Spyware Protect 2009

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 3:57 pm

yes I am.

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 4:01 pm

Awesome.
If it lets you do any commands, type this out.

expand X:\i386\userinit.ex_ C:\WINDOWS\system32\userinit.exe

****Note****

Replace "X" with whatever letter your CD drive is.
There is a space between the _ and C, make sure that space is there or this won't work.


Last edited by Belahzur on Wed Jan 21, 2009 4:19 pm; edited 1 time in total


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 4:17 pm

It says "the system cannot find the file or directory specified".

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 4:20 pm

Hmmm, maybe case sensitive.
I typed out the file path and only used a capital W in windows, when your HJT log displays WINDOWS in all capitals.

Try again with it in caps, I have edited my post to reflect this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 4:23 pm

Actually, I put in d: as the cd drive, which is normally what it is, and it showed the usb key. So the drive letters seem changed. Could it be E:? There is an autorun and a setup on it

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 4:25 pm

Yes, that's it.
That's how the CD works when you boot from it.
Windows finds the autorun, which launches the setup when formatting.

Try it with the letter E this time.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 4:26 pm

I tried E and it came up with the message "Unable to create file userinit.exe. 0 files expanded.

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 4:33 pm

I wonder if that is because it's trying to overwrite it.
Lets see if this works and if not, we can try a repair install.

Type this command in:
sfc /scannow <== note the space between the c and /

Allow it to scan and it should get the userinit file from the CD automatically.
Reboot normally and try to login, see if that made any difference once the system file checker is done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 4:35 pm

It's not recognising the command

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 4:38 pm

Okay, lets use repair install.
See this guide:

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 4:58 pm

Well, it's looking different. It did the repair and has rebooted, loaded Windows, and come up with a screen that says Setup will complete in approximately 39 minutes.

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 5:00 pm

Okay, allow it to do the setup.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 6:33 pm

Yes!! Success. Spybot is asking a lot of questions though.

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 6:34 pm

Like what? registry changes?
Does it say what is trying to happen?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 6:39 pm

It says:
category- System startup gobal entry
Change - value deleted
Entry SpybotDeletingA2274
Old data - Command /cdel "c:\windows\system32\
if that went on further, I couldn't see it

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 6:39 pm

Then asked to alow changes or not

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 6:40 pm

Disallow it, what could be what was causing the problem in the first place and why this happened.

Run a new DDS scan for me so we can see why Spybot wants to change something.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 6:44 pm

There have been a lot of them now. Some just browser pages but this latest is:
Session manager
Value deleted
BootExecute
autocheck autochk *\lsdelete

Deny that too?

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 6:45 pm

Yes, deny everything, and run the DDS scan again. Wink


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 6:51 pm

Back on my own machine again!!


DDS (Ver_09-01-18.01) - NTFSx86
Run by Ann at 19:47:35.50 on 21/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.1895 [GMT 1:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Ann\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uWindow Title = Wanadoo
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\progra~1\wanadoo\SEARCH~1.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [SkypeClient] "c:\program files\pdt\voipvoiceintegration\VoIPVoice Integration.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\ann\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [EPSON Stylus C82 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [WooCnxMon] c:\progra~1\wanadoo\CnxMon.exe
mRun: [WOOWATCH] c:\progra~1\wanadoo\Watch.exe
mRun: [WOOTASKBARICON] c:\progra~1\wanadoo\TaskbarIcon.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NielsenOnline] c:\program files\netratingsnetsight\netsight\NielsenOnline.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRunOnce: [SpybotDeletingA2274] command /c del "c:\windows\system32\twain32\local.ds"
mRunOnce: [SpybotDeletingC8732] cmd /c del "c:\windows\system32\twain32\local.ds"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: { - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bookcrossing.com\www
Trusted Zone: dyndns.org\yinionlinereg
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ann\applic~1\mozilla\firefox\profiles\ytw812uo.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mozilla firefox\components\nsgkff30_meter1.dll
FF - plugin: c:\documents and settings\ann\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - [You must be registered and logged in to see this link.]

============= SERVICES / DRIVERS ===============

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-1-11 3968]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2002-2-11 33496]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2009-1-14 14336]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2009-1-14 8832]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-9-10 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-9-10 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-9-10 168776]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2005-5-17 104000]
R4 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R4 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2002-2-15 114749]
S3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [2006-9-18 15232]

=============== Created Last 30 ================

2009-01-21 18:52 57,856 ac------ c:\windows\system32\dllcache\EXCH_scripto.dll
2009-01-21 18:51 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-01-21 18:50 19,456 ac------ c:\windows\system32\dllcache\agt040d.dll
2009-01-21 18:48 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-21 18:48 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-21 18:48 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-21 18:48 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-21 18:48 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-21 18:48 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-01-21 18:46 --d----- c:\windows\dell
2009-01-20 21:53 --d----- c:\program files\Lavasoft
2009-01-20 21:53 --d----- c:\program files\common files\Wise Installation Wizard
2009-01-20 21:50 23,804,784 a------- c:\temp\aaw2008-7.1.0.7.exe
2009-01-20 17:40 9,216 a------- c:\windows\system32\iehelper.dll
2009-01-20 14:12 788 a------- c:\temp\fix.reg
2009-01-20 09:50 401,720 a------- c:\temp\Hijack(GP)This.exe
2009-01-14 14:34 12,273 a------- c:\temp\Ser-PhotoBlogger-SerTurista-com.zip
2009-01-14 12:20 14,336 a------- c:\windows\system32\drivers\nnrnstdi.sys
2009-01-14 12:20 8,832 a------- c:\windows\system32\drivers\km_filter.sys
2009-01-14 12:17 53,248 a------- c:\windows\nswatchdog.exe
2009-01-14 12:17 --d----- c:\program files\NetRatingsNetSight
2009-01-14 12:16 501,912 a------- c:\temp\netsight_setup_5.1.3.20_MP_Production_New_Recruitment_UK_mid53015730615_p.exe
2009-01-05 23:33 3,751,995 a------- c:\windows\system32\GPhotos.scr

==================== Find3M ====================

2009-01-21 19:23 77,915 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-21 18:47 23,444 a------- c:\windows\system32\emptyregdb.dat
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-31 12:04 104,659 a------- c:\windows\hpoins04.dat
2008-12-20 14:37 410,984 a------- c:\windows\system32\deploytk.dll

============= FINISH: 19:48:38.04 ===============

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 7:04 pm


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 7:46 pm

Finished.

ComboFix 09-01-21.01 - Ann 2009-01-21 20:24:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.1909 [GMT 1:00]
Running from: c:\temp\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iehelper.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-21 20:17 . 2009-01-21 20:17 3,048,283 -ra------ c:\temp\ComboFix.exe
2009-01-21 18:52 . 2004-08-12 14:58 482,304 --a--c--- c:\windows\SYSTEM32\DLLCACHE\pintlgnt.ime
2009-01-21 18:51 . 2004-08-12 14:58 10,096,640 --a--c--- c:\windows\SYSTEM32\DLLCACHE\hwxcht.dll
2009-01-21 18:50 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\SYSTEM32\DLLCACHE\fp4awel.dll
2009-01-21 18:48 . 2004-08-12 14:58 16,384 --a--c--- c:\windows\SYSTEM32\DLLCACHE\isignup.exe
2009-01-21 18:48 . 2009-01-21 18:48 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-21 18:48 . 2009-01-21 18:48 749 -rah----- c:\windows\SYSTEM32\wuaucpl.cpl.manifest
2009-01-21 18:48 . 2009-01-21 18:48 749 -rah----- c:\windows\SYSTEM32\sapi.cpl.manifest
2009-01-21 18:48 . 2009-01-21 18:48 749 -rah----- c:\windows\SYSTEM32\ncpa.cpl.manifest
2009-01-21 18:48 . 2009-01-21 18:48 488 -rah----- c:\windows\SYSTEM32\logonui.exe.manifest
2009-01-21 18:46 . 2009-01-21 18:46 d-------- c:\windows\dell
2009-01-21 08:26 . 2004-12-21 10:20 d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2009-01-21 08:26 . 2004-12-21 10:23 d-------- c:\documents and settings\Administrator\Application Data\Sonic
2009-01-21 08:26 . 2004-12-21 10:18 d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-01-21 08:25 . 2009-01-21 08:26 d-------- c:\documents and settings\Administrator
2009-01-20 21:53 . 2009-01-20 21:53 d-------- c:\program files\Lavasoft
2009-01-20 21:53 . 2009-01-20 21:53 d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-20 21:53 . 2009-01-20 21:55 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-20 21:50 . 2009-01-20 21:52 23,804,784 --a------ c:\temp\aaw2008-7.1.0.7.exe
2009-01-20 14:12 . 2009-01-20 14:12 788 --a------ c:\temp\fix.reg
2009-01-20 09:50 . 2009-01-20 09:51 401,720 --a------ c:\temp\Hijack(GP)This.exe
2009-01-14 14:34 . 2009-01-14 14:34 12,273 --a------ c:\temp\Ser-PhotoBlogger-SerTurista-com.zip
2009-01-14 12:20 . 2008-06-27 14:58 14,336 --a------ c:\windows\SYSTEM32\DRIVERS\nnrnstdi.sys
2009-01-14 12:20 . 2008-06-27 14:59 8,832 --a------ c:\windows\SYSTEM32\DRIVERS\km_filter.sys
2009-01-14 12:17 . 2009-01-14 12:17 d-------- c:\program files\NetRatingsNetSight
2009-01-14 12:17 . 2008-10-10 13:32 53,248 --a------ c:\windows\nswatchdog.exe
2009-01-14 12:16 . 2009-01-14 12:17 501,912 --a------ c:\temp\netsight_setup_5.1.3.20_MP_Production_New_Recruitment_UK_mid53015730615_p.exe
2009-01-10 14:57 . 2009-01-10 14:58 d-------- c:\documents and settings\Ann\Application Data\CyberLink
2009-01-05 23:33 . 2009-01-05 23:33 3,751,995 --a------ c:\windows\SYSTEM32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 19:03 --------- d-----w c:\documents and settings\Ann\Application Data\Skype
2009-01-21 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-20 15:04 --------- d-----w c:\program files\ZipCentral
2009-01-20 13:24 --------- d-----w c:\program files\Google
2009-01-20 12:47 --------- d-----w c:\documents and settings\Ann\Application Data\skypePM
2009-01-20 12:20 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 18:41 --------- d-----w c:\program files\Skype
2008-12-28 07:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-20 22:55 --------- d-----w c:\program files\iTunes
2008-12-20 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 22:54 --------- d-----w c:\program files\iPod
2008-12-20 22:54 --------- d-----w c:\program files\Common Files\Apple
2008-12-20 22:52 --------- d-----w c:\program files\QuickTime
2008-12-20 13:37 --------- d-----w c:\program files\Java
2008-06-27 13:59 163,840 ----a-w c:\program files\mozilla firefox\components\nsgkff30_meter1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SkypeClient"="c:\program files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe" [2005-05-06 57344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Google Update"="c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"EPSON Stylus C82 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE" [2003-10-15 99840]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"WooCnxMon"="c:\progra~1\Wanadoo\CnxMon.exe" [2004-10-13 24576]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-10-13 24576]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\TaskbarIcon.exe" [2004-10-13 49152]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-03 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2008-10-10 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 11:51 24638 c:\windows\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2599:TCP"= 2599:TCP:Labyrinth

R1 nnrnstdi;nnrnstdi;c:\windows\SYSTEM32\DRIVERS\nnrnstdi.sys [2009-01-14 14336]
R3 km_filter;km_filter;c:\windows\SYSTEM32\DRIVERS\km_filter.sys [2009-01-14 8832]
S3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\SYSTEM32\DRIVERS\uac4pdt.sys [2006-09-18 15232]
.
Contents of the 'Scheduled Tasks' folder

2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3853566490-61804741-1186382756-1006.job
- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-28 14:49]

2009-01-21 c:\windows\Tasks\User_Feed_Synchronization-{D877F16F-C7CB-4182-839C-34F334AD37DD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
uSearch Page = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: bookcrossing.com\www
Trusted Zone: dyndns.org\yinionlinereg
DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\ytw812uo.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\nsgkff30_meter1.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-01-21 20:32:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 7:47 pm

Last part:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-01-21 20:39:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-21 19:39:11

Pre-Run: 87,808,077,824 bytes free
Post-Run: 88,158,326,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
232 --- E O F --- 2009-01-14 23:11:47


Spybot has popped up again with the Spybot Deleting A2274 message.

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 7:56 pm

Hello. We need to remove a Firefox Hijack.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Wanadoo


Now open a new notepad file.
Input this into the notepad file:

File::
c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\ytw812uo.default\user.js

Folder::
c:\program files\Wanadoo

Domains::

Firefox::
FF - user.js: keyword.URL - [You must be registered and logged in to see this link.]

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"=-
"WOOWATCH"=-
"WOOTASKBARICON"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 8:25 pm

ComboFix 09-01-21.01 - Ann 2009-01-21 21:09:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.2037 [GMT 1:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ann\Desktop\CFscript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\ytw812uo.default\user.js
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\ytw812uo.default\user.js
c:\program files\Wanadoo
c:\program files\Wanadoo\alan.milne.pc
c:\program files\Wanadoo\SafeInstall\KitWanadoo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-21 20:17 . 2009-01-21 20:17 3,048,283 -ra------ c:\temp\ComboFix.exe
2009-01-21 18:52 . 2004-08-12 14:58 482,304 --a--c--- c:\windows\SYSTEM32\DLLCACHE\pintlgnt.ime
2009-01-21 18:51 . 2004-08-12 14:58 10,096,640 --a--c--- c:\windows\SYSTEM32\DLLCACHE\hwxcht.dll
2009-01-21 18:50 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\SYSTEM32\DLLCACHE\fp4awel.dll
2009-01-21 18:48 . 2004-08-12 14:58 16,384 --a--c--- c:\windows\SYSTEM32\DLLCACHE\isignup.exe
2009-01-21 18:48 . 2009-01-21 18:48 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-21 18:48 . 2009-01-21 18:48 749 -rah----- c:\windows\SYSTEM32\wuaucpl.cpl.manifest
2009-01-21 18:48 . 2009-01-21 18:48 749 -rah----- c:\windows\SYSTEM32\sapi.cpl.manifest
2009-01-21 18:48 . 2009-01-21 18:48 749 -rah----- c:\windows\SYSTEM32\ncpa.cpl.manifest
2009-01-21 18:48 . 2009-01-21 18:48 488 -rah----- c:\windows\SYSTEM32\logonui.exe.manifest
2009-01-21 18:46 . 2009-01-21 18:46 d-------- c:\windows\dell
2009-01-21 08:26 . 2004-12-21 10:20 d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2009-01-21 08:26 . 2004-12-21 10:23 d-------- c:\documents and settings\Administrator\Application Data\Sonic
2009-01-21 08:26 . 2004-12-21 10:18 d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-01-21 08:25 . 2009-01-21 08:26 d-------- c:\documents and settings\Administrator
2009-01-20 21:53 . 2009-01-20 21:53 d-------- c:\program files\Lavasoft
2009-01-20 21:53 . 2009-01-20 21:53 d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-20 21:53 . 2009-01-20 21:55 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-20 21:50 . 2009-01-20 21:52 23,804,784 --a------ c:\temp\aaw2008-7.1.0.7.exe
2009-01-20 14:12 . 2009-01-20 14:12 788 --a------ c:\temp\fix.reg
2009-01-20 09:50 . 2009-01-20 09:51 401,720 --a------ c:\temp\Hijack(GP)This.exe
2009-01-14 14:34 . 2009-01-14 14:34 12,273 --a------ c:\temp\Ser-PhotoBlogger-SerTurista-com.zip
2009-01-14 12:20 . 2008-06-27 14:58 14,336 --a------ c:\windows\SYSTEM32\DRIVERS\nnrnstdi.sys
2009-01-14 12:20 . 2008-06-27 14:59 8,832 --a------ c:\windows\SYSTEM32\DRIVERS\km_filter.sys
2009-01-14 12:17 . 2009-01-14 12:17 d-------- c:\program files\NetRatingsNetSight
2009-01-14 12:17 . 2008-10-10 13:32 53,248 --a------ c:\windows\nswatchdog.exe
2009-01-14 12:16 . 2009-01-14 12:17 501,912 --a------ c:\temp\netsight_setup_5.1.3.20_MP_Production_New_Recruitment_UK_mid53015730615_p.exe
2009-01-10 14:57 . 2009-01-10 14:58 d-------- c:\documents and settings\Ann\Application Data\CyberLink
2009-01-05 23:33 . 2009-01-05 23:33 3,751,995 --a------ c:\windows\SYSTEM32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 19:03 --------- d-----w c:\documents and settings\Ann\Application Data\Skype
2009-01-21 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-20 15:04 --------- d-----w c:\program files\ZipCentral
2009-01-20 13:24 --------- d-----w c:\program files\Google
2009-01-20 12:47 --------- d-----w c:\documents and settings\Ann\Application Data\skypePM
2009-01-20 12:20 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 18:41 --------- d-----w c:\program files\Skype
2008-12-28 07:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-20 22:55 --------- d-----w c:\program files\iTunes
2008-12-20 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-20 22:54 --------- d-----w c:\program files\iPod
2008-12-20 22:54 --------- d-----w c:\program files\Common Files\Apple
2008-12-20 22:52 --------- d-----w c:\program files\QuickTime
2008-12-20 13:37 --------- d-----w c:\program files\Java
2008-06-27 13:59 163,840 ----a-w c:\program files\mozilla firefox\components\nsgkff30_meter1.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-21 20:13:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SkypeClient"="c:\program files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe" [2005-05-06 57344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Google Update"="c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"EPSON Stylus C82 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE" [2003-10-15 99840]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-03 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2008-10-10 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 11:51 24638 c:\windows\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2599:TCP"= 2599:TCP:Labyrinth

R1 nnrnstdi;nnrnstdi;c:\windows\SYSTEM32\DRIVERS\nnrnstdi.sys [2009-01-14 14336]
R3 km_filter;km_filter;c:\windows\SYSTEM32\DRIVERS\km_filter.sys [2009-01-14 8832]
S3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\SYSTEM32\DRIVERS\uac4pdt.sys [2006-09-18 15232]
.
Contents of the 'Scheduled Tasks' folder

2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3853566490-61804741-1186382756-1006.job
- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-28 14:49]

2009-01-21 c:\windows\Tasks\User_Feed_Synchronization-{D877F16F-C7CB-4182-839C-34F334AD37DD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
.
.
------- Supplementary Scan -------
.
uSearch Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\ytw812uo.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\nsgkff30_meter1.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-01-21 21:15:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 8:26 pm

Part 2

.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\program files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-01-21 21:21:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-21 20:21:10
ComboFix2.txt 2009-01-21 19:39:35

Pre-Run: 88,215,420,928 bytes free
Post-Run: 88,140,382,208 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
222 --- E O F --- 2009-01-14 23:11:47

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 8:26 pm

Spybot is yet again sitting there asking if it should allow a change to userinit.exe

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 8:32 pm

Keep denying it, we left something behind.

Open Firefox.
In the URL bar, type about:config
Press the "I'll be careful button"
Locate this: keyword.URL

Change it from wcsearch to [You must be registered and logged in to see this link.]
Close Firefox.

Does TeaTimer give you an exact value it wants to change it to? does it want to add something like twex.exe to the value?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 8:42 pm

I've changed keyword.url.

TeaTimer didn't react to that particular change. The earlier ones were mostly saying they were going to be deleted and the previous entry ran beyond the edge of the box so I didn't see.

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 8:43 pm

Windows is wanting me to download updates. Is it all right to do that, or should I wait a bit?

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 8:44 pm

Do them now, we need to keep the infection out.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 9:23 pm

They are in progress, but they were entirely up to date before this happened. It's one thing I'm OK on at least.

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 9:25 pm

Were gonna reset TeaTimer once Windows Updates is done, it may help and it might stop bothering you about deleting a registry value.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Wed Jan 21, 2009 11:11 pm

OK, I installed Service Pack3 and 26 updates. There were one or two reboots along the way. I denied all Tea Timer's prompts. No problem until I got to the very end of the 26 updates, rebooted - and I was back where I started. Logging off as soon as I logged in.

It's now midnight here and I need to go. Any thoughts of what I should do next, tomorrow for me? Do you sleep?

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Wed Jan 21, 2009 11:27 pm

Darn it.

Okay, next step, to rule out if it Spybot causing this.
Tomorrow, do a repair install again, and as soon as you get back on, uninstall Spybot.
Then do updates again, and see if it happens again.

And no, I don't sleep, I'm a robot. LOL Banner


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Thu Jan 22, 2009 10:11 am

Repaired, uninstalled Spybot (though it seems to have left the teatimer running and I have to cancel that each time). All updates now done, and all seems well. I have re-booted several times now.

Will it be all right to re-install Spybot? Anything else I should do?

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Belahzur on Thu Jan 22, 2009 2:28 pm

No, don't install Spybot, we might have found the reason for the damage but I don't want to replace the problem, keep it uninstalled for now.

Aslong as you read this and install one or two security programs, you should be fine.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by A_tms on Thu Jan 22, 2009 2:57 pm

OK the new restore point has been set. I have most of those security programs already, and always do keep updates on automatic, which is why it has been so irritating that this happened.

Never mind, all is OK now. Many thanks for your help.

A_tms
Novice
Novice

Status :
Online
Offline

Posts : 36
Joined : 2009-01-20
OS : XP

View user profile

Back to top Go down

Solved Re: Spyware Protect 2009

Post by Doctor Inferno on Sat May 02, 2009 6:45 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum