malware

View previous topic View next topic Go down

malware

Post by tingler on 23rd May 2010, 4:26 pm

If I am posting this in the wrong place..please excuse me as I am not very familiar with this site.
My problem is my computer keeps freezing up,,so I tried to download "Malwarebites" from "Download.com"...but as soon as it started to download..there was a beep and then after it finished downloading..I received a message that said it had encountered an error and had to restart.
Can anyone help me ???
If this post seems rather confusing...please try to be kind as I am a 73 years old man trying his best to keep up with modern technology...
Regards
Tingler

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 25th May 2010, 2:57 pm

Hi tingler And Welcome to GP!

Lets do a X Ray of your PC and see what's going on.

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.


  • Instead of attaching, please copy/past both logs into your Thread

  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.]Then post your DDS (DDS.txt and Attach.txt

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 25th May 2010, 6:02 pm

I hope I did this right...this is the DDS I could not get the ATT.file done because I do not know how to ZIP> it.
If I am too inexperienced to to accomplish the things I need to do to in order to get my computer working properly..don't spend lot of time trying to help me...I will understand...


DDS (Ver_10-03-17.01) - NTFSx86
Run by Bruce at 13:55:42.89 on Tue 05/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.271 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bruce\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = [You must be registered and logged in to see this link.]
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Connection Wizard,ShellNext = iexplore
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\update.exe -silent
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
StartupFolder: c:\docume~1\bruce\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - [You must be registered and logged in to see this link.]
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - [You must be registered and logged in to see this link.]
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - [You must be registered and logged in to see this link.]
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - [You must be registered and logged in to see this link.]
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - [You must be registered and logged in to see this link.]
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - [You must be registered and logged in to see this link.]
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - [You must be registered and logged in to see this link.]
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - [You must be registered and logged in to see this link.]
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - [You must be registered and logged in to see this link.]
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - [You must be registered and logged in to see this link.]
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - [You must be registered and logged in to see this link.]
TCP: {6E18C935-5368-4C6D-ABC1-2897D2BEB762} = 207.164.234.193 207.164.234.129
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-20 130424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-18 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-18 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-18 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
S2 gupdate1c9b6318eeaafd9;Google Update Service (gupdate1c9b6318eeaafd9);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S3 cpuz128;cpuz128; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-20 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-20 1095560]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\windows\system32\UnlockerDriver4.sys [2010-4-5 3584]

=============== Created Last 30 ================

2010-05-23 18:14:22 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-05-23 15:56:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-23 15:56:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 19:09:22 0 d-sh--w- C:\found.002
2010-05-22 12:22:43 0 d-----w- c:\docume~1\bruce\applic~1\FixCleaner
2010-05-22 12:22:20 0 d-----w- c:\program files\FixCleaner
2010-05-16 20:44:25 0 d-----w- c:\docume~1\bruce\applic~1\AVG9
2010-05-14 21:36:15 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-14 20:56:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 19:48:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-04-23 12:22:30 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-05 22:20:51 23348 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-03-12 13:53:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-06 03:23:01 16384 -csha-w- c:\windows\temp\cookies\index.dat
2009-12-06 03:23:01 16384 -csha-w- c:\windows\temp\history\history.ie5\index.dat
2009-12-06 03:23:01 49152 -csha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 13:56:12.51 ===============

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 25th May 2010, 6:09 pm

I hope I did this right...this is the DDS I could not get the ATT.file done because I do not know how to ZIP> it.
That's OK I seen what need it be seen. Take your time on the next part.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.
---------------------------------------------------------------------------------------------



  1. Download ComboFix from below:

    [You must be registered and logged in to see this link.]


    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs [You must be registered and logged in to see this link.]

  3. Double click on combofix.exe & follow the prompts.

  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.

  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------

  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 25th May 2010, 7:12 pm

this is my combofix log

ComboFix 10-05-24.07 - Bruce 05/25/2010 14:59:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.644 [GMT -4:00]
Running from: c:\documents and settings\Bruce\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-24 15:49 . 2010-05-24 15:49 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\NOS
2010-05-23 18:14 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-05-23 15:56 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-23 15:56 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 19:09 . 2010-05-22 19:09 -------- d-----w- C:\found.002
2010-05-22 12:22 . 2010-05-23 14:03 -------- d-----w- c:\documents and settings\Bruce\Application Data\FixCleaner
2010-05-22 12:22 . 2010-05-23 14:05 -------- d-----w- c:\program files\FixCleaner
2010-05-16 20:44 . 2010-05-16 20:44 -------- d-----w- c:\documents and settings\Bruce\Application Data\AVG9
2010-05-14 21:36 . 2010-05-14 21:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-14 20:56 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 19:48 . 2010-05-25 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 18:47 . 2010-03-04 20:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9
2010-05-24 15:50 . 2008-09-18 14:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-22 16:13 . 2009-01-14 16:09 -------- d-----w- c:\program files\LimeWire
2010-05-22 16:13 . 2009-01-14 16:09 -------- d-----w- c:\documents and settings\Bruce\Application Data\LimeWire
2010-05-20 13:40 . 2010-04-15 13:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-18 16:30 . 2008-11-07 18:15 -------- d-----w- c:\program files\PokerStars.NET
2010-05-18 04:44 . 2010-04-06 01:33 -------- d-----w- c:\program files\Bing Bar Installer
2010-05-18 04:44 . 2010-04-06 01:34 -------- d-----w- c:\program files\Microsoft
2010-05-14 20:56 . 2008-09-18 14:46 -------- d-----w- c:\program files\Java
2010-05-09 22:20 . 2008-12-24 15:47 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-04-08 17:53 . 2010-04-08 17:53 -------- d-----w- c:\program files\Firefly Studios
2010-04-08 17:53 . 2008-09-25 00:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 04:12 . 2010-04-06 04:12 -------- d-----w- c:\program files\MSXML 6.0
2010-04-06 04:04 . 2010-04-06 04:04 -------- d-----w- c:\program files\MSXML 4.0
2010-04-06 01:04 . 2008-09-18 14:45 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 01:04 . 2010-04-06 01:04 503808 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7259e93e-n\msvcp71.dll
2010-04-06 01:04 . 2010-04-06 01:04 499712 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7259e93e-n\jmc.dll
2010-04-06 01:04 . 2010-04-06 01:04 348160 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7259e93e-n\msvcr71.dll
2010-04-06 01:03 . 2010-04-06 01:03 61440 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-40924100-n\decora-sse.dll
2010-04-06 01:03 . 2010-04-06 01:03 12800 ----a-w- c:\documents and settings\Bruce\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-40924100-n\decora-d3d.dll
2010-04-06 01:00 . 2009-06-21 14:24 -------- d-----w- c:\program files\Reimage
2010-04-05 23:12 . 2008-09-24 23:08 -------- d-----w- c:\program files\Common Files\Apple
2010-04-05 22:20 . 2008-09-18 13:32 23348 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-04-05 21:27 . 2010-04-05 21:26 -------- d-----w- c:\documents and settings\Bruce\Application Data\U3
2010-04-04 17:50 . 2009-05-29 22:59 -------- d-----w- c:\program files\Groove Games
2010-04-04 17:34 . 2008-09-19 15:38 -------- d-----w- c:\program files\Cinemaware Marquee
2010-03-10 06:15 . 2002-12-31 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2002-12-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 14679552]

c:\documents and settings\Bruce\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/20/2009 11:36 PM 130424]
S2 gupdate1c9b6318eeaafd9;Google Update Service (gupdate1c9b6318eeaafd9);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2009 5:00 PM 133104]
S3 cpuz128;cpuz128; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/20/2009 11:36 PM 348752]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\windows\system32\UnlockerDriver4.sys [4/5/2010 6:20 PM 3584]
.
Contents of the 'Scheduled Tasks' folder

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 21:00]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 21:00]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
TCP: {6E18C935-5368-4C6D-ABC1-2897D2BEB762} = 207.164.234.193 207.164.234.129
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-25 15:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-25 15:07:05
ComboFix-quarantined-files.txt 2010-05-25 19:07

Pre-Run: 467,721,654,272 bytes free
Post-Run: 468,289,966,080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6ED6E26611632B64720B856615C1ACF8

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 25th May 2010, 7:49 pm

I have a couple of other problems that I hope you can help me with...whenever I try to d/l anything..I just hear a beep but nothing happens..plus when I try to activate Hijack This...I get a message that says an error occurred..also when I go into control panel to remove some things so I can reinstall them..I get that error message there also..

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 25th May 2010, 8:00 pm

I'll be back in on Wednesday. We sill have some work to do on your PC.

Thanks!

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 25th May 2010, 8:07 pm

Hi Kenny94...I really appreciate you taking all this time to help me..as you may be aware..I am a 73 year old man trying to keep up with all this new fangled technology...so you may wish you had never gotten involved with my problems.......but I sure am glad you did

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 26th May 2010, 11:41 am

Note: You should remove LimeWire. P2P (peer-to-peer) using P2P software is very risky, because it makes you very susceptible to infection, attack, exposure of personal or company information. But this is up to you to remove LimeWire.


Update Run Malwarebytes



  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 26th May 2010, 12:56 pm

I went to "download.com to try to d/l malwarebytes...but it just goes beep and nothing happens...I guess there is something blocking any downloading into my computer
I removed Limewire from my computer

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 26th May 2010, 3:26 pm

Please try this version of malwarebytes: Click the link [You must be registered and logged in to see this link.]
Save it on your desktop. You'll see it will have a random name, and will look similar like this:
Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.
In case the installer (random named file) won't run either, rename it to firefox.exe or explorer.exe or iexplore.exe and try again.

When Malwarebytes opens, click the Update tab FIRST and select to check for updates in order to get the latest updates.
In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a scan and let it remove what it found. Reboot afterwards (important).
After reboot, post the malwarebytes log

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 26th May 2010, 3:56 pm

I did all of the above and malware still does not open..it just sends a message that says" Malware has encountered a problem and needs to close,sorry for the inconvenience

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 26th May 2010, 3:59 pm

This PC is giving us a hard time. Lets look for a rootkit.

DeFogger
Download DeFogger by jpshortstuff from [You must be registered and logged in to see this link.] & save it to your desktop.

  • Right click DeFogger then choose Run as Administrator Or you can double-click to run the tool
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK. If not reboot your PC
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.


Next


Download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click GMER.exe.

  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      [You must be registered and logged in to see this link.]
      Click the image to enlarge it

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 26th May 2010, 5:38 pm

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-26 13:36:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Bruce\LOCALS~1\Temp\pwlorpog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7436506]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7425240]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7425432]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7436CC8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7436F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF74353EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF74373EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF74367B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7424EF0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF649D360, 0x3CEED5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[444] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1156] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1156] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1156] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1156] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1156] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1156] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1156] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1156] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1156] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2272] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@

---- EOF - GMER 1.0.15 ----

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 26th May 2010, 8:53 pm

I want to look at something.

TFC(Temp File Cleaner

Generally tools like TFC are created to assist us with malware removal by removing a lot of junk files, so our security tools will have less to scan, thus speed things up. It may also help to remove some types of malware which may be lurking in temp/user account folders.


TFC(Temp File Cleaner):


  • Please download [You must be registered and logged in to see this link.] to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.


Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read [You must be registered and logged in to see this link.].


  • Please go [You must be registered and logged in to see this link.] then click on:
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:


    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 27th May 2010, 2:08 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3e6138c271e37d48b4020119f5d71cab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-26 11:19:15
# local_time=2010-05-26 07:19:15 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 28407659 28407659 0 0
# compatibility_mode=1024 16777215 100 0 7093684 7093684 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=60063
# found=0
# cleaned=0
# scan_time=4223
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3e6138c271e37d48b4020119f5d71cab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 27th May 2010, 4:06 pm

I may have done something I should not have done...but my AVG Anti virus was running out of time..so I d/l the anti virus scanner called AVIRA that I read was quite a good program on your site and it did a scan..it did not completely finish scanning because my computer froze up again...but on the screen it showed that there were 22 hidden files..and 1 detection called
TR/Cryptxpack.Gen
I know you mentioned that I was not supposed to attempt any self fixing and was to do nothing until I was given the okay from you...but I felt very uncomfortable not having any virus protection..that is why I did it.
If it had finished before it froze up..I was intending to send you a log file without having the program remove anything.
I appologize if I screwed up any of the work you have done up until now.

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 27th May 2010, 5:42 pm

Avira is a good AV program. I like to look at the report. They maybe false\positives, no threats Can you post these? It's under Reports.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 27th May 2010, 7:02 pm

The only reports available are the ones that show the upgrades..when I try to do a scan ...my computer get to the place that shows that it has 1 detection..it displays it as TR/cryptxpack.Gen then my computer freezes up and does not complete the scan....I did a scan before I did the upgrades..and it showed no viruses....
this is that report



Avira AntiVir Personal
Report file date: Thursday, May 27, 2010 09:59

Scanning for 2166122 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Bruce
Computer name : BRUCE-53AF98F7F

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 13:57:42
VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 13:57:42
VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 13:57:43
VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 13:57:43
VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 13:57:43
VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 13:57:43
VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 13:57:43
VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 13:57:43
VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 13:57:43
VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 13:57:45
VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 13:57:46
VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 13:57:47
VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 13:57:48
VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 13:57:49
VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 13:57:51
VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 13:57:52
VBASE021.VDF : 7.10.7.51 118272 Bytes 5/6/2010 13:57:53
VBASE022.VDF : 7.10.7.75 404992 Bytes 5/10/2010 13:57:57
VBASE023.VDF : 7.10.7.100 125440 Bytes 5/13/2010 13:57:59
VBASE024.VDF : 7.10.7.119 177664 Bytes 5/17/2010 13:58:00
VBASE025.VDF : 7.10.7.139 129024 Bytes 5/19/2010 13:58:02
VBASE026.VDF : 7.10.7.157 145920 Bytes 5/21/2010 13:58:03
VBASE027.VDF : 7.10.7.173 147456 Bytes 5/25/2010 13:58:05
VBASE028.VDF : 7.10.7.174 2048 Bytes 5/25/2010 13:58:05
VBASE029.VDF : 7.10.7.175 2048 Bytes 5/25/2010 13:58:05
VBASE030.VDF : 7.10.7.176 2048 Bytes 5/25/2010 13:58:05
VBASE031.VDF : 7.10.7.185 108544 Bytes 5/27/2010 13:58:06
Engineversion : 8.2.1.242
AEVDF.DLL : 8.1.2.0 106868 Bytes 5/27/2010 13:58:32
AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 5/27/2010 13:58:32
AESCN.DLL : 8.1.6.1 127347 Bytes 5/27/2010 13:58:28
AESBX.DLL : 8.1.3.1 254324 Bytes 5/27/2010 13:58:33
AERDL.DLL : 8.1.4.6 541043 Bytes 5/27/2010 13:58:27
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/27/2010 13:58:25
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/27/2010 13:58:24
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25
AEGEN.DLL : 8.1.3.9 377203 Bytes 5/27/2010 13:58:13
AEEMU.DLL : 8.1.2.0 393588 Bytes 5/27/2010 13:58:11
AECORE.DLL : 8.1.15.3 192886 Bytes 5/27/2010 13:58:10
AEBB.DLL : 8.1.1.0 53618 Bytes 5/27/2010 13:58:09
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, May 27, 2010 09:59

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en[1].exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ding.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '1715' files ).



End of the scan: Thursday, May 27, 2010 10:00
Used time: 00:53 Minute(s)

The scan has been done completely.

0 Scanned directories
2190 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2190 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 27th May 2010, 7:24 pm

I feel there's a Windows problem than malware that is the cause. And the Fix Cleaner or any registry cleaners do more harm than good.

[You must be registered and logged in to see this link.]

Please visit the links [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.] first to read about this new Microsoft tool!

Then you can download and use: [You must be registered and logged in to see this link.]
Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!
It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.

Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.



  • Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.

  • Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.

  • Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.


Let me know after you had run all the troubleshooters on your pc if it corrected your problem.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 27th May 2010, 7:59 pm

I managed to get a scan to finish and it shows 1 virus..I did not know what to do so I put it in quaratine...this is the report



Avira AntiVir Personal
Report file date: Thursday, May 27, 2010 15:23

Scanning for 2166874 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BRUCE-53AF98F7F

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 13:57:42
VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 13:57:42
VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 13:57:43
VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 13:57:43
VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 13:57:43
VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 13:57:43
VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 13:57:43
VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 13:57:43
VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 13:57:43
VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 13:57:45
VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 13:57:46
VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 13:57:47
VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 13:57:48
VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 13:57:49
VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 13:57:51
VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 13:57:52
VBASE021.VDF : 7.10.7.51 118272 Bytes 5/6/2010 13:57:53
VBASE022.VDF : 7.10.7.75 404992 Bytes 5/10/2010 13:57:57
VBASE023.VDF : 7.10.7.100 125440 Bytes 5/13/2010 13:57:59
VBASE024.VDF : 7.10.7.119 177664 Bytes 5/17/2010 13:58:00
VBASE025.VDF : 7.10.7.139 129024 Bytes 5/19/2010 13:58:02
VBASE026.VDF : 7.10.7.157 145920 Bytes 5/21/2010 13:58:03
VBASE027.VDF : 7.10.7.173 147456 Bytes 5/25/2010 13:58:05
VBASE028.VDF : 7.10.7.174 2048 Bytes 5/25/2010 13:58:05
VBASE029.VDF : 7.10.7.175 2048 Bytes 5/25/2010 13:58:05
VBASE030.VDF : 7.10.7.176 2048 Bytes 5/25/2010 13:58:05
VBASE031.VDF : 7.10.7.186 120320 Bytes 5/27/2010 14:57:57
Engineversion : 8.2.1.242
AEVDF.DLL : 8.1.2.0 106868 Bytes 5/27/2010 13:58:32
AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 5/27/2010 13:58:32
AESCN.DLL : 8.1.6.1 127347 Bytes 5/27/2010 13:58:28
AESBX.DLL : 8.1.3.1 254324 Bytes 5/27/2010 13:58:33
AERDL.DLL : 8.1.4.6 541043 Bytes 5/27/2010 13:58:27
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/27/2010 13:58:25
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/27/2010 13:58:24
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25
AEGEN.DLL : 8.1.3.9 377203 Bytes 5/27/2010 13:58:13
AEEMU.DLL : 8.1.2.0 393588 Bytes 5/27/2010 13:58:11
AECORE.DLL : 8.1.15.3 192886 Bytes 5/27/2010 13:58:10
AEBB.DLL : 8.1.1.0 53618 Bytes 5/27/2010 13:58:09
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, May 27, 2010 15:23

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\hookinggroups
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\postoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\preoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\postoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\preoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\postoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\preoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\hookinggroups
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\HookingGroups\FileMonitor\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\HookingGroups\FileMonitor\postoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\HookingGroups\FileMonitor\preoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\postoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\preoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\postoperations
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\controlset002\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\preoperations
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '15' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '57' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '59' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'Ding.exe' - '65' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '67' Module(s) have been scanned
Scan process 'msmsgs.exe' - '44' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '35' Module(s) have been scanned
Scan process 'avgnt.exe' - '46' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '36' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '29' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '46' Module(s) have been scanned
Scan process 'Explorer.EXE' - '108' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'spoolsv.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '162' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '67' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1714' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Bruce\Local Settings\Application Data\Temp\BIT17.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Beginning disinfection:
C:\Documents and Settings\Bruce\Local Settings\Application Data\Temp\BIT17.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4e926a1b.qua'.


End of the scan: Thursday, May 27, 2010 15:55
Used time: 31:53 Minute(s)

The scan has been done completely.

6941 Scanned directories
199924 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
199923 Files not concerned
1104 Archives were scanned
0 Warnings
1 Notes
452407 Objects were scanned with rootkit scan
22 Hidden objects were found

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 27th May 2010, 8:10 pm

It's a temp file you can remove it. Did you use Microsoft Fix it?

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 27th May 2010, 8:13 pm

I managed to d/l the Fix It program...maybe it will solve my problems.
I will let you know if the freezing keeps happening.
In the neantime...do I just leave the virus that was found in the quarantine section ??

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 27th May 2010, 8:14 pm

Yes leave it quarantine.... Smile

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 27th May 2010, 8:21 pm

You can read about your new virus program at:

[You must be registered and logged in to see this link.]

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 27th May 2010, 8:25 pm

Thanks again for all your help...
regards
Bruce

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 28th May 2010, 6:23 pm

Your Computer is Clean
[You must be registered and logged in to see this link.]





Some final items:


Follow these steps to uninstall Combofix and tools used in the removal of malware


  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)

  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.], both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.]

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.


Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit [You must be registered and logged in to see this link.] regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

[You must be registered and logged in to see this link.]- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

[You must be registered and logged in to see this link.]- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

[You must be registered and logged in to see this link.] Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Also, see here for system improvement: [You must be registered and logged in to see this link.]


It was a pleasure working with you.



Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 29th May 2010, 7:22 pm

I was able to d/l malware and spyware ..but when I tried to install them it says it ecountered a problem and had to close.
Your observation that my computer must have a bunch of other problems must be causing this.
Some ot the items you suggested did manage to open and are working..so I think I will just reinstall my Windows XP and see if that corrects it.

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 29th May 2010, 7:28 pm

In case you are interested..this is the message I got when I tried to install and run Spyware Blaster
Error:Access Violation at 0 x 7342 D553 (tried to read from 0x00000053),
Program terminated

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by Kenny94 on 30th May 2010, 10:54 am

Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.

Reinstall Windows is your best bet. If you need help let me know.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33561
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware

Post by tingler on 30th May 2010, 1:08 pm

Thanks again for all your help
Regards

tingler
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2009-06-21
Gender Gender : Male
OS OS : windows xp
Points Points : 28202
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum