GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Removed AV, still have issue

View previous topic View next topic Go down

Re: Removed AV, still have issue

Post by Belahzur on Thu Jul 08, 2010 2:55 pm

Hello.
Was that from the x64 bit machine? Combofix will only run on the x32 bit machine, not x64.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Thu Jul 08, 2010 3:01 pm

Maybe this will help:
Desktop: 64bit
Laptop:32 bit

Makes more sense. That's why I tried to clarify. The 32 bit laptop has moved folders when we did the gooredfix. The 64bit desktop did not. So, for the 64bit desktop, what would you like me to do? For the 32bit laptop? Smile Ok, now I think we're on the same page. Smile

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Thu Jul 08, 2010 3:04 pm

Run Combofix on the laptop for now, leave the Desktop as it is. x64 has uses a different file system to x32 bit so malware wise, there is very little malware that is can fully function on a x64 bit so there's less to worry about with that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Thu Jul 08, 2010 4:11 pm

Ok, tried running combofix. It says I have Norton Security Online Active. I have read yourdirections on how to turn it off. I don't have it in the system try or in programs. I can't find it. Is there another way to turn it off?

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Thu Jul 08, 2010 8:44 pm

In that case.... Goofy

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Run Combofix in Safe Mode, select continue if you still get the Norton being active warning, that's why I suggest Safe Mode, the AV wont be running in Safe Mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Fri Jul 09, 2010 6:44 am

It wouldn't let me stop, so it just ran through. I posted the log, but for some reason it didn't show. Here is the combofix log for the laptop:

ComboFix 10-07-07.02 - Mr.Clark 07/08/2010 11:38:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.269 [GMT -5:00]
Running from: c:\users\Mr.Clark\Desktop\Combo-Fix.exe
AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Security Online *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Windows
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\logs
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-08 16:58 . 2010-07-08 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-08 16:58 . 2010-07-08 16:58 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2010-07-08 15:59 . 2010-07-08 16:33 -------- d-----w- C:\32788R22FWJFW
2010-07-07 02:49 . 2010-07-07 02:49 -------- d-----w- C:\_OTL
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\Malwarebytes
2010-07-05 03:32 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 03:32 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 15:54 . 2008-04-04 03:54 -------- d-----w- c:\programdata\Google Updater
2010-07-08 11:16 . 2007-04-12 01:41 -------- d-----w- c:\program files\Gateway Games
2010-07-06 13:13 . 2007-04-12 01:41 -------- d-----w- c:\programdata\WildTangent
2010-07-05 05:00 . 2008-04-30 16:00 -------- d-----w- c:\program files\Lx_cats
2010-07-05 04:56 . 2008-05-29 17:55 -------- d-----w- c:\program files\GamesBar
2010-07-05 03:26 . 2008-12-07 03:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-02 16:03 . 2007-11-27 21:01 3304 ----a-w- c:\users\Mr.Clark\AppData\Roaming\wklnhst.dat
2010-06-13 08:18 . 2007-04-12 01:48 -------- d-----w- c:\programdata\Microsoft Help
2010-06-02 18:37 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\DreamDale
2010-06-02 18:27 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\MB3
2010-06-02 18:23 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\SmashFrenzy3
2010-05-30 12:38 . 2010-05-30 12:38 -------- d-----w- c:\programdata\PopCap Games
2010-05-29 12:56 . 2010-05-29 12:56 -------- d-----w- c:\programdata\MumboJumbo
2010-05-27 11:56 . 2010-05-27 11:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-27 11:55 . 2010-05-27 11:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 12:20 . 2007-04-12 01:52 -------- d-----w- c:\program files\Google
2010-02-10 15:32 . 2010-02-10 15:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-03-23 18:02 . 2007-10-01 00:32 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-03-23 18:02 . 2007-10-01 00:32 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-23 18:02 . 2007-10-01 00:32 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-03-23 18:02 . 2007-10-01 00:32 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-03-23 18:02 . 2007-10-01 00:32 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-17 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-10 30192]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 185896]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-30 205744]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-30 103344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Mr.Clark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-9-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-9-23 692224]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-8-17 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004181874-1218646721-3285697250-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004181874-1218646721-3285697250-500]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-10 30192]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090604.001\IDSvix86.sys [2009-02-09 272432]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MRVW147;Marvell TOPDOG (TM) 802.11n Driver for Vista Native WIFI (CB8x/EC8x);c:\windows\system32\DRIVERS\MRVW147.sys [2007-01-27 321536]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 05:20]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 05:20]

2010-05-04 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Mr.Clark.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]

2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{9E180437-3F6A-40F3-A2C5-DFE896E3C40D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
ActiveSetup-ccc-core-static - msiexec



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-08 11:59
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4004181874-1218646721-3285697250-1001\Software\SecuROM\License information*]
"datasecu"=hex:a7,cc,63,cb,11,18,b2,ce,50,dc,9d,83,1d,9a,78,db,c2,4b,60,6e,67,
27,e0,9d,7b,02,d5,63,fb,f4,d8,a8,97,60,51,70,c3,69,82,19,59,98,fd,47,37,a1,\
"rkeysecu"=hex:53,23,ec,92,8c,0b,b6,ed,90,02,0c,7a,7e,b5,b9,67

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-07-08 12:11:40
ComboFix-quarantined-files.txt 2010-07-08 17:11

Pre-Run: 81,418,584,064 bytes free
Post-Run: 88,968,744,960 bytes free

- - End Of File - - 577B51864380D070AC6E6D098CDF694A

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Fri Jul 09, 2010 5:52 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:5577

    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Fri Jul 09, 2010 9:46 pm

Ok, so I did that. It finished. I tried to get on IE, it said "illegal operation attempted on a registry key that has been marked for deletion." Then it has a box that says: "The item you selected is unavailable. It might have been moved, renamed, or removed. Do you want to remove it from the list?" and gives me a yes or no option. What does it mean and what do I choose? Also, this is the same for MANY other programs.....firefox, yahoo messenger, google earth, kodak easy share, msn messenger, etc. the folder on my destop are the only thing that will open.

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Sun Jul 11, 2010 11:13 pm

Bump

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Sun Jul 11, 2010 11:42 pm

Hmm.
Are you able to use MBAM?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Mon Jul 12, 2010 12:18 am

No. All programs I try and open give me the same "illegal operation attempted on a registry key that has been marked for deletion" message. The ony things I can open are folders on the desktop, ie. pictures, etc.

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Mon Jul 12, 2010 7:39 pm

Can you logon under another user account and try MBAM please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Mon Jul 12, 2010 8:31 pm

Ok. I had to reboot because the laptop froze, and this time it decided it didn't care it hasn't worked in three days. All the programs work again. I'm sending the CFScript.txt log.


ComboFix 10-07-08.02 - Mr.Clark 07/09/2010 16:00:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.252 [GMT -5:00]
Running from: c:\users\Mr.Clark\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Mr.Clark\Desktop\CFScript.txt
AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Security Online *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-09 21:15 . 2010-07-09 21:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-09 21:15 . 2010-07-09 21:15 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2010-07-09 21:15 . 2010-07-09 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-09 20:53 . 2010-07-09 20:54 -------- d-----w- C:\32788R22FWJFW
2010-07-09 11:26 . 2010-07-09 11:26 19 ----a-w- c:\windows\popcinfo.dat
2010-07-08 16:33 . 2010-07-08 17:11 -------- d-----w- C:\Combo-Fix
2010-07-07 02:49 . 2010-07-07 02:49 -------- d-----w- C:\_OTL
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\Malwarebytes
2010-07-05 03:32 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 03:32 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 20:48 . 2008-04-30 16:00 -------- d-----w- c:\program files\Lx_cats
2010-07-09 18:55 . 2008-04-04 03:54 -------- d-----w- c:\programdata\Google Updater
2010-07-09 13:45 . 2007-04-12 01:41 -------- d-----w- c:\program files\Gateway Games
2010-07-09 11:13 . 2009-10-01 22:06 2319072 ----a-w- c:\programdata\WildTangent\Gateway Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2010-07-06 13:13 . 2007-04-12 01:41 -------- d-----w- c:\programdata\WildTangent
2010-07-05 04:56 . 2008-05-29 17:55 -------- d-----w- c:\program files\GamesBar
2010-07-05 03:26 . 2008-12-07 03:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-02 16:03 . 2007-11-27 21:01 3304 ----a-w- c:\users\Mr.Clark\AppData\Roaming\wklnhst.dat
2010-07-02 14:25 . 2010-03-06 01:08 439816 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-07-01 18:52 . 2010-07-07 02:36 1496064 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-01 18:51 . 2010-07-07 02:36 43008 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-01 18:51 . 2010-07-07 02:36 338944 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-01 18:51 . 2010-07-07 02:36 346112 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-13 08:18 . 2007-04-12 01:48 -------- d-----w- c:\programdata\Microsoft Help
2010-06-02 18:37 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\DreamDale
2010-06-02 18:27 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\MB3
2010-06-02 18:23 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\SmashFrenzy3
2010-05-30 12:38 . 2010-05-30 12:38 -------- d-----w- c:\programdata\PopCap Games
2010-05-29 12:56 . 2010-05-29 12:56 -------- d-----w- c:\programdata\MumboJumbo
2010-05-27 11:56 . 2010-05-27 11:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-27 11:55 . 2010-05-27 11:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 12:20 . 2007-04-12 01:52 -------- d-----w- c:\program files\Google
2010-02-10 15:32 . 2010-02-10 15:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-03-23 18:02 . 2007-10-01 00:32 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-03-23 18:02 . 2007-10-01 00:32 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-23 18:02 . 2007-10-01 00:32 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-03-23 18:02 . 2007-10-01 00:32 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-03-23 18:02 . 2007-10-01 00:32 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-17 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-10 30192]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 185896]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-30 205744]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-30 103344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Mr.Clark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-9-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-9-23 692224]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-8-17 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004181874-1218646721-3285697250-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004181874-1218646721-3285697250-500]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-10 30192]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090604.001\IDSvix86.sys [2009-02-09 272432]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MRVW147;Marvell TOPDOG (TM) 802.11n Driver for Vista Native WIFI (CB8x/EC8x);c:\windows\system32\DRIVERS\MRVW147.sys [2007-01-27 321536]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-24 05:17]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 05:20]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 05:20]

2010-05-04 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Mr.Clark.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]

2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{9E180437-3F6A-40F3-A2C5-DFE896E3C40D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-09 16:15
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4004181874-1218646721-3285697250-1001\Software\SecuROM\License information*]
"datasecu"=hex:a7,cc,63,cb,11,18,b2,ce,50,dc,9d,83,1d,9a,78,db,c2,4b,60,6e,67,
27,e0,9d,7b,02,d5,63,fb,f4,d8,a8,97,60,51,70,c3,69,82,19,59,98,fd,47,37,a1,\
"rkeysecu"=hex:53,23,ec,92,8c,0b,b6,ed,90,02,0c,7a,7e,b5,b9,67
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3400)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2010-07-09 16:26:52
ComboFix-quarantined-files.txt 2010-07-09 21:26
ComboFix2.txt 2010-07-08 17:11

Pre-Run: 88,742,576,128 bytes free
Post-Run: 88,391,405,568 bytes free

- - End Of File - - 22416CFEB2958CA8FCA8C7A8CEF66882

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Wed Jul 14, 2010 9:54 pm

BUMP

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Wed Jul 14, 2010 11:00 pm

Hello.
Do this from the machine Combofix was run on.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.1
    Java(TM) SE Runtime Environment 6
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]


Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Thu Jul 15, 2010 4:09 am

Alright. Completed the scan. The log doesn't look complete, but whatever. It didn't find any infected files, so maybe that's all it had to say. Smile

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Thu Jul 15, 2010 5:54 pm

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Thu Jul 15, 2010 8:41 pm

It's running better. Super slow. But it's performing everything as it should.

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Sun Jul 18, 2010 12:17 am

BUMP

Just wondering what I should do next. I'll uninstall the programs we've used, since, hopefully, I won't be needing them for a while. I'm thinking that will help make the system faster. Thanks for your help. Smile

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Sneakyone on Sun Jul 18, 2010 7:56 pm

Hi, Smile

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

==========

Please download [You must be registered and logged in to see this link.] by Atribune.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, click No at the prompt.
Click Exit on the Main menu to close the program.

==========

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download [You must be registered and logged in to see this link.] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: [You must be registered and logged in to see this link.]

=========

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. [You must be registered and logged in to see this link.]

9. Also there are many holes and flaws in Internet Explorer I recommend using [You must be registered and logged in to see this link.] to keep you more safe.

10. Always keep your [You must be registered and logged in to see this link.] and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit
Points : 56044
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Sat Jul 24, 2010 8:33 pm

Alright. I did all of those steps. Thank you for all of your help!

Celina268
Intermediate
Intermediate

Status :
Online
Offline

Posts : 175
Joined : 2010-07-04
OS : Windows 7
Points : 26159
# Likes : 0

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Sneakyone on Sat Jul 24, 2010 10:52 pm

You're welcome, glad to help. Smile


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit
Points : 56044
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum