HELP - Infected with LIVE SECURITY PLATINUM

View previous topic View next topic Go down

HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Mon 13 Aug 2012, 12:20 pm

I had Windows Virus Pro years ago and y'all helped me get rid of that and saved my laptop! As soon as this Live Security Platinum thing showed up I knew I was in trouble and I knew EXACTLY where to turn to!!! I have access to another laptop (that runs on Vista) that I can download stuff onto a flash drive to run on my infected laptop (that runs Windows XP). Please help me ASAP! I start back to school in two weeks and desperately need my laptop back!!!

Thank you again,
Laura Pierce

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by DragonMaster Jay on Mon 13 Aug 2012, 9:37 pm

Hello!

ComboFix

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:


  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Tue 14 Aug 2012, 4:49 am

ComboFix 12-08-13.01 - Randy Pierce 08/13/2012 13:23:59.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.253 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\6F638BFE7C65D9DE00090A167B07D287
c:\documents and settings\All Users\Application Data\6F638BFE7C65D9DE00090A167B07D287\6F638BFE7C65D9DE00090A167B07D287
c:\documents and settings\All Users\Application Data\6F638BFE7C65D9DE00090A167B07D287\6F638BFE7C65D9DE00090A167B07D287.exe
c:\documents and settings\All Users\Application Data\6F638BFE7C65D9DE00090A167B07D287\6F638BFE7C65D9DE00090A167B07D287.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Randy Pierce\My Documents\$APC.tmp
c:\documents and settings\Randy Pierce\Recent\Thumbs.db
c:\documents and settings\Randy Pierce\Start Menu\Programs\Live Security Platinum
c:\documents and settings\Randy Pierce\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\documents and settings\Randy Pierce\WINDOWS
c:\windows\system32\SET973.tmp
c:\windows\system32\SET975.tmp
c:\windows\system32\SET983.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-12 22:10 . 2012-08-12 22:10 58368 ---ha-w- c:\windows\system32\chkddlin.dll
2012-08-11 22:49 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{606284F5-33EA-485B-B504-0A5CFFA46547}\mpengine.dll
2012-08-10 22:38 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 15:17 . 2012-07-20 15:17 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 14:49 . 2012-04-29 19:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 14:49 . 2011-06-16 14:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2009-03-26 00:06 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-08-19 22:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2009-03-26 00:06 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-10-21 23:06 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2008-10-21 23:06 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2007-05-07 23:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2007-05-07 23:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-05-07 23:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2008-10-21 23:06 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2007-05-07 23:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2007-05-07 23:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-21 23:06 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2007-05-07 23:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2007-05-07 23:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2012-03-03 18:09 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2012-03-03 18:09 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2012-03-03 18:09 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2006-11-30 20:35 . 2007-05-12 10:59 1259960 ----a-w- c:\program files\winzip8.0.exe
2012-07-19 22:25 . 2012-02-11 20:49 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Randy Pierce\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office 2010\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office 2010\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [7/30/2010 5:51 PM 103552]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-08 13:48]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-08 13:48]
.
2012-08-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI7967~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI7967~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: facebook.com\www
Trusted Zone: freerealms.com
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: researchnavigator.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - [You must be registered and logged in to see this link.]
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Randy Pierce\Application Data\Mozilla\Firefox\Profiles\uz7uj9nk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-08-13 13:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-13 13:40:00
ComboFix-quarantined-files.txt 2012-08-13 17:39
.
Pre-Run: 27,283,640,320 bytes free
Post-Run: 27,793,125,376 bytes free
.
- - End Of File - - 2C768D655710339B37074E92F95196EE

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by DragonMaster Jay on Tue 14 Aug 2012, 7:23 pm

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results. Post only the contents of both logs.
  • Close the program window, and delete the program from your Desktop.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Wed 15 Aug 2012, 3:53 am

DDS Notepad File Results:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Randy Pierce at 12:48:57 on 2012-08-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.236 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office 2010\Office14\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi7967~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\randyp~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office 2010\office14\ONENOTEM.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi7967~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi7967~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 2010\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2010\office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: facebook.com\www
Trusted Zone: freerealms.com
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: researchnavigator.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - [You must be registered and logged in to see this link.]
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - [You must be registered and logged in to see this link.]
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - [You must be registered and logged in to see this link.]
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - [You must be registered and logged in to see this link.]
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1702C691-FF2E-41A3-B9E9-1D8272FEEE69} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\randy pierce\application data\mozilla\firefox\profiles\uz7uj9nk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\progra~1\mi7967~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi7967~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-8 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-8 136176]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [2010-7-30 103552]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== Created Last 30 ================
.
2012-08-13 18:20:46 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c45cffab-5e48-4ba8-b25e-aa3218ba8a56}\mpengine.dll
2012-08-11 22:49:57 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2012-07-27 14:49:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 14:49:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2006-11-30 20:35:24 1259960 ----a-w- c:\program files\winzip8.0.exe
.
============= FINISH: 12:51:18.46 ===============

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Wed 15 Aug 2012, 3:54 am

Attach Notepad File Results:



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2007 7:05:59 PM
System Uptime: 8/14/2012 12:20:12 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RJ272
Processor: Intel(R) Celeron(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 25.689 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 15.05 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP541: 5/17/2012 7:30:49 AM - Software Distribution Service 3.0
RP542: 5/18/2012 7:44:16 AM - Software Distribution Service 3.0
RP543: 5/19/2012 10:00:17 AM - Software Distribution Service 3.0
RP544: 5/20/2012 9:39:21 PM - Software Distribution Service 3.0
RP545: 5/22/2012 1:19:55 PM - Software Distribution Service 3.0
RP546: 5/23/2012 2:34:00 PM - Software Distribution Service 3.0
RP547: 5/24/2012 7:31:56 PM - System Checkpoint
RP548: 5/25/2012 10:17:42 PM - Software Distribution Service 3.0
RP549: 5/26/2012 10:43:25 PM - Software Distribution Service 3.0
RP550: 5/28/2012 10:43:57 AM - Software Distribution Service 3.0
RP551: 5/29/2012 11:24:29 AM - Software Distribution Service 3.0
RP552: 5/30/2012 2:00:47 PM - Software Distribution Service 3.0
RP553: 5/31/2012 4:07:43 PM - Software Distribution Service 3.0
RP554: 6/1/2012 4:49:08 PM - Software Distribution Service 3.0
RP555: 6/3/2012 12:21:45 PM - Software Distribution Service 3.0
RP556: 6/3/2012 9:37:04 PM - Software Distribution Service 3.0
RP557: 6/4/2012 8:07:03 AM - Software Distribution Service 3.0
RP558: 6/4/2012 6:53:31 PM - Software Distribution Service 3.0
RP559: 6/5/2012 8:55:12 PM - Software Distribution Service 3.0
RP560: 6/6/2012 10:27:22 PM - Software Distribution Service 3.0
RP561: 6/8/2012 8:08:53 AM - Software Distribution Service 3.0
RP562: 6/10/2012 2:28:19 PM - Software Distribution Service 3.0
RP563: 6/11/2012 7:43:20 PM - Software Distribution Service 3.0
RP564: 6/13/2012 7:13:30 PM - Software Distribution Service 3.0
RP565: 6/15/2012 8:04:07 PM - Software Distribution Service 3.0
RP566: 6/15/2012 9:31:52 PM - Software Distribution Service 3.0
RP567: 6/18/2012 2:55:26 PM - Software Distribution Service 3.0
RP568: 6/19/2012 8:15:38 PM - Software Distribution Service 3.0
RP569: 6/21/2012 10:29:57 AM - Software Distribution Service 3.0
RP570: 6/22/2012 2:29:03 PM - Software Distribution Service 3.0
RP571: 6/23/2012 6:01:07 PM - Software Distribution Service 3.0
RP572: 6/28/2012 6:13:11 PM - Software Distribution Service 3.0
RP573: 6/30/2012 9:00:42 AM - Software Distribution Service 3.0
RP574: 7/1/2012 12:14:32 PM - Software Distribution Service 3.0
RP575: 7/2/2012 1:37:33 PM - Software Distribution Service 3.0
RP576: 7/3/2012 3:10:09 PM - Software Distribution Service 3.0
RP577: 7/5/2012 12:04:11 PM - Software Distribution Service 3.0
RP578: 7/7/2012 12:32:36 PM - Software Distribution Service 3.0
RP579: 7/8/2012 3:08:58 AM - Software Distribution Service 3.0
RP580: 7/9/2012 10:20:02 AM - Software Distribution Service 3.0
RP581: 7/10/2012 11:22:02 AM - Software Distribution Service 3.0
RP582: 7/11/2012 5:24:44 PM - Software Distribution Service 3.0
RP583: 7/12/2012 12:36:13 AM - Software Distribution Service 3.0
RP584: 7/14/2012 1:27:18 PM - Software Distribution Service 3.0
RP585: 7/15/2012 5:35:30 PM - Software Distribution Service 3.0
RP586: 7/16/2012 9:31:29 PM - Software Distribution Service 3.0
RP587: 7/17/2012 9:52:44 PM - System Checkpoint
RP588: 7/18/2012 8:19:41 AM - Software Distribution Service 3.0
RP589: 7/19/2012 12:50:47 PM - Software Distribution Service 3.0
RP590: 7/21/2012 3:14:59 PM - Software Distribution Service 3.0
RP591: 7/22/2012 10:30:26 PM - Software Distribution Service 3.0
RP592: 7/23/2012 11:03:54 PM - Software Distribution Service 3.0
RP593: 7/25/2012 1:42:18 PM - Software Distribution Service 3.0
RP594: 7/26/2012 6:54:37 PM - Software Distribution Service 3.0
RP595: 7/28/2012 12:55:06 PM - Software Distribution Service 3.0
RP596: 7/29/2012 5:50:11 PM - Software Distribution Service 3.0
RP597: 7/30/2012 9:56:58 PM - Software Distribution Service 3.0
RP598: 8/1/2012 8:41:18 PM - Software Distribution Service 3.0
RP599: 8/2/2012 9:45:14 PM - Software Distribution Service 3.0
RP600: 8/3/2012 10:09:39 PM - Software Distribution Service 3.0
RP601: 8/4/2012 11:15:31 PM - Software Distribution Service 3.0
RP602: 8/6/2012 10:29:59 AM - Software Distribution Service 3.0
RP603: 8/7/2012 2:41:57 PM - Software Distribution Service 3.0
RP604: 8/7/2012 9:36:36 PM - Software Distribution Service 3.0
RP605: 8/8/2012 4:00:01 PM - Configured Microsoft Office Home and Student 2010
RP606: 8/8/2012 4:23:44 PM - Configured Microsoft Office Home and Student 2010
RP607: 8/9/2012 12:22:56 PM - Software Distribution Service 3.0
RP608: 8/10/2012 6:37:45 PM - Software Distribution Service 3.0
RP609: 8/11/2012 6:49:42 PM - Software Distribution Service 3.0
RP610: 8/12/2012 6:34:40 PM - Software Distribution Service 3.0
RP611: 8/13/2012 1:10:36 PM - Software Distribution Service 3.0
RP612: 8/13/2012 2:20:03 PM - Software Distribution Service 3.0
RP613: 8/14/2012 8:52:23 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Acrobat 7.0 Standard - English, Français, Deutsch
Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator 9.0
Adobe Photoshop 7.0
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Adobe SVG Viewer
Aimersoft iPod Copy Manager(Build 2.0.16)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Authentium Web Install Helper
AXIS Media Control Embedded
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Canon Easy-WebPrint EX
Canon iP2600 series
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager
FUJIFILM MyFinePix Studio 1.0
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver for Mobile
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Kitten Sanctuary
Luxor 2 (remove only)
LUXOR Adventures
Mahjongg Dimensions Deluxe
Maui Wowee
Medi@Show
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
Motorola Phone Tools
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MyITLab
MyITLab ActiveX Installer 2, 9, 8, 65535
Nero 7 Essentials
OLYMPUS CAMEDIA Master 4.2
PackLedger Millennium
PowerDirector Pro
Pure Sudoku 1.51
QuickSet
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Strike Ball 2
swMSM
Synaptics Pointing Device Driver
Ulead Photo Explorer 7.0 SE Basic
Ulead Photo Express 4.0 SE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLive Mail 4.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Detect
Zuma's Revenge!(TM) - Adventure
.
==== Event Viewer Messages From Past Week ========
.
8/8/2012 2:27:05 PM, error: Dhcp [1002] - The IP address lease 192.168.2.7 for the Network Card with network address 0016CF0D2A6C has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
8/7/2012 9:23:34 PM, error: Service Control Manager [7000] - The CSS DVP service failed to start due to the following error: The system cannot find the file specified.
8/7/2012 6:05:11 PM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 0016CF0D2A6C has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
8/7/2012 2:36:13 PM, error: Dhcp [1002] - The IP address lease 192.168.2.5 for the Network Card with network address 0016CF0D2A6C has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
8/7/2012 10:11:30 AM, error: Dhcp [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 0016CF0D2A6C has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
8/13/2012 1:11:28 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: The service database is locked.
8/12/2012 6:35:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Office XP Service Pack 3.
8/12/2012 6:34:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
8/12/2012 6:34:58 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2012 6:34:58 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/12/2012 6:15:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
8/12/2012 6:15:27 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2012 6:14:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
8/12/2012 6:14:36 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2012 6:14:27 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/12/2012 6:14:26 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/12/2012 6:14:26 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
8/12/2012 6:14:26 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
8/12/2012 6:14:26 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
.
==== End Of File ===========================

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by DragonMaster Jay on Thu 16 Aug 2012, 3:11 am

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Fri 17 Aug 2012, 4:39 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7e11a85861cd7a498891125a51f636e6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2012-08-16 02:18:11
# local_time=2012-08-15 10:18:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 42 92 0 12197706 0 0
# compatibility_mode=6912 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=86161
# found=2
# cleaned=2
# scan_time=3717
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\6F638BFE7C65D9DE00090A167B07D287\6F638BFE7C65D9DE00090A167B07D287.exe.vir a variant of Win32/Kryptik.AKDG trojan (cleaned by deleting - quarantined) B24E7DB5EF9A2C509771227DE92BF540 C
C:\System Volume Information\_restore{35775109-5128-4251-9D76-B12FD90BAA43}\RP611\A0115489.exe a variant of Win32/Kryptik.AKDG trojan (cleaned by deleting - quarantined) B24E7DB5EF9A2C509771227DE92BF540 C

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by DragonMaster Jay on Fri 17 Aug 2012, 7:02 am

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Fri 17 Aug 2012, 1:25 pm

My computer has really just been slow ever since the Windows Antivirus Pro so I don't notice anything different now - still the same speed as it has been since then. No error messages. No fake icons in the system tray. I did have an icon on my desktop for the Live Security Platinum that had no picture on it after I used combofix but I deleted that through my recycle bin and it hasn't come back. I haven't had any system crashes or blue screen of death. One question I have: Is there a reason that I have 7 instances of svchost.exe running in my processes?

Thank you!

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by DragonMaster Jay on Sat 18 Aug 2012, 6:49 am

That's normal for svchost.exe.

I want to do a check with this tool real quick, which will help speed some things up too...


  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan




  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.




  • The report has been created on the desktop.


  • Next click on the ShortcutsFix


  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Sat 18 Aug 2012, 8:23 am

This file is RKreport1:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Randy Pierce [Admin rights]
Mode: Scan -- Date: 08/17/2012 17:12:18

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- Path not found -> KILLED [TermProc]

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2080AH +++++
--- User ---
[MBR] 74ea17bf7248875463031858aef385da
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 53984 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 110655720 | Size: 19061 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Sat 18 Aug 2012, 8:24 am

This file is RKreport2:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Randy Pierce [Admin rights]
Mode: Remove -- Date: 08/17/2012 17:14:02

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- Path not found -> KILLED [TermProc]

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2080AH +++++
--- User ---
[MBR] 74ea17bf7248875463031858aef385da
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 53984 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 110655720 | Size: 19061 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt




laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Sat 18 Aug 2012, 8:25 am

This file is RKreport3:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Randy Pierce [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/17/2012 17:20:32

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- Path not found -> KILLED [TermProc]

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 12 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 77 / Fail 0
My documents: Success 21 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1187 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt




laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Sat 18 Aug 2012, 8:26 am

I also have a folder on my desktop now called RK_Quarantine, along with the 3 txt files....what do I do with those?

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by DragonMaster Jay on Sat 18 Aug 2012, 10:19 pm

You can delete those now.

How is the computer running after that?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Sun 19 Aug 2012, 3:27 am

It seems to have started up pretty quickly today and is running fine! Thank you again SO much! You can be sure that I send people to y'all when then need help (all the time) and we so appreciate your efforts! You are amazing!

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by DragonMaster Jay on Sun 19 Aug 2012, 9:30 pm

Hi! Time to clean up...

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran CCleaner
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Mon 20 Aug 2012, 12:50 pm

I have done all of the programs that you listed above. The computer still seems to hesitate at times but for the most part it is SO much better!

Following is the Notepad report from the Security Check log:


Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.268
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by DragonMaster Jay on Tue 21 Aug 2012, 8:20 pm

Clean your computer from time to time with CCleaner. Make sure to restart it at least twice a week to maintain powerful speed and keep the disk healthy.

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Wed 22 Aug 2012, 12:47 am

My only other question is if I should remove Security Check from my system or not? Also, I do shut down my system every time I'm done with my laptop because I've always had issues with the hibernating feature but I might not have those issues anymore so I'll have to try just leaving it on from time to time. Is it better to let it hibernate or to shut down every time?

Thanks again for your help!

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by DragonMaster Jay on Wed 22 Aug 2012, 5:31 am

Yes, remove Security Check. Hibernate is really the best option compared to shutting it down.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by laurachic on Wed 22 Aug 2012, 5:46 am

Alrighty then! Thanks again so much - you can close my topic now!

laurachic

Newbie Surfer
Newbie Surfer

Posts : 30
Joined : 2009-12-04
Operating System : Windows 7 Home Premium

View user profile

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by DragonMaster Jay on Wed 22 Aug 2012, 8:07 pm

Okie dokie. Done.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HELP - Infected with LIVE SECURITY PLATINUM

Post by Sponsored content Today at 2:31 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum