Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: System Security 2009 recovery?  (Read 12665 times)

0 Members and 1 Guest are viewing this topic.

Zippy2

    Topic Starter


    Rookie

    System Security 2009 recovery?
    « on: January 21, 2010, 08:58:45 PM »
    Hello all, first time poster on this forum.  I've read many of the previous posts regarding this wonderful situation I have found myself in.  While I believe I may be 'out of the woods' by following the necessary steps, as directed by this forum, to remove the malware, I am still posting my logs in an attempt to ensure that everything is as it seems. 
    First, some background.  I began to get the annoying pop up windows indicating the System Security 2009 breach.  After choosing to ignore the alerts to download the necessary software, I was greeted with various porn sites popping up all over my screen.  Via FireFox, I was still able to browse the web, but  I was unable to run any .exe file other than FireFox.  I restarted in SAFE MODE and was able to run SUPERAntiSPYWARE which located and removed 45 threats.  At this point I was able to restart XP normally and open the .exe files, but wasn't able to update Malwarebytes Anti-Malware or SUPERAntiSPYWARE.  After further research, I learned I needed to make some changes to my IE internet option settings.  After the changes I made the necessary updates and downloaded HJT.

    Everything functions as it did before the infection, but I would just like to be sure that I removed all that I should have to keep this from further damaging my system.

    THANK YOU!!!
    Trever

    [Saving space, attachment deleted by admin]

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: System Security 2009 recovery?
    « Reply #1 on: January 23, 2010, 11:49:59 AM »
    Hello Zippy2 and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    -------------------------------------------------------------------------

    It appears that you're running two Anti-Virus programs on your computer which is a no-no. One will have to be uninstalled. If you have problems with the uninstall, please let me know and I'll send you a tool to remove it.

    -------------------------------------------------------------------------

    Add or Remove Programs

    1. Click on the Windows Start button and click on the Control Panel
    2. In the Control Panel window, double-click Add or Remove Programs icon.
    3. When the Add or Remove Programs window has fully populated, check for iWin Games and uninstall it.

    ------------------------------------------------------------------------------

    Open HijackThis and select Do a system scan only

    Place a check mark next to the following entries: (if there)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Common Files\Java\Java Update\jusched.exe\"

    (Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)


    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.

    ---------------------------------------------------------------------------------

    Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

    link # 1
    link #2

    Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
    Double-click combofix.exe and follow the prompts.
    When finished, ComboFix will produce a log for you.
    Post the ComboFix log and a new HijackThis log in your next reply.

    NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

    Windows 8 and Windows 10 dual boot with two SSD's

    Zippy2

      Topic Starter


      Rookie

      Re: System Security 2009 recovery?
      « Reply #2 on: January 23, 2010, 01:18:09 PM »
      Thanks SD!

      I'm looking forward to getting this situation figured out! 

      As for the antivirus, I had uninstalled McAfee a few months ago (or so I thought) If there is any trail left on the HD, I am unaware of it, as it doen's appear in the add/remove programs window.

      Was this one of the two AV programs you saw?

      harry 48



        Egghead

      • lay back , relax and chill out
      • Thanked: 129
        • Yes
        • Yes
        • Yes
        • Dribbling Pensioner
      • Certifications: List
      • Experience: Familiar
      • OS: Windows 7
      Re: System Security 2009 recovery?
      « Reply #3 on: January 23, 2010, 01:21:14 PM »

      Zippy2

        Topic Starter


        Rookie

        Re: System Security 2009 recovery?
        « Reply #4 on: January 23, 2010, 02:21:02 PM »
        Disregard my last post.  I took Harry's advice to remove the old McAfee files.  The rest went well, and I have posted the logs below.

        Trev



        [Saving space, attachment deleted by admin]

        harry 48



          Egghead

        • lay back , relax and chill out
        • Thanked: 129
          • Yes
          • Yes
          • Yes
          • Dribbling Pensioner
        • Certifications: List
        • Experience: Familiar
        • OS: Windows 7
        Re: System Security 2009 recovery?
        « Reply #5 on: January 23, 2010, 02:30:48 PM »
        sorry , do as dave says he is the expert

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: System Security 2009 recovery?
        « Reply #6 on: January 24, 2010, 11:55:07 AM »
        DON'T RUN THIS FIX. THERE'S A PROBLEM WITH COMBOFIX.

        1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
        It must be Notepad, not Wordpad.
        2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

        Code: [Select]
        KillAll::

        File::

        c:\documents and settings\Trever Good\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
        c:\documents and settings\Trever Good\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
        c:\windows\pss\iWin Desktop Alerts.lnkStartup

        MIA::
        c:\windows\system32\DRIVERS\atapi.sys

        Folder::
        c:\program files\iWin.com
        c:\program files\iWin Games
        c:\documents and settings\All Users\Application Data\iWin Games
        c:\documents and settings\Trever Good\Local Settings\Application Data\vjfxrc


        3. Go to the Notepad window and click Edit > Paste
        4. Then click File > Save
        5. Name the file CFScript.txt - Save the file to your Desktop
        6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



        ComboFix will begin to execute, just follow the prompts.
        After reboot (in case it asks to reboot), it will produce a log for you.
        Post that log (Combofix.txt) in your next reply.

        Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
        « Last Edit: January 24, 2010, 07:28:41 PM by SuperDave »
        Windows 8 and Windows 10 dual boot with two SSD's

        Zippy2

          Topic Starter


          Rookie

          Re: System Security 2009 recovery?
          « Reply #7 on: January 25, 2010, 09:03:53 AM »
          Got the note to not run last post this morning, after having run it yesterday afternoon.  Desktop wiped clean, "start"/all programs wiped clean"  Most data gone. HELP!!!

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: System Security 2009 recovery?
          « Reply #8 on: January 25, 2010, 09:29:34 AM »
          Hello Zippy2.

          We need you to follow the instructions in the following link to get your computer back to normal. http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/455388-combofix-issue-resolution.html

          Let us know when that is complete and how the computer is running.

          Zippy2

            Topic Starter


            Rookie

            Re: System Security 2009 recovery?
            « Reply #9 on: January 26, 2010, 05:46:32 AM »
            As per the NEW INSTRUCTIONS from Virus/Trojan/Spyware Removal Help from techsupportforum




            DDS (Ver_09-12-01.01) - NTFSx86 
            Run by Trever Good at 16:50:38.67 on Mon 01/25/2010
            Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
            Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2303.1677 [GMT -5:00]

            AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}

            ============== Running Processes ===============

            C:\WINDOWS\system32\svchost -k DcomLaunch
            svchost.exe
            C:\WINDOWS\System32\svchost.exe -k netsvcs
            C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
            C:\Program Files\AVG\AVG9\avgchsvx.exe
            C:\Program Files\AVG\AVG9\avgrsx.exe
            C:\Program Files\AVG\AVG9\avgcsrvx.exe
            svchost.exe
            svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            svchost.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\AVG\AVG9\avgwdsvc.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
            C:\Program Files\Java\jre6\bin\jqs.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\WINDOWS\System32\svchost.exe -k imgsvc
            C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
            C:\Program Files\AVG\AVG9\avgemc.exe
            C:\Program Files\AVG\AVG9\avgcsrvx.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\BCMSMMSG.exe
            C:\WINDOWS\System32\svchost.exe -k HTTPFilter
            C:\PROGRA~1\AVG\AVG9\avgtray.exe
            C:\Program Files\Microsoft ActiveSync\wcescomm.exe
            C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
            C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\PROGRA~1\MI3AA1~1\rapimgr.exe
            C:\Program Files\Outlook Express\msimn.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Documents and Settings\Trever Good\Desktop\dds.scr

            ============== Pseudo HJT Report ===============

            uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636 f6d2f
            uStart Page = https://www6.glic.com/gol/homepage/login.aspx
            uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
            uInternet Settings,ProxyServer = http=127.0.0.1:5555
            uInternet Settings,ProxyOverride = <local>
            uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
            uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
            BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
            BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
            BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
            BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
            BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
            TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
            TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
            uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
            uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
            uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
            uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
            uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
            mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
            mRun: [BCMSMMSG] BCMSMMSG.exe
            mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
            mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
            mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
            mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
            DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxps://www6.glic.com/gol/Virtual%20University/cab/awswaxm.cab
            DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www6.glic.com/gol/common/scripts/smsx.cab
            DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
            DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} - hxxps://www6.glic.com/gol/Common/Scripts/GuardianDownload.CAB
            DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} - hxxps://www6.glic.com/gol/GuardianHelp/Scripts/ctlDownloadHelp_2.CAB
            DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} - hxxps://www6.glic.com/gol/GuardianHelp/scripts/ctlshowHelp_3.CAB
            DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://www6.glic.com/srvlw1/iNotes6W.cab
            DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} - hxxps://www6.glic.com/gol/Common/Cabs/ctlCommonControls.CAB
            DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
            DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
            DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.gamehouse.com/realarcade-webgames/dinerdash2/DinerDash2.cab
            DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
            DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
            DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} - hxxps://www6.glic.com/gol/Common/Cabs/GDL_VbRuntime.CAB
            DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
            DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://www.gamehouse.com/realarcade-webgames/dinerdashfloonthego/DinerDashFloGo.cab
            DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
            DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
            DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
            DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
            DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
            DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
            DPF: {E03EEB49-B0CB-46A3-A84B-BA758243A7B0} - hxxp://www.shockwave.com/content/thwartpoker/sis/OrbitalLauncher-2.0.15.cab
            Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
            Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
            Notify: avgrsstarter - avgrsstx.dll
            SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
            SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

            ================= FIREFOX ===================

            FF - ProfilePath - c:\docume~1\trever~1\applic~1\mozilla\firefox\profiles\71xjct53.default\
            FF - prefs.js: browser.search.selectedEngine - GoogleCOM
            FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://www.weather.com/weather/local/17569?lswe=17569&lwsa=WeatherLocalUndeclared&from=searchbox|http://sections.lancasteronline.com/local/1/9
            FF - prefs.js: keyword.URL - hxxp://www.ffsearching.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
            FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
            FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
            FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
            FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
            FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

            ---- FIREFOX POLICIES ----

            FF - user.js: browser.search.selectedEngine - GoogleCOM
            FF - user.js: keyword.URL - hxxp://www.ffsearching.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
            c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

            ============= SERVICES / DRIVERS ===============

            R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-21 333192]
            R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-21 28424]
            R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-21 360584]
            R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
            R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 74480]
            R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-21 906520]
            R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-21 285392]
            R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2003-10-14 34712]
            R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
            R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
            S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\documents and settings\trever good\desktop\f-downadup\fsbldrv.sys --> c:\documents and settings\trever good\desktop\f-downadup\fsbldrv.sys [?]
            S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-3-16 39048]
            S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11b.tmp --> c:\windows\system32\11B.tmp [?]

            =============== Created Last 30 ================

            2010-01-25 21:31:31   0   d-----w-   c:\docume~1\trever~1\applic~1\Zen Puzzle Garden
            2010-01-25 21:31:25   0   d-----w-   c:\docume~1\trever~1\applic~1\yoclient
            2010-01-25 21:31:25   0   d-----w-   c:\docume~1\trever~1\applic~1\Wildfire
            2010-01-25 21:31:25   0   d-----w-   c:\docume~1\trever~1\applic~1\ViquaSoft
            2010-01-25 21:31:25   0   d-----w-   c:\docume~1\trever~1\applic~1\Valusoft
            2010-01-25 21:31:25   0   d-----w-   c:\docume~1\trever~1\applic~1\URSE Games
            2010-01-25 21:31:25   0   d-----w-   c:\docume~1\trever~1\applic~1\Uniblue
            2010-01-25 21:31:20   0   d-----w-   c:\docume~1\trever~1\applic~1\TomTom
            2010-01-25 21:31:11   0   d-----w-   c:\docume~1\trever~1\applic~1\Super-Cow
            2010-01-25 21:30:35   0   d-----w-   c:\docume~1\trever~1\applic~1\Simple Star
            2010-01-25 21:30:31   0   d-----w-   c:\docume~1\trever~1\applic~1\Raptisoft
            2010-01-25 21:30:19   0   d-----w-   c:\docume~1\trever~1\applic~1\quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1
            2010-01-25 21:30:19   0   d-----w-   c:\docume~1\trever~1\applic~1\Pogo Games
            2010-01-25 21:30:16   0   d-----w-   c:\docume~1\trever~1\applic~1\PDF reDirect
            2010-01-25 21:30:16   0   d-----w-   c:\docume~1\trever~1\applic~1\PCF-VLC
            2010-01-25 21:30:16   0   d-----w-   c:\docume~1\trever~1\applic~1\PC-FAX TX
            2010-01-25 21:29:55   0   d-----w-   c:\docume~1\trever~1\applic~1\Participatory Culture Foundation
            2010-01-25 21:29:47   0   d-----w-   c:\docume~1\trever~1\applic~1\OpenOffice.org
            2010-01-25 21:29:46   0   d-----w-   c:\docume~1\trever~1\applic~1\Ludia
            2010-01-25 21:29:46   0   d-----w-   c:\docume~1\trever~1\applic~1\Kontiki
            2010-01-25 21:29:46   0   d-----w-   c:\docume~1\trever~1\applic~1\Jane s Hotel
            2010-01-25 21:29:46   0   d-----w-   c:\docume~1\trever~1\applic~1\iWinArcade
            2010-01-25 21:29:46   0   d-----w-   c:\docume~1\trever~1\applic~1\iWin_DressUpRush
            2010-01-25 21:29:46   0   d-----w-   c:\docume~1\trever~1\applic~1\Intuit
            2010-01-25 21:29:41   0   d-----w-   c:\docume~1\trever~1\applic~1\Home Sweet Home
            2010-01-25 21:29:30   0   d-----w-   c:\docume~1\trever~1\applic~1\Gamelab
            2010-01-25 21:29:29   0   d-----w-   c:\docume~1\trever~1\applic~1\GameInvest
            2010-01-25 21:29:29   0   d-----w-   c:\docume~1\trever~1\applic~1\Gaijin Ent
            2010-01-25 21:29:29   0   d-----w-   c:\docume~1\trever~1\applic~1\funkitron
            2010-01-25 21:29:29   0   d-----w-   c:\docume~1\trever~1\applic~1\Free Sound Recorder
            2010-01-25 21:29:29   0   d-----w-   c:\docume~1\trever~1\applic~1\FlowPlay
            2010-01-25 21:29:29   0   d-----w-   c:\docume~1\trever~1\applic~1\EleFun Games
            2010-01-25 21:29:20   0   d-----w-   c:\docume~1\trever~1\applic~1\Digital Album Organizer
            2010-01-25 21:29:17   0   d-----w-   c:\docume~1\trever~1\applic~1\CoffeeCup Software
            2010-01-25 21:29:17   0   d-----w-   c:\docume~1\trever~1\applic~1\Boolat Games
            2010-01-25 21:27:35   0   d-----w-   c:\docume~1\trever~1\applic~1\bang
            2010-01-25 21:27:34   0   d-----w-   c:\docume~1\trever~1\applic~1\Alawar
            2010-01-25 21:27:34   0   d-----w-   c:\docume~1\trever~1\applic~1\AlauxSoft
            2010-01-25 21:26:20   146   ----a-w-   c:\docume~1\trever~1\applic~1\_$_hpcst$_.hpc.zip
            2010-01-25 21:26:12   5632   ----a-w-   c:\documents and settings\trever good\Thumbs.db
            2010-01-25 21:26:12   4   ----a-w-   c:\documents and settings\trever good\win_rhtdo53x4
            2010-01-25 21:26:12   30   ----a-w-   c:\documents and settings\trever good\jagex_runescape_preferences.dat
            2010-01-25 21:26:12   187749   ----a-w-   c:\documents and settings\trever good\~
            2010-01-25 21:26:12   0   d-----w-   c:\documents and settings\trever good\.housecall6.6
            2010-01-25 21:26:11   125   ----a-w-   c:\documents and settings\trever good\BritannicaReadyReferencePrefs
            2010-01-25 21:21:27   0   d-----w-   c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
            2010-01-25 21:21:26   0   d-----w-   c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
            2010-01-25 21:21:26   0   d-----w-   c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
            2010-01-25 21:21:25   0   d-----w-   c:\docume~1\alluse~1\applic~1\VirtualFarm
            2010-01-25 21:21:24   0   d-----w-   c:\docume~1\alluse~1\applic~1\Viewpoint
            2010-01-25 21:21:23   0   d-----w-   c:\docume~1\alluse~1\applic~1\Trymedia
            2010-01-25 21:21:18   0   d-----w-   c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
            2010-01-25 21:21:18   0   d-----w-   c:\docume~1\alluse~1\applic~1\Sony Corporation
            2010-01-25 21:21:18   0   d-----w-   c:\docume~1\alluse~1\applic~1\SBSI
            2010-01-25 21:21:17   0   d-----w-   c:\docume~1\alluse~1\applic~1\Sandlot Games
            2010-01-25 21:21:17   0   d-----w-   c:\docume~1\alluse~1\applic~1\PlayPond
            2010-01-25 21:21:16   0   d-----w-   c:\docume~1\alluse~1\applic~1\NeoEdge Networks
            2010-01-25 21:21:16   0   d-----w-   c:\docume~1\alluse~1\applic~1\Napster
            2010-01-25 21:21:15   0   d-----w-   c:\docume~1\alluse~1\applic~1\JollyBear
            2010-01-25 21:21:14   0   d-----w-   c:\docume~1\alluse~1\applic~1\iWin Games
            2010-01-25 21:20:05   0   d-----w-   c:\docume~1\alluse~1\applic~1\Intuit
            2010-01-25 21:20:05   0   d-----w-   c:\docume~1\alluse~1\applic~1\HipSoft
            2010-01-25 21:19:58   0   d-----w-   c:\docume~1\alluse~1\applic~1\Grisoft
            2010-01-25 21:19:58   0   d-----w-   c:\docume~1\alluse~1\applic~1\Gogii
            2010-01-25 21:19:56   0   d-----w-   c:\docume~1\alluse~1\applic~1\GameHouse
            2010-01-25 21:19:47   0   d-----w-   c:\docume~1\alluse~1\applic~1\Fugazo
            2010-01-25 21:19:47   0   d-----w-   c:\docume~1\alluse~1\applic~1\FreshGames
            2010-01-25 21:19:47   0   d-----w-   c:\docume~1\alluse~1\applic~1\FarmFrenzy2
            2010-01-25 21:19:47   0   d-----w-   c:\docume~1\alluse~1\applic~1\FarmFrenzy-PizzaParty
            2010-01-25 21:19:44   0   d-----w-   c:\docume~1\alluse~1\applic~1\COMMON FILES
            2010-01-25 21:19:43   0   d-----w-   c:\docume~1\alluse~1\applic~1\Brother
            2010-01-25 21:19:43   0   d-----w-   c:\docume~1\alluse~1\applic~1\Awem
            2010-01-25 21:19:25   0   d-----w-   c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
            2010-01-25 21:18:34   32   ----a-w-   c:\documents and settings\all users\hash.dat
            2010-01-25 21:18:34   0   d-----w-   c:\docume~1\alluse~1\applic~1\3 Blokes Studios
            2010-01-25 16:05:26   0   d-----w-   c:\docume~1\trever~1\applic~1\Malwarebytes
            2010-01-25 16:05:26   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
            2010-01-25 14:57:55   0   d-sh--w-   c:\documents and settings\all users\DRM
            2010-01-25 11:43:12   178   ----a-w-   c:\documents and settings\trever good\ntuser.ini
            2010-01-25 11:14:30   0   d-----w-   c:\docume~1\trever~1\applic~1\SUPERAntiSpyware.com
            2010-01-25 11:14:30   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
            2010-01-23 20:37:02   0   d-sha-r-   C:\cmdcons
            2010-01-23 20:35:09   77312   ----a-w-   c:\windows\MBR.exe
            2010-01-23 20:35:09   261632   ----a-w-   c:\windows\PEV.exe
            2010-01-23 20:35:08   98816   ----a-w-   c:\windows\sed.exe
            2010-01-23 20:35:08   161792   ----a-w-   c:\windows\SWREG.exe
            2010-01-22 02:41:02   0   d-----w-   C:\$AVG
            2010-01-22 02:40:11   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
            2010-01-22 02:40:09   360584   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
            2010-01-22 02:40:07   333192   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
            2010-01-22 02:40:05   0   d-----w-   c:\windows\system32\drivers\Avg
            2010-01-22 02:39:12   0   d-----w-   c:\docume~1\alluse~1\applic~1\avg9
            2010-01-22 02:38:35   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
            2010-01-22 02:38:33   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
            2010-01-13 12:29:53   471552   -c----w-   c:\windows\system32\dllcache\aclayers.dll
            2010-01-09 16:13:24   0   d-----w-   c:\windows\system32\Runningman
            2010-01-09 16:13:24   0   d-----w-   c:\program files\Runningman

            ==================== Find3M  ====================

            2010-01-22 03:40:17   411368   ----a-w-   c:\windows\system32\deploytk.dll
            2010-01-05 10:00:29   832512   ------w-   c:\windows\system32\wininet.dll
            2010-01-05 10:00:21   78336   ----a-w-   c:\windows\system32\ieencode.dll
            2010-01-05 10:00:20   17408   ----a-w-   c:\windows\system32\corpol.dll
            2009-11-16 12:13:51   109016   -c--a-w-   c:\docume~1\trever~1\applic~1\GDIPFONTCACHEV1.DAT
            2008-09-13 16:27:48   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat

            ============= FINISH: 16:51:59.12 ===============


            [Saving space, attachment deleted by admin]

            Zippy2

              Topic Starter


              Rookie

              Re: System Security 2009 recovery?
              « Reply #10 on: January 26, 2010, 07:37:37 AM »
              Also, my HD had about 10 GB available space before all of this took place, but now it has 400MB available.  Any ideas as to why or what might be causing this?

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: System Security 2009 recovery?
              « Reply #11 on: January 26, 2010, 03:42:43 PM »
              Also, my HD had about 10 GB available space before all of this took place, but now it has 400MB available.  Any ideas as to why or what might be causing this?

              Not sure unless CCleaner removed a bunch of junk.


              Download JavaRa
              * Unzip the file and open the JavaRa.exe
              * Click Remove Older Versions
              * JavaRa will search for and remove any outdated version of Java and remove any that are found.
              * Click Additional Tasks
              * Place a check next to Remove Useless JRE Files and click Go
              * Exit JavaRa
              * Delete the JavaRa files from the desktop

              ----------

              If you already have ComboFix be sure to delete it and download a new copy.

              Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

              Link #1
              Link #2

              **Note:  It is important that it is saved directly to your Desktop

              DO NOT run it yet!

              Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

              Delete these files/folders, as follows:

              1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
              It must be Notepad, not Wordpad.
              2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

              Code: [Select]
              KillAll::

              DDS::
              TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
              DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}


              3. Go to the Notepad window and click Edit > Paste
              4. Then click File > Save
              5. Name the file CFScript.txt - Save the file to your Desktop
              6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



              ComboFix will begin to execute, just follow the prompts.
              After reboot (in case it asks to reboot), it will produce a log for you.
              Post that log (Combofix.txt) in your next reply.

              Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

              Zippy2

                Topic Starter


                Rookie

                Re: System Security 2009 recovery?
                « Reply #12 on: January 26, 2010, 05:37:51 PM »
                Evil, combofix.txt log is attached.   Regarding the space available on my HD, I didn't gain space, I lost available space, from 10GB to 400MB.

                Thanks for all your help!
                Trev

                [Saving space, attachment deleted by admin]

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: System Security 2009 recovery?
                « Reply #13 on: January 26, 2010, 06:55:39 PM »
                Download TreeSize Free. http://www.jam-software.com/freeware/index.shtml

                Run TreeSize and see if you can tell what is taking up all of the disk space.

                Zippy2

                  Topic Starter


                  Rookie

                  Re: System Security 2009 recovery?
                  « Reply #14 on: January 27, 2010, 07:27:18 AM »
                  Thanks Evil,

                  Ran TreeSize, and dicovered a folder on my C drive with a little over 13GB in it.  C:\QooBox\Quarantine\C\Documents and Settings.  Any recommendations on how to handle it? 

                  Everything appears to be back to how it was before the first ComboFix incident where my desktop was wiped clean.  The only thing I am still missing is all of the email messages that were stored within Outlook Express.

                  Thanks,
                  Zippy2

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 493
                  • Experience: Experienced
                  • OS: Windows 11
                  Re: System Security 2009 recovery?
                  « Reply #15 on: January 27, 2010, 09:01:24 AM »
                  Okay, I was afraid of that. We need to restore some files that are in Qoobox.

                  Delete ComboFix if it is still on your desktop.

                  Download
                  the new version of combofix.exe  and save it to your desktop. DO NOT RUN IT YET!!! Just make sure you have the new  version downloaded and saved.

                  Now download this file > http://download.bleepingcomputer.com/sUBs/CFDQ-UsrPrf.exe

                  Now run the CFDQ-UsrPrf.exe program by  double clicking on it.

                  • Immediately after you run it, YOU MUST NOT reboot your  PC.  Don't do anything else but continue on with the below..
                  • Now immediately run the new version of ComboFix that you saved to  your desktop earlier. This should cause a reboot of your PC after  running if malware was detected and removed.
                  • After reboot post the new ComboFix log.

                  Zippy2

                    Topic Starter


                    Rookie

                    Re: System Security 2009 recovery?
                    « Reply #16 on: January 27, 2010, 02:42:18 PM »
                    Downloaded new combofix, downloaded and ran CFDQ-Usrprf.  Ran ComboFix and got error message indicating that it is only compatible with certain OS's, (mine is XP home and was listed as compatible) when I clicked OK, IE closed and the ComboFix file is no longer on desktop.

                    Do I re-download and re-run ComboFix?

                    evilfantasy

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Calm like a bomb
                    • Thanked: 493
                    • Experience: Experienced
                    • OS: Windows 11
                    Re: System Security 2009 recovery?
                    « Reply #17 on: January 27, 2010, 02:57:08 PM »
                    Yes try a new download.

                    Zippy2

                      Topic Starter


                      Rookie

                      Re: System Security 2009 recovery?
                      « Reply #18 on: January 27, 2010, 03:34:25 PM »
                      Downloaded and ran ComboFix again.  Did not automatically restart, and I attached the ComboFix log. What's next?

                      Thanks
                      Zippy2

                      [Saving space, attachment deleted by admin]

                      evilfantasy

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Calm like a bomb
                      • Thanked: 493
                      • Experience: Experienced
                      • OS: Windows 11
                      Re: System Security 2009 recovery?
                      « Reply #19 on: January 28, 2010, 10:12:24 AM »
                      1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
                      It must be Notepad, not Wordpad.
                      2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

                      Code: [Select]
                      KillAll::

                      DDS::
                      uInternet Settings,ProxyServer = http=127.0.0.1:5555


                      3. Go to the Notepad window and click Edit > Paste
                      4. Then click File > Save
                      5. Name the file CFScript.txt - Save the file to your Desktop
                      6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



                      ComboFix will begin to execute, just follow the prompts.
                      After reboot (in case it asks to reboot), it will produce a log for you.
                      Post that log (Combofix.txt) in your next reply.

                      Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

                      Zippy2

                        Topic Starter


                        Rookie

                        Re: System Security 2009 recovery?
                        « Reply #20 on: January 28, 2010, 05:26:02 PM »
                        Thanks again!

                        Everything went well in response to your last post.  Attached is the ComboFix log from the actions you recommended.  Please advise on any further steps.

                        Thanks!
                        Zippy2

                        [Saving space, attachment deleted by admin]

                        evilfantasy

                        • Malware Removal Specialist
                        • Moderator


                        • Genius
                        • Calm like a bomb
                        • Thanked: 493
                        • Experience: Experienced
                        • OS: Windows 11
                        Re: System Security 2009 recovery?
                        « Reply #21 on: January 28, 2010, 05:29:23 PM »
                        Okay, finally. I was wondering if we were going to get rid of that without using brute force!

                        * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
                        * Now type Combofix /Uninstall in the runbox
                        * Make sure there's a space between Combofix and /Uninstall
                        * Then hit Enter

                        * The above procedure will:
                        * Delete the following:
                        * ComboFix and its associated files and folders.
                        * Reset the clock settings.
                        * Hide file extensions, if required.
                        * Hide System/Hidden files, if required.
                        * Set a new, clean Restore Point.

                        ----------

                        Clean out your temporary internet files and temp files.

                        Download TFC by OldTimer to your desktop.

                        Double-click TFC.exe to run it.

                        Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                        TFC will close all programs when run, so make sure you have saved all your work before you begin.

                        * Click the Start button to begin the cleaning process.
                        * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. 
                        * Please let TFC run uninterrupted until it is finished.

                        Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

                        ----------

                        ESET Online Scan

                        Scan your computer with the ESET FREE Online Virus Scan

                        * Click the ESET Online Scanner button.

                        * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                        * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
                        * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
                        * Place a check mark next to YES, I accept the Terms of Use.

                        * Click the Start button.
                        * Accept any security warnings from your browser.
                        * Leave the check mark next to Remove found threats and place a check next to Scan archives.
                        * Click the Start button.
                        * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
                        * When the scan completes, click List of found threats.
                        * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
                        * Click the <<Back button then click Finish.

                        In your next reply please include the ESET Online Scan Log

                        Zippy2

                          Topic Starter


                          Rookie

                          Re: System Security 2009 recovery?
                          « Reply #22 on: January 28, 2010, 07:51:58 PM »
                          Thanks Evil,

                          The instructions went well. Attached is the ESETScan log.

                          Thanks,
                          Zippy2

                          [Saving space, attachment deleted by admin]

                          evilfantasy

                          • Malware Removal Specialist
                          • Moderator


                          • Genius
                          • Calm like a bomb
                          • Thanked: 493
                          • Experience: Experienced
                          • OS: Windows 11
                          Re: System Security 2009 recovery?
                          « Reply #23 on: January 28, 2010, 08:04:08 PM »
                          Looks good. Is the computer running good now?


                          Use the Secunia Software Inspector to check for out of date software.
                          • Click Start Now
                          • Check the box next to Enable thorough system inspection.
                          • Click Start
                          • Allow the scan to finish and scroll down to see if any updates are needed.
                          • Update anything listed.
                          .
                          ----------

                          Go to Microsoft Windows Update and get all critical updates.

                          ----------

                          I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

                          I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                          SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                          * Using SpywareBlaster to protect your computer from Spyware and Malware
                          * If you don't know what ActiveX controls are, see here

                          Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                          Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                          Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

                          Zippy2

                            Topic Starter


                            Rookie

                            Re: System Security 2009 recovery?
                            « Reply #24 on: January 29, 2010, 06:48:22 AM »
                            Everyth8ing appears to be running well, except for all of the emai lmessages in Outlook Express that are still missing.  I guess they are gone for good,

                            I am having trouble running  Secunia Software Inspector.  It is giving me an error message about JAVA not being installed.  I have gone through all of the verifying steps to ensure that JAVA is indeed installed and working properly.  As a result, I was not able to complete the  Secunia Software Inspector scan.

                            Zippy2

                            evilfantasy

                            • Malware Removal Specialist
                            • Moderator


                            • Genius
                            • Calm like a bomb
                            • Thanked: 493
                            • Experience: Experienced
                            • OS: Windows 11
                            Re: System Security 2009 recovery?
                            « Reply #25 on: January 29, 2010, 10:00:15 AM »
                            Quote
                            I am having trouble running  Secunia Software Inspector.

                            Are you using Internet Explorer?

                            What images in your email?

                            Zippy2

                              Topic Starter


                              Rookie

                              Re: System Security 2009 recovery?
                              « Reply #26 on: January 29, 2010, 06:29:18 PM »
                              Yep, using IE 7

                              I am missing all of my email messages.  Those stored within Outlook Express folders before the infection.

                              evilfantasy

                              • Malware Removal Specialist
                              • Moderator


                              • Genius
                              • Calm like a bomb
                              • Thanked: 493
                              • Experience: Experienced
                              • OS: Windows 11
                              Re: System Security 2009 recovery?
                              « Reply #27 on: January 29, 2010, 06:45:17 PM »
                              I'm not sure about the email You might ask in the Software Forum if anyone knows of a good free recovery program.

                              Here are a few you can try. From here http://www.computerhope.com/forum/index.php/topic,66522.0.html

                              Free recovery software.

                              .
                              Commercial  recovery software will increase the chances of recovering important  data. It's not free but can be well worth the price.

                              Zippy2

                                Topic Starter


                                Rookie

                                Re: System Security 2009 recovery?
                                « Reply #28 on: January 29, 2010, 06:51:26 PM »
                                The email issue is not a big deal for me.  I'm just happy to have access to the files/pics/programs on my desktop than anything else.

                                I uninstalled JAVA, then resintalled.  Secunia Software Inspector worked!  SSI showed two necessary updates: one to Adobe Flash Player (completed without issues) and Adobe reader. During the reader update, I am prompted with an error message. Rather than type it verbatim, I have included a JPEG.  When I click OK, the installation rolls back and ceases installing.  Is this related to the previous issues?

                                [Saving space, attachment deleted by admin]

                                evilfantasy

                                • Malware Removal Specialist
                                • Moderator


                                • Genius
                                • Calm like a bomb
                                • Thanked: 493
                                • Experience: Experienced
                                • OS: Windows 11
                                Re: System Security 2009 recovery?
                                « Reply #29 on: January 29, 2010, 07:05:58 PM »
                                Try using Revo to uninstall Adobe Reader. Be sure to restart the computer before installing the new version.

                                Download Revo Uninstaller

                                * Open Revo and let the list populate (can take several seconds to finish).
                                * Right click what you want to uninstall and choose Uninstall
                                * Next choose Advanced then click Next
                                * This will (try to) launch the programs built in uninstaller and go through the normal uninstall process.
                                * If the uninstaller fails just continue on with the Revo instructions.
                                * Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
                                * This scan can take several seconds.
                                * Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
                                * Choose Select All then click Delete
                                * Click Next and Revo will scan for any files or folders that were not removed.
                                * If any files/folders are found choose Select all > Delete


                                New version. http://get.adobe.com/reader/

                                Note! Be sure to uncheck Free McAfee Security Scan Plus (optional) before starting the download.

                                Zippy2

                                  Topic Starter


                                  Rookie

                                  Re: System Security 2009 recovery?
                                  « Reply #30 on: January 29, 2010, 07:33:42 PM »
                                  Turns out that the error message I receive when updating to reader 8.2 is the same one I receive when attempting to uninstall reader  8.1.1.  If I "OK" out of it and let the rest of the uninstall continue, I get 395 leftover files and REG entries.  Is it possible to need to uninstall this many entries???


                                  evilfantasy

                                  • Malware Removal Specialist
                                  • Moderator


                                  • Genius
                                  • Calm like a bomb
                                  • Thanked: 493
                                  • Experience: Experienced
                                  • OS: Windows 11
                                  Re: System Security 2009 recovery?
                                  « Reply #31 on: January 29, 2010, 07:40:21 PM »
                                  If you use Revo it should get all of the leftovers.

                                  Zippy2

                                    Topic Starter


                                    Rookie

                                    Re: System Security 2009 recovery?
                                    « Reply #32 on: January 30, 2010, 11:30:58 AM »
                                    Things are looking pretty good here on my end.

                                    Evil, I want to thank you for all of your dilligent work on this issue.  I sincerely appreciate the time and effort you put into helping me resolve this!

                                    You are FANTASTIC!

                                    Yours,
                                    Zippy2

                                    evilfantasy

                                    • Malware Removal Specialist
                                    • Moderator


                                    • Genius
                                    • Calm like a bomb
                                    • Thanked: 493
                                    • Experience: Experienced
                                    • OS: Windows 11
                                    Re: System Security 2009 recovery?
                                    « Reply #33 on: January 30, 2010, 11:56:46 AM »
                                    Your welcome.

                                    Safe surfing..