Removed AV, still have issue

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Removed AV, still have issue

Post by Celina268 on Sun 04 Jul 2010, 7:00 pm

First topic message reminder :

I removed AV security Suite using Malwarebytes (Spyware Doctor didn't work at all). It did get rid of AV. However, I am now unable to browse the internet. I use IE and I can connect and pull up my home page. I cannot go anywhere there. I get a cannot be displayed message. I know it's not my connection because my wireless works just fine. I also cannot type anything into the search bos (I have google toolbar). Did I miss something or do soemthing wrong? I did nothing manually because I am not computer savvy. I just scanned and deleted the infected files Malwarebytes brought up. What could be the problem?

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down


Re: Removed AV, still have issue

Post by Belahzur on Fri 09 Jul 2010, 1:55 am

Hello.
Was that from the x64 bit machine? Combofix will only run on the x32 bit machine, not x64.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Fri 09 Jul 2010, 2:01 am

Maybe this will help:
Desktop: 64bit
Laptop:32 bit

Makes more sense. That's why I tried to clarify. The 32 bit laptop has moved folders when we did the gooredfix. The 64bit desktop did not. So, for the 64bit desktop, what would you like me to do? For the 32bit laptop? Ok, now I think we're on the same page.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Fri 09 Jul 2010, 2:04 am

Run Combofix on the laptop for now, leave the Desktop as it is. x64 has uses a different file system to x32 bit so malware wise, there is very little malware that is can fully function on a x64 bit so there's less to worry about with that.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Fri 09 Jul 2010, 3:11 am

Ok, tried running combofix. It says I have Norton Security Online Active. I have read yourdirections on how to turn it off. I don't have it in the system try or in programs. I can't find it. Is there another way to turn it off?

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Fri 09 Jul 2010, 7:44 am

In that case....

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Run Combofix in Safe Mode, select continue if you still get the Norton being active warning, that's why I suggest Safe Mode, the AV wont be running in Safe Mode.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Fri 09 Jul 2010, 5:44 pm

It wouldn't let me stop, so it just ran through. I posted the log, but for some reason it didn't show. Here is the combofix log for the laptop:

ComboFix 10-07-07.02 - Mr.Clark 07/08/2010 11:38:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.269 [GMT -5:00]
Running from: c:\users\Mr.Clark\Desktop\Combo-Fix.exe
AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Security Online *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Windows
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\logs
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-08 16:58 . 2010-07-08 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-08 16:58 . 2010-07-08 16:58 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2010-07-08 15:59 . 2010-07-08 16:33 -------- d-----w- C:\32788R22FWJFW
2010-07-07 02:49 . 2010-07-07 02:49 -------- d-----w- C:\_OTL
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\Malwarebytes
2010-07-05 03:32 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 03:32 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 15:54 . 2008-04-04 03:54 -------- d-----w- c:\programdata\Google Updater
2010-07-08 11:16 . 2007-04-12 01:41 -------- d-----w- c:\program files\Gateway Games
2010-07-06 13:13 . 2007-04-12 01:41 -------- d-----w- c:\programdata\WildTangent
2010-07-05 05:00 . 2008-04-30 16:00 -------- d-----w- c:\program files\Lx_cats
2010-07-05 04:56 . 2008-05-29 17:55 -------- d-----w- c:\program files\GamesBar
2010-07-05 03:26 . 2008-12-07 03:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-02 16:03 . 2007-11-27 21:01 3304 ----a-w- c:\users\Mr.Clark\AppData\Roaming\wklnhst.dat
2010-06-13 08:18 . 2007-04-12 01:48 -------- d-----w- c:\programdata\Microsoft Help
2010-06-02 18:37 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\DreamDale
2010-06-02 18:27 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\MB3
2010-06-02 18:23 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\SmashFrenzy3
2010-05-30 12:38 . 2010-05-30 12:38 -------- d-----w- c:\programdata\PopCap Games
2010-05-29 12:56 . 2010-05-29 12:56 -------- d-----w- c:\programdata\MumboJumbo
2010-05-27 11:56 . 2010-05-27 11:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-27 11:55 . 2010-05-27 11:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 12:20 . 2007-04-12 01:52 -------- d-----w- c:\program files\Google
2010-02-10 15:32 . 2010-02-10 15:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-03-23 18:02 . 2007-10-01 00:32 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-03-23 18:02 . 2007-10-01 00:32 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-23 18:02 . 2007-10-01 00:32 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-03-23 18:02 . 2007-10-01 00:32 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-03-23 18:02 . 2007-10-01 00:32 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-17 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-10 30192]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 185896]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-30 205744]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-30 103344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Mr.Clark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-9-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-9-23 692224]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-8-17 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004181874-1218646721-3285697250-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004181874-1218646721-3285697250-500]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-10 30192]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090604.001\IDSvix86.sys [2009-02-09 272432]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MRVW147;Marvell TOPDOG (TM) 802.11n Driver for Vista Native WIFI (CB8x/EC8x);c:\windows\system32\DRIVERS\MRVW147.sys [2007-01-27 321536]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 05:20]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 05:20]

2010-05-04 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Mr.Clark.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]

2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{9E180437-3F6A-40F3-A2C5-DFE896E3C40D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
ActiveSetup-ccc-core-static - msiexec



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-08 11:59
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4004181874-1218646721-3285697250-1001\Software\SecuROM\License information*]
"datasecu"=hex:a7,cc,63,cb,11,18,b2,ce,50,dc,9d,83,1d,9a,78,db,c2,4b,60,6e,67,
27,e0,9d,7b,02,d5,63,fb,f4,d8,a8,97,60,51,70,c3,69,82,19,59,98,fd,47,37,a1,\
"rkeysecu"=hex:53,23,ec,92,8c,0b,b6,ed,90,02,0c,7a,7e,b5,b9,67

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-07-08 12:11:40
ComboFix-quarantined-files.txt 2010-07-08 17:11

Pre-Run: 81,418,584,064 bytes free
Post-Run: 88,968,744,960 bytes free

- - End Of File - - 577B51864380D070AC6E6D098CDF694A

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Sat 10 Jul 2010, 4:52 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:5577

    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Sat 10 Jul 2010, 8:46 am

Ok, so I did that. It finished. I tried to get on IE, it said "illegal operation attempted on a registry key that has been marked for deletion." Then it has a box that says: "The item you selected is unavailable. It might have been moved, renamed, or removed. Do you want to remove it from the list?" and gives me a yes or no option. What does it mean and what do I choose? Also, this is the same for MANY other programs.....firefox, yahoo messenger, google earth, kodak easy share, msn messenger, etc. the folder on my destop are the only thing that will open.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Mon 12 Jul 2010, 10:13 am

Bump

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Mon 12 Jul 2010, 10:42 am

Hmm.
Are you able to use MBAM?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Mon 12 Jul 2010, 11:18 am

No. All programs I try and open give me the same "illegal operation attempted on a registry key that has been marked for deletion" message. The ony things I can open are folders on the desktop, ie. pictures, etc.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Tue 13 Jul 2010, 6:39 am

Can you logon under another user account and try MBAM please.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Tue 13 Jul 2010, 7:31 am

Ok. I had to reboot because the laptop froze, and this time it decided it didn't care it hasn't worked in three days. All the programs work again. I'm sending the CFScript.txt log.


ComboFix 10-07-08.02 - Mr.Clark 07/09/2010 16:00:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.252 [GMT -5:00]
Running from: c:\users\Mr.Clark\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Mr.Clark\Desktop\CFScript.txt
AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Security Online *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-09 21:15 . 2010-07-09 21:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-09 21:15 . 2010-07-09 21:15 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2010-07-09 21:15 . 2010-07-09 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-09 20:53 . 2010-07-09 20:54 -------- d-----w- C:\32788R22FWJFW
2010-07-09 11:26 . 2010-07-09 11:26 19 ----a-w- c:\windows\popcinfo.dat
2010-07-08 16:33 . 2010-07-08 17:11 -------- d-----w- C:\Combo-Fix
2010-07-07 02:49 . 2010-07-07 02:49 -------- d-----w- C:\_OTL
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\Malwarebytes
2010-07-05 03:32 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 03:32 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 20:48 . 2008-04-30 16:00 -------- d-----w- c:\program files\Lx_cats
2010-07-09 18:55 . 2008-04-04 03:54 -------- d-----w- c:\programdata\Google Updater
2010-07-09 13:45 . 2007-04-12 01:41 -------- d-----w- c:\program files\Gateway Games
2010-07-09 11:13 . 2009-10-01 22:06 2319072 ----a-w- c:\programdata\WildTangent\Gateway Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2010-07-06 13:13 . 2007-04-12 01:41 -------- d-----w- c:\programdata\WildTangent
2010-07-05 04:56 . 2008-05-29 17:55 -------- d-----w- c:\program files\GamesBar
2010-07-05 03:26 . 2008-12-07 03:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-02 16:03 . 2007-11-27 21:01 3304 ----a-w- c:\users\Mr.Clark\AppData\Roaming\wklnhst.dat
2010-07-02 14:25 . 2010-03-06 01:08 439816 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-07-01 18:52 . 2010-07-07 02:36 1496064 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-01 18:51 . 2010-07-07 02:36 43008 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-01 18:51 . 2010-07-07 02:36 338944 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-01 18:51 . 2010-07-07 02:36 346112 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-13 08:18 . 2007-04-12 01:48 -------- d-----w- c:\programdata\Microsoft Help
2010-06-02 18:37 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\DreamDale
2010-06-02 18:27 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\MB3
2010-06-02 18:23 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\SmashFrenzy3
2010-05-30 12:38 . 2010-05-30 12:38 -------- d-----w- c:\programdata\PopCap Games
2010-05-29 12:56 . 2010-05-29 12:56 -------- d-----w- c:\programdata\MumboJumbo
2010-05-27 11:56 . 2010-05-27 11:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-27 11:55 . 2010-05-27 11:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 12:20 . 2007-04-12 01:52 -------- d-----w- c:\program files\Google
2010-02-10 15:32 . 2010-02-10 15:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-03-23 18:02 . 2007-10-01 00:32 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-03-23 18:02 . 2007-10-01 00:32 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-23 18:02 . 2007-10-01 00:32 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-03-23 18:02 . 2007-10-01 00:32 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-03-23 18:02 . 2007-10-01 00:32 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-17 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-10 30192]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 185896]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-30 205744]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-30 103344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Mr.Clark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-9-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-9-23 692224]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-8-17 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004181874-1218646721-3285697250-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004181874-1218646721-3285697250-500]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-10 30192]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090604.001\IDSvix86.sys [2009-02-09 272432]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MRVW147;Marvell TOPDOG (TM) 802.11n Driver for Vista Native WIFI (CB8x/EC8x);c:\windows\system32\DRIVERS\MRVW147.sys [2007-01-27 321536]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-24 05:17]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 05:20]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 05:20]

2010-05-04 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Mr.Clark.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]

2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{9E180437-3F6A-40F3-A2C5-DFE896E3C40D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-09 16:15
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4004181874-1218646721-3285697250-1001\Software\SecuROM\License information*]
"datasecu"=hex:a7,cc,63,cb,11,18,b2,ce,50,dc,9d,83,1d,9a,78,db,c2,4b,60,6e,67,
27,e0,9d,7b,02,d5,63,fb,f4,d8,a8,97,60,51,70,c3,69,82,19,59,98,fd,47,37,a1,\
"rkeysecu"=hex:53,23,ec,92,8c,0b,b6,ed,90,02,0c,7a,7e,b5,b9,67
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3400)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2010-07-09 16:26:52
ComboFix-quarantined-files.txt 2010-07-09 21:26
ComboFix2.txt 2010-07-08 17:11

Pre-Run: 88,742,576,128 bytes free
Post-Run: 88,391,405,568 bytes free

- - End Of File - - 22416CFEB2958CA8FCA8C7A8CEF66882

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Thu 15 Jul 2010, 8:54 am

BUMP

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Thu 15 Jul 2010, 10:00 am

Hello.
Do this from the machine Combofix was run on.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.1
    Java(TM) SE Runtime Environment 6
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 20.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader 9.3.3


Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Thu 15 Jul 2010, 3:09 pm

Alright. Completed the scan. The log doesn't look complete, but whatever. It didn't find any infected files, so maybe that's all it had to say.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Belahzur on Fri 16 Jul 2010, 4:54 am

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Fri 16 Jul 2010, 7:41 am

It's running better. Super slow. But it's performing everything as it should.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Sun 18 Jul 2010, 11:17 am

BUMP

Just wondering what I should do next. I'll uninstall the programs we've used, since, hopefully, I won't be needing them for a while. I'm thinking that will help make the system faster. Thanks for your help.

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Sneakyone on Mon 19 Jul 2010, 6:56 am

Hi,

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

==========

Please download ATF Cleaner by Atribune.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, click No at the prompt.
Click Exit on the Main menu to close the program.

==========

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: [You must be registered and logged in to see this link.]

=========

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Removed AV, still have issue

Post by Celina268 on Sun 25 Jul 2010, 7:33 am

Alright. I did all of those steps. Thank you for all of your help!

Celina268

Rookie Surfer
Rookie Surfer

Posts : 175
Joined : 2010-07-04
Operating System : Windows 7

View user profile

Back to top Go down

Re: Removed AV, still have issue

Post by Sneakyone on Sun 25 Jul 2010, 9:52 am

You're welcome, glad to help.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Removed AV, still have issue

Post by Sponsored content Today at 5:55 am


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum