Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I officially give up...PLEASE HELP!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I officially give up...PLEASE HELP!!!

Unread postby Elrond » February 29th, 2008, 3:25 am

Hi again. The main infection is gone. At the moment I do not know why Java should not work but we will take a look at that when we are through cleaning up.


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: Start -> Run -> Typing in %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Download and Run ComboFix

Please remove the version of ComboFix that you have on your computer and then

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Please run a new HiJackThis scan and post the following logs:
MalwareBytes AntiMalwre log
Combofix log
HijackThis log.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Re: I officially give up...PLEASE HELP!!!

Unread postby thesheetsfamily » February 29th, 2008, 10:43 pm

MalwareBytes log:

Malwarebytes' Anti-Malware 1.05
Database version: 433

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 239699
Time elapsed: 1 hour(s), 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Combofix log:

ComboFix 08-03-01 - Owner 2008-02-29 20:24:08.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-02-29 19:13 . 2008-02-29 19:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-29 19:12 . 2008-02-29 19:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-29 19:12 . 2008-02-29 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-28 23:05 . 2008-02-28 23:05 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-28 22:53 . 2004-08-04 13:00 388,608 --a------ C:\WINDOWS\system32\kmd.exe
2008-02-20 18:44 . 2008-02-20 18:44 <DIR> d-------- C:\WINDOWS\Sun
2008-02-18 19:18 . 2008-02-18 19:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-18 19:18 . 2008-02-18 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-18 18:41 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-18 18:39 . 2008-02-18 18:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-18 18:24 . 2008-02-18 18:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-18 18:03 . 2008-02-18 18:03 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Comodo
2008-02-18 18:03 . 2008-02-18 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-02-18 18:00 . 2008-02-18 18:00 <DIR> d-------- C:\Program Files\Comodo
2008-02-18 18:00 . 2005-07-19 19:41 201 --a------ C:\boot.ini.comodofirewall
2008-02-17 19:36 . 2008-02-17 19:36 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-02-17 19:36 . 2008-02-17 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-17 19:35 . 2008-02-17 19:35 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-17 19:34 . 2008-02-17 19:34 <DIR> d-------- C:\Program Files\Corel
2008-02-17 19:34 . 2008-02-17 19:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Corel
2008-02-17 19:32 . 2008-02-17 19:32 <DIR> d-------- C:\Program Files\PowerISO
2008-02-13 18:13 . 2007-12-04 08:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-13 18:12 . 2008-02-13 18:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-13 18:12 . 2003-03-18 15:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-13 18:12 . 2007-12-04 07:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-13 18:12 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-13 18:12 . 2007-12-04 06:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-13 18:12 . 2007-12-04 08:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-13 18:12 . 2007-12-04 08:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-13 18:12 . 2007-12-04 08:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-13 18:12 . 2007-12-04 08:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-07 22:10 . 2008-02-07 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-07 21:51 . 2008-02-07 21:52 <DIR> d-------- C:\Program Files\CCleaner
2008-02-07 19:41 . 2008-02-07 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-07 19:37 . 2008-02-08 06:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-07 19:37 . 2008-02-07 19:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-02-07 19:36 . 2008-02-07 19:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 17:16 . 2008-02-03 17:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2008-02-03 17:15 . 2008-02-03 17:15 <DIR> d-------- C:\Program Files\Netscape
2008-02-02 18:23 . 2008-02-02 18:23 <DIR> d-------- C:\Program Files\MyWebSearchWB

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 04:17 --------- d-----w C:\Program Files\QuickTime
2008-02-27 04:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-21 04:43 --------- d-----w C:\Program Files\MySpace
2008-02-21 00:20 --------- d-----w C:\Program Files\AWS
2008-02-19 00:41 --------- d-----w C:\Program Files\Java
2008-02-18 01:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-13 23:45 --------- d-----w C:\Program Files\Yahoo!
2008-02-13 23:44 --------- d-----w C:\Program Files\Gateway Games
2008-02-13 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-13 23:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-02-13 23:39 --------- d-----w C:\Program Files\BigFix
2008-02-01 04:40 164 ----a-w C:\install.dat
2008-01-31 04:25 --------- d-----w C:\Program Files\Google
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 579,072 2007-12-21 15:34:52 C:\Program Files\Grisoft\AVG7\bak\avgcc.exe

----a-w 4,670,704 2007-08-30 23:43:18 C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

----a-w 15,360 2004-08-04 19:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 19:00:00 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [ ]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-12-02 18:32 144448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 14:32 8699904]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-01 18:05 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 23:05 344064]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 01:05 217088]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-02-18 18:00 1115728]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 14:32 8699904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 01:54:43 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-11-02 01:54:44 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 20:28:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-29 20:38:18
ComboFix-quarantined-files.txt 2008-03-01 02:38:12
ComboFix2.txt 2008-02-19 01:05:23
.
2008-02-13 09:32:45 --- E O F ---


HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:07 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] "C:\Program Files\AWS\WeatherBug\Weather.exe" 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 9414 bytes
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: I officially give up...PLEASE HELP!!!

Unread postby Elrond » March 1st, 2008, 2:04 pm

The logs look clean.
Is your Java still not working? If so have you tried to uninstall it and reinstall it according to the instructions you got earlier in this thread.
Let me know how that goes. If you can not get Java to work please let me have as much information as possible about it.
In the interim let's clear out the programmes we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.


Please go to Start > Run - type in ComboFix /u & click OK


Next please download the OTMoveIt2 by OldTimer.
Save it to your desktop.

  • Double click OTMoveIt.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTMoveIt
  • Now delete OTMoveIt.exe (if still present)


Your computer now seems to be clean. Therefore please

  1. Clean out Temporary Files etc. Download System Security Suite from http://www.igorshpak.net/software/3ssetup104.zip. Extract it from the zip file into a folder and double click on sss.exe. Please check the following check-boxes under the Items to Clear tab:
    1. Under Internet Explorer
      • History
      • Temporary Files
    2. Under My Computer
      • Recycle Bin
      • Run (Menu)
      • Search History
      • Temporary Files
    Next click 'Clear Selected Items'. Reboot when prompted. It is a good idea to do this every few weeks as a lot of junk collects there over time.

  2. Create a new, clean System Restore point which you can use in case of future system problems:
    Press Start->All Programs->Accessories->System Tools->System Restore
    Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

    Now remove old, infected System Restore points:
    Next click Start->Run and type cleanmgr in the box and press OK
    Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
    Press OK and Yes to confirm

  3. Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

  4. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

  5. You are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm

  6. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

  7. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.

  8. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.

  9. Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.

  10. Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.

  11. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  12. Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miek ... ntion.html that will give you more information on some of the points above.

  13. Please check out Tony Klein's article "How did I get infected in the first place?"

Follow this list and your potential for being infected again will reduce dramatically.

Stand up and be Counted.
[quote]NOW is the time you can start to hit back at the people who infected you.
Image
Please take the time to go and complain - your infection was AWF. Please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to government or government agencies that something will get done.


Come back and let me know what happened with your JAVA.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: I officially give up...PLEASE HELP!!!

Unread postby thesheetsfamily » March 1st, 2008, 6:16 pm

I'll start working on cleaning up all the programs. In the meantime, no Java is still not working. I've tried reinstalling and it didn't fix the problem. Everything works fine in Netscape, just not Internet Explorer. And I hate Netscape. =)
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: I officially give up...PLEASE HELP!!!

Unread postby thesheetsfamily » March 1st, 2008, 9:37 pm

Hmm...well, I only got as far as cleaning up my temporary files and the site http://www.igorshpak.net/software/3ssetup104.zip is not working. Says the domain expired. :?
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: I officially give up...PLEASE HELP!!!

Unread postby Elrond » March 2nd, 2008, 1:32 am

That is new develpment. It worked a few days ago. However there are other ways to get this done.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All. Then remove the check mark for cookies
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button. Remove the check mark for Cookies
    NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .
If you use Opera browser
    Click Opera at the top and choose: Select All. Remove the check mark for Cookies
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt if you are promted.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


I never liked Netscape but there are better non Intrnet browsers then Netscape. Have you tried Mozilla FireFox: http://www.mozilla.com/en-US/firefox/
or Opera: Both are good. Opera is very quick normally. Of cource both need to be kept updated as new security problems are found all the time as are found in Internet Explorer. That goes for all internet browsers.


Once you are done with securing your computer we will have to take a look at your Internet Explorer settings as it seems to be an IE problem and not a Java problem.

Reset the Security level in Internet explorer
  • Open Internet Explorer.
  • Click Tools on the toolbar.
  • Click {b]Internet Options[/b] at the bottom of the list.
  • Click the Security tab.
  • The [b[Zone[/b] you want high lighted is Internet
  • Security Level for this Zone should be Medium-High if you have not purposly chnaged it. If it shows something else and you have not changed it then please make a note of what it says. If you have not made any changes to any of the zones then please
  • Click {b]Reset all zones to default level[/b]
  • If you have purposly changed the settings for any zone then please let me know what you have changed and we will change the the zones as necessary.
  • Click OK at the bottom.

Let me know if there is any change with Internet Explorer behaviour.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: I officially give up...PLEASE HELP!!!

Unread postby thesheetsfamily » March 2nd, 2008, 5:31 pm

Ok, I've done everything to clean up, including reset my internet explorer security settings. Internet Explorer still has issues. Everywhere a java applet is supposed to be...and this is on any website...I get either the white box with the red "x" or this message: Hello, you either have JavaScript turned off or an old version of Macromedia's Flash Player. Click here to get the latest flash player.

I've tried downloaded the new Flash Player, and it says "when you see the video below, your install was successful."...but I never see this video, I just get the white box with the red "x" after trying to download.

I've tried both Firefox and Opera in the past...and didn't care much for them either. I'm pretty dedicated to IE, if I can get the silly thing acting right! =)
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: I officially give up...PLEASE HELP!!!

Unread postby Elrond » March 3rd, 2008, 1:42 am

We are getting outside my expertise really but I will try to help you as far as I can. It is not sure that it is Internet Explorer that is the problem. That Flash Player works under Netscape does not mean anything because Netscape uses a different version of Flash Player than does Internet Explorer. It could also be some sort of problem with Flash Player.
I found the following that perhaps can help you.
Please go to http://www.softwarepatch.com/network-se ... urity.html and look at the post.
It looks like you need to download the Flash Player Removal tool and run it to remove of the old instalation of Flash Player which could well have been damaged by the malware infection and then download the latest version of Flash Player for Internet Explorer. You will find links for both the removal Tool and for the download of the standalone Flash Player close to the top of the page.
Good luck and let me know what happened. If I can not find the solution for your problem which I do not believe to be related to any malware present at you computer now I will give you the internet addresses of some forums that have experts in the field where you need help.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: I officially give up...PLEASE HELP!!!

Unread postby thesheetsfamily » March 5th, 2008, 6:39 pm

Well, I've never been able to resolve the issue. I've tried everything that one forum recommended...uninstall flash, reinstall. Browsers closed, reboot each time. I even removed Internet Explorer completely and tried reinstalling that. Didn't work. :(
thesheetsfamily
Regular Member
 
Posts: 48
Joined: February 9th, 2008, 10:10 pm

Re: I officially give up...PLEASE HELP!!!

Unread postby Elrond » March 6th, 2008, 3:17 pm

As I said before I am not an expert at this type of problem. I would sugest that you go to one of the forums below that specialize in more general computer problems. They have people that know more about this sort of problem because it does not seem to be a malware problem.

Give a link to this thread for reference to helper that helps you.
http://malwareremoval.com/forum/posting.php?mode=reply&f=11&t=27744

Good Hardware and Software Help Forums
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3
or
Computer Cops here:http://www.castlecops.com/ Registration on rigt edge close to top under login.

All may require you to register free before posting for help.

Sorry that I could not help you further. :(
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: I officially give up...PLEASE HELP!!!

Unread postby Elrond » March 20th, 2008, 3:34 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 68 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware