Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help with malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: help with malware removal

Unread postby Alander » January 20th, 2012, 8:50 pm

You didn't answer my question, are you still having this issue with your computer as described below?
Chr wrote:I'm communicating to you from another computer as I 'm unable to load any programs from the desktop of the compuetr we are trying to fix. For eaxmple when I try to load internet explorer I receive an error message that states, the item is not available it has been moved, renamed or removed -- followed by do I want to remove it from the list? please advise


ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    DDS::  
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Search Helper - No File
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Constant Guard Protection Suite (COM) - No File
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Poker sites
Online Poker sites are well known for placing all manner of Internet parasites on their visitors' computers and continue to do so. In a lot of cases, these Poker plugins are also getting installed without your asking for it. You can read Poker gamers targeted by a rootkit backdoor regarding the risk involved with visiting the Poker games web sites. Some Poker sites are related to criminal offense, you can read them Sites charged with gambling offenses A safe alternatives is Pogo.com.

Optional Fix
This is a optional fix, please read the information carefully. If you are happy to uninstall Wild Tangent, please follow the instructions below.
I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it is not technically considered spyware, it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version Location that the Web Driver was installed from
  • It is also a MAJOR resource hog.
For more information,see WildTangent Removal Instructions and Help AND Inside Wild Tangent-Delivering High-End 3-D Content To A Web SiteNear You.

Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent:

Uninstall Programs:
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following if present.
Poker Superstars III
Update Installer for WildTangent Games App (optional)
WildTangent Games (optional)
WildTangent Games App (Dell Games)(optional)

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore
Advertisement
Register to Remove

Re: help with malware removal

Unread postby Chr » January 21st, 2012, 9:19 am

Hi Alander,

I answered your question in the next post where I stated,

"I rebooted the computer and appear to have regained access to the internet. Here is my combo logfile:"....


To comment further, the computer does appear to be working properly and I'm not receiving virus alerts from Norton.

I see you have instructed me to use combo fix again. I'm reluctant to use this program again as it has not run properly on my system each time that I've used it. I noted a statement in my logfile regarding some aspect being incompatible with Windows 7. Also, I'm still receiving the warning about Mcafee scanner still running and potential conflict with the combo fix not running properly. We tried to remove mcafee completely but apparently have not done so. As I have stated, I do not have any backup/recovery disks so I do not think it would be prudent to run combo again until I can remove the conflict that's interfering with the combo fix program.

Can we address this issue again?
Is there a macafee registry item that needs to be removed?
Also, it looks like eset scanner is showing by computer to be virus free, is that correct?

thanks,
C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 21st, 2012, 4:35 pm

Hi

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click System Look x64.exe and select " Run as administrator "to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Mcafee*
    
    :folderfind
    *Mcafee*
    
    :Regfind
    Mcafee
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 21st, 2012, 5:18 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 16:13 on 21/01/2012 by KidVersatile
Administrator - Elevation successful

========== filefind ==========

Searching for "*Mcafee*"
C:\Program Files (x86)\Dell\Dell Welcome\images\mcAfeeIcon.JPG --a---- 1150 bytes [15:41 19/10/2011] [20:09 27/12/2010] 5CC6768CEF009E7457FC34A280067D02
C:\Windows\WisTools\logs\McAfee.log --a---- 512 bytes [15:27 19/10/2011] [15:29 19/10/2011] F9632E540B03F975ABCCD14CABD5015D
C:\Windows\WisTools\logs\McAfeeUpdates.log --a---- 466 bytes [15:32 19/10/2011] [15:33 19/10/2011] EB5481FD00228FF66AF6B1C1DEB32B16

========== folderfind ==========

Searching for "*Mcafee*"
C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TK3FWQE3\home.mcafee.com d------ [10:05 05/01/2012]
C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TK3FWQE3\home.mcafee.com\AppSupport\Common\Secure\McAfee.swf d------ [10:05 05/01/2012]
C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#home.mcafee.com d------ [10:05 05/01/2012]

========== Regfind ==========

Searching for "Mcafee"
[HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Mcafee Trust]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\McMPFSvc]
"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\McMPFSvc]
"DisplayName"="McAfee Personal Firewall Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{770D493D-80E5-4767-B8E2-656C41F220F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FB940B33-5779-4860-BA27-FB37922EEE7B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\McMPFSvc]
"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\McMPFSvc]
"DisplayName"="McAfee Personal Firewall Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{770D493D-80E5-4767-B8E2-656C41F220F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FB940B33-5779-4860-BA27-FB37922EEE7B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\McMPFSvc]
"ImagePath"=""C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\McMPFSvc]
"DisplayName"="McAfee Personal Firewall Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{770D493D-80E5-4767-B8E2-656C41F220F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FB940B33-5779-4860-BA27-FB37922EEE7B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-21-617796265-1180705624-484042273-1001\Software\Microsoft\SystemCertificates\Mcafee Trust]
[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

-= EOF =-
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 23rd, 2012, 10:39 am

Hi,

Back Up registry with ERUNT

  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Processes
    explorer.exe
    
    :Files
    C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#home.mcafee.com 
    C:\Program Files\McAfee
    C:\Program Files (x86)\Dell\Dell Welcome\images\mcAfeeIcon.JPG
    C:\Windows\WisTools\logs\McAfee.log
    C:\Windows\WisTools\logs\McAfeeUpdates.log
    C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TK3FWQE3\home.mcafee.com
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Mcafee Trust]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
    "@"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
    "@"=-
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\McMPFSvc]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{FB940B33-5779-4860-BA27-FB37922EEE7B}"=-
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\McMPFSvc]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{770D493D-80E5-4767-B8E2-656C41F220F5}"=-
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\McMPFSvc]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{770D493D-80E5-4767-B8E2-656C41F220F5}"=-
    
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
    [-HKEY_USERS\S-1-5-21-617796265-1180705624-484042273-1001\Software\Microsoft\SystemCertificates\Mcafee Trust]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]
    
    :Commands
    [EmptyFlash] 
    [emptytemp]
    [start explorer]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask you to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 23rd, 2012, 12:20 pm

Hi,

This is the OTM results log. Also, I wanted to let you know tha prior to doing the move with OTM, I received an alert from Norton stating that Combofix.exe was removed from my desktop because it was identified as an ADH trojan by Norton. Several other trojans were identified and quanrantined by Norton. Please advise.

c


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#home.mcafee.com folder moved successfully.
File/Folder C:\Program Files\McAfee not found.
C:\Program Files (x86)\Dell\Dell Welcome\images\mcAfeeIcon.JPG moved successfully.
C:\Windows\WisTools\logs\McAfee.log moved successfully.
C:\Windows\WisTools\logs\McAfeeUpdates.log moved successfully.
C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TK3FWQE3\home.mcafee.com\AppSupport\Common\Secure\McAfee.swf folder moved successfully.
C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TK3FWQE3\home.mcafee.com\AppSupport\Common\Secure folder moved successfully.
C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TK3FWQE3\home.mcafee.com\AppSupport\Common folder moved successfully.
C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TK3FWQE3\home.mcafee.com\AppSupport folder moved successfully.
C:\Users\KidVersatile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TK3FWQE3\home.mcafee.com folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Mcafee Trust\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32\\@ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\McMPFSvc\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB940B33-5779-4860-BA27-FB37922EEE7B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB940B33-5779-4860-BA27-FB37922EEE7B}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\McMPFSvc\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{770D493D-80E5-4767-B8E2-656C41F220F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{770D493D-80E5-4767-B8E2-656C41F220F5}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\McMPFSvc\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{770D493D-80E5-4767-B8E2-656C41F220F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{770D493D-80E5-4767-B8E2-656C41F220F5}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-617796265-1180705624-484042273-1001\Software\Microsoft\SystemCertificates\Mcafee Trust\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: KidVersatile
->Flash cache emptied: 3890 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KidVersatile
->Temp folder emptied: 226857 bytes
->Temporary Internet Files folder emptied: 2782387 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 14971204 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6780 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 01232012_110427

Files moved on Reboot...
C:\Users\KidVersatile\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000\ scheduled to be deleted on reboot.
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 24th, 2012, 7:52 am

Hi Chr, your ESET logs and DDS logs appears to be clean

What Norton is detecting is the things we cleared up with combofix that were in C:\QooBox like what Norton detected the 1st time we ran combofix with the .vir extensions.

Combofix isn't malware, it is a highly specialised tool which can be recognized by anti virus programs by heuristic due to its nature. Please do not be alarmed and also do not use combofix without a trained helper's instructions as it may render your computer unbootable.

Congratulations... your computer now appears to be malware free! :)

OTM - Clean up

  1. Right click on OTM.exe and select Run As Administrator to run it. When Windows prompts, please allow it.
  2. Click on CleanUp!
  3. When done, you will be prompted to restart your computer. Please do so at this time.
If your computer does not automatically restart, please restart it manually.


Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Please follow these simple guidelines in order to help keep your computer more secure:

Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia.
FileHippo.com Update Checker - © Copyright FileHippo.com
F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
Using Windows Update in Windows 7
What is Windows Update?
Microsoft Update Home

Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
You have this installed already, run scans weekly (at least)... make sure you check for updates before running scans.
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

WinPatrol
Do not install if you have installed Spybot Search & Destroy and enabled Teatimer protection. System conflicts can occur.
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here
(The free version of WinPatrol... provides limited real-time protection)


Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please let me know that you completed the cleanup steps, the create/purge System Restore point steps and reviewed the rest of the post.
Once I receive your reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.


Stay Safe!
Alander
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 24th, 2012, 10:20 pm

Hi Alander,

great news and thanks for all your help! I had one question regarding Windows Firewall and windows Defender--

I noticed in one of my logs that these were removed or disabled---Should the firewall be turned on? It's my understanding that running the windows firewall in combination with other anti-virus programs is not recommended. Am I okay just using Norton and Malwarebytes? If not, can you help me restore the windows firewall?

thanks,

C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 25th, 2012, 4:05 pm

Hi Chr,

your configuration of just Norton and Malwarebytes is fine. Your Norton suite contains a firewall, and you should only have 1 firewall running at any one time.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 26th, 2012, 4:25 pm

Ok, thanks for the info. I've completed the clean-up steps. I've also created new repair and backup disks.

Thanks again,

Chr
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Cypher » January 27th, 2012, 7:05 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware