Malware/Spyware problem

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Malware/Spyware problem

Post by endlessands on 8th June 2010, 3:12 am

Thanks, I followed the link and got the download. It was automatically saved with the file name FixforErica I then dragged it to the ComboFix icon to run Combofix, but a window popped up with the name: CF Script Name error. It said: Were you trying to run CFScript? The name, CFScript appears to be incorrectly spelt.
So my question is: I see that your instructions say for me to save as CFScript.txt but I'm not sure how to do that because it saved it automatically as FixforErica. I must have missed a step...?

endlessands
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-06-05
Gender Gender : Female
OS OS : xp
Protection Protection : McAfee
Points Points : 24203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Spyware problem

Post by Crush on 8th June 2010, 6:18 am

Hi Erica,

I should have saved it as CFScript, sorry. If you right click on FixForErica and choose Rename it will allow you to rename it to CFScript Smile

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42118
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Spyware problem

Post by endlessands on 8th June 2010, 5:18 pm

ComboFix 10-06-05.03 - Erica 06/08/2010 9:42.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.257 [GMT -7:00]
Running from: c:documents and settingsEricaDesktopcommy.exe.exe
Command switches used :: c:documents and settingsEricaDesktopCFScript.txt.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 )))))))))))))))))))))))))))))))
.

2010-06-08 03:02 . 2010-06-08 03:04 -------- d-----w- C:commy.exe18885c
2010-06-06 18:53 . 2010-06-06 18:54 -------- d-----w- C:commy.exe
2010-06-06 03:34 . 2010-06-06 03:34 -------- d-----w- c:documents and settingsEricaApplication DataMalwarebytes
2010-06-06 03:34 . 2010-04-29 22:39 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-06-06 03:34 . 2010-06-06 03:34 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-06-06 03:34 . 2010-06-06 03:34 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-06-06 03:34 . 2010-04-29 22:39 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-06-04 02:32 . 2010-06-04 02:32 -------- d-sh--w- c:documents and settingsLocalServiceIETldCache
2010-06-03 03:41 . 2010-06-03 03:49 -------- d-----w- c:program filesTeaTimer (Spybot - Search & Destroy)
2010-06-03 03:41 . 2010-06-03 03:49 -------- d-----w- c:program filesSDHelper (Spybot - Search & Destroy)
2010-06-03 03:41 . 2010-06-03 03:41 -------- d-----w- c:program filesMisc. Support Library (Spybot - Search & Destroy)
2010-06-03 03:41 . 2010-06-03 03:41 -------- d-----w- c:program filesFile Scanner Library (Spybot - Search & Destroy)
2010-06-03 03:04 . 2010-06-03 03:04 -------- d-----w- c:program filesiLike
2010-06-02 15:36 . 2010-06-02 15:36 -------- d-sh--w- c:documents and settingsNetworkServiceIETldCache
2010-05-10 17:21 . 2010-05-10 17:21 -------- d-----w- c:windowssystem32BWKDLogs
2010-05-10 17:15 . 2010-05-10 17:15 -------- d-----w- c:documents and settingsEricaLocal SettingsApplication DataKodakGallery
2010-05-10 17:05 . 2010-05-10 17:05 -------- d-----w- c:program filesCommon FilesKodak
2010-05-10 16:58 . 2010-05-15 22:13 -------- d-----w- c:documents and settingsAll UsersApplication DataKodak
2010-05-10 16:06 . 2010-05-10 16:06 -------- d-----w- c:documents and settingsAll UsersApplication DataFileCure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 19:13 . 2007-03-05 01:07 -------- d-----w- c:documents and settingsEricaApplication DataSiteAdvisor
2010-06-06 05:20 . 2007-06-14 18:31 20 ---h--w- c:documents and settingsAll UsersApplication DataPKP_DLds.DAT
2010-06-06 05:20 . 2007-06-14 18:36 20 ---h--w- c:documents and settingsAll UsersApplication DataPKP_DLec.DAT
2010-06-06 01:44 . 2007-03-08 20:54 -------- d-----w- c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy
2010-06-05 20:52 . 2007-03-08 20:54 -------- d-----w- c:program filesSpybot - Search & Destroy
2010-06-05 04:48 . 2007-12-29 18:45 -------- d-----w- c:documents and settingsEricaApplication DataApple Computer
2010-06-03 03:04 . 2009-12-24 16:43 -------- d-----w- c:program filesiTunes
2010-05-01 04:59 . 2009-05-04 16:33 -------- d-----w- c:program filesCitrix
2010-04-28 00:16 . 2010-03-15 23:36 9344 ----a-w- c:windowssystem32driversmfeclnk.sys
2010-04-28 00:16 . 2010-03-15 23:36 95568 ----a-w- c:windowssystem32driversmfeapfk.sys
2010-04-28 00:16 . 2010-03-15 23:36 88480 ----a-w- c:windowssystem32driversmfendisk.sys
2010-04-28 00:16 . 2010-03-15 23:36 83496 ----a-w- c:windowssystem32driversmferkdet.sys
2010-04-28 00:16 . 2010-03-15 23:36 82952 ----a-w- c:windowssystem32driversmfetdi2k.sys
2010-04-28 00:16 . 2010-03-15 23:36 55456 ----a-w- c:windowssystem32driverscfwids.sys
2010-04-28 00:16 . 2010-03-15 23:36 385880 ----a-w- c:windowssystem32driversmfehidk.sys
2010-04-28 00:16 . 2010-03-15 23:36 312616 ----a-w- c:windowssystem32driversmfefirek.sys
2010-04-28 00:16 . 2007-03-05 01:05 51688 ----a-w- c:windowssystem32driversmfebopk.sys
2010-04-28 00:16 . 2007-03-05 01:05 152320 ----a-w- c:windowssystem32driversmfeavfk.sys
2010-04-19 13:11 . 2010-04-19 13:11 -------- d-----w- c:documents and settingsTimApplication DataApple Computer
2010-04-18 13:50 . 2007-06-02 23:15 -------- d-----w- c:documents and settingsEricaApplication DataYahoo!
2010-04-18 13:50 . 2007-05-04 06:24 -------- d-----w- c:documents and settingsAll UsersApplication DataYahoo!
2010-04-14 22:59 . 2010-04-14 22:53 -------- d-----w- c:documents and settingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-14 22:55 . 2010-04-14 22:55 -------- d-----w- c:program filesiPod
2010-04-14 22:55 . 2010-02-05 04:59 -------- d-----w- c:program filesCommon FilesApple
2010-04-14 22:43 . 2004-04-17 18:43 -------- d-----w- c:program filesQuickTime
2010-04-14 22:32 . 2010-04-14 22:32 -------- d-----w- c:program filesBonjour
2010-04-14 22:28 . 2010-04-14 22:28 -------- d-----w- c:program filesSafari
2006-07-21 12:31 . 2006-07-21 12:31 141728 ----a-w- c:program filesMC
2010-04-28 00:16 . 2010-03-15 23:36 24376 ----a-w- c:program filesmozilla firefoxcomponentsScriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"DellSupport"="c:program filesDellSupportDSAgnt.exe" [2007-03-15 460784]
"ShutterflyStudio"="c:program filesShutterflyStudioBINSFlyStudio.exe" [2008-05-07 2500096]
"SpybotSD TeaTimer"="c:program filesSpybot - Search & DestroyTeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="c:windowsSystem32NvCpl.dll" [2003-11-03 4800512]
"IntelMeM"="c:program filesIntelModem Event MonitorIntelMEM.exe" [2003-09-04 221184]
"dla"="c:windowssystem32dlatfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:windowsSystem32DSentry.exe" [2003-08-13 28672]
"diagent"="c:program filesCreativeSBLiveDiagnosticsdiagent.exe" [2002-04-03 135264]
"UpdReg"="c:windowsUpdReg.EXE" [2000-05-11 90112]
"Dell AIO Printer A960"="c:program filesDell AIO Printer A960dlbfbmgr.exe" [2003-09-21 270336]
"DVDLauncher"="c:program filesCyberLinkPowerDVDDVDLauncher.exe" [2004-07-14 53248]
"PCMService"="c:program filesDellMedia ExperiencePCMService.exe" [2004-07-16 290816]
"UpdateManager"="c:program filesCommon FilesSonicUpdate Managersgtray.exe" [2003-08-19 110592]
"dscactivate"="c:program filesDell Support Centergs_agentcustomdsca.exe" [2007-11-15 16384]
"TkBellExe"="c:program filesCommon FilesRealUpdate_OBrealsched.exe" [2009-01-18 185896]
"mcui_exe"="c:program filesMcAfee.comAgentmcagent.exe" [2010-04-02 1180976]
"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe" [2010-02-18 177472]
"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2010-03-26 142120]

c:documents and settingsTimStart MenuProgramsStartup
PowerReg Scheduler V3.exe [2004-12-30 225280]

c:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2008-4-23 29696]
NkbMonitor.exe.lnk - c:documents and settingsEricaMy DocumentsNkbMonitor.exe [2007-6-16 118784]
ymetray.lnk - c:program filesYahoo!Yahoo! Music Jukeboxymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
@=""

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\WINDOWS\SYSTEM32\LEXPPS.EXE"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\WINDOWS\SYSTEM32\java.exe"=
"c:\Program Files\Real\RealPlayer\realplay.exe"=
"c:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"=
"c:\Program Files\Yahoo!\UPnP\yupnpsrv.exe"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Rhapsody\rhapsody.exe"=
"c:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\iTunes\iTunes.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:windowsSYSTEM32DRIVERSmfetdi2k.sys [3/15/2010 4:36 PM 82952]
R2 Application Updater;Application Updater;c:program filesApplication UpdaterApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
R2 McMPFSvc;McAfee Personal Firewall;"c:program filesCommon FilesMcafeeMcSvcHostMcSvHost.exe" /McCoreSvc [3/15/2010 4:35 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe" /McCoreSvc [3/15/2010 4:35 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:program filesCommon FilesMcAfeeSystemCoremfefire.exe [3/15/2010 4:36 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:program filesCommon FilesMcAfeeSystemCoremfevtps.exe [3/15/2010 4:36 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:windowsSYSTEM32DRIVERScfwids.sys [3/15/2010 4:36 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:windowsSYSTEM32DRIVERSmfefirek.sys [3/15/2010 4:36 PM 312616]
R3 mfendiskmp;mfendiskmp;c:windowsSYSTEM32DRIVERSmfendisk.sys [3/15/2010 4:36 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:windowsSYSTEM32DRIVERSmfendisk.sys [3/15/2010 4:36 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:windowsSYSTEM32DRIVERSmferkdet.sys [3/15/2010 4:36 PM 83496]
S3 NUVision;NUVision II Video Service;c:windowsSYSTEM32DRIVERSnuvvid2.sys [10/10/2004 1:01 PM 153760]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:documents and settingsEricaApplication DataMozillaFirefoxProfilesjv7t3avb.default
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:documents and settingsEricaApplication DataFacebooknpfbplugin_1_0_0.dll
FF - plugin: c:documents and settingsEricaApplication DataFacebooknpfbplugin_1_0_1.dll
FF - plugin: c:documents and settingsEricaApplication DataFacebooknpfbplugin_1_0_3.dll
FF - plugin: c:program filesJavaj2re1.4.2binNPJPI142.dll
FF - plugin: c:program filesMozilla FirefoxpluginsNPUploader.dll
FF - plugin: c:program filesViewpointViewpoint Experience TechnologynpViewpoint.dll
FF - plugin: c:program filesVirtools3D Life Playernpvirtools.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-08 09:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCUSoftwareMicrosoftWindowsCurrentVersionRun
ShutterflyStudio = c:program filesShutterflyStudioBINSFlyStudio.exe /trayonly?: /RegServer????????????/keyword????????????MMURIConstraint?!????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????!??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(428)
c:windowssystem32WININET.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2010-06-08 10:12:54
ComboFix-quarantined-files.txt 2010-06-08 17:12
ComboFix2.txt 2010-06-07 23:03
ComboFix3.txt 2010-06-07 02:39
ComboFix4.txt 2010-06-06 20:15

Pre-Run: 3,682,930,688 bytes free
Post-Run: 3,647,299,584 bytes free

- - End Of File - - 6FB00B52EB11C1ABCCB23C75DFCC6410

endlessands
Novice
Novice

Posts Posts : 29
Joined Joined : 2010-06-05
Gender Gender : Female
OS OS : xp
Protection Protection : McAfee
Points Points : 24203
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware/Spyware problem

Post by Crush on 8th June 2010, 5:49 pm

Hi Erica,

Please go to [You must be registered and logged in to see this link.] and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 8th June 2010, 6:10 pm

    For some reason the "Accept" button from this link is not an option...only "Exit"?

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 8th June 2010, 6:17 pm

    Hi Erica,

    It works on my end so, it's not an issue with Kaspersky. Do you currently have Java installed? You could try updating to the latest version from here:
    [You must be registered and logged in to see this link.] and then try running Kaspersky again.
    =======

    If that doesn't do it, did you see this?

    Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

    Try disabling your AV. See here for more info on doing so: [You must be registered and logged in to see this link.]

    then, run Kaspersky again

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 9th June 2010, 5:37 am

    Updated Java, disabled all anti-virus programs. Got the download ok finally, but tried unsuccessfully all day to complete the scan. All 5 or 6 times, it freezes right in the middle of scan and either freezes up or closes. Too frustrated to try again tonight, so I'll give it another shot in the morning.

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 9th June 2010, 5:40 am

    Hi Erica,

    That's odd. I've never had issues with Kaspersky like that.

    Try this:

    Please run [You must be registered and logged in to see this link.] online scan.

    • Click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 9th June 2010, 12:33 pm

    Threats (9)
    Low danger level (9)
    W32/Bagle.pwdz... Virus
    Latent
    Hide + Info
    1. c:documents and settingsall usersapplicati...troyrecoverysmitfraudcgeneric.zip
    adware/activsh... Adware
    Latent
    Hide + Info
    1. c:program filesactivshopper
    Adware/Protect... Adware
    Latent
    Hide + Info
    1. c:qooboxquarantinecwindowspragmacviqnrdmshpragmaserf.dll.vir
    2. c:system volume information_restore{b37680b...0-83e44c588624}rp1431a0449092.dll
    Adware/Protect... Adware
    Latent
    Hide + Info
    1. c:system volume information_restore{b37680b...0-83e44c588624}rp1431a0449090.dll
    2. c:qooboxquarantinecwindowspragmacviqnrdmshpragmabbr.dll.vir
    Adware/Protect... Adware
    Latent
    Hide + Info
    1. c:qooboxquarantinecwindowspragmaiymxvslutipragmad.sys.vir
    Generic Malwar... Virus
    Latent
    Hide + Info
    1. c:documents and settingsericaapplication d...lliance3dgroovextrav181groove.x32
    Adware/Protect... Adware
    Latent
    Hide + Info
    1. c:qooboxquarantinecwindowspragmaiymxvslutipragmac.dll.vir
    2. c:qooboxquarantinecwindowspragmacviqnrdmshpragmac.dll.vir
    Trj/CI.A Virus
    Latent
    Hide + Info
    1. c:qooboxquarantinecwindowspragmaiymxvslutipragmabbr.dll.vir
    2. c:system volume information_restore{b37680b...0-83e44c588624}rp1431a0449093.dll
    3. c:system volume information_restore{b37680b...0-83e44c588624}rp1431a0449095.dll
    4. c:qooboxquarantinecwindowspragmaiymxvslutipragmaserf.dll.vir
    Application/PR... Tracking Application
    Latent
    Hide + Info
    1. c:documents and settingstimstart menuprog...sstartuppowerreg scheduler v3.exe

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 9th June 2010, 5:54 pm

    Hi Erica,

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these Folders/Files (if present):

    c:documents and settingsall usersapplicati...troyrecovery

    c:documentsandsettingsericaapplicationd...lliance3dgroovextrav181groove.x32

    c:documents and settingstimstart menuprog...sstartuppowerreg scheduler v3.exe

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 9th June 2010, 9:20 pm

    Hey Chris, I r-clicked start menu and hit explore....then I clicked documents and settings then all users. There are several folders in there which I checked but didn't find "troyrecovery." Couldn't find 3D Groove either. Any tips on how I might find them?

    Found Power Reg Scheduler and deleted.

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 9th June 2010, 9:27 pm

    Hi Erica,

    Try going down one level further to All Users/Application Data to find troyrecovery

    for lliance3dgroovextrav181groove.x32 it is in Documents and Settings/Erica/Application Data

    sstartuppowerreg scheduler v3.exe is in Documents and Settings/Start Menu Programs

    If you go Start>Search you can type the filenames in and it will come up with the locations if you still can't find them.

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 9th June 2010, 9:39 pm

    ok so here's what's confusing me (sorry, take a deep breath)...
    I see category "All Users" but no "application" subcategory

    I see "Documents and settings" and subcategory "Erica," but no "Application Data" subcategory.

    I put the file names in a search, and came up with nothing. I'll look again, I'm sure I'm just not seeing the right place to look.

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 9th June 2010, 9:44 pm

    Hi Erica,

    It could be that hidden files and folders aren't set to show.

    1. On the Tools menu in Windows Explorer, click Folder Options.

    2. Click the View tab.

    3. Under Hidden files and folders, click Show hidden files and folders.

    The filepaths are as follows:

    c:\documents and settings\all users\application data\troyrecovery

    c:\documents and settings\erica\application data\lliance3dgroovextrav181groove.x32

    c:\documents and settings\tim\start menu programs\sstartuppowerreg scheduler v3.exe

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 9th June 2010, 9:59 pm

    That worked...thanks! Found and deleted 3D groove and start up power reg but there is still no troy recovery (not even when I did a search from the start menu).

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 9th June 2010, 10:09 pm

    What about smitfraudcgeneric.zip?

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 9th June 2010, 10:23 pm

    Didn't find it in a search...is there a specific path I should follow?

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 9th June 2010, 10:28 pm

    This is the path to the infected file from the logfile

    c:documents and settingsall usersapplicati...troyrecoverysmitfraudcgeneric.zip

    It's garbled because A) it's shortened and One Cool Dude Our current forum issue. According to the logfile it should be in C:|Documents and Settings|All Users|Application Data|troyrecovery|smitfraudcgeneric.zip

    that's my best guess. without the character to split up the path i can't say with certainty where it is

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 9th June 2010, 10:41 pm

    I know what it is. I found it under a folder under the heading Spybot and then under Recovery. There are a bunch of applications with the name SmitfraudC, C1, C2,C3,etc.

    Should I delete all of them? I uninstalled Spybot the other day

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 9th June 2010, 11:36 pm

    Hi Erica,

    EDIT: Better idea Smile

    Since you uninstalled Spybot there's no need for that folder. You can safely delete it Hooray!

    Could you please let me know how things are running now as well?

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 10th June 2010, 12:42 am

    I'm still trying to locate those files...I know where they are, I just can't find it when I browse on Virus Total. I found this infected file though...should I delete?


    File dummy.cd_clint.dll received on 2010.06.10 00:37:07 (UTC)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    Result: 1/41 (2.44%)
    Loading server information...
    Your file is queued in position: 1.
    Estimated start time is between 42 and 60 seconds.
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Compact
    Print results Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email:

    Antivirus Version Last Update Result
    a-squared 5.0.0.26 2010.06.09 -
    AhnLab-V3 2010.06.10.00 2010.06.10 -
    AntiVir 8.2.2.6 2010.06.09 -
    Antiy-AVL 2.0.3.7 2010.06.08 -
    Authentium 5.2.0.5 2010.06.10 -
    Avast 4.8.1351.0 2010.06.09 -
    Avast5 5.0.332.0 2010.06.09 -
    AVG 9.0.0.787 2010.06.09 -
    BitDefender 7.2 2010.06.10 -
    CAT-QuickHeal 10.00 2010.06.09 -
    ClamAV 0.96.0.3-git 2010.06.09 -
    Comodo 5044 2010.06.09 -
    DrWeb 5.0.2.03300 2010.06.10 -
    eSafe 7.0.17.0 2010.06.09 -
    eTrust-Vet 36.1.7624 2010.06.10 -
    F-Prot 4.6.0.103 2010.06.09 -
    F-Secure 9.0.15370.0 2010.06.10 -
    Fortinet 4.1.133.0 2010.06.09 -
    GData 21 2010.06.10 -
    Ikarus T3.1.1.84.0 2010.06.09 -
    Jiangmin 13.0.900 2010.06.09 -
    Kaspersky 7.0.0.125 2010.06.09 -
    McAfee 5.400.0.1158 2010.06.10 -
    McAfee-GW-Edition 2010.1 2010.06.09 -
    Microsoft 1.5802 2010.06.09 -
    NOD32 5185 2010.06.09 -
    Norman 6.04.12 2010.06.09 -
    nProtect 2010-06-09.02 2010.06.09 -
    Panda 10.0.2.7 2010.06.08 -
    PCTools 7.0.3.5 2010.06.10 -
    Prevx 3.0 2010.06.10 -
    Rising 22.51.02.03 2010.06.09 -
    Sophos 4.54.0 2010.06.10 -
    Sunbelt 6427 2010.06.10 -
    Symantec 20101.1.0.89 2010.06.09 -
    TheHacker 6.5.2.0.295 2010.06.08 -
    TrendMicro 9.120.0.1004 2010.06.09 -
    TrendMicro-HouseCall 9.120.0.1004 2010.06.10 -
    VBA32 3.12.12.5 2010.06.09 -
    ViRobot 2010.6.9.2346 2010.06.09 Adware.SpyFerret.R.48640
    VirusBuster 5.0.27.0 2010.06.09 -
    Additional information
    File size: 48640 bytes
    MD5...: 65fd7ea79f626f7b57f4d6ced6339f32
    SHA1..: 866057a7b43c7d8cbc940bdb5d3f981e90c766bd
    SHA256: df94491ba2793da99a2431591f317c67150d22e2530a9d34d5f427ad854fccf4
    ssdeep: 768:fx2vBbnGaxz3I1pc8APF5AkQejBa5VlnaaroGUGQQP86pxl6N93+:aBbXz4L
    c8APF5RQI05ONGUGRON93
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1000
    timedatestamp.....: 0x3c407b08 (Sat Jan 12 18:06:00 2002)
    machinetype.......: 0x14c (I386)

    ( 7 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x8000 0x7600 6.58 8558c7cd93244de2db100e05b0f62e21
    .data 0x9000 0x6000 0x2600 4.78 df74a9ef4ed005ce2b9a3dbf3590410c
    .tls 0xf000 0x1000 0x200 7.56 6dc5e9f680f898766f95b3772be45afa
    .idata 0x10000 0x1000 0x600 4.21 03687ef20fd86b905fd9b48e039f7963
    .edata 0x11000 0x1000 0x200 2.15 bab4bd510e904028091b14b2b3bd197a
    .rsrc 0x12000 0x1000 0xa00 3.74 3d2d5690d8a991e3b301369919edbdcb
    .reloc 0x13000 0x1000 0x800 6.49 ae41c1542e3e8af842d30f2ded308dd4

    ( 2 imports )
    > KERNEL32.DLL: CloseHandle, CreateFileA, EnterCriticalSection, ExitProcess, FreeEnvironmentStringsA, GetACP, GetCPInfo, GetCurrentThreadId, GetEnvironmentStrings, GetFileType, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetVersion, GetVersionExA, GlobalMemoryStatus, HeapAlloc, HeapFree, InitializeCriticalSection, LeaveCriticalSection, LoadLibraryA, RaiseException, RtlUnwind, SetConsoleCtrlHandler, SetFilePointer, SetHandleCount, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WriteFile
    > USER32.DLL: EnumThreadWindows, MessageBoxA, wsprintfA

    ( 6 exports )
    ChannelRead, ChannelWrite, DescWrite, ServiceClose, ServiceShow, ___CPPdebugHook
    RDS...: NSRL Reference Data Set
    -
    trid..: Win32 Dynamic Link Library - Borland C/C++ (91.6%)
    Win32 Executable Generic (3.5%)
    Win32 Dynamic Link Library (generic) (3.1%)
    Generic Win/DOS Executable (0.8%)
    DOS Executable Generic (0.8%)
    pdfid.: -
    sigcheck:
    publisher....: CEXX Labs - [You must be registered and logged in to see this link.]
    copyright....: CEXX Labs _ Mike Dombrowski
    product......: CEXX.ORG Spyware Condom (CYDOOR-Compatible)
    description..: DLL (GUI)
    original name: project1.dll
    internal name: ProjectOne
    file version.: 1.0.0.0
    comments.....: _For that EXTRA comfort and protection._
    signers......: -
    signing date.: -
    verified.....: Unsigned[b]

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 10th June 2010, 12:45 am

    Hi Erica,

    Darn it! You must have missed my edit. My apologies. Since you uninstalled Sybot, you don't need to keep that folder around anymore. You can just delete C:\Program Files\Spybot S & D

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 10th June 2010, 12:48 am

    Awesome! That makes it easy. I uninstalled it yesterday when I tried to run Kaspersky.

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 10th June 2010, 12:49 am

    Hehe. Exactly what I was thinking Smile.

    So, how are things running now? Any better?

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 10th June 2010, 12:52 am

    My computer is running perfectly now. Do you think all of the nasty stuff is gone? How can I tell?

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 10th June 2010, 1:17 am

    Hi Erica,

    Yep. You're all good. The logs supplied are clean Cheesy Grin (sparkly

    Congratulations!! Your PC is all clean! Big Grin

    To uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall



    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

    =======

    There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

    Cleaning

    Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    Defragmenting Your Hard Disk

    Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

    To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
    right-click My Computer, choose Manage, Storage, Disk Defragmenter.

    In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

    Repeat for multiple partitions/hard disks.

    System Restore Cleanup Instructions

    If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
    You can find instructions on how to disable and re-enable system restore here:

    [You must be registered and logged in to see this link.]

    [You must be registered and logged in to see this link.]

    Reading Tip:
    [You must be registered and logged in to see this link.]
    Keep Your System Updated

    Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

    Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

    To update Windows and office

    Go to Start > All Programs > Microsoft Update

    Alternatively, you can visit the link below to update Windows and Office products.

    [You must be registered and logged in to see this link.]

    If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

    1. Go to Start > Control Panel > Automatic Updates
    2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
    3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

    Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

    Be careful when opening attachments and downloading files.

    1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
    2. Never open emails from unknown senders.
    3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
    4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

    Surf safely

    Many security exploits on websites are directed to users of Internet Explorer and Firefox.

    If you use Firefox, try the [You must be registered and logged in to see this link.] - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

    Backup regularly

    You never know when your PC will become unstable or become so infected that you can't recover it. Follow this [You must be registered and logged in to see this link.] to learn how to backup. Follow [You must be registered and logged in to see this link.] by Microsoft to restore your backups.

    Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
    [You must be registered and logged in to see this link.]

    Avoid P2P

    I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    Prevent A Re-infection

    1. Winpatrol

    Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features [You must be registered and logged in to see this link.]

    You can get a [You must be registered and logged in to see this link.] of Winpatrol or use the [You must be registered and logged in to see this link.] for more features.

    You can read [You must be registered and logged in to see this link.] if you run into problems.

    2. Hosts File

    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    3. Spybot Search and Destroy

    Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from [You must be registered and logged in to see this link.].

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy [You must be registered and logged in to see this link.] at Bleeping Computer.

    4. SiteHound Toolbar

    [You must be registered and logged in to see this link.] is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

    ====

    Stand Up and Be Counted ---> [You must be registered and logged in to see this link.]<--- where you can make difference!

    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
    ============================================================
    See [You must be registered and logged in to see this link.] for more info about malware and prevention.
    Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site.
    Before the thread is archived, do you have any more questions?

    Happy surfing and stay clean!

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 10th June 2010, 1:24 am

    What P2P do I have on here? I would like to know so I can uninstall. Thank you SO MUCH for helping me! I know it must be frustrating to work with someone with limited computer knowledge. YOU ROCK!!!!! Thanks again Chris!!

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 10th June 2010, 1:42 am

    Hi Erica,

    Let's see what's installed on your machine


    • Please open a new Notepad file.
    • Copy and paste the following into Notepad:

      Echo This will get the currently installed programs on your machine.

      reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" > InstalledPrograms.txt

      reg query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" >> InstalledPrograms.txt

      Pause

      Start InstalledPrograms.txt

      exit

    • Save this as Uninstall.bat, save it to your desktop.
    • Double click Uninstall.bat to run it.
    • Please copy InstalledPrograms.txt back here

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 10th June 2010, 2:33 am

    When trying to uninstall, a window tells me:
    Choose the program you want to use to open the file InstalledPrograms.txt

    I already checked with SREng and there are no errors, so I'm not sure how to proceed.

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 10th June 2010, 2:53 am

    Ok. Let's try something different. I didn't want to have you download another program but, this is easier

    Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

    1. Open HijackThis.
    2. Click on the Open the Misc Tools section button.
    3. Look under System tools.
    4. Click on the Open Uninstall Manager... button.
    5. Click on the Save list... button.
    6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    7. Notepad will open. Please post this log in your next reply.

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 10th June 2010, 3:08 am

    Adobe Flash Player 10 ActiveX
    CCScore
    HiJackThis
    Hotfix for Windows XP (KB981793)
    iLike Sidebar
    Java(TM) 6 Update 20
    McAfee Internet Security
    Panda ActiveScan 2.0
    Security Update for Windows XP (KB978542)

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 10th June 2010, 3:13 am

    You're good. No P2P programs Smile

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by endlessands on 10th June 2010, 3:19 am

    YAY!! Officially DONE!!! Thanks a million! ~Erica

    endlessands
    Novice
    Novice

    Posts Posts : 29
    Joined Joined : 2010-06-05
    Gender Gender : Female
    OS OS : xp
    Protection Protection : McAfee
    Points Points : 24203
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Malware/Spyware problem

    Post by Crush on 10th June 2010, 3:20 am

    I'm glad I could be of help Smile. You've been a pleasure to work with. If you have any further questions feel free to ask.

    Crush
    Master
    Master

    Posts Posts : 3889
    Joined Joined : 2010-01-27
    Gender Gender : Male
    Points Points : 42118
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Page 1 of 2 1, 2  Next

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum