xp spyware 2012 problem

View previous topic View next topic Go down

xp spyware 2012 problem

Post by amibra on Sun 31 Jul 2011, 1:14 am

I had a xp spyware 2012 problem afer I scanned my computer with malwarebytes it removed explorer.ex and other files here's the malwarebytes log thanks:

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Databaseversie: 7322

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

30-7-2011 2:04:15 PM
mbam-log-2011-07-30 (14-04-15).txt

Scantype: Volledige scan (C:\|)
Objecten gescand: 246843
Verstreken tijd: 28 minuut/minuten, 54 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 2
Registerdata ge´nfecteerd: 4
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 1

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\442027559 (Trojan.FakeAlert) -> Value: 442027559 -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\fgs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\fgs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\fgs.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
c:\documents and settings\administrator\local settings\application data\fgs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


And here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:10, on 30-7-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieŰn - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9254 bytes



Thanks in advance

amibra

Rookie Surfer
Rookie Surfer

Posts : 76
Joined : 2008-09-23

View user profile

Back to top Go down

Re: xp spyware 2012 problem

Post by Sneakyone on Sun 31 Jul 2011, 3:06 pm

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: xp spyware 2012 problem

Post by amibra on Mon 01 Aug 2011, 1:18 am

Here ya go:

ComboFix 11-07-31.03 - Administrator 31-07-2011 15:59:31.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2039.1698 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\commy.exe
AV: AVG Internet Security *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Absolute MP3 Splitter.exe
c:\documents and settings\Administrator\Application Data\chrtmp
c:\documents and settings\Administrator\Application Data\proxyfire.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Asus.xrm-ms
c:\documents and settings\Administrator\Local Settings\Application Data\bootinst.exe
c:\documents and settings\Administrator\Local Settings\Application Data\grldr
c:\documents and settings\Administrator\Sjablonen\2vh24au6207y5o0xmd5qn803m2i51qt3bcjj2f565e
c:\documents and settings\Administrator\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-06-28 to 2011-07-31 ))))))))))))))))))))))))))))))
.
.
2011-07-30 14:13 . 2011-07-30 14:13 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-30 14:13 . 2011-07-30 14:13 -------- d-----w- c:\program files\Trend Micro
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2010-03-30 00:39 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-03-30 00:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-10 21:24 . 2011-06-10 21:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-06 03:19 . 2011-05-06 03:19 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-05-06 03:19 . 2011-05-06 03:19 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-06-22 15:07 . 2011-05-16 23:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-07 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TrayMin230.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\TrayMin230.lnk
backup=c:\windows\pss\TrayMin230.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-13 20:13 208952 -c--a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 13:27 119152 -c--a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-06 17:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-13 20:13 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-13 20:13 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC230NC_Monitor]
2007-12-10 13:55 323584 -c--a-w- c:\windows\Philips\SPC230NC\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC_Monitor]
2007-12-10 13:55 323584 -c--a-w- c:\windows\Philips\SPC230NC\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-07 12:51 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30-3-2010 2:39 AM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30-3-2010 2:39 AM 22712]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [25-9-2010 7:05 PM 30576]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8-6-2010 6:11 PM 136176]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8-6-2010 6:11 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [30-3-2010 2:39 AM 41272]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [14-6-2010 11:50 AM 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [14-6-2010 11:50 AM 461056]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 16:11]
.
2011-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 16:11]
.
2011-07-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-57989841-838170752-1417001333-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-07-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-838170752-1417001333-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-07-31 c:\windows\Tasks\User_Feed_Synchronization-{E66F38A6-21E9-4872-9E31-078509EC808C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fcyimxi3.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-vyuocgje - c:\documents and settings\Administrator\Local Settings\Application Data\efolhixlj\mgdcwykshdw.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-07-31 16:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-57989841-838170752-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,3b,63,b7,d7,74,47,41,a7,1c,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,3b,63,b7,d7,74,47,41,a7,1c,02,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3792)
c:\documents and settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2011-07-31 16:16:56 - machine werd herstart
ComboFix-quarantined-files.txt 2011-07-31 14:16
.
Pre-Run: 5.409.808.384 bytes beschikbaar
Post-Run: 7.145.332.736 bytes beschikbaar
.
- - End Of File - - 3A09777E16268F224466B355A5953106

amibra

Rookie Surfer
Rookie Surfer

Posts : 76
Joined : 2008-09-23

View user profile

Back to top Go down

Re: xp spyware 2012 problem

Post by Sneakyone on Mon 01 Aug 2011, 4:40 pm

Hi,

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: xp spyware 2012 problem

Post by amibra on Mon 01 Aug 2011, 9:51 pm

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-01 12:49:07
-----------------------------
12:49:07.093 OS Version: Windows 5.1.2600 Service Pack 3
12:49:07.093 Number of processors: 2 586 0x401
12:49:07.093 ComputerName: DC7100 UserName:
12:49:08.406 Initialize success
12:49:13.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
12:49:13.453 Disk 0 Vendor: Maxtor_6Y080M0 YAR512W0 Size: 76319MB BusType: 3
12:49:15.484 Disk 0 MBR read successfully
12:49:15.484 Disk 0 MBR scan
12:49:15.484 Disk 0 unknown MBR code
12:49:15.484 Disk 0 scanning sectors +156296385
12:49:15.515 Disk 0 scanning C:\WINDOWS\system32\drivers
12:49:25.562 Service scanning
12:49:28.937 Modules scanning
12:49:33.687 Disk 0 trace - called modules:
12:49:33.703 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:49:33.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a847ab8]
12:49:33.703 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a7ec310]
12:49:33.718 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a849940]
12:49:33.718 Scan finished successfully
12:49:48.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\MBR.dat"
12:49:48.562 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Bureaublad\aswMBR.txt"



amibra

Rookie Surfer
Rookie Surfer

Posts : 76
Joined : 2008-09-23

View user profile

Back to top Go down

Re: xp spyware 2012 problem

Post by Sneakyone on Tue 02 Aug 2011, 3:10 pm

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: xp spyware 2012 problem

Post by amibra on Tue 02 Aug 2011, 10:56 pm

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Databaseversie: 7353

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2-8-2011 1:36:46 PM
mbam-log-2011-08-02 (13-36-45).txt

Scantype: Volledige scan (C:\|)
Objecten gescand: 215707
Verstreken tijd: 41 minuut/minuten, 48 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

amibra

Rookie Surfer
Rookie Surfer

Posts : 76
Joined : 2008-09-23

View user profile

Back to top Go down

Re: xp spyware 2012 problem

Post by Sneakyone on Wed 03 Aug 2011, 3:42 pm

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: xp spyware 2012 problem

Post by amibra on Wed 03 Aug 2011, 11:45 pm

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-47480627 multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\0\9fee240-43f535e3 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\249196c1-731ab2bb multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\11\3d726d4b-45a96bfe a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\15\5f583a0f-339a4ad9 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\24\42f2dad8-75e59a03 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\10d0af1a-19959289 multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\7aa0815a-2cb8fcb9 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\26\7aa0815a-3c98f33e probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\28\20d825dc-3b6ecd23 multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\28\5451b59c-117784f8 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\3\64414e83-466e6c82 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\687efa1e-2688c128 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\35\4f8882a3-3829f6f1 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\37\6a0409a5-254a0374 multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\be56326-31bb5e19 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\41\15467029-1de72fe3 multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\41\15467029-76a0bb9d multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\43\7a0b54eb-7d1fffa0 multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\32dcefee-771bdff8 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\47\2dc49bef-65d7df47 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\49\665ffb1-5d5ebe11 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\52\58fe4034-22424b34 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\57\4661f1f9-27601b03 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\59\1baeccbb-5b6888f6 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\7\760580c7-4598d477 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\9\36c06809-218037e7 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined

amibra

Rookie Surfer
Rookie Surfer

Posts : 76
Joined : 2008-09-23

View user profile

Back to top Go down

Re: xp spyware 2012 problem

Post by Sneakyone on Thu 04 Aug 2011, 4:50 pm

Hi,

How's your computer running now?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: xp spyware 2012 problem

Post by amibra on Thu 04 Aug 2011, 10:58 pm

My computer runs fine now thanks a lot

amibra

Rookie Surfer
Rookie Surfer

Posts : 76
Joined : 2008-09-23

View user profile

Back to top Go down

Re: xp spyware 2012 problem

Post by Sneakyone on Fri 05 Aug 2011, 5:14 pm

You're welcome.

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:




  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.





You now have a clean restore point.

To get rid of the bad ones:




  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.





========

Removing the tools

Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:




  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.





============

Update Programs

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Please download the newest version of Java from Java.com.

===============

Staying Protected

If you don't have a anti-virus I recommend to download one of these free anti-virus programs:
1. Avast!
2. Avira
3. Microsoft Security Essentials

If you have Windows XP, then I recommend downloading one of these free firewalls if you do not already have one:
1. Comodo Firewall
2. Tallemu Online Armor

I recommend using MalwareBytes Anti-Malware for a anti-malware program.

If you don't have a anti-spyware I recommend to download this free program to help keep you spyware free:
1. SpywareBlaster

Please don't download more than one anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.XP or Vista/7

4. Always make sure you have the latest Windows update.

5. Use a Site Advisor so you don't go to sites that will infect you. Web-of-Trust or Mcafee Siteadvisor

6. Also there are many holes and flaws in Internet Explorer I recommend using Firefox or Google Chrome to keep you more safe.

7. Always keep your Java and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: xp spyware 2012 problem

Post by Sponsored content Today at 11:20 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum