Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help needed with system check malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 26th, 2012, 6:02 am

Hi. :)

regarding aswMBR - I ran it twice accidentally (could not locate the log the first time I ran it.
OK, as mentioned prior not a problem.

Everything seems to be working fine, there are no new symptoms and/or problems.
Good.

MSConfig Advice:

Personally I do not think it wise to use the System Configuration Utility unless you know exactly what your are doing as otherwise serious problems may arise.

I advise you consider this application to use instead, it will also provide a extra layer of system protection via its monitoring activities.

WinPatrol:

Download it from here

You can find information about how WinPatrol works here

Note: Do not download/install just yet as it may hinder the malware removal process but by all means do so when I give the all clear if you so wish.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) >> OK.

Custom ComboFix-Script:

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code: Select all
KillAll::

DDS::
uURLSearchHooks: H - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

File::
c:\documents and settings\All Users\Application Data\1327178440.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327178438.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327177343.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327174600.1200.bin
c:\documents and settings\All Users\Application Data\1327174600.3064.bin
c:\documents and settings\All Users\Application Data\1327174600.1892.bin
c:\documents and settings\All Users\Application Data\1327174600.3280.bin
c:\documents and settings\All Users\Application Data\1327174600.468.bin
c:\documents and settings\All Users\Application Data\1327174600.988.bin
c:\documents and settings\All Users\Application Data\1327174600.1324.bin
c:\documents and settings\All Users\Application Data\1327174600.2988.bin
c:\Documents and Settings\user1\Local Settings\Temp\6.tmp

Folder::
c:\program files\AVAST Software
c:\program files\Bitdefender
c:\program files\PC Tools Security
c:\program files\Common Files\Bitdefender
c:\program files\Common Files\PC Tools
c:\documents and settings\All Users\Application Data\PC Tools
c:\documents and settings\All Users\Application Data\AVAST Software

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6]

ClearJavaCache:: 

ReBoot::
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

Caution: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Check Hard Disk For Errors:

Click on Start >> Run..., then copy/paste the following command into the box and press OK:
Code: Select all
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • New ComboFix Log.
  • Contents of checkhd.txt.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: Help needed with system check malware removal

Unread postby pbellert » January 27th, 2012, 1:31 am

Update: I could not complete all steps. I tried several times. ComboFix stalls immediately upon launching, Task Manager is not responding.
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 27th, 2012, 4:18 am

Hi. :)

Update: I could not complete all steps. I tried several times. ComboFix stalls immediately upon launching, Task Manager is not responding.
OK, we will merely take a different approach as follows...

Delete the current custom ComboFix script(notepad file) on the desktop, then save this new one:-

Code: Select all
DDS::
uURLSearchHooks: H - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

File::
c:\documents and settings\All Users\Application Data\1327178440.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327178438.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327177343.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327174600.1200.bin
c:\documents and settings\All Users\Application Data\1327174600.3064.bin
c:\documents and settings\All Users\Application Data\1327174600.1892.bin
c:\documents and settings\All Users\Application Data\1327174600.3280.bin
c:\documents and settings\All Users\Application Data\1327174600.468.bin
c:\documents and settings\All Users\Application Data\1327174600.988.bin
c:\documents and settings\All Users\Application Data\1327174600.1324.bin
c:\documents and settings\All Users\Application Data\1327174600.2988.bin
c:\Documents and Settings\user1\Local Settings\Temp\6.tmp

Folder::
c:\program files\AVAST Software
c:\program files\Bitdefender
c:\program files\PC Tools Security
c:\program files\Common Files\Bitdefender
c:\program files\Common Files\PC Tools
c:\documents and settings\All Users\Application Data\PC Tools
c:\documents and settings\All Users\Application Data\AVAST Software

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6]

ClearJavaCache:: 

ReBoot::

Next:

Now I will be asking you to boot into Safe Mode for the next part of the fix.

How to boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.

If any problems refer to this tutorial.

In safe mode carry out the following:

Run the custom ComboFix script again as outlined in this post, after it is completed your machine should boot back up into Normal Mode.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help needed with system check malware removal

Unread postby pbellert » January 27th, 2012, 10:27 am

Done. Everything seems to be working fine.
1st log:

ComboFix 12-01-26.03 - user1 01/27/2012 7:53.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2786 [GMT -6:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user1\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\All Users\Application Data\1327174600.1200.bin"
"c:\documents and settings\All Users\Application Data\1327174600.1324.bin"
"c:\documents and settings\All Users\Application Data\1327174600.1892.bin"
"c:\documents and settings\All Users\Application Data\1327174600.2988.bin"
"c:\documents and settings\All Users\Application Data\1327174600.3064.bin"
"c:\documents and settings\All Users\Application Data\1327174600.3280.bin"
"c:\documents and settings\All Users\Application Data\1327174600.468.bin"
"c:\documents and settings\All Users\Application Data\1327174600.988.bin"
"c:\documents and settings\All Users\Application Data\1327177343.bdinstall.bin"
"c:\documents and settings\All Users\Application Data\1327178438.bdinstall.bin"
"c:\documents and settings\All Users\Application Data\1327178440.bdinstall.bin"
"c:\documents and settings\user1\Local Settings\Temp\6.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1327174600.1200.bin
c:\documents and settings\All Users\Application Data\1327174600.1324.bin
c:\documents and settings\All Users\Application Data\1327174600.1892.bin
c:\documents and settings\All Users\Application Data\1327174600.2988.bin
c:\documents and settings\All Users\Application Data\1327174600.3064.bin
c:\documents and settings\All Users\Application Data\1327174600.3280.bin
c:\documents and settings\All Users\Application Data\1327174600.468.bin
c:\documents and settings\All Users\Application Data\1327174600.988.bin
c:\documents and settings\All Users\Application Data\1327177343.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327178438.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327178440.bdinstall.bin
c:\documents and settings\All Users\Application Data\AVAST Software
c:\documents and settings\All Users\Application Data\PC Tools
c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\{C146A195-BE12-42E3-9078-E4947B9EF682}.dat
c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_generic999_en_aff_dl.exe
c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_revwire207_en_aff_dl.exe.bak
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\Setup\setup.ini
c:\program files\Bitdefender
c:\program files\Common Files\Bitdefender
c:\program files\Common Files\Bitdefender\setupinformation\contacts.xml
c:\program files\Common Files\Bitdefender\setupinformation\contacts.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\detection.xml
c:\program files\Common Files\Bitdefender\setupinformation\detection.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\ACA.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\ACA.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Ad-Aware.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Ad-Aware.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\AntiVir.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\AntiVir.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\avast5.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\avast5.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\AVG.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\AVG.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Avira.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Avira.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\BackWeb-4476822.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\BackWeb-4476822.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\BBC.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\BBC.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Bitdefender Antivirus.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Bitdefender Antivirus.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Bitdefender Internet Security.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Bitdefender Internet Security.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Bitdefender Total Security.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Bitdefender Total Security.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Bitdefender.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Bitdefender.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\BullGuard.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\BullGuard.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\cciss.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\cciss.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\COMODO.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\COMODO.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\DRWEB.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\DRWEB.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\ESET.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\ESET.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\eTrust.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\eTrust.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\F-Secure.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\F-Secure.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\GData.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\GData.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\GUIDs.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\GUIDs.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\JiangMin.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\JiangMin.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Kaspersky.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Kaspersky.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Kingsoft.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Kingsoft.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\kv.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\kv.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Lavasoft.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Lavasoft.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Malwarebytes.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Malwarebytes.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\McAfee.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\McAfee.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\MicroPoint.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\MicroPoint.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Mobile.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Mobile.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\MSC.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\MSC.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\mse.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\mse.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Norman.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Norman.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Norton.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Norton.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\OfficeScan95.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\OfficeScan95.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\OfficeScanNT.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\OfficeScanNT.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Panda.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Panda.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\PCTools.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\PCTools.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Premium.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Premium.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Rav.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Rav.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\RFW.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\RFW.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Ris.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Ris.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\ServerProtect.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\ServerProtect.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\SunBelt.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\SunBelt.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\TrendMicro.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\TrendMicro.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\VETWIN32Vp5.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\VETWIN32Vp5.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Virus.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Virus.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\Webroot.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\Webroot.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\WinSS.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\WinSS.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\extern\ZoneAlarm.xml
c:\program files\Common Files\Bitdefender\setupinformation\extern\ZoneAlarm.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\locations.xml
c:\program files\Common Files\Bitdefender\setupinformation\locations.xml.md5
c:\program files\Common Files\Bitdefender\setupinformation\setupdownloader.exe
c:\program files\Common Files\Bitdefender\setupinformation\setupdownloader.exe.md5
c:\program files\Common Files\Bitdefender\setupinformation\setupdownloader.ui
c:\program files\Common Files\Bitdefender\setupinformation\setupdownloader.ui.md5
c:\program files\Common Files\Bitdefender\setupinformation\setuplauncher.exe
c:\program files\Common Files\Bitdefender\setupinformation\setuplauncher.exe.md5
c:\program files\Common Files\Bitdefender\setupinformation\UninstallLib.dll
c:\program files\Common Files\Bitdefender\setupinformation\UninstallLib.dll.md5
c:\program files\Common Files\PC Tools
c:\program files\Common Files\PC Tools\Lsp\pctlsp.dll.old0131.old
c:\program files\PC Tools Security
c:\program files\PC Tools Security\TFEngine\TFCfg.dll0147.old
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 14:04 . 2012-01-27 14:04 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EB0D147-465D-46B2-AC7E-F9BB09EAC0FD}\MpKsl23a856f1.sys
2012-01-27 02:59 . 2012-01-06 02:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EB0D147-465D-46B2-AC7E-F9BB09EAC0FD}\mpengine.dll
2012-01-25 13:49 . 2012-01-25 13:49 -------- d-----w- c:\program files\File Type Assistant
2012-01-24 16:09 . 2012-01-24 16:09 -------- d-----w- C:\_OTL
2012-01-24 16:03 . 2012-01-24 16:04 -------- d-----w- c:\program files\ERUNT
2012-01-23 02:08 . 2012-01-06 02:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-21 21:47 . 2012-01-21 21:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-21 21:47 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-21 21:02 . 2012-01-21 21:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-21 19:38 . 2012-01-21 19:38 -------- d-----w- c:\documents and settings\user1\Application Data\QuickScan
2012-01-21 06:24 . 2012-01-21 06:24 -------- d-----w- c:\documents and settings\user1\Application Data\Malwarebytes
2012-01-21 06:24 . 2012-01-21 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-21 05:54 . 2012-01-21 05:54 -------- d-----w- c:\windows\system32\GroupPolicy
2012-01-21 01:28 . 2012-01-21 01:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-07 20:00 . 2012-01-07 20:00 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 20:00 . 2012-01-07 20:00 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 20:00 . 2012-01-07 20:00 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-07 20:00 . 2012-01-07 20:00 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 14:03 . 2009-03-19 17:33 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-01-27 14:03 . 2009-03-19 17:48 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-27 14:02 . 2009-03-19 17:32 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-21 23:05 . 2011-02-02 15:11 64128 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2012-01-21 06:04 . 2009-03-19 17:48 58288 ------w- c:\windows\system32\rpcnet.exe
2012-01-04 09:26 . 2010-05-27 20:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-19 09:02 . 2005-05-13 23:27 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2011-12-19 09:02 . 2011-12-19 09:02 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-12-19 09:02 . 2011-12-19 09:02 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2011-12-10 15:56 . 2010-10-06 19:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-10 15:56 . 2010-10-06 19:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-28 23:34 . 2011-11-28 23:34 446160 ----a-w- c:\windows\system32\drivers\avckf.sys
2011-11-25 21:57 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 19:59 . 2011-11-25 19:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2011-11-23 13:25 . 2004-08-04 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 10:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 10:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 10:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 01:20 . 2011-08-14 02:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 10:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 10:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 10:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2012-01-07 20:00 . 2011-08-14 02:53 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_05.40.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 10:00 . 2012-01-26 05:42 40912 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2012-01-27 14:05 40912 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2012-01-27 14:05 313048 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2012-01-26 05:42 313048 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-10 296056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 MpKsl23a856f1;MpKsl23a856f1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EB0D147-465D-46B2-AC7E-F9BB09EAC0FD}\MpKsl23a856f1.sys [1/27/2012 8:04 AM 29904]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2012 3:47 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2012 3:47 PM 20464]
S1 aesjthxt;aesjthxt;\??\c:\windows\system32\drivers\aesjthxt.sys --> c:\windows\system32\drivers\aesjthxt.sys [?]
S3 EE1ACEED;EE1ACEED;c:\windows\system32\EE1ACEED.exe --> c:\windows\system32\EE1ACEED.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL23A856F1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
6
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2012-01-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1935655697-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2012-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1935655697-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user1\Application Data\Mozilla\Firefox\Profiles\voxj3y0k.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-6
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-27 08:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1156)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(1032)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
.
**************************************************************************
.
Completion time: 2012-01-27 08:07:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-27 14:06
ComboFix2.txt 2012-01-26 05:45
.
Pre-Run: 137,026,473,984 bytes free
Post-Run: 136,973,914,112 bytes free
.
- - End Of File - - ADDDC8126AC5AF4AE82728313A461770
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby pbellert » January 27th, 2012, 10:28 am

2nd log:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

156288320 KB total disk space.
22277736 KB in 48075 files.
14856 KB in 4494 indexes.
0 KB in bad sectors.
201052 KB in use by the system.
65536 KB occupied by the log file.
133794676 KB available on disk.

4096 bytes in each allocation unit.
39072080 total allocation units on disk.
33448669 allocation units available on disk.
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 27th, 2012, 3:52 pm

Hi. :)

Everything seems to be working fine.
Good, lets proceed as follows shall we...

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help needed with system check malware removal

Unread postby pbellert » January 27th, 2012, 9:09 pm

22 infected files found. Log below:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a0baa841b989a74ca9c8e58e96d21e18
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-28 01:05:10
# local_time=2012-01-27 07:05:10 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 87 0 24470484 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=48141
# found=20
# cleaned=0
# scan_time=1495
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0018789.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0019789.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0020797.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0021797.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0022797.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0022825.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0022843.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0023843.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0024849.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0024917.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0024920.exe a variant of Win32/Agent.TKD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0024943.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0024946.exe a variant of Win32/Agent.TKD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0025943.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP223\A0026943.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP224\A0027352.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP225\A0027433.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP226\A0028433.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP226\A0029433.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D29869E8-AB01-4D41-88C9-E52AF1EED45C}\RP226\A0029472.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 28th, 2012, 8:52 am

Hi. :)

What has be flagged by the online scan are infected System Restore Points. Which will be flushed and a new clean one set when we actually uninstall ComboFix when I give the all clear. So no action is required at this time.

New Adobe Reader Installation:

Go here to download the latest version of Adobe Reader.

Deselect Yes, install Google Toolbar - optional unless you want the toolbar that is. Myself think no need since you have IE8.

  • After the new Reader is installed, Open Adobe Reader X.
  • OK the license.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button

New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE 7u2. Click on JRE Download.
  • Check (tick) Java SE Runtime Environment 7 License Agreement box.
  • Click on jre-7u2-windows-i586.exe link next to Windows x86 Offline to download it and save this to your desktop.
  • Double-click on on jre-7u2-windows-i586.exe to install Java.

Next:

Let myself know when completed the above and if any further issues remaining. If not we will clean up all tools used during the Malware Removal process and I will provide some advice about online safety etc.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help needed with system check malware removal

Unread postby pbellert » January 28th, 2012, 9:40 am

I cannot finish installation of Adobe Reader. When I double-click the file I get certificate authentication failed notice.
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby pbellert » January 28th, 2012, 9:49 am

No problems with Java installation.
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 28th, 2012, 10:26 am

Hi. :)

Run the following please then try the Adobe Installation again...

System File Check:

Close all open applications/windows etc.

  • Click on Start >> Run...
  • Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
  • Click on OK
  • System File Checker will now scan all protected files to verify their versions.

Note: This will take some time. Also you may be prompted to place your XP installation CD-ROM in the CD-Drive if required.

Next:

If still issues afterwards, follow the advice in the two below listed Adobe support topics:-

Can't download, install Reader | Quick fix

Troubleshoot Adobe Reader installation | Windows
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help needed with system check malware removal

Unread postby pbellert » January 28th, 2012, 1:08 pm

Done. Adobe Reader is now installed.

;)
pbellert
Regular Member
 
Posts: 17
Joined: January 22nd, 2012, 1:20 pm

Re: Help needed with system check malware removal

Unread postby Dakeyras » January 30th, 2012, 4:40 am

Hi. :)

Done. Adobe Reader is now installed.
Good, any further issues remaining?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Help needed with system check malware removal

Unread postby Cypher » February 2nd, 2012, 8:03 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware