Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Ran Adware, Spybot, Stinger, AVG etc still infected...Help!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Ran Adware, Spybot, Stinger, AVG etc still infected...Help!!

Unread postby askey127 » December 11th, 2007, 12:00 pm

Flexfx,
-----------------------------------------------------------
Press Start->Run, copy/paste the following command into the box and press OK:
cmd /c dir C:\*.* /L /A /B /S|Find "mirc.exe" >> "%userprofile%\desktop\look.txt"

A file called look.txt should appear on your Desktop. Please post the contents of this file.
-----------------------------------------------------------
Go to Start > Control Panel > Display Properties > Desktop > Customize Desktop... > Web tab
Delete everything except "My Current Home Page"
-----------------------------------------------------------
Copy/Paste/Run a Registry Edit
Copy/paste the following quote box into a new notepad document:
Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau 


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Save it as File Type All Files (not as a Text document, or it won't work).
Save it to your Desktop as fixme.reg
Double click fixme.reg on your Desktop, and merge it into the registry when asked.
Reboot Windows.
-----------------------------------------------------------
Download and Run ComboFix
Please also post the contents of look.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: Ran Adware, Spybot, Stinger, AVG etc still infected...Help!!

Unread postby Flexfx » December 11th, 2007, 1:32 pm

look.txt is empty



ComboFix 07-12-09.1 - Patricia Clark 2007-12-11 12:09:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.162 [GMT -6:00]
Running from: C:\Documents and Settings\Patricia Clark\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\temp\tn3
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\g2
C:\WINDOWS\system32\i2
C:\WINDOWS\system32\n8
C:\WINDOWS\system32\p4
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rMa01yy

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NWSAPAGENT
-------\core
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-11 08:19 . 2007-12-11 08:19 <DIR> d-------- C:\Deckard
2007-12-10 11:26 . 2007-12-10 11:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-10 11:26 . 2007-12-10 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 14:38 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-04 14:37 . 2007-12-04 14:38 <DIR> d-------- C:\Program Files\Java
2007-12-04 14:37 . 2007-12-04 14:37 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-04 09:52 . 2007-12-04 09:52 <DIR> d-------- C:\VundoFix Backups
2007-12-03 15:42 . 2007-12-03 15:43 <DIR> d-------- C:\Program Files\CCleaner2
2007-11-26 15:33 . 2007-11-26 15:33 268 --ah----- C:\sqmdata00.sqm
2007-11-26 15:33 . 2007-11-26 15:33 244 --ah----- C:\sqmnoopt00.sqm
2007-11-21 10:56 . 2007-11-21 10:56 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-21 10:54 . 2007-11-21 10:54 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-19 16:12 . 2007-12-10 11:11 1,010 --a------ C:\WINDOWS\wininit.ini
2007-11-19 13:25 . 2007-11-19 13:25 <DIR> d-------- C:\Documents and Settings\Patricia Clark\Application Data\TrojanHunter
2007-11-19 13:25 . 2007-11-19 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-19 13:24 . 2007-11-19 13:24 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-19 13:13 . 2005-10-14 14:45 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-11-19 12:16 . 2007-11-19 12:16 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-19 10:54 . 2007-11-19 10:54 <DIR> d-------- C:\Program Files\CCleaner
2007-11-19 09:28 . 2007-08-20 04:04 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-19 09:28 . 2007-04-17 03:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-19 09:28 . 2007-03-07 23:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-19 09:28 . 2007-08-20 04:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-19 09:28 . 2007-08-20 04:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-19 09:28 . 2007-08-20 04:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-19 09:28 . 2007-08-20 04:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-19 09:28 . 2007-08-20 04:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-19 09:28 . 2007-08-17 04:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-19 09:18 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-19 09:06 . 2007-11-19 09:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-17 20:26 . 2007-11-17 20:39 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-17 20:26 . 2007-11-17 20:26 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-17 20:26 . 2007-11-17 20:26 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-17 20:26 . 2007-11-17 20:26 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-17 19:30 . 2007-11-17 19:30 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-17 19:28 . 2007-12-11 08:09 <DIR> d-------- C:\Documents and Settings\Patricia Clark\Application Data\AVG7
2007-11-17 19:26 . 2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-17 19:26 . 2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 19:26 . 2007-11-17 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-17 19:02 . 2007-11-17 19:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 18:50 . 2007-11-17 18:50 6,470 --ahs---- C:\WINDOWS\system32\ilnmp.bak2
2007-11-17 17:39 . 2007-11-17 17:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-17 17:39 . 2007-11-17 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-17 17:13 . 2007-11-17 17:13 6,470 --ahs---- C:\WINDOWS\system32\ilnmp.bak1
2007-11-17 17:12 . 2007-11-17 19:30 7,342 --ahs---- C:\WINDOWS\system32\ilnmp.ini
2007-11-17 17:07 . 2007-11-17 19:32 <DIR> d--hs---- C:\WINDOWS\UGF0cmljaWEgQ2xhcms
2007-11-17 17:07 . 2007-11-17 17:07 <DIR> d-------- C:\WINDOWS\system32\BFBBC4BCBFBFC2C
2007-11-17 17:07 . 2007-12-11 12:11 <DIR> d-------- C:\Temp
2007-11-17 17:07 . 2007-11-17 17:07 166,945 --a------ C:\WINDOWS\system32\drivers\core.cache(4).dsk
2007-11-17 17:07 . 2007-11-17 17:07 166,945 --a------ C:\WINDOWS\system32\drivers\core.cache(3).dsk
2007-11-17 17:07 . 2007-11-17 17:07 166,945 --a------ C:\WINDOWS\system32\drivers\core.cache(2).dsk
2007-11-15 10:55 . 2007-11-15 10:55 <DIR> d-------- C:\Program Files\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 20:37 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-29 16:44 --------- d-----w C:\Documents and Settings\Patricia Clark\Application Data\ICAClient
2007-11-29 16:01 --------- d-----w C:\Program Files\Citrix
2007-11-26 20:52 --------- d-----w C:\Documents and Settings\Patricia Clark\Application Data\AdobeUM
2007-11-19 17:15 --------- d-----w C:\Program Files\Microsoft Works
2007-11-18 00:45 --------- d-----w C:\Program Files\Google
2007-11-09 17:59 --------- d-----w C:\Program Files\Windows Live
2007-11-09 16:59 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-09 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-29 14:34 --------- d-----w C:\Documents and Settings\Patricia Clark\Application Data\Viewpoint
2005-07-29 22:24 472 --sha-r C:\WINDOWS\UGF0cmljaWEgQ2xhcms\o3IXwA53uqH0kZU1wAP.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 03:33]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 17:24]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-17 19:26]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-17 19:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-11-28 05:50:45]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM

*Newly Created Service* - HTTPFILTER
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\ijdoodkoREAD.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 12:14:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 12:15:09 - machine was rebooted
.
--- E O F ---
Flexfx
Active Member
 
Posts: 11
Joined: November 29th, 2007, 2:26 pm

Re: Ran Adware, Spybot, Stinger, AVG etc still infected...Help!!

Unread postby Flexfx » December 11th, 2007, 2:16 pm

Also.....pop-ups seem to have stopped now......I am in the clear yet?
Flexfx
Active Member
 
Posts: 11
Joined: November 29th, 2007, 2:26 pm

Re: Ran Adware, Spybot, Stinger, AVG etc still infected...Help!!

Unread postby askey127 » December 12th, 2007, 7:36 am

Flexfx,
Looks good.
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
-----------------------------------------------------------
Reset Options in CCleaner for Regular Use.
Open CCleaner if it's not already running.
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. Then under Internet Explorer, Uncheck "History". In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Check Only delete files in Windows Temp folders older than 48 hours.
  • Set CCleaner to Run When Computer Starts. Click on the Options block on the left, then choose Settings. Check Run Ccleaner when computer starts.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Disable WinXP System Restore
Disable your System Restore to remove malware files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing them. The only way to erase these files is to temporarily disable System Restore. You will lose all previous Restore points, including those likely to be infected, and a new Restore Point will be established..
- Right-click My Computer, and then click Properties.
- On the System Restore tab, put a Check mark in the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
If you are not prompted to reboot, do it on your own.
-----------------------------------------------------------
After the Reboot,
Enable WinXP System Restore
- Right-click My Computer, and then click Properties.
- On the System Restore tab, Clear the Check mark beside the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
The Disable/Re-enable System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
-----------------------------------------------------------
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.
You should be good to go.
askeyy127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Ran Adware, Spybot, Stinger, AVG etc still infected...Help!!

Unread postby Flexfx » December 12th, 2007, 11:26 am

Absolutely fantastic......

I cannot thank you enough, I'll be sure to donate.

Your help and patience is MUCH appreciated........this is a GREAT service you guys are doing.


Thanks again!
Flexfx
Active Member
 
Posts: 11
Joined: November 29th, 2007, 2:26 pm

Re: Ran Adware, Spybot, Stinger, AVG etc still infected...Help!!

Unread postby askey127 » December 20th, 2007, 7:12 pm

Glad we could be of assistance. This topic is now closed. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
Please do not contact us to reopen this topic if you are not the topic starter.
A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link : Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13897
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware