Computer Hope
Software => Computer viruses and spyware => Topic started by: risingstar64 on June 25, 2010, 10:26:33 PM
-
I have had a pretty nasty virus for a while, and although I couldn't get rid of it, I was able to stop it (sort of). malware bytes tells me when it blocks an attempt to connect to a potentially unsafe site. However, I am constantly getting this message (at least one every 5 minutes) and occasionally another tab pops up to an annoying site. No virus scanners have been able to get rid of this virus (I tried avg malware bytes and bitdefender) and I would like to figure out what program keeps trying to access these unsafe sights without my consent. Is there any program out there that can monitor programs that attempt to connect to the internet without my permission and write then down in a log (or even just tell me)? Any suggestions would be really appreciated.
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
I know you've tried some of these before but I would like to see the logs.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
=====================================
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here (http://www.malwarebytes.org/mbam/program/mbam-setup.exe).
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
==================================
Please download: HiJackThis (http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe) to your Desktop.
- Double Click the HijackThis icon, located on your Desktop.
- By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
- Accept the license agreement.
- Click the Open the Misc Tools section button.
- Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
- Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
- Please post the log in your next reply.
==================================
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Hi. First, let me thank you for your generous help. I had no trouble installing all of the programs, and my SUPERAntiSpyware scan worked perfectly. However, twice I attempted to scan using malwarebytes, and both times I received the same two messages about 50 minutes in. I'm not sure how to attach images here so I posted them on freeImageHosting.net.
error 1: http://www.freeimagehosting.net/image.php?be854f5ac3.png
error 2: http://www.freeimagehosting.net/image.php?98030a5785.png
I am not sure whether I should just skip it altogether and move on to the other programs or wait.
Also, in case it proves handy, here is a copy of my log from SUPERAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/26/2010 at 11:14 PM
Application Version : 4.39.1002
Core Rules Database Version : 5123
Trace Rules Database Version: 2935
Scan type : Complete Scan
Total Scan Time : 03:07:21
Memory items scanned : 810
Memory threats detected : 0
Registry items scanned : 10152
Registry threats detected : 6
File items scanned : 237730
File threats detected : 60
Adware.Tracking Cookie
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@apmebf[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@serving-sys[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@invitemedia[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@revsci[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@specificclick[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@atdmt[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@doubleclick[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@mediafire[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@edgeadx[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@questionmarket[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@ru4[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@pointroll[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@mediacollege[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@fastclick[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@specificmedia[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@realmedia[1].txt
cdn4.specificclick.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
content.oddcast.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
core.insightexpressai.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
i.*adult URL* [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media.entertonement.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media.ign.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media.mtvnservices.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media.noob.us [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media.scanscout.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media1.clubpenguin.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media1.thegamehomepage.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
objects.tremormedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
s0.2mdn.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
secure-us.imrworldwide.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
udn.specificclick.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
video.redorbit.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
videomedia.ign.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
.statcounter.com [ C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8v9q6ylk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8v9q6ylk.default\cookies.sqlite ]
.hitbox.com [ C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8v9q6ylk.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8v9q6ylk.default\cookies.sqlite ]
convoad.technoratimedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AK8X9C8Q ]
media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AK8X9C8Q ]
media.scanscout.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AK8X9C8Q ]
objects.tremormedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AK8X9C8Q ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AK8X9C8Q ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[1].txt
Adware.Flash Tracking Cookie
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\MEDIA.ENTERTONEMENT.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\MEDIA.IGN.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\MEDIA.NOOB.US
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\MEDIA1.CLUBPENGUIN.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\OBJECTS.TREMORMEDIA.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\VIDEOMEDIA.IGN.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\UDN.SPECIFICCLICK.NET
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\SECURE-US.IMRWORLDWIDE.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\CONTENT.ODDCAST.COM
Rogue.AntivirusSoft
HKU\.DEFAULT\Software\avsoft
HKU\S-1-5-18\Software\avsoft
Malware.Trace
HKU\.DEFAULT\SOFTWARE\AVSUITE
HKU\S-1-5-18\SOFTWARE\AVSUITE
HKLM\SOFTWARE\AVSUITE
HKLM\SOFTWARE\AVSOFT
Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\MSISIP.DLL
If you have any suggestions or advice please let me know.
--Just to point out, since I ran the SUPERAntiSpyware scan and rebooted my computer, I have not once been popped up to a random site. hopefully that is a good sign.
-
That's ok. Just skip MBAM for now. We'll try it later. Please continue with the other scans and then do this one.Please post all the logs.
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://www.geekstogo.com/forum/downloads.html&req=download&code=confirm_download&id=197)
Alternate link: Forospyware.com (http://www.forospyware.com/sUBs/ComboFix.exe)
Rename ComboFix.exe to commy.exe before you save it to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
- Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)
- Click on Yes, to continue scanning for malware.
- When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
-
I am having some trouble now. Since I got this virus room on my c drive slowely depleted, and now I am left with less than 100 mb, even though I have almost nothing installed on my c drive except windows vista. I have no way of getting more space, (although I want to buy more room on my drive if possible) and can not update avg, nor run combo fix. I was able to run the other programs, so here are their logs.
--unrelated, but this all started one day when I could no longer use google chrome and had to start using firefox. Since that day Chrome always showed a blank page, even after uninstalling and reinstalling.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/26/2010 at 11:14 PM
Application Version : 4.39.1002
Core Rules Database Version : 5123
Trace Rules Database Version: 2935
Scan type : Complete Scan
Total Scan Time : 03:07:21
Memory items scanned : 810
Memory threats detected : 0
Registry items scanned : 10152
Registry threats detected : 6
File items scanned : 237730
File threats detected : 60
Adware.Tracking Cookie
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@apmebf[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@serving-sys[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@invitemedia[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@revsci[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@specificclick[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@atdmt[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@doubleclick[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@mediafire[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@edgeadx[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@questionmarket[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@ru4[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@pointroll[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@mediacollege[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@fastclick[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@specificmedia[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\stillr@realmedia[1].txt
cdn4.specificclick.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
content.oddcast.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
core.insightexpressai.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
i.*adult URL* [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media.entertonement.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media.ign.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media.mtvnservices.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media.noob.us [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media.scanscout.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media1.clubpenguin.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
media1.thegamehomepage.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
objects.tremormedia.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
s0.2mdn.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
secure-us.imrworldwide.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
udn.specificclick.net [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
video.redorbit.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
videomedia.ign.com [ C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5S2UQU28 ]
.statcounter.com [ C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8v9q6ylk.default\cookies.sqlite ]
.2o7.net [ C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8v9q6ylk.default\cookies.sqlite ]
.hitbox.com [ C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8v9q6ylk.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8v9q6ylk.default\cookies.sqlite ]
convoad.technoratimedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AK8X9C8Q ]
media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AK8X9C8Q ]
media.scanscout.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AK8X9C8Q ]
objects.tremormedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AK8X9C8Q ]
secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AK8X9C8Q ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[1].txt
Adware.Flash Tracking Cookie
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\MEDIA.ENTERTONEMENT.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\MEDIA.IGN.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\MEDIA.NOOB.US
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\MEDIA1.CLUBPENGUIN.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\OBJECTS.TREMORMEDIA.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\VIDEOMEDIA.IGN.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\UDN.SPECIFICCLICK.NET
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\SECURE-US.IMRWORLDWIDE.COM
C:\Users\Admin\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5S2UQU28\CONTENT.ODDCAST.COM
Rogue.AntivirusSoft
HKU\.DEFAULT\Software\avsoft
HKU\S-1-5-18\Software\avsoft
Malware.Trace
HKU\.DEFAULT\SOFTWARE\AVSUITE
HKU\S-1-5-18\SOFTWARE\AVSUITE
HKLM\SOFTWARE\AVSUITE
HKLM\SOFTWARE\AVSOFT
Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\MSISIP.DLL
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:40 PM, on 6/27/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\VM331_STI.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PatchLink\Update Agent\NotificationManager.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Novell\iFolder\trayapp.exe
D:\My Files\Zipping+Splitting+Extracting Programs\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\My Files\Modeling Programs\3ds max 2010\3dsmax.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
D:\My Files\Virus Protection\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (filesize 75200 bytes, MD5 E5EF96D01F3B696817DB909B732D9BB2)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (filesize 1615200 bytes, MD5 E5AFB9C7B51F962E6C6F8EAF024DEDE2)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (filesize 2217848 bytes, MD5 A6B5A41C0ED007AB6C43CAD899E533D8)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (filesize 320920 bytes, MD5 C9BD91FDFDBDA9134455ECD62382A9A6)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (filesize 764912 bytes, MD5 CD91E666B2446530583FBFFCF537BE4C)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (filesize 35840 bytes, MD5 96A225C7F5346A9E81FC3DFA89A900C0)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXEC:\Windows\VM331_STI.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe (filesize 6265376 bytes, MD5 C8C8FDD21EFE446F6CD9C7D44DB30824)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exeC:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exeC:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exeC:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (filesize 71216 bytes, MD5 B2B2FE2671DD98A322B0AD7079C0B2B2)
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" (filesize 52256 bytes, MD5 A4E85BDA66CF4DE8070D6F744D181C12)
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exeC:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exeC:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE (filesize 30992 bytes, MD5 1AE8BE0E16CD35074DFE3A43209AD9D4)
O4 - HKLM\..\Run: [Vlogin] C:\batch\xo\vlogin.batC:\batch\xo\vlogin.bat
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (filesize 31072 bytes, MD5 644795F6985C740F5E36E9336B837D0B)
O4 - HKLM\..\Run: [SMARTSNMPAgent.exe] C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe -e
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (filesize 148888 bytes, MD5 A2D390F1F2408B94EF34BFE3A00C29D3)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (filesize 413696 bytes, MD5 FABAD2BFD44661D8CC627E5485BFAFAF)
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeC:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeC:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NotificationManager] C:\Program Files\PatchLink\Update Agent\NotificationManager.exeC:\Program Files\PatchLink\Update Agent\NotificationManager.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeC:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (filesize 611712 bytes, MD5 E43A851F7B12DE589424D6C656155CFC)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (filesize 36272 bytes, MD5 F91F52F4EA5D88DAB6245682A16F3A72)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (filesize 952768 bytes, MD5 DB1DB28467111A24664933AB8908CBCE)
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\My Files\Virus Protection\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (filesize 437584 bytes, MD5 5F0388038E7355982FE50B039D10315C)
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (filesize 68856 bytes, MD5 E616A6A6E91B0A86F2F6217CDE835FFE)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (filesize 97680 bytes, MD5 32C26797AB646074A2BB562F9D10ADB5)
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe (filesize 266317 bytes, MD5 0DF2E7AA8302E33C418E4337B0F4C9F8)
O4 - Global Startup: WinZip Quick Pick.lnk = D:\My Files\Zipping+Splitting+Extracting Programs\WinZip\WZQKPICK.EXE (filesize 494920 bytes, MD5 BC2B88503FE0A5761533F87AB14C2781)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm (filesize 238 bytes, MD5 D0272E54D6A47F88ED6224EE42E49681)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (filesize 39464 bytes, MD5 AEF204E782BFA2C8448CB43A58960744)
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (filesize 434176 bytes, MD5 8BD47FD8BE89127E8D26CB81DA1A2069)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (filesize 178040 bytes, MD5 68747446F9D982938DB6B110F2908271)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (filesize 91488 bytes, MD5 29403C4CCF52CAB5D9DE227656A04A1B)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exeC:\Windows\system32\agrsmsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exeC:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Express\Client\EQSharedEngine.exeC:\Program Files\Equitrac\Express\Client\EQSharedEngine.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ff3c1c6b3ac5) (gupdate1c9ff3c1c6b3ac5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\My Files\Virus Protection\Malwarebytes' Anti-Malware\mbamservice.exeD:\My Files\Virus Protection\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exeC:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exeC:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exeC:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: ZENworks Patch Management Update (PatchLink Update) - Novell, Inc. - C:\Program Files\PatchLink\Update Agent\GravitixService.exeC:\Program Files\PatchLink\Update Agent\GravitixService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exeC:\Windows\system32\rpcnet.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exeC:\Windows\system32\Pen_Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exeC:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\Windows\System32\Novell\XTAgent.exeC:\Windows\System32\Novell\XTAgent.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exeC:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
--
End of file - 14575 bytes
Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!! (http://support.microsoft.com/kb/935791)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 13
Java(TM) SE Development Kit 6 Update 13
Java DB 10.4.1.3
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.2
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Virus Protection SecurityCheck SecurityCheck.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
-
and can not update avg, nor run combo fix.
What do you get for an error message?
•Start HijackThis
•Click on the Misc Tools button
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.
==============================
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
==================================
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
================================
-
Hey. I did everything you said, and ccleaner worked great, so I was able to update avg. The error was 'Update failed. Not enough free disk space to process update. ' Here is my list from Hijack this:
µTorrent
2007 Microsoft Office system
32 Bit HP BiDi Channel Components Installer
3D Flash Animator 4.9.8.7
Acronis PartitionExpert
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems HDA Modem
Apple Software Update
ArcSoft WebCam Companion 2
ASIO4ALL
Atheros Client Installation Program
Audacity 1.2.6
AuthenTec Fingerprint Software
Autodesk 3ds Max 2010 32-bit
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
AVG 9.0
Backburner
BitTornado 0.3.18
BitTorrent
BitTorrent SpeedUp Pro
Blender (remove only)
Bluetooth Stack for Windows by Toshiba
Bryce 5.5c
BYOB 2.99
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Connect
Construct 0.99.62
Easy Picture2Icon 3.0
Equitrac Express Client
FBX Plugin 2006.08 for Max 9.0
FFmpeg for Audacity on Windows
FL Studio 9
Flash 5 ĽňĚĺÖĐÎÄŐýĘ˝°ć
Free Audio CD Burner version 1.2
Free YouTube to MP3 Converter version 3.3
Fujitsu Button Utilities
Fujitsu Driver Update
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Game Speed Adjuster version 1.0
GIMP 2.6.6
Google Earth
Google SketchUp 7
Google Update Helper
Google Updater
GooTool
GraphCalc v4.0.1
GroupWise
GSplit 3
Hex Workshop v6
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Encoder (KB929182)
HTML-Kit
ijji - Gunz
ijji REACTOR
IL Download Manager
Inst5671
Install Creator Pro
InstallShield for Microsoft Visual C++ 6
Intel(R) Graphics Media Accelerator Driver
Java DB 10.4.1.3
Java(TM) 6 Update 13
Java(TM) SE Development Kit 6 Update 13
kuler
LAME v3.98.2 for Audacity
Magic ISO Maker v5.5 (build 0274)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Experience Pack for Windows Vista
Microsoft Ink Desktop for Windows Vista
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Alternative Mouse Pointers
MilkShape 3D 1.8.2
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyODBC
NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
NMAS Challenge Response Method
NMAS Client
Notepad++
Novell Client for Windows
Novell iFolder 2.1.8
O2Micro Flash Memory Card Windows Driver
OGA Notifier 2.0.0048.0
OmniPass 6.00.03
OZ711 SCR Driver V3.0.1.4
Paint.NET v3.5.5
Panda3D 1.6.2
Panda3D Game Engine
PDF Settings CS4
Pen Tablet
Photo Story 3 for Windows
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
PoiZone
Poly
PowerDVD
PowerISO
PowerQuest PartitionMagic 8.0
PrimoPDF -- brought to you by Nitro PDF Software
Project64 1.6
Projector Station for Air Shot Version 2
Python 2.6.5
QuickTime
Read in Microsoft Reader Add-in for Microsoft Word
RealPlayer
Realtek High Definition Audio Driver
RealWorld Cursor Editor
RealWorld Icon Editor
Remote Machine Debugging
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator LJ
Roxio Creator LJ
Sawer
Scratch
Security Panel
Security Panel for Supervisor
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Media Encoder (KB954156)
Shock Sensor Utility
Sketchpad
Spelling Dictionaries Support For Adobe Reader 8
Suite Shared Configuration CS4
SUPERAntiSpyware
Synaptics Pointing Device Driver
TI Connect 1.6
Toxic Biohazard
UltraISO Premium V9.35
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for 2007 Microsoft Office System (KB981715)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Outlook 2007 Junk Email Filter (kb981726)
USB Game Controller
USB2.0 Digital Camera
Visual InterDev Server
VUE 2.3.1
West Point Bridge Designer 2007
WIDI Recognition System Pro 3.3 (remove only)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows NT Messaging
WinRAR archiver
WoG Editor 0.71
WPS-ZoomPro
ZENworks Desktop Management Agent
ZENworks Patch Management Agent
--I also fixed the scan entries you told me to (they were all there).
I updated my Java (JRE) and Java Ra programs. And as I stated before I ran ccleaner.
The only problem, I tried to run combo fix (commy) now that I have enough room, but both times I tried after it said 'stage complete stage_48' or something like that, it would continue to run, but nothing else would happen. The first time after several hours it was still like that so I shut it down. The second time I watched it when it got to that point and after a while I got a blue screen and had to force shut my computer. Basically, I was never able to run combo fix all the way through.
Oh, and before one of my 'attempts' to run combo fix, it said it detected rootkit activity and so needed to restart my computer.
--I wouldn't know, but is the program ProcessMonitor useful for this problem? I heard about it the other day, and it seems pretty useful.
-
What is the size of your HDD and how much free space do you have? You are currently running a log of programs. Here is a list of a few that you can get rid of.
P2P - I see you have P2P software installed on your machine. (µTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
============================
Adobe AIR ( two of these.)
Adobe Media Player ( two of these.)
BitTornado 0.3.18 ( Another P2P program)
BitTorrent ( Another P2P program)
BitTorrent SpeedUp Pro ( Another P2P program)
HijackThis 2.0.2
Malwarebytes' Anti-Malware
QuickTime ( You can download Qtime lite)
SUPERAntiSpyware
I'm sure if you look through your list of programs you can find some others to uninstall.
============================
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
==============================
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
- Now click the Scan button.
- Once the scan is complete, you may receive another notice about rootkit activity.[/i]
- Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply..
=================================
but is the program ProcessMonitor useful for this problem?
No. We won't bother with that at this time.
-
Hey. Sorry I took so long to respond. First of all, I got rid of all the torrenting programs (I don't need them and you made a good point about the file sharing), as well as all gunz related programs (maybe one day I will reinstall it but for now my computer's safety is my main priority). I'm not sure about the size of my HDD (honestly I'm not sure what an HDD is), but ccleaner got me 1/2 a gigabyte back, so I'm fine space wise. Here is my chekup:
Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!! (http://support.microsoft.com/kb/935791)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 13
Java(TM) SE Development Kit 6 Update 13
Java DB 10.4.1.3
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.2
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Virus Protection SecurityCheck SecurityCheck.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
And I tried GMER Rootkit Scanner but each time I run it my computer's cpu usage is boosted to 100% and when I try to save the log it is going incredibly slow and eventually freezes (I pressed the save button and returned in 1 hour and it was still loading). I'm sorry I'm having so many troubles, but on the bright side all symptoms of that annoying virus seem to have gone away so hopefully we are making progress.
EDIT: huh, I just realized it says my Java is still out of data. I was under the impression I had downloaded the latest version.
EDIT: I just got a message in the taskbar saying updates were ready to be installed (and I installed them obviously). Hopefully they were all I was missing update wise.
-
Go to Start, My Computer. Right-click on your C: drive and select Properties. You should see some figures there that tell you the size of the Hard drive and how much free space you have. While you're there, click on the Disk Cleanup button. That should get rid of some more stuff. You should have at least 15/% free space or else your computer will start acting up on you. That is probably the reason why you can't run those scans. You'll have to find some way to free up more space. If you have a lot of pictures, movies, etc, you could move them to another drive.You can uninstall MBAM and HJT.
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
==============================
I really need to run ComboFix to see if anything dangerous is left on your computer but we can't do that until we free up some space.
-
You were right about the Java. I updated my version and ran JavaRA and ccleaner. I know the space is a problem, but this computer is mainly for my school, and most of the programs on the c drive were installed by the school before I recieved the computer. My idea was to take some space off of the d partition and move it to the c. I tested 1 gigabyte using partition Assistant, but can not find any free partition programs that can give that gigabyte to the c drvie. I know a program that I think can (I tested the trial version), but it costs 50$. Do you know any way to manually move unallocated space to a drive?
EDIT: oh, and for the c drive,
Used Space: 33.7 GB
Free Space: 543 MB
EDIT: would it be worthwhile to compress the drive?
-
What is the size of your D: partition? If you have room there, store all your files, music, pictures, etc on it. Just Google "Free Partition Manager" and you'll find lots of partition programs. I used one recently while fixing a computer and it worked very well. You will need at least 4.5 gb of free space in order for your computer to work well. If you can get at least 5 gb from the D partition, you'll be in good shape. Please let me know how you do. Here's another scan that you can run that won't use too much resources. Also, PureRa will free up a lot of resources. Compressing the files won't gain you that much.
Please download PureRa by RaProducts from HERE (http://raproducts.org/click/click.php?id=7)
- First, unzip the program.
- Double click Purera.exe to open it.
- When it opens, click the "Next" button to open up a menu of options.
- Tick the box that says "Check All" and make sure the "Create Log" option is also checked.
- Then press the "Clean" button to start the cleaning process.
- It may look like nothing is happening, but let it run.
- After it's done, it will make a log file of what it has removed.
- Paste the log back here.
============================
I'd like us to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Hi. First of all, I'm working on the partitions, but not too much luck yet. PureRa worked great (I now have 1.9 gigs on my c drive as compared to 700 mb before). Heres my log for that:
RaProducts' PureRa v1.5
Log created at 13:39 on 04/07/2010 (STILLR)
C:\Config.MSI emptied.
C:\Windows\system32\FNTCACHE.DAT <- Successfully deleted.
Recycle bin emptied.
C:\Windows\SoftwareDistribution\DataStore\Logs emptied.
C:\Windows\SoftwareDistribution\Download emptied.
C:\Windows\SoftwareDistribution\SelfUpdate\Default emptied.
C:\Windows\SoftwareDistribution\WuRedir emptied.
C:\Windows\SoftwareDistribution\ReportingEvents.log <- The process cannot access the file because it is being used by another process.
C:\Windows\TEMP emptied.
C:\Windows\TEMP emptied.
C:\Windows\system32\wbem\Logs\wmiprov.log <- Successfully deleted.
C:\Windows\system32\wbem\Logs\WMITracing.log <- Successfully deleted.
C:\Commy\Thumbs.db <- Successfully deleted.
C:\drivers\CAMERA_VIMICRO_UVC_2008112_01\FV_LOGO_307_VX36_VC0343_Mi1330_Rotate_FaceTrack_PID1101VID0a8c\Driver\EffRes\Thumbs.db <- Successfully deleted.
C:\Fujitsu\Logo\Thumbs.db <- Successfully deleted.
C:\Program Files\Fujitsu\SSUtility\Language\FrenchCanadian\IMAGES\Thumbs.db <- Successfully deleted.
C:\Program Files\Fujitsu\SSUtility\Language\FrenchStandard\IMAGES\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\ad\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\atlantica\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\ava\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\common\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\drift\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\gunz\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\holybeast\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\huxley\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\karma\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\karos\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\luminary\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\lunia\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\neo\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\rohan\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\sfighters\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\sfront\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\sun\Thumbs.db <- Successfully deleted.
C:\Program Files\ijji\ijji REACTOR\offline\images\v4\reactor\en\wepic\Thumbs.db <- Successfully deleted.
C:\Users\Admin\AppData\Local\IconCache.db <- Successfully deleted.
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Picasa2\db2\thumbs.db <- Successfully deleted.
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_1024.db <- The system cannot find the path specified.
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_256.db <- The system cannot find the path specified.
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_32.db <- Successfully deleted.
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_96.db <- Successfully deleted.
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_idx.db <- The system cannot find the path specified.
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_sr.db <- Successfully deleted.
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_1024.db <- Successfully deleted.
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_256.db <- Successfully deleted.
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\thumbcache_idx.db <- Successfully deleted.
C:\Users\admin2\AppData\Local\IconCache.db <- Successfully deleted.
C:\Users\admin2\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db <- Successfully deleted.
C:\Users\admin2\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db <- Successfully deleted.
C:\Users\admin2\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db <- Successfully deleted.
C:\Users\admin2\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db <- Successfully deleted.
C:\Users\admin2\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db <- Successfully deleted.
C:\Users\admin2\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db <- Successfully deleted.
C:\Users\Administrator\AppData\Local\IconCache.db <- Successfully deleted.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db <- Successfully deleted.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db <- Successfully deleted.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db <- Successfully deleted.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db <- Successfully deleted.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db <- Successfully deleted.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db <- Successfully deleted.
C:\Users\Default\AppData\Local\IconCache.db <- Successfully deleted.
C:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db <- Successfully deleted.
C:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db <- Successfully deleted.
C:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db <- Successfully deleted.
C:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db <- Successfully deleted.
C:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db <- Successfully deleted.
C:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db <- Successfully deleted.
C:\Users\user\AppData\Local\IconCache.db <- Successfully deleted.
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db <- Successfully deleted.
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db <- Successfully deleted.
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db <- Successfully deleted.
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db <- Successfully deleted.
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db <- Successfully deleted.
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db <- Successfully deleted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog00.sqm <- Successfully deleted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog01.sqm <- Successfully deleted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog02.sqm <- Successfully deleted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog03.sqm <- Successfully deleted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog04.sqm <- Successfully deleted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog05.sqm <- Successfully deleted.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog06.sqm <- Successfully deleted.
Total space cleaned: 1474267139 bytes
-=E.O.F=-
also, Eset took a bit longer than I expected, but that also went fine. my log:
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\mouclass.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\73ca8455-12838a78 a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\36eea358-3daf3c9a a variant of Java/TrojanDownloader.Agent.NBA trojan deleted - quarantined
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\32c0eb6a-4a618658 a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\71958c6-63dc0a2e multiple threats deleted - quarantined
D:\ibackup\ifolder\user\Documents\Downloads\rim.exe multiple threats deleted - quarantined
Honestly, my computer has been working fine with no sign of viruses for the past few weeks, so I really owe you. I appreciate all the time you have spent helping me, and whether or not the process is over yet, I would like to thank you. When we are finished, I would love if you could give me a few tips on keeping my computer virus free in the future, so we could hopefully avoid another situation like this. I will keep all of the programs we used as well as the logs on my computer, but if there is a certain procedure you think I should follow each day with virus scanning, or just some pointers for things I shouldn't do, or should be careful of, that would be awesome. I am always open to advice, and I'm not afraid to here the truth.
-
You should keep working at getting more free space on your computer. Remember less than 15 % freeze means problems running the computer. You can uninstall HJT but keep SAS and MBAM, if you wish. Update them and run them on a regular basis. If you need the room, you can always uninstall them, download them, run the scans and uninstall them again. Also delete ComboFix from your desktop. The secret to keeping your computer clean is to keep your programs updated, especially your AV program. There are other malware programs included below to keep out the other infections.
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
==============================
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing! ;D
-
Hey. I read your last message, and am in the process of checking those programs out. I just wanted to say, you may or may not remember, but this all started when google chrome stopped working, right? Well, I decided to re-install google chrome and give it one last try since we removed most (if not all) of the viruses on my computer. And guess what? It worked! I love google chrome for many reasons, and can't wait to make it my default browser again, but do you think it is unsafe? I am not sure if it caused these problems, but it did stop working when the virus started affecting my computer (and at the time it was the only browser I used), so I want to be sure it is ok for me to go back to using it. Also, just out of curiosity, what browser do you use? If you do not think google chrome is a safe enough choice, I would appreciate having an alternative (other than firefox and internet explorer). And thanks again for everything. I will probably stay on this forum for a while (both to ask questions and help others), so hopefully we will cross paths again some time.
-
and can't wait to make it my default browser again, but do you think it is unsafe? I
I really can't say anything about Google Chrome. You should post this question on the software forum. I'm sure you will get many opinions there.
Also, just out of curiosity, what browser do you use?
I use IE 8 as my default but occasionally I use FireFox.
I would appreciate having an alternative (other than firefox and internet explorer).
You could always try Opera.