (Windows XP)

edit - Forgot to mention - I normally run Chrome, but since this infection started, I've not been able to start IE (ver. 8), when I click to start, nothing happens. Should I simply re-install?

Combofix log

ComboFix 09-10-06.04 - Will 10/07/2009 9:27.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2536 [GMT -4]
Running from: c:\documents and settings\Will\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\oafcdn
c:\program files\oafcdn\sgbrsysguard.exe
c:\windows\Installer\3d6916.msi

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 12:32 . 2009-10-07 12:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 01:13 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-07 01:13 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-07 01:13 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-07 01:13 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-07 01:13 . 2009-10-07 01:13 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-07 01:13 . 2009-10-07 01:13 -------- d-----w- c:\program files\McAfee.com
2009-10-07 01:13 . 2009-10-07 12:11 -------- d-----w- c:\program files\McAfee
2009-10-07 01:10 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-01 01:54 . 2009-10-01 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-01 01:54 . 2009-10-07 13:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-01 01:54 . 2009-10-01 01:54 -------- d-----w- c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com
2009-10-01 01:43 . 2009-10-01 01:43 -------- d-----w- c:\program files\CCleaner
2009-10-01 01:29 . 2009-10-01 01:29 -------- d-----w- c:\program files\Trend Micro
2009-10-01 00:42 . 2009-10-01 00:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-10-01 00:33 . 2009-10-01 00:33 -------- d-----w- c:\documents and settings\Will\Application Data\Malwarebytes
2009-10-01 00:33 . 2009-10-01 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 14:57 . 2009-10-06 23:02 -------- d-----w- c:\documents and settings\Will\Local Settings\Application Data\Temp
2009-09-30 14:47 . 2009-09-30 14:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-30 13:39 . 2009-09-30 13:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-30 13:35 . 2009-10-07 12:27 0 ----a-r- c:\windows\win32k.sys
2009-09-29 14:19 . 2009-09-29 14:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-29 14:10 . 2009-09-29 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-16 12:08 . 2009-09-16 12:08 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-16 12:06 . 2009-09-16 12:06 -------- d-----w- c:\program files\iPod
2009-09-16 12:06 . 2009-09-16 12:06 -------- d-----w- c:\program files\iTunes
2009-09-16 12:06 . 2009-09-16 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 12:04 . 2009-09-16 12:04 -------- d-----w- c:\program files\QuickTime
2009-09-09 07:50 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 12:35 . 2007-05-18 19:51 -------- d-----w- c:\program files\Java
2009-10-07 12:20 . 2007-07-05 20:29 -------- d-----w- c:\program files\Lavasoft
2009-10-07 12:20 . 2007-07-05 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-07 01:15 . 2007-05-18 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-01 01:49 . 2007-05-18 19:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-01 01:49 . 2008-11-17 19:24 -------- d-----w- c:\program files\Logitech
2009-10-01 00:57 . 2007-08-12 13:47 -------- d-----w- c:\program files\Sibelius Software
2009-09-29 20:31 . 2007-07-31 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-22 21:25 . 2009-07-12 18:25 51008 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-17 15:20 . 2008-04-15 14:47 -------- d-----w- c:\documents and settings\Will\Application Data\Apple Computer
2009-09-16 12:07 . 2009-07-10 13:05 -------- d-----w- c:\program files\Safari
2009-09-16 12:06 . 2008-04-15 14:46 -------- d-----w- c:\program files\Common Files\Apple
2009-08-28 23:42 . 2009-07-10 13:00 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-07-10 13:00 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:14 . 2009-08-27 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-27 13:12 . 2007-06-28 19:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-27 13:12 . 2009-08-27 13:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-27 13:08 . 2009-08-27 13:08 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-26 13:56 . 2008-09-29 15:50 -------- d-----w- c:\documents and settings\Will\Application Data\webex
2009-08-25 12:40 . 2007-05-18 20:00 73192 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 07:04 . 2009-08-25 07:04 -------- d-----w- c:\program files\MSBuild
2009-08-25 07:03 . 2009-08-25 07:03 -------- d-----w- c:\program files\Reference Assemblies
2009-08-11 12:19 . 2009-08-10 18:19 -------- d-----w- c:\program files\NoteMatch
2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-11 22:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NG3CheckedOut]
@="{1E5E1445-6CEA-4761-8E45-AA19F654571E}"
[HKEY_CLASSES_ROOT\CLSID\{1E5E1445-6CEA-4761-8E45-AA19F654571E}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NG3ReadOnly]
@="{1AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C}"
[HKEY_CLASSES_ROOT\CLSID\{1AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C}]
2006-11-16 21:43 45056 ----a-w- c:\program files\Adobe\RoboSource Control 3\NGMenu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-30 8425472]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-04 483328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-07 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-17 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/6/2009 9:15 PM 203280]
R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [8/6/2009 2:56 PM 188276]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 RSO3MiddleTierService;RSO3 MiddleTier Service;c:\program files\Adobe\RoboSource Control 3\RSO3MiddleTierService.exe [12/12/2006 1:12 PM 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-10-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-31 14:07]

2009-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839798932-352068214-1463503386-1005Core.job
- c:\documents and settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-30 14:57]

2009-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839798932-352068214-1463503386-1005UA.job
- c:\documents and settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-30 14:57]

2009-10-07 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-07 01:26]

2009-10-07 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-07 01:26]

2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{AFDC05C8-5CB3-441D-8500-A79F692F2509}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-07 09:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839798932-352068214-1463503386-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,9b,32,fa,af,11,8a,f3,01,d4,00,24,71,22,5d,30,66,a5,36,d6,01,99,5c,
67,ea,0a,d3,cb,ba,bf,9f,84,ad,a2,24,ce,4f,e6,48,23,b2,40,cf,12,c9,c8,6a,67,\
"??"=hex:22,4f,7f,f6,ed,a6,8b,de,54,50,30,46,54,e4,f9,9e

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\Adobe\ROBOSO~1\DIRBKG~1.DLL
c:\program files\Adobe\RoboSource Control 3\NGMenu.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\McAfee\MPF\MC\MpfAlert.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-07 9:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-07 13:36

Pre-Run: 452,893,667,328 bytes free
Post-Run: 452,800,274,432 bytes free

252 --- E O F --- 2009-09-10 07:01


Malwarebytes Log

Malwarebytes' Anti-Malware 1.41
Database version: 2917
Windows 5.1.2600 Service Pack 3

10/7/2009 10:49:21 AM
mbam-log-2009-10-07 (10-49-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 218251
Time elapsed: 1 hour(s), 6 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP632\A0058138.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP632\A0058211.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP632\A0058251.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Will\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Will Whateley
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-10-07
OS OS : XP Pro
Points Points : 26224
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I removed "Total Security;" please look at log files

Post by Belahzur on 7th October 2009, 6:08 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Think I removed "Total Security;" please look at log files

Post by Will Whateley on 7th October 2009, 7:05 pm

Thanks

The machine seems to be running smoothly - no annoying pop-ups or slow-down issues

However, I still can't run Internet Explorer - any suggestions?

Will

Will Whateley
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-10-07
OS OS : XP Pro
Points Points : 26224
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum