Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help a lost soul

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help a lost soul

Unread postby dan12 » May 2nd, 2009, 3:06 am

Ok, see how you go,anything your not sure of ask :)

Run ComboFix once.

Then without rebooting, copy ndis.sys from another machine into dllcache.

Rename %system%\drivers\ndis.sys to ndis.bad. Wait 5 secs before refreshing the window.
Windows File Protection (WFP) shall replace it with the clean copy

Reboot machine & delete ndis.old

let me see the combo output report.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Re: Please help a lost soul

Unread postby dan12 » May 4th, 2009, 4:31 am

How you doing?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » May 4th, 2009, 5:58 am

The obstacle in my situation Dan is that the computers I can get to, none of them run Windows XP home edition. I'm at a bit of a loss as to what to do, do you have a copy of ndis.sys that you could send me or whatever?
All this help is much appreciated Dan! You're a star.
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby nineinchheel » May 6th, 2009, 11:19 am

Okay Dan,
I was able to find a friend who was running windows xp home edition so was able to follow your instructions. When you ask to see the combo output report, did you want me run combofix once again, after the file had been replaced?
Below is the output report from when I ran combofix as the first step of your instructions:

ComboFix 09-05-05.04 - George 06/05/2009 15:51.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.382.123 [GMT 1:00]
Running from: c:\documents and settings\George\Desktop\Godiva.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-04-25 19:41 . 2009-04-25 19:41 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-25 11:40 . 2009-04-25 12:16 -------- d-----w c:\program files\AVIConverter
2009-04-25 11:27 . 2009-04-25 11:28 -------- d-----w C:\Combo-Fix
2009-04-23 08:15 . 2009-04-23 08:15 -------- d-----w c:\documents and settings\George\Application Data\Malwarebytes
2009-04-23 08:14 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 08:14 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 08:14 . 2009-04-23 08:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 08:14 . 2009-04-23 08:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 00:06 . 2009-04-23 00:06 -------- d-s---w c:\windows\system32\config\systemprofile\UserData
2009-04-22 17:49 . 2009-04-22 17:49 -------- d-----w c:\program files\Trend Micro
2009-04-22 09:31 . 2009-04-23 09:17 -------- d-----w c:\documents and settings\George\Application Data\Twain
2009-04-22 00:26 . 2009-04-23 18:34 -------- d-----w C:\ComboFix
2009-04-21 23:48 . 2009-04-21 23:48 577024 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-21 23:45 . 2009-04-21 23:45 -------- d-----w c:\windows\ERUNT
2009-04-21 13:35 . 2009-04-21 13:35 213376 -c--a-w c:\windows\system32\dllcache\ndis.sys
2009-04-18 10:41 . 2003-06-25 15:05 266360 ----a-w c:\windows\system32\TweakUI.exe
2009-04-18 10:14 . 2009-04-18 10:34 -------- d-----w c:\program files\iColorFolder
2009-04-18 09:58 . 2009-04-18 09:58 -------- d-----w c:\program files\IconXP
2009-04-17 00:19 . 2009-04-19 10:11 -------- d-----w c:\windows\Windows98_icons
2009-04-17 00:17 . 2009-04-17 00:17 -------- d-----w c:\program files\Mystik Media
2009-04-17 00:16 . 2009-04-17 00:17 -------- dc-h--w c:\documents and settings\All Users\Application Data\{E33597A3-E995-4DA4-A3A0-F1775979A8E0}
2009-04-16 19:02 . 2007-05-17 16:30 318976 ----a-w c:\windows\system32\avisynth.dll
2009-04-16 19:02 . 2004-02-22 09:11 719872 ----a-w c:\windows\system32\devil.dll
2009-04-16 19:02 . 2004-01-24 23:00 70656 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-16 19:02 . 2004-01-24 23:00 70656 ----a-w c:\windows\system32\i420vfw.dll
2009-04-16 19:02 . 2009-04-16 19:02 -------- d-----w c:\program files\AviSynth 2.5
2009-04-16 19:01 . 2008-03-16 13:30 216064 --sh--r c:\windows\system32\nbDX.dll
2009-04-16 19:01 . 2007-02-21 11:47 31232 --sh--r c:\windows\system32\msfDX.dll
2009-04-16 19:01 . 2006-05-03 10:06 163328 --sh--r c:\windows\system32\flvDX.dll
2009-04-16 19:01 . 2009-04-16 19:01 -------- d-----w c:\program files\eRightSoft
2009-04-15 23:30 . 2009-04-15 23:30 -------- d-----w c:\program files\XeroBank
2009-04-15 15:13 . 2004-07-29 01:19 175104 ----a-w c:\windows\lame_enc.dll
2009-04-14 22:10 . 2009-04-14 22:10 0 ----a-w c:\windows\nsreg.dat
2009-04-14 22:09 . 2009-04-14 22:10 -------- d-----w c:\documents and settings\George\Application Data\Thunderbird
2009-04-14 22:09 . 2009-04-14 22:11 -------- d-----w c:\documents and settings\George\Local Settings\Application Data\Thunderbird
2009-04-14 22:08 . 2009-05-06 14:17 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-12 16:41 . 2009-04-12 16:41 -------- d-----w c:\documents and settings\George\Bullfrog
2009-04-12 16:41 . 2009-04-12 16:41 -------- d-----w c:\windows\system\KEEPER
2009-04-12 03:42 . 2009-04-12 03:42 -------- d-----w c:\program files\ebrary
2009-04-09 00:10 . 2009-04-09 00:10 -------- d-----w c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 13:17 . 2008-07-28 22:59 -------- d-----w c:\program files\StarCraft
2009-05-02 00:18 . 2007-10-22 00:08 -------- d-----w c:\program files\eMusic Remote
2009-04-25 19:43 . 2006-05-22 13:08 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-21 13:35 . 2006-05-22 07:36 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-16 21:48 . 2006-09-03 14:31 66648 ----a-w c:\documents and settings\George\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-30 19:01 . 2008-07-05 10:14 557469 ----a-w c:\windows\system32\libmplayer.dll
2009-03-30 19:01 . 2008-07-05 10:14 4426841 ----a-w c:\windows\system32\libavcodec.dll
2009-03-30 19:01 . 2008-07-05 10:13 849136 ----a-w c:\windows\system32\ff_x264.dll
2009-03-30 19:01 . 2008-06-13 10:39 98304 ----a-w c:\windows\system32\ff_wmv9.dll
2009-03-30 19:01 . 2008-06-12 17:36 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-03-30 19:01 . 2004-12-20 10:03 828029 ----a-w c:\windows\system32\xvidcore.dll
2009-02-24 19:35 . 2006-10-03 16:23 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2006-10-02 11:36 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2006-10-02 11:36 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-23 21:52 . 2009-02-23 21:44 246 ----a-w c:\windows\filelisting.bat
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll
2007-04-17 23:20 . 2007-04-17 23:20 56 --sh--r c:\windows\system32\512601FDB7.sys
2006-05-03 10:06 . 2009-04-16 19:01 163328 --sh--r c:\windows\system32\flvDX.dll
2007-04-17 23:20 . 2007-04-17 23:20 1890 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2009-04-16 19:01 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-16 19:01 216064 --sh--r c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-04-21 13:35 213376 3D748D850B1C17C357C54BBFD4835F27 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-21 13:35 213376 3D748D850B1C17C357C54BBFD4835F27 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_18.43.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-06 14:42 . 2009-05-06 14:42 16384 c:\windows\Temp\Perflib_Perfdata_41c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-18 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-03-16 634880]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-18 16143872]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-18 89541]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-11 266240]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\inf\\explorer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22178:TCP"= 22178:TCP:BitComet 22178 TCP
"22178:UDP"= 22178:UDP:BitComet 22178 UDP

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [01/02/2007 20:40 101120]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [01/02/2007 20:40 33408]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [14/11/2007 19:08 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [28/11/2007 13:53 98304]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18/04/2006 15:12 98816]
S1 d83568e8;d83568e8;c:\windows\system32\drivers\d83568e8.sys --> c:\windows\system32\drivers\d83568e8.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-06-27 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2006-05-22 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B98AAA0F-DE81-4AC5-B45A-FACC2E6BC232} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\g3sq6njz.default\
FF - prefs.js: browser.startup.homepage - hxxp://vle.coventry.ac.uk/webct/entryPageIns.dowebct
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 15:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(1772)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2009-05-06 15:57
ComboFix-quarantined-files.txt 2009-05-06 14:56
ComboFix2.txt 2009-05-06 14:48
ComboFix3.txt 2009-04-29 18:58
ComboFix4.txt 2009-04-25 22:48
ComboFix5.txt 2009-05-06 14:50

Pre-Run: 197,423,104 bytes free
Post-Run: 183,345,152 bytes free

194
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » May 6th, 2009, 2:47 pm

Hi, I need to see the report after the file deletion not the one created during the initial steps. Run cf again for me and post the report.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » May 6th, 2009, 7:52 pm

ComboFix 09-05-06.02 - George 07/05/2009 0:45.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.382.171 [GMT 1:00]
Running from: c:\documents and settings\George\Desktop\Godiva.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-04-25 19:41 . 2009-04-25 19:41 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-25 11:40 . 2009-04-25 12:16 -------- d-----w c:\program files\AVIConverter
2009-04-25 11:27 . 2009-04-25 11:28 -------- d-----w C:\Combo-Fix
2009-04-23 08:15 . 2009-04-23 08:15 -------- d-----w c:\documents and settings\George\Application Data\Malwarebytes
2009-04-23 08:14 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 08:14 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 08:14 . 2009-04-23 08:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 08:14 . 2009-04-23 08:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 00:06 . 2009-04-23 00:06 -------- d-s---w c:\windows\system32\config\systemprofile\UserData
2009-04-22 17:49 . 2009-04-22 17:49 -------- d-----w c:\program files\Trend Micro
2009-04-22 09:31 . 2009-04-23 09:17 -------- d-----w c:\documents and settings\George\Application Data\Twain
2009-04-22 00:26 . 2009-04-23 18:34 -------- d-----w C:\ComboFix
2009-04-21 23:48 . 2009-04-21 23:48 577024 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-21 23:45 . 2009-04-21 23:45 -------- d-----w c:\windows\ERUNT
2009-04-18 10:41 . 2003-06-25 15:05 266360 ----a-w c:\windows\system32\TweakUI.exe
2009-04-18 10:14 . 2009-04-18 10:34 -------- d-----w c:\program files\iColorFolder
2009-04-18 09:58 . 2009-04-18 09:58 -------- d-----w c:\program files\IconXP
2009-04-17 00:19 . 2009-04-19 10:11 -------- d-----w c:\windows\Windows98_icons
2009-04-17 00:17 . 2009-04-17 00:17 -------- d-----w c:\program files\Mystik Media
2009-04-17 00:16 . 2009-04-17 00:17 -------- dc-h--w c:\documents and settings\All Users\Application Data\{E33597A3-E995-4DA4-A3A0-F1775979A8E0}
2009-04-16 19:02 . 2007-05-17 16:30 318976 ----a-w c:\windows\system32\avisynth.dll
2009-04-16 19:02 . 2004-02-22 09:11 719872 ----a-w c:\windows\system32\devil.dll
2009-04-16 19:02 . 2004-01-24 23:00 70656 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-16 19:02 . 2004-01-24 23:00 70656 ----a-w c:\windows\system32\i420vfw.dll
2009-04-16 19:02 . 2009-04-16 19:02 -------- d-----w c:\program files\AviSynth 2.5
2009-04-16 19:01 . 2008-03-16 13:30 216064 --sh--r c:\windows\system32\nbDX.dll
2009-04-16 19:01 . 2007-02-21 11:47 31232 --sh--r c:\windows\system32\msfDX.dll
2009-04-16 19:01 . 2006-05-03 10:06 163328 --sh--r c:\windows\system32\flvDX.dll
2009-04-16 19:01 . 2009-04-16 19:01 -------- d-----w c:\program files\eRightSoft
2009-04-15 23:30 . 2009-04-15 23:30 -------- d-----w c:\program files\XeroBank
2009-04-15 15:13 . 2004-07-29 01:19 175104 ----a-w c:\windows\lame_enc.dll
2009-04-14 22:10 . 2009-04-14 22:10 0 ----a-w c:\windows\nsreg.dat
2009-04-14 22:09 . 2009-04-14 22:10 -------- d-----w c:\documents and settings\George\Application Data\Thunderbird
2009-04-14 22:09 . 2009-04-14 22:11 -------- d-----w c:\documents and settings\George\Local Settings\Application Data\Thunderbird
2009-04-14 22:08 . 2009-05-06 23:40 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-12 16:41 . 2009-04-12 16:41 -------- d-----w c:\documents and settings\George\Bullfrog
2009-04-12 16:41 . 2009-04-12 16:41 -------- d-----w c:\windows\system\KEEPER
2009-04-12 03:42 . 2009-04-12 03:42 -------- d-----w c:\program files\ebrary
2009-04-09 00:10 . 2009-04-09 00:10 -------- d-----w c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 13:17 . 2008-07-28 22:59 -------- d-----w c:\program files\StarCraft
2009-05-02 00:18 . 2007-10-22 00:08 -------- d-----w c:\program files\eMusic Remote
2009-04-25 19:43 . 2006-05-22 13:08 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-16 21:48 . 2006-09-03 14:31 66648 ----a-w c:\documents and settings\George\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-30 19:01 . 2008-07-05 10:14 557469 ----a-w c:\windows\system32\libmplayer.dll
2009-03-30 19:01 . 2008-07-05 10:14 4426841 ----a-w c:\windows\system32\libavcodec.dll
2009-03-30 19:01 . 2008-07-05 10:13 849136 ----a-w c:\windows\system32\ff_x264.dll
2009-03-30 19:01 . 2008-06-13 10:39 98304 ----a-w c:\windows\system32\ff_wmv9.dll
2009-03-30 19:01 . 2008-06-12 17:36 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-03-30 19:01 . 2004-12-20 10:03 828029 ----a-w c:\windows\system32\xvidcore.dll
2009-02-24 19:35 . 2006-10-03 16:23 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2006-10-02 11:36 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2006-10-02 11:36 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-23 21:52 . 2009-02-23 21:44 246 ----a-w c:\windows\filelisting.bat
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll
2007-04-17 23:20 . 2007-04-17 23:20 56 --sh--r c:\windows\system32\512601FDB7.sys
2006-05-03 10:06 . 2009-04-16 19:01 163328 --sh--r c:\windows\system32\flvDX.dll
2007-04-17 23:20 . 2007-04-17 23:20 1890 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2009-04-16 19:01 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-16 19:01 216064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-23_18.43.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-06 15:11 . 2009-05-06 15:11 16384 c:\windows\Temp\Perflib_Perfdata_434.dat
+ 2006-05-22 07:36 . 2004-08-04 12:00 182912 c:\windows\system32\drivers\ndis.sys
+ 2006-05-22 07:36 . 2004-08-04 12:00 182912 c:\windows\system32\dllcache\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-09-18 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-03-16 634880]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-18 16143872]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-18 89541]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-11 266240]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\inf\\explorer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22178:TCP"= 22178:TCP:BitComet 22178 TCP
"22178:UDP"= 22178:UDP:BitComet 22178 UDP

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [01/02/2007 20:40 101120]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [01/02/2007 20:40 33408]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [14/11/2007 19:08 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [28/11/2007 13:53 98304]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18/04/2006 15:12 98816]
S1 d83568e8;d83568e8;c:\windows\system32\drivers\d83568e8.sys --> c:\windows\system32\drivers\d83568e8.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-06-27 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2006-05-22 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B98AAA0F-DE81-4AC5-B45A-FACC2E6BC232} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\g3sq6njz.default\
FF - prefs.js: browser.startup.homepage - hxxp://vle.coventry.ac.uk/webct/entryPageIns.dowebct
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 00:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2009-05-06 0:50
ComboFix-quarantined-files.txt 2009-05-06 23:49
ComboFix2.txt 2009-05-06 14:57
ComboFix3.txt 2009-05-06 14:48
ComboFix4.txt 2009-04-29 18:58
ComboFix5.txt 2009-05-06 23:43

Pre-Run: 387,231,744 bytes free
Post-Run: 377,749,504 bytes free

190
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » May 8th, 2009, 4:32 am

Looking better :) Can you let me know how things are with the pc now.
let me have a fresh HJT log as it's been a few days since I saw one.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » May 8th, 2009, 6:34 am

My computer does seem to be running much better, thank you Dan! However, Opera is the browser I use the most. I find when I close it the amount of memory is uses suddenly shoots up for betwen 5 and ten seconds before the process finishes. Is this a normal sympton of Opera, or a cuase for concern? HJT log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:40, on 08/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B98AAA0F-DE81-4AC5-B45A-FACC2E6BC232}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 5585 bytes
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » May 8th, 2009, 6:48 am

I have to be honest I don't use opera, have you checked to see your running the up to date version?
I will look over your log soon as I have to go out, so, will check in with you later.
Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » May 8th, 2009, 7:51 am

Yeah I updated it just yesterday but is doesn't seem to have made a difference. Thank you Dan, you've been ace!
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » May 9th, 2009, 1:14 pm

Can I see another online scan from kaspersky, use the link I gave you earlier..
Due to the infection, I want to make sure we have it all before I tidy up the tools I used.
Sorry for slight delay but have been working.
Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » May 9th, 2009, 5:59 pm

Dan you needn't apologise for being slow, I appreciate that you have commitments outside of helping me deal with malware. I really appreciate all the help you've given me so far. Kaspersky report follows:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 9, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 09, 2009 21:40:44
Records in database: 2152199
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 89775
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:11:12


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\George\My Documents\My Received Files\img.zip.vir Infected: Backdoor.Win32.SdBot.cwm 1
C:\Qoobox\Quarantine\C\Documents and Settings\George\My Documents\Real Lives 2007.rar.vir Infected: not-a-virus:AdWare.Win32.Rabio.nh 1
C:\Qoobox\Quarantine\C\SDFix\backups\backups.zip.vir Infected: Backdoor.Win32.HacDef.tpko 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe.vir Infected: not-a-virus:Dialer.Win32.BT.g 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthcjxmxmhqloymqpualunooqbrmutuuhhp.dll.vir Infected: Trojan.Win32.Tdss.aalc 1

The selected area was scanned.
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » May 10th, 2009, 2:38 am

Ok, were looking good. let's just clean up those quarantined entries.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Let me know it went all ok. :)
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help a lost soul

Unread postby nineinchheel » May 10th, 2009, 6:23 am

Seemed to go fine, got a prompt that Combofix was uninstalled sucessfully.
nineinchheel
Regular Member
 
Posts: 39
Joined: April 22nd, 2009, 5:04 am
Location: Coventry, West Midlands

Re: Please help a lost soul

Unread postby dan12 » May 11th, 2009, 2:14 am

Well done and for staying with me.

Congratulations you are clean! :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

You don't need to put all of these programs on your system unlike your Antivirus and firewall of which you can only have one of each.
However you can have several Antimalware programs

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Find here changes from older version 1.4 here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article here

Read some information here how to prevent Malware.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions.

>> Here << you can see how you can help us.

Happy safe surfing!

Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware