HiJack Log

[evilfantasy]

1)  Is my CPU clean?

I don't see any malware. I never tell anybody they are 100% clean. That's impossible to know unless you reformat the hard drive.

-Can I remove threatfire?

If you don't think it will help then you can.

3)  Was my CPU way needing of a defrag?
-Here are the details

Link doesn't work for me.

[bluecountry]

Are you able to answer based on the information I provided

1)  What anti-spyware/virus and other maintenance program files I currently have on my computer?
-If not....how can I find a full inventory?

2)  What anti-spyware/virus and other maintenance program files I should install/have?

[evilfantasy]

Look in add/remove programs to see what all you have installed.

Look through the link I posted earlier for advice on what to install. Everyone has a different mix of security, it is down to trying the different options and what suits you the best.

Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

[bluecountry]

OK, several things.


1)  I went to
-Control Panel>Add/Remove Programs

I found that I had:
          -CCleaner (remove only)
          -Symnatec Anti-Virus
          -Threatfire



2)  I went to your link "Read before posting"

          I thought since I had symnatec...all I needed was SAS and Malwarebytes.
         -Is this correct...or do you recommend I download an anti-virus or other program?
          -I am confused since you and Klein offer different recommendations...what is your recommendation given my CPU history?



3)  I went ahead downloaded malwarebytes.  I ran a scan, enclosed below

Malwarebytes' Anti-Malware 1.15
Database version: 841

1:34:53 AM 6/9/2008
mbam-log-6-9-2008 (01-34-46).txt

Scan type: Quick Scan
Objects scanned: 36748
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.

Files Infected:
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Log\2007 Dec 22 - 03_33_52 PM_843.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Log\2007 Dec 22 - 03_33_56 PM_828.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Log\2007 Dec 22 - 03_38_17 PM_843.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Log\2007 Dec 22 - 03_39_06 PM_765.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Trent Berger\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> No action taken.

-What do you think...was my system pretty bad?



4) I also tried to download SAS...yet strangly I was given the same error I reported last week

First...I go the above website...uninstall SAS.
  I try downloading the new one...and get told I have an error.
       Error 1304.  Error writing to file C:\ProgramFiles\SuperAntiSpyware\SASdivsf.sys...verify that you have access.

-Is there any reason why, since I already used your link to uninstall?
-Is there some big problem on my CPU...if so why and how to fix?



5)  Speaking of the Malwarebytes scan...I do not understand why it is telling me the infected files come from Adware since I removed that awhile ago from my computer.
-Between this and the SAS error....what is going on?



6)  Lastly...I don't understand I have
          -StartupLite as an icon on my desktop...yet in control panel...add/remove programs it is not listed.
           -Further...when I go to start>all programs  neither startuplite or hijack this are listed.
            -Why and how to fix?


Thanks.

[evilfantasy]

1)  I went to
-Control Panel>Add/Remove Programs

I found that I had:
          -CCleaner (remove only)
          -Symnatec Anti-Virus
          -Threatfire

CCleaner (remove only) < Temporary file cleaner. Good for daily use to keep your hard drive clutter free.

Symnatec Anti-Virus < Antivirus

Threatfire < I don't use it and don't recommend it's use. Not that it is a bad product I just simply don't use it. Instead I use Spywareblaster. If you want to uninstall it, or don't understand it then get rid of it. Threatfire Overview

I thought since I had symnatec...all I needed was SAS and Malwarebytes.

You are covered with Symantec for an antivirus. Alternate running SAS and MBAM every other week or so for layered approach to detecting malware. An antivirus alone isn't enough, you need a "second opinion" from time to time.

-I am confused since you and Klein offer different recommendations...what is your recommendation given my CPU history?

First, it's your HDD you are protecting. CPU is totally different. A virus attacks/targets system files/folders on the hard drive. No biggie we just need to use the same descriptions to understand each other better.

A few posts back I said everyone has a different mix of security, it is down to trying the different options and what suits you the best. Here is what I use, others will have a different mix of security depending on what they like.

Antivirus - Avast Home Free

Firewall - I'm using Windows built in firewall now. If you do any online banking, eBay etc. then you will want to use a third party firewall like Comodo. Windows firewall is a basic firewall and lacks bi-directional blocking abilities.

Malware scanners - MalwareBytes (paid version with real time protection), Superantispyware.

Security monitor - WinPatrol 2008

Behavior blocking (bad website blocking) - Spybot Search & Destroys Immunize feature & Spywareblaster.

3)  I went ahead downloaded malwarebytes.  I ran a scan, enclosed below

(Rogue.AdwareAlert) -> No action taken. < Did you have MBAM remove these entries?

-What do you think...was my system pretty bad?

Not according to what I saw in the Hijackthis log, but since there are still problems with SAS we should take a closer look with a more powerful/informative scan.

5)  Speaking of the Malwarebytes scan...I do not understand why it is telling me the infected files come from Adware since I removed that awhile ago from my computer.
-Between this and the SAS error....what is going on?

AdwareAlert and Ad-Aware are two different programs. AdwareAlert tricks users into trying to get them to purchase the full licensed version. Once paid for suddenly there are no problems on the PC. Which is why it is labeled a rouge.

6)  Lastly...I don't understand I have
          -StartupLite as an icon on my desktop...yet in control panel...add/remove programs it is not listed.
           -Further...when I go to start>all programs  neither startuplite or hijack this are listed.
            -Why and how to fix?

StartUpLite doesn't actually install, just delete it and it's gone.

C:\Documents and Settings\Trent Berger\Desktop\HijackThis.exe < Because it is installed in the wrong location. Delete it from the desktop and it will be gone.

----------

Now lets do a scan which will let me know more of what's going on. Please read the instructions first and follow them exactly. This is a complex and powerful tool that needs to be treated with caution.

Download Combofix by sUBs from one of the below links.

• Link #1
  
• Link #2
  

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  • Click this link to see a list of security programs that should be disabled and how to disable them.
    
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  
• Double click combofix.exe & follow the prompts.
• Choose Yes to accept the Disclaimers.

• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of combofix.

----------

Next post add
Combofix log

[bluecountry]

Before we address anything else...I ran ComboFix.

I have attached the log...let me know what you think.
Thanks.

[Saving space - attachment deleted by admin]

[evilfantasy]

Go to Start > Run and copy then paste this line in the window.

combofix /u

Now click OK.

----------

Run this next scan. It will take a while so ask any questions you want during the scan and I will do my best to answer.

Use the Kaspersky Online Scanner

• Click Accept.
  
• Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
  
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
  • Extended
• Scan Options:
• Scan Archives
  
• Scan Mail Bases

[/list]

• Click OK & have it scan My Computer

When the scan is done, in the Scan is complete window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As...

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area, use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

Please copy and paste the Kaspersky Online Scanner Report in your next post.

[bluecountry]

I'll stick to this for now...one topic at a time.

I think I did a complete scan.
There was a settings button at the bottom...not a scan settings.
It had the archives and mail bases all checked.
I then clicked on scan and it lasted almost an hour...so I assume the whole thing worked?

The report is attached.

[Saving space - attachment deleted by admin]

[evilfantasy]

Yes the scan can take well over an hour sometimes. The good news is it came back clean.

[bluecountry]

OK...now...several questions


1)  What is next?
-Since the scan came back clean...is my Computer fine?
-What about the SAS error I have been getting and other discussed issues?
      Are they still problems...if so what is the solution?


2)  Given this...what do you reccomend I install?
-Avast Home Free to supplement Symnatec?
-A Firewall?
-MalwareBytes free edition...will that suffice?
-SAS...and if so what about the errors?
-Security monitor - WinPatrol 2008
-Behavior blocking (bad website blocking) - Spybot Search & Destroys Immunize feature & Spywareblaster.

3) 

(Rogue.AdwareAlert) -> No action taken. < Did you have MBAM remove these entries?

I don't know...how can I tell?

[evilfantasy]

1)  What is next?
-Since the scan came back clean...is my Computer fine?
-What about the SAS error I have been getting and other discussed issues?
      Are they still problems...if so what is the solution?

Your PC is free of malware as far as I can tell. Is it fine is another question.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:

• Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
  • Let this run undisturbed until the window with the blue  progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

If you want to see what was replaced, right-click My Computer and click on Manage.
In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.

----------

2)  Given this...what do you reccomend I install?
-Avast Home Free to supplement Symnatec? < Definitely!!
-A Firewall? < Comodo < CLick
-MalwareBytes free edition...will that suffice? < Run it again and be sure it removes what is found. It is also good to keep and run now and then to make sure nothing has crept in.
-SAS...and if so what about the errors? < Highly recommended along with MalwareBytes, alternate their use. If you are still getting errors go to the http://forums.superantispyware.com/index.php forums and ask there. They are a good bunch and always willing to help.
-Security monitor - WinPatrol 2008 < Definitely.
-Behavior blocking (bad website blocking) - Spybot Search & Destroys Immunize feature & Spywareblaster. < Definitely.

Those are all good, low resource tools that will help you keep the PC malware free. Remember no antivirus, firewall or antispyware will block everything all of the time. Good, safe surfing habits play a huge role as well.

3)
Quote
(Rogue.AdwareAlert) -> No action taken. < Did you have MBAM remove these entries?
I don't know...how can I tell?

Re run MBAM.

[bluecountry]

1) Do you have an XP CD?

I have windows XP service pack 2 CD....is that it?

2)  Given this...what do you reccomend I install?
-Avast Home Free to supplement Symnatec? < Definitely!!
-A Firewall? < Comodo < CLick
-MalwareBytes free edition...will that suffice? < Run it again and be sure it removes what is found. It is also good to keep and run now and then to make sure nothing has crept in.
-SAS...and if so what about the errors? < Highly recommended along with MalwareBytes, alternate their use. If you are still getting errors go to the http://forums.superantispyware.com/index.php forums and ask there. They are a good bunch and always willing to help.
-Security monitor - WinPatrol 2008 < Definitely.
-Behavior blocking (bad website blocking) - Spybot Search & Destroys Immunize feature & Spywareblaster. < Definitely.

Those are all good, low resource tools that will help you keep the PC malware free. Remember no antivirus, firewall or antispyware will block everything all of the time. Good, safe surfing habits play a huge role as well.

I think we're starting to go above my head.
-I downloaded Avast....and I'm not sure how to configure.
      I thought this would be something I would run manually when I wanted to know....not something which would start up when my computer went on.
      When I turn the computer on...it starts...it tells me symnatec is on and thus incompatabile...while having an icon in the taskbar.
       Is this the way it works....or can I have it inactive until I choose to scan?
       Which is reccomended and fine?

I also downloaded Comodo firewall...this thing is annoying as it keeps asking me about any task if I want it to run...and it installed a toolbar on my mozilla browser...which I don't want.
-Do I really need this...I just uninstalled it.

What other programs do I really need...or am I fine with CCleaner/Symnatec/Avast (if configuered as I want it)/and MalwareBytes?

The less...the better...but I want to it right.


Also...the computer is running slower since downloaded....why?

3)
Quote
(Rogue.AdwareAlert) -> No action taken. < Did you have MBAM remove these entries?
I don't know...how can I tell?

Re run MBAM.
[/quote]
-I checked MBAM....it had 11 files in quarantine..all of which had the adwarealert directory...thus did it do it's task and is this version fine?

Thanks.

[evilfantasy]

I have windows XP service pack 2 CD....is that it?

Yes thats it

I thought this would be something I would run manually when I wanted to know....not something which would start up when my computer went on.

Thats the only way for it to be effective. You can't choose when a virus will try to install...

it tells me symnatec

You need to uninstall Symantec.

Run this tool http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

I also downloaded Comodo firewall

If you do any online banking you need it. If not then uninstalling it is fine. with firewalls you have to "train" them at first. Allow what you want and it will stop alerting you.

What other programs do I really need

http://www.filehippo.com/download_winpatrol/

Also...the computer is running slower since downloaded....why?

Uninstalling Symantec/Norton should help.

I checked MBAM....it had 11 files in quarantine

Good. Sounds like it worked.

[bluecountry]

So

1)
CCleaner
Avast
Winpatrol
Comodo
Malwarebytes
SAS

if I get all those...plus use the XP pack...that is all you recommend...and I should be good?

2)
Avast should replace Symnatec...it's better?

Thanks.

[evilfantasy]

So

1)
CCleaner
Avast
Winpatrol
Comodo
Malwarebytes
SAS

if I get all those...plus use the XP pack...that is all you recommend...and I should be good?

Yes you will have a good mix of layered protection. Remember no security setup is bulletproof. Use disgression when on the web.

2)
Avast should replace Symnatec...it's better?

Thanks.

Avast in my (and many others) opinion is much better then Symantec.