1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus has removed desktop, start menu items, hidden data files, etc.

Discussion in 'Virus & Other Malware Removal' started by babushka, Dec 11, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. babushka

    babushka Thread Starter

    Joined:
    Jun 7, 2007
    Messages:
    67
    Hi,
    I am writing on behalf of my friend b/c I already have an account here. A couple of days ago she was on her laptop when numerous pop ups started filling up her screen, the kind that makes one think "virus". The pop ups looked like system messages about some critical error with some hardware component, she can't remember. So I suggested that she go into Safe Mode and run her Avast and SuperAntiSpyware scanners to see what they pick up. Avast found one infected file, a music file that she deleted afterwards, and SAS found 34 items, mostly cookies and 4 trojans. She deleted/quarantined those afterwards too. Oddly, no log file was created by SAS after that scan like it usually does so I can't list the items they found. Also, SAS always fails when updating definitions now.
    When she booted up normally, her computer was in a depressing state after the attack. The desktop was empty and unresponsive, i.e., you couldn't right-click, the Recycle Bin was gone. I tried to add icons back on but nothing appears. You can change the wallpaper and that's it. The start menu was bare too, everything had to be manually restored like the links to Control Panel, Run, etc., and all the shortcuts in the All Programs menu. However, I can't restore the Accessories folder with all it's system tools (System Restore!!!) and stuff. The Task Manager was disabled but I fixed that after looking for a solution online. She was panicking when it seemed as if all her data files were deleted, but it turned out it was just hidden. Once I selected the option to show hidden files and folders in Folder Options all her data files reappeared, albeit with washed-out icons. We did see this one Antivirus_10_2_Downloader.exe file in her Documents folder that looked suspicious. It has an icon with a white lightning bolt in a blue circle. My friend remembers seeing a similar icon in the tray area of the taskbar when the pop ups came, except with a red circle. The icon kept popping up a balloon message about some critical error warning like those pop ups. She deleted that executable, but it's till in the Bin.
    We wanted to back up her data files to DVDs (she didn't want to possibly infect her external drives) but the system couldn't move the files onto the disc for burning. So, here are the log files:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:43:42 PM, on 12/10/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17103)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Protector Suite QL\menusw.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zinio\ZinioReader.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66028
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
    O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [FNFPDoJienHIJQ.exe] C:\Documents and Settings\All Users\Application Data\FNFPDoJienHIJQ.exe
    O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.dotphoto.com/ImageUploader4.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Filter hijack: text/html - {1616b7a2-f623-42ad-8fe4-0ee55e87cd45} - C:\WINDOWS\default32.dll
    O20 - AppInit_DLLs: lsaczh.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe

    --
    End of file - 11864 bytes
     
  2. babushka

    babushka Thread Starter

    Joined:
    Jun 7, 2007
    Messages:
    67
    Oh, forgot to mention that I am posting because I just wanted to make sure her system was completely clean. Also, meant to add this log file, too.

    Much thanks for any help!

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_26
    Run by User at 0:28:47 on 2011-12-11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.542 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Protector Suite QL\menusw.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zinio\ZinioReader.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66028
    uInternet Settings,ProxyOverride = *.local
    mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    uRun: [Zinio DLM] c:\program files\zinio\ZinioReader.exe /autostart
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [VMware Tools] c:\program files\vmware\vmware tools\VMwareTray.exe
    mRun: [VMware User Process] c:\program files\vmware\vmware tools\VMwareUser.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
    mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
    mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Device Detector] DevDetect.exe -autorun
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [FNFPDoJienHIJQ.exe] c:\documents and settings\all users\application data\FNFPDoJienHIJQ.exe
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
    uPolicies-explorer: NoDesktop = 1 (0x1)
    IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxps://www.dotphoto.com/ImageUploader4.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    Filter: text/html - {1616b7a2-f623-42ad-8fe4-0ee55e87cd45} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - fusstub.dll
    Notify: TPSvc - TPSvc.dll
    Notify: VESWinlogon - VESWinlogon.dll
    AppInit_DLLs: lsaczh.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
    LSA: Notification Packages = scecli fusstub
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\zro31ehi.default\
    FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2007-7-14 17968]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-10 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-27 314456]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-8 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-27 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-18 44768]
    R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]
    R2 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys [2007-7-14 101552]
    R2 VMMEMCTL;VMware server memory controller;c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [2007-5-1 15664]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-9 36352]
    R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2007-8-13 71961]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-13 226304]
    S2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\VMwareService.exe [2007-5-1 252720]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-8-13 20160]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
    S3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\vmware\vmware tools\TPAutoConnSvc.exe [2007-5-1 294912]
    S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2007-7-14 11696]
    S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-7-14 63024]
    S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2007-7-14 34992]
    .
    =============== Created Last 30 ================
    .
    2011-12-11 03:36:11 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-12-11 03:36:10 -------- d-----w- c:\program files\Trend Micro
    2011-12-11 00:25:45 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-12-11 00:09:00 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-11-13 21:30:25 -------- d-----r- c:\program files\Skype
    .
    ==================== Find3M ====================
    .
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 0:29:35.59 ===============
     
  3. babushka

    babushka Thread Starter

    Joined:
    Jun 7, 2007
    Messages:
    67
    Just bumping. Thanks.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Do the following :-

    Step 1

    Download RogueKiller to your desktop

    • Quit all running programs
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type 1 and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    Please post the contents of the RKreport.txt in your next Reply.

    Step 2

    download the following program to your desktop:

    Unhide tool

    Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
    Please be patient as this may take several minutes to run, it will scan and fix all Hard drives on your system. You will see a new window with the drive being processed, typically C:\ as below:

    [​IMG]

    Changing as the next drive is processed as below (if required):

    [​IMG]

    You will get a success alert at the end.

    [​IMG]

    Re-boot and see if your files are present.

    Kevin
     
  5. babushka

    babushka Thread Starter

    Joined:
    Jun 7, 2007
    Messages:
    67
    Thank you so much for responding. Yes, all the hidden files and links are now present. I forgot to check but does that Unhide program also make visible the system files that should be hidden, too?

    Here's the report:

    RogueKiller V6.2.0 [12/12/2011] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: User [Admin rights]
    Mode: Scan -- Date : 12/14/2011 20:05:56

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 3 ¤¤¤
    [SUSP PATH] HKLM\[...]\Run : FNFPDoJienHIJQ.exe (C:\Documents and Settings\All Users\Application Data\FNFPDoJienHIJQ.exe) -> FOUND
    [HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤
    --- User ---
    [MBR] 6976d2c3b9cc79c87ee20c28af200037
    [BSP] 67fe857cc56254cc155246b815937034 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 63 | Size: 6448 Mo
    1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 12594960 | Size: 113582 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Unhideme does not show system files, do the following:

    Step 1

    Quit all running programs and run RogueKiller once again.

    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type 2 and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

    Please post the contents of the RKreport.txt in your next Reply.

    Step 2

    Download aswMBR from Here
    If it asks to update during the process please allow this to happen.

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

      [​IMG]

      Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop.

      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

    Step 3

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Let me see the following:

    • Log from RogueKiller
    • Log from aswMBR, also attach MBR.zip to reply
    • Log from Malwarebytes

    Also give an update on current issues/concerns and how the system is responding..

    Kevin
     
  7. babushka

    babushka Thread Starter

    Joined:
    Jun 7, 2007
    Messages:
    67
    The 3 programs scanned fine, and I will post the logs, however Malwarebytes wanted to update but when it tried I got this error message instead.

    [​IMG]

    Still scanned anyways.

    The system seems to be running fine. I see this System Fix shortcut on the Desktop, and maybe the exe is somewhere on the computer. I googled it and it appears to be a virus. I think I should remove it, in addition to other junk and update her outdated software, but maybe I'll wait until your response.

    Here are the logs:

    RogueKiller V6.2.0 [12/12/2011] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: User [Admin rights]
    Mode: Remove -- Date : 12/15/2011 20:21:25

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 2 ¤¤¤
    [SUSP PATH] HKLM\[...]\Run : FNFPDoJienHIJQ.exe (C:\Documents and Settings\All Users\Application Data\FNFPDoJienHIJQ.exe) -> DELETED
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤
    --- User ---
    [MBR] 6976d2c3b9cc79c87ee20c28af200037
    [BSP] 67fe857cc56254cc155246b815937034 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 63 | Size: 6448 Mo
    1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 12594960 | Size: 113582 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
    ___________________________________________________________________________

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-15 20:24:44
    -----------------------------
    20:24:44.765 OS Version: Windows 5.1.2600 Service Pack 3
    20:24:44.765 Number of processors: 2 586 0xE08
    20:24:44.765 ComputerName: PRO UserName:
    20:24:45.796 Initialize success
    20:24:45.906 AVAST engine defs: 11121001
    20:24:59.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    20:24:59.218 Disk 0 Vendor: ST9120821AS 3.14 Size: 114473MB BusType: 3
    20:24:59.218 Disk 1 \Device\Harddisk1\DR3 -> \Device\000000a9
    20:24:59.218 Disk 1 Vendor: ( Size: 114473MB BusType: 0
    20:24:59.218 Disk 2 \Device\Harddisk2\DR4 -> \Device\000000aa
    20:24:59.218 Disk 2 Vendor: ( Size: 114473MB BusType: 0
    20:25:01.250 Disk 0 MBR read successfully
    20:25:01.250 Disk 0 MBR scan
    20:25:01.250 Disk 0 Windows XP default MBR code
    20:25:01.250 Disk 0 scanning sectors +234436545
    20:25:01.359 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:25:18.171 Service scanning
    20:25:19.546 Modules scanning
    20:25:26.359 Disk 0 trace - called modules:
    20:25:26.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    20:25:26.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ecaab8]
    20:25:26.406 3 CLASSPNP.SYS[f75b0fd7] -> nt!IofCallDriver -> \Device\00000092[0x86f5f9e8]
    20:25:26.421 5 ACPI.sys[f7447620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86f5e940]
    20:25:26.781 AVAST engine scan C:\WINDOWS
    20:25:44.406 AVAST engine scan C:\WINDOWS\system32
    20:27:20.031 AVAST engine scan C:\WINDOWS\system32\drivers
    20:27:34.781 AVAST engine scan C:\Documents and Settings\User
    20:55:48.890 AVAST engine scan C:\Documents and Settings\All Users
    20:57:50.953 Scan finished successfully
    20:58:17.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
    20:58:17.609 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
    ___________________________________________________________________________

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    12/15/2011 9:20:05 PM
    mbam-log-2011-12-15 (21-20-05).txt

    Scan type: Quick scan
    Objects scanned: 178477
    Time elapsed: 15 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     

    Attached Files:

    • MBR.zip
      File size:
      513 bytes
      Views:
      4
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    What error message did you get of Malwarebytes? the data base is way outdated. Try and update again then run another quick scan.

    Regarding the shortcut on the Desktop, right click on that and select "Properties" a new window will open, in there you`ll see "Target" "start in" "run" you will also see a tab labelled "open file location" select that, if the .exe is still present it will take you to it, if so delete it. Close that window then delete the short cut...
     
  9. babushka

    babushka Thread Starter

    Joined:
    Jun 7, 2007
    Messages:
    67
    Ok, don't worry about the error message, it was b/c the computer wasn't connected to the internet. My friend wanted to avoid that until everything was fine. I connected and updated everything. I rescanned w/ that aswMBR as well since the previous scan used outdated defs (by 6 days only, but nonetheless).

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-16 22:33:29
    -----------------------------
    22:33:29.687 OS Version: Windows 5.1.2600 Service Pack 3
    22:33:29.687 Number of processors: 2 586 0xE08
    22:33:29.687 ComputerName: PRO UserName:
    22:33:33.843 Initialize success
    22:33:34.515 AVAST engine defs: 11121603
    22:33:41.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    22:33:41.187 Disk 0 Vendor: ST9120821AS 3.14 Size: 114473MB BusType: 3
    22:33:41.203 Disk 1 \Device\Harddisk1\DR3 -> \Device\000000aa
    22:33:41.203 Disk 1 Vendor: ( Size: 114473MB BusType: 0
    22:33:41.203 Disk 2 \Device\Harddisk2\DR4 -> \Device\000000ab
    22:33:41.203 Disk 2 Vendor: ( Size: 114473MB BusType: 0
    22:33:43.218 Disk 0 MBR read successfully
    22:33:43.218 Disk 0 MBR scan
    22:33:43.218 Disk 0 Windows XP default MBR code
    22:33:43.234 Disk 0 scanning sectors +234436545
    22:33:43.328 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:33:59.750 Service scanning
    22:34:01.171 Modules scanning
    22:34:07.734 Disk 0 trace - called modules:
    22:34:07.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    22:34:07.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f52ab8]
    22:34:07.781 3 CLASSPNP.SYS[f75b0fd7] -> nt!IofCallDriver -> \Device\00000093[0x86f479e8]
    22:34:07.796 5 ACPI.sys[f7447620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86f58d98]
    22:34:08.078 AVAST engine scan C:\WINDOWS
    22:34:26.796 AVAST engine scan C:\WINDOWS\system32
    22:36:04.812 AVAST engine scan C:\WINDOWS\system32\drivers
    22:36:19.640 AVAST engine scan C:\Documents and Settings\User
    23:02:28.609 AVAST engine scan C:\Documents and Settings\All Users
    23:03:57.937 Scan finished successfully
    23:12:30.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
    23:12:30.328 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
    ____________________________________________________________________

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8383

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    12/16/2011 11:22:44 PM
    mbam-log-2011-12-16 (23-22-44).txt

    Scan type: Quick scan
    Objects scanned: 181656
    Time elapsed: 6 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     

    Attached Files:

    • MBR.zip
      File size:
      513 bytes
      Views:
      1
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    OK, run DDS again and post the two logs, also give an update on current issues/concerns.

    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.
    • When done, DDS will open two (2) logs
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE

    Kevin...
     
  11. babushka

    babushka Thread Starter

    Joined:
    Jun 7, 2007
    Messages:
    67
    Things seem to be running smoothly now. No problems I've noticed.

    //dds.txt log
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_30
    Run by User at 20:53:50 on 2011-12-17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.554 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Protector Suite QL\menusw.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Zinio\ZinioReader.exe
    C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66028
    uInternet Settings,ProxyOverride = *.local
    mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    uRun: [Zinio DLM] c:\program files\zinio\ZinioReader.exe /autostart
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
    mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
    mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [VMware User Process] c:\program files\vmware\vmware tools\VMwareUser.exe
    mRun: [VMware Tools] c:\program files\vmware\vmware tools\VMwareTray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
    IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxps://www.dotphoto.com/ImageUploader4.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    Filter: text/html - {1616b7a2-f623-42ad-8fe4-0ee55e87cd45} -
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - fusstub.dll
    Notify: TPSvc - TPSvc.dll
    Notify: VESWinlogon - VESWinlogon.dll
    AppInit_DLLs: lsaczh.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
    LSA: Notification Packages = scecli fusstub
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\zro31ehi.default\
    FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2007-7-14 17968]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-10 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-27 314456]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-8 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-27 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-18 44768]
    R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-9 36352]
    R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2007-8-13 71961]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-13 226304]
    S2 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys --> c:\windows\system32\drivers\hgfs.sys [?]
    S2 VMMEMCTL;VMware server memory controller;\??\c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys --> c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [?]
    S2 VMTools;VMware Tools Service;"c:\program files\vmware\vmware tools\vmwareservice.exe" --> c:\program files\vmware\vmware tools\VMwareService.exe [?]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-8-13 20160]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
    S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2007-7-14 11696]
    S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-7-14 63024]
    S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2007-7-14 34992]
    .
    =============== Created Last 30 ================
    .
    2011-12-17 07:37:56 -------- d-----w- c:\documents and settings\user\local settings\application data\Amazon
    2011-12-17 07:37:41 -------- d-----w- c:\program files\Amazon
    2011-12-17 07:02:45 -------- d-----w- c:\program files\uTorrent
    2011-12-17 07:01:57 -------- d-----w- c:\documents and settings\user\application data\uTorrent
    2011-12-16 02:00:06 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
    2011-12-16 01:59:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-12-16 01:59:55 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-16 01:59:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-11 03:36:11 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-12-11 03:36:10 -------- d-----w- c:\program files\Trend Micro
    2011-12-11 00:25:45 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-12-11 00:09:00 -------- d-----w- c:\windows\system32\GroupPolicy
    .
    ==================== Find3M ====================
    .
    2011-12-17 07:09:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-17 07:09:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-10-31 23:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 20:54:39.17 ===============

    //attach.txt log
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/14/2007 2:02:38 AM
    System Uptime: 12/17/2011 8:45:29 PM (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | N/A | 1833/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 106 GiB total, 47.099 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP357: 9/9/2011 1:28:27 PM - System Checkpoint
    RP358: 9/10/2011 1:40:37 PM - System Checkpoint
    RP359: 9/11/2011 3:57:32 PM - System Checkpoint
    RP360: 9/16/2011 11:37:43 AM - Software Distribution Service 3.0
    RP361: 9/18/2011 9:51:21 PM - System Checkpoint
    RP362: 9/25/2011 11:51:32 AM - System Checkpoint
    RP363: 9/28/2011 7:19:39 PM - System Checkpoint
    RP364: 9/28/2011 9:26:51 PM - Software Distribution Service 3.0
    RP365: 10/10/2011 6:11:33 PM - System Checkpoint
    RP366: 10/13/2011 7:24:56 AM - Software Distribution Service 3.0
    RP367: 10/15/2011 7:33:32 PM - System Checkpoint
    RP368: 10/20/2011 11:21:44 AM - System Checkpoint
    RP369: 10/28/2011 6:35:47 PM - System Checkpoint
    RP370: 11/2/2011 9:53:55 PM - System Checkpoint
    RP371: 11/4/2011 11:43:46 AM - System Checkpoint
    RP372: 11/8/2011 3:07:06 PM - System Checkpoint
    RP373: 11/8/2011 5:17:11 PM - Installed Apple Software Update
    RP374: 11/10/2011 1:46:55 PM - Software Distribution Service 3.0
    RP375: 11/11/2011 11:12:16 AM - Software Distribution Service 3.0
    RP376: 11/13/2011 3:46:27 PM - System Checkpoint
    RP377: 11/17/2011 11:22:05 AM - System Checkpoint
    RP378: 11/19/2011 2:15:00 PM - System Checkpoint
    RP379: 11/27/2011 2:52:41 PM - System Checkpoint
    RP380: 11/28/2011 6:36:00 PM - System Checkpoint
    RP381: 12/2/2011 9:46:41 AM - System Checkpoint
    RP382: 12/3/2011 4:12:52 PM - System Checkpoint
    RP383: 12/6/2011 9:21:21 AM - System Checkpoint
    RP384: 12/7/2011 9:51:11 AM - System Checkpoint
    RP385: 12/10/2011 10:16:57 PM - Removed MobileMe Control Panel
    RP386: 12/10/2011 10:17:48 PM - Removed OpenOffice.org Installer 1.0
    RP387: 12/10/2011 10:27:51 PM - Removed Cingular Connection Manager
    RP388: 12/10/2011 10:33:57 PM - Installed HiJackThis
    RP389: 12/10/2011 10:35:54 PM - Removed HiJackThis
    RP390: 12/10/2011 10:36:09 PM - Installed HiJackThis
    RP391: 12/16/2011 9:55:52 PM - Installed Java(TM) 6 Update 30
    RP392: 12/16/2011 10:19:40 PM - Software Distribution Service 3.0
    RP393: 12/16/2011 11:31:38 PM - Removed Skype Click to Call
    RP394: 12/16/2011 11:33:12 PM - Removed VMware Tools
    RP395: 12/16/2011 11:33:43 PM - Removed Windows Live Upload Tool
    RP396: 12/16/2011 11:34:13 PM - Removed Windows Live Sign-in Assistant
    RP397: 12/17/2011 1:37:55 AM - Removed Java(TM) 6 Update 13
    RP398: 12/17/2011 1:38:35 AM - Removed Java(TM) SE Runtime Environment 6
    RP399: 12/17/2011 1:38:56 AM - Removed Java(TM) 6 Update 3
    RP400: 12/17/2011 2:08:53 AM - Installed Java(TM) 6 Update 30
    .
    ==== Installed Programs ======================
    .
    µTorrent
    ACDSee for PENTAX 3.0
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.0
    Adobe Shockwave Player 11.5
    Amazon Kindle
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Becker's CPA Exam Review and PassMaster - 2010 Edition
    Becker's Final Review - 2010 Edition
    Becker CPA Review CD-ROM Course and PassMaster - 2009 Edition
    BlackBerry Desktop Software 6.0.1
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    BufferChm
    CCleaner
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    eSupportQFolder
    Evernote v. 4.4.2
    Garmin Communicator Plugin
    Garmin USB Drivers
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    High Definition Audio Driver Package - KB835221
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet 3900 series
    HP Image Zone Express
    HP Imaging Device Functions 5.0
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.0
    HPDeskjet3900Series
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    iPod for Windows 2006-01-10
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    Java(TM) 6 Update 7
    K-Lite Codec Pack 3.2.9 Full *BETA*
    Malwarebytes' Anti-Malware version 1.51.2.1300
    mCore
    mDriver
    mDrWiFi
    mEoU
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    mIWA
    mLogView
    mMHouse
    Motorola Phone Tools
    Mozilla Firefox 8.0 (x86 en-US)
    mPfMgr
    mPfWiz
    mProSafe
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    mZConfig
    Nero 6 Ultra Edition
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PHStat2 version 2.5
    PowerDVD
    Protector Suite QL 5.3
    QuickTime
    Real Alternative 1.52
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2618444)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Setting Utility Series
    SigmaTel Audio
    SIW version 2008-09-03
    Skype™ 5.5
    SolutionCenter
    Sony Utilities DLL
    Status
    SUPERAntiSpyware Free Edition
    TrayApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VAIO Event Service
    WebFldrs XP
    WebReg
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Driver Package - Sony Corporation (SPI) HIDCLASS (08/20/2002 7.0.3.820)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR 4.01 (32-bit)
    Wireless Switch Setting Utility
    Zinio Reader
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/17/2011 8:46:15 PM, error: Service Control Manager [7000] - The VMware server memory controller service failed to start due to the following error: The system cannot find the path specified.
    12/17/2011 1:59:06 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.
    12/17/2011 1:33:45 AM, error: Service Control Manager [7000] - The hgfs service failed to start due to the following error: The system cannot find the file specified.
    12/10/2011 7:08:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.
    12/10/2011 7:08:31 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    12/10/2011 4:54:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/10/2011 4:52:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Tosrfcom
    12/10/2011 4:52:22 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2011 4:52:22 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2011 4:52:22 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2011 4:52:22 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2011 4:52:22 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2011 4:52:22 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2011 4:52:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/10/2011 4:52:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/10/2011 4:12:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi DMICall Fips intelppm SASDIFSV SASKUTIL Tosrfcom
    12/10/2011 11:21:00 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    .
    ==== End Of File ===========================
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    OK do the following:

    Step 1

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose run as administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

    Also uninstall the following via Start > Control Panel > Uninstall a Program (if present)

    Java(TM) 6 Update 7

    Step 2

    Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

    Please go to the link below to update.

    Adobe Reader Untick the Free McAfee® Security Scan Plus (optional) unless you want it. (not required)

    Step 3

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
    • If prompted, click "Yes" to reboot.
    Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

    Step 4

    We now need to reset your system restore points and create a new clean one. To do this "Turn off" System restore > Left click start > Right click My Computer > Left click Properties > Select System restore tab > put tick in Turn off System Restore box > apply > ok. To reverse as previous but remove the tick from Turn off System Restore > apply ok.


    Create the new restore point > Start > all programs > accessories > system tools > system restore > create a restore point > In the Restore point description box give it a name for reference eg. Clean 1. The time and date are added automatically > then select create and follow the wizard out.

    Let me know if those steps completed OK, also if any remaining issue/concerns..

    Kevin
     
  13. babushka

    babushka Thread Starter

    Joined:
    Jun 7, 2007
    Messages:
    67
    Did everything without problem, except there was no Java Update 7 in the Add/Remove list. Everything is running smoothly. I even helped her defragment since she hasn't done that ever and she's had the computer for years. Dare I say her system is better than ever. :)
    I think we're near the end so thank you so much so far for your time and consideration!!!
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    OK, if no remaining issues here are some tips to reduce the potential for malware infection in the future:

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained Here

    You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... [​IMG]
    ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    Firefox,

    Opera, and

    Chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    If no remaining issues hit the &#8220;Mark Solved&#8221; tab at the top of the thread,

    Take care,

    Kevin
     
  15. babushka

    babushka Thread Starter

    Joined:
    Jun 7, 2007
    Messages:
    67
    Thanks for everything Kevin!! Much appreciated indeed.

    Happy holidays! I'll mark as Solved.

    :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030705

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice