Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware and virus problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: malware and virus problems

Unread postby saladfork » September 7th, 2009, 3:10 pm

Here are the logs as requested. As for the computer, it is running pretty much the same way it did before the infection (slow to begin with since the desktop is pretty old but my grandpa doesn't seem to mind =D ).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 03:09:19, on 2009/9/7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 1: (no name) - http://www.diyzone.net/images2/room2441ui5.jpg
O24 - Desktop Component 2: (no name) - http://www.diyzone.net/images2/room2464cl0.jpg
O24 - Desktop Component 3: (no name) - http://www.audioreview.com/channels/aud ... 126027.jpg
O24 - Desktop Component 4: (no name) - http://pics1.blog.yam.com/2/userfile/h/ ... 135e85.jpg
O24 - Desktop Component 5: (no name) - http://www.diyzone.net/images2/room2462av1.jpg
O24 - Desktop Component 6: (no name) - http://g.udn.com/community/img/style142/bg.jpg

--
End of file - 4722 bytes


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 15:08 on 07/09/2009 by Administrator (Administrator - Elevation successful)

========== dir ==========

C:\_OTM - Parameters: "(none)"

---Files---
None found.

---Folders---
MovedFiles d----- [15:57 04/09/2009]

C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307} - Parameters: "(none)"

---Files---
None found.

---Folders---
OFFLINE d----c [17:01 19/08/2009]

C:\WINDOWS\system32\images - Parameters: "(none)"

---Files---
i1.gif --a--- 1744 bytes [06:26 21/08/2009] [09:17 21/11/2008]
i2.gif --a--- 1663 bytes [06:26 21/08/2009] [09:17 21/11/2008]
i3.gif --a--- 1689 bytes [06:26 21/08/2009] [09:17 21/11/2008]
j1.gif --a--- 3957 bytes [06:26 21/08/2009] [09:12 21/11/2008]
j2.gif --a--- 47 bytes [06:26 21/08/2009] [09:12 21/11/2008]
j3.gif --a--- 3857 bytes [06:26 21/08/2009] [10:33 27/11/2008]
jj1.gif --a--- 114 bytes [06:26 21/08/2009] [09:14 21/11/2008]
jj2.gif --a--- 48 bytes [06:26 21/08/2009] [09:14 21/11/2008]
jj3.gif --a--- 105 bytes [06:26 21/08/2009] [09:40 21/11/2008]
l1.gif --a--- 3749 bytes [06:26 21/08/2009] [08:39 21/11/2008]
l2.gif --a--- 92 bytes [06:26 21/08/2009] [08:39 21/11/2008]
l3.gif --a--- 468 bytes [06:26 21/08/2009] [08:40 21/11/2008]
pix.gif --a--- 70 bytes [06:26 21/08/2009] [09:44 21/11/2008]
t1.gif --a--- 621 bytes [06:26 21/08/2009] [08:47 21/11/2008]
t2.gif --a--- 1015 bytes [06:26 21/08/2009] [09:17 21/11/2008]
up1.gif --a--- 5568 bytes [06:26 21/08/2009] [08:28 21/11/2008]
up2.gif --a--- 696 bytes [06:26 21/08/2009] [08:29 21/11/2008]
w1.gif --a--- 3028 bytes [06:26 21/08/2009] [08:56 21/11/2008]
w11.gif --a--- 3431 bytes [06:26 21/08/2009] [09:08 21/11/2008]
w2.gif --a--- 47 bytes [06:26 21/08/2009] [08:56 21/11/2008]
w3.gif --a--- 3430 bytes [06:26 21/08/2009] [10:30 27/11/2008]
w3.jpg --a--- 1912 bytes [06:26 21/08/2009] [10:34 27/11/2008]
wt1.gif --a--- 176 bytes [06:26 21/08/2009] [08:57 21/11/2008]
wt2.gif --a--- 51 bytes [06:26 21/08/2009] [08:57 21/11/2008]
wt3.gif --a--- 119 bytes [06:26 21/08/2009] [08:57 21/11/2008]

---Folders---
None found.

-=End Of File=-
saladfork
Regular Member
 
Posts: 32
Joined: November 27th, 2007, 10:20 pm
Advertisement
Register to Remove

Re: malware and virus problems

Unread postby melboy » September 8th, 2009, 7:47 am

Hi saladfork


SystemLook

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    C:\_OTM /sub 

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



ATF-Cleaner

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords
    please click No at the prompt.


    If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords
    please click No at the prompt.


  • Click Exit on the Main menu to close the program.


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply:
  1. ESET log
  2. SystemLook.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: malware and virus problems

Unread postby saladfork » September 8th, 2009, 3:24 pm

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=41b5632c01c3ff478c53944515fd76cc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-08 07:21:10
# local_time=2009-09-08 03:21:10 )
# country="Taiwan"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1026 37 83 95 876513906250
# scanned=29362
# found=3
# cleaned=0
# scan_time=1482
C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\69E6D3E5\3E688669\stbapp.exe a variant of Win32/Adware.DoubleD.AA application 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\B75FA91E\3E688669\stbsvc.exe a variant of Win32/Adware.DoubleD.AB application 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AB application 00000000000000000000000000000000 I


SystemLook Log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 14:45 on 08/09/2009 by Administrator (Administrator - Elevation successful)

========== dir ==========

C:\_OTM - Parameters: "/sub "

---Files---
None found.

C:\_OTM\MovedFiles d----- [15:57 04/09/2009]
09042009_235715.log --a--- 1746 bytes [15:57 04/09/2009] [15:57 04/09/2009]
09042009_235715.res --a--- 2 bytes [15:57 04/09/2009] [15:57 04/09/2009]

C:\_OTM\MovedFiles\09042009_235715 d----- [15:57 04/09/2009]

C:\_OTM\MovedFiles\09042009_235715\WINDOWS d----- [15:57 04/09/2009]

C:\_OTM\MovedFiles\09042009_235715\WINDOWS\system32 d----- [15:57 04/09/2009]

-=End Of File=-
saladfork
Regular Member
 
Posts: 32
Joined: November 27th, 2007, 10:20 pm

Re: malware and virus problems

Unread postby saladfork » September 8th, 2009, 10:54 pm

i forgot to check unwanted applications on my last ESEF run so here's a new log:

ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=41b5632c01c3ff478c53944515fd76cc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-08 07:21:10
# local_time=2009-09-08 03:21:10 )
# country="Taiwan"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1026 37 83 95 876513906250
# scanned=29362
# found=3
# cleaned=0
# scan_time=1482
C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\69E6D3E5\3E688669\stbapp.exe a variant of Win32/Adware.DoubleD.AA application 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\B75FA91E\3E688669\stbsvc.exe a variant of Win32/Adware.DoubleD.AB application 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AB application 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
saladfork
Regular Member
 
Posts: 32
Joined: November 27th, 2007, 10:20 pm

Re: malware and virus problems

Unread postby melboy » September 9th, 2009, 3:00 pm

Hi saladfork

Delete files and folders
Using Windows Explore by right-clicking the start button and left clicking Explore navigate to and find the following files and folders If found, delete them:

    Folders:

    C:\_OTM
    C:\WINDOWS\system32\images


    Files:

    C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\69E6D3E5\3E688669\stbapp.exe
    C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
    C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\EB91CE86\3E688669\stbdl.exe


Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.

  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: malware and virus problems

Unread postby saladfork » September 9th, 2009, 3:12 pm

Hi melboy,

It seems that none of the files (exe) were present in the specified folders. Here's the log as requested:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-09 15:11:27
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (4%) free of 29 GB
Total RAM: 631 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 03:11:57, on 2009/9/9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\桌面\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 1: (no name) - http://www.diyzone.net/images2/room2441ui5.jpg
O24 - Desktop Component 2: (no name) - http://www.diyzone.net/images2/room2464cl0.jpg
O24 - Desktop Component 3: (no name) - http://www.audioreview.com/channels/aud ... 126027.jpg
O24 - Desktop Component 4: (no name) - http://pics1.blog.yam.com/2/userfile/h/ ... 135e85.jpg
O24 - Desktop Component 5: (no name) - http://www.diyzone.net/images2/room2462av1.jpg
O24 - Desktop Component 6: (no name) - http://g.udn.com/community/img/style142/bg.jpg

--
End of file - 4719 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-07 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-04-07 1298542]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-10-23 155648]
"DT LGE"=C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-11 37888]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-07 2007832]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-17 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-17 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-17 455168]

C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-07 11952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Honey\kupeer\9kupe.exe"="C:\Program Files\Honey\kupeer\9kupe.exe:*:Enabled:Mxie"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ccf09c4-01e6-11db-854a-806d6172696f}]
shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c7bde4-8fac-11de-93ac-0010dc91cc91}]
shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaa7226a-c50b-11dc-8fcd-806d6172696f}]
shell\AutoRun\command - D:\iPodSetup.exe


======List of files/folders created in the last 1 months======

2009-09-09 12:16:16 ----HD---- C:\$AVG8.VAULT$
2009-09-09 11:53:56 ----D---- C:\WINDOWS\LastGood
2009-09-08 14:50:45 ----D---- C:\Program Files\ESET
2009-09-08 01:45:24 ----D---- C:\WINDOWS\system32\KB905474
2009-09-08 01:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-08 01:44:20 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-08 01:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-08 01:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-08 01:43:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-08 01:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-08 01:43:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-08 01:42:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-08 01:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-08 01:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-08 01:42:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-08 01:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-08 01:41:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-08 01:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-09-08 01:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-08 01:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-08 01:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-08 01:40:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-08 01:40:24 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-08 01:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-08 01:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-08 01:39:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-08 01:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-08 01:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-08 01:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-09-08 01:38:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-08 01:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-08 01:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-09-07 15:16:05 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-09-07 15:01:26 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-09-07 15:00:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-09-07 14:59:55 ----D---- C:\Program Files\AVG
2009-09-07 14:59:55 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-09-07 14:55:45 ----D---- C:\WINDOWS\SxsCaPendDel
2009-09-07 12:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-07 12:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-09-07 12:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-07 12:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-07 12:15:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-07 12:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-07 12:15:04 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-07 12:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-09-07 12:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-07 12:14:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-07 12:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-07 12:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-07 12:09:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-07 12:08:35 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-09-07 12:06:13 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-07 12:06:13 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-06 15:30:46 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG8
2009-09-05 00:38:20 ----D---- C:\rsit
2009-09-05 00:03:31 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-05 00:03:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-05 00:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-24 00:08:59 ----D---- C:\Program Files\Trend Micro
2009-08-23 14:17:40 ----D---- C:\Documents and Settings\Administrator\Application Data\U3
2009-08-20 01:01:34 ----HDC---- C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}

======List of files/folders modified in the last 1 months======

2009-09-09 15:06:21 ----D---- C:\WINDOWS\system32
2009-09-09 13:20:26 ----D---- C:\WINDOWS\Temp
2009-09-09 13:03:49 ----D---- C:\Program Files\Mozilla Firefox
2009-09-09 11:54:44 ----D---- C:\WINDOWS\inf
2009-09-09 11:53:56 ----D---- C:\WINDOWS
2009-09-09 11:53:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-09 02:20:24 ----SD---- C:\WINDOWS\Tasks
2009-09-09 02:19:49 ----SHD---- C:\WINDOWS\Installer
2009-09-09 02:19:48 ----D---- C:\WINDOWS\WinSxS
2009-09-08 14:50:45 ----RD---- C:\Program Files
2009-09-08 12:12:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-09-08 12:06:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-08 12:06:25 ----D---- C:\WINDOWS\system32\wbem
2009-09-08 12:06:25 ----D---- C:\WINDOWS\system32\Setup
2009-09-08 12:06:24 ----D---- C:\WINDOWS\system32\drivers
2009-09-08 01:44:42 ----A---- C:\WINDOWS\imsins.BAK
2009-09-08 01:44:28 ----D---- C:\Program Files\Internet Explorer
2009-09-07 16:12:10 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-07 15:16:04 ----D---- C:\WINDOWS\Debug
2009-09-07 15:07:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-07 15:06:25 ----D---- C:\Program Files\Common Files\Adobe
2009-09-07 15:05:56 ----D---- C:\Program Files\Adobe
2009-09-07 15:01:47 ----D---- C:\Documents and Settings
2009-09-07 14:59:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-07 14:59:30 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-09-07 14:55:49 ----D---- C:\WINDOWS\system32\appmgmt
2009-09-07 14:44:00 ----D---- C:\WINDOWS\AppPatch
2009-09-07 14:44:00 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-07 12:15:18 ----D---- C:\Program Files\Outlook Express
2009-09-07 12:05:58 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-07 12:05:58 ----D---- C:\WINDOWS\Help
2009-09-05 00:39:49 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-09-04 17:58:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-17 00:05:02 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-07 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-07 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-09-07 108552]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-17 12160]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-04-06 25600]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-17 45312]
R3 BCM43XX;Wireless-G PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2003-02-12 166272]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 trid3d;trid3d; C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 222336]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-06-16 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-17 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2005-06-16 17024]
R3 USBSTOR;USB 大容量存储设备; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-06-16 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\drivers\usbuhci.sys [2004-08-17 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-04-06 89472]
S3 AmdK6;AMD K6 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk6.sys [2004-08-16 39808]
S3 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-16 40192]
S3 AmdK8;AMD K8 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk8.sys [2005-07-21 33280]
S3 Crusoe;Transmeta Crusoe Processor Driver; C:\WINDOWS\system32\drivers\crusoe.sys [2004-08-17 39296]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 WMP11V27;Instant Wireless PCI Card V2.7 Driver; C:\WINDOWS\system32\DRIVERS\WMP11V27.sys [2002-07-30 171776]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73216]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-07 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-07 297752]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-04-06 929904]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------
saladfork
Regular Member
 
Posts: 32
Joined: November 27th, 2007, 10:20 pm

Re: malware and virus problems

Unread postby melboy » September 9th, 2009, 6:17 pm

Hi

Did you (or your grandpa) purposely set the following Desktop components yourself?
(Active Desktop Components are local or remote html files that are embedded directly onto your desktop as a background)

O24 - Desktop Component 1: (no name) - http://www.diyzone.net/images2/room2441ui5.jpg
O24 - Desktop Component 2: (no name) - http://www.diyzone.net/images2/room2464cl0.jpg
O24 - Desktop Component 3: (no name) - http://www.audioreview.com/channels/aud ... 126027.jpg
O24 - Desktop Component 4: (no name) - http://pics1.blog.yam.com/2/userfile/h/ ... 135e85.jpg
O24 - Desktop Component 5: (no name) - http://www.diyzone.net/images2/room2462av1.jpg
O24 - Desktop Component 6: (no name) - http://g.udn.com/community/img/style142/bg.jpg


low on disk space

System drive C: has 1 GB (4%) free of 29 GB

The partition with the system needs at least 15% Free Space, or it will bog down and run very slowly.

Please try to uninstall some software you do not need and/or move any documents/files/pictures etc to a form of removable media. (CD, DVD, USB flash drive etc)

  • Go to Start, My Computer
  • Right-click on the hard-drive letter for the system, (usually C: )
  • Click Properties
  • Under the General tab Uncheck the box labeled "Allow Indexing Service to index this disk for fast file searching"
  • Click Apply
  • If it asks whether to apply to all files and folders, answer Yes.
  • You may have to wait while it resets the file attributes.
  • Click OK

Reboot the machine.


RegQuery

Please download RegQuery by Noviciate to your desktop

  • Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
  • Double click RegQuery.exe to run the program
  • Paste the text you have copied using CRTL and V, into the textbox
  • Click the Query button
  • A Notepad file will open. Please paste the contents in your next reply
  • You may now close the RegQuery program
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: malware and virus problems

Unread postby saladfork » September 10th, 2009, 8:07 pm

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=""
"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
saladfork
Regular Member
 
Posts: 32
Joined: November 27th, 2007, 10:20 pm

Re: malware and virus problems

Unread postby melboy » September 12th, 2009, 7:49 am

Hi saladfork


RSIT (Random's System Information Tool)

  • Ensure rsit.exe is on your desktop
  • Click Start > Run
  • Copy/paste the following into the run box & click OK
    "%userprofile%\desktop\rsit.exe" /info
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt (<< will be maximized) and info.txt (<< will be minimized)
  • Copy & paste the contents of both logs in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: malware and virus problems

Unread postby saladfork » September 12th, 2009, 5:31 pm

I seem to be getting an error message each time i paste the text into the run box and I can't really tell you what the exact message is because most of it is in cantonese and i cannot read it. Also, I am also going back to school for the fall and i will not be able to work on this computer until probably two weekends later when i do come back. Please let me know if there is anything crucial that i have to fix and i will get back to you ASAP but if the computer seems to be fine then there is no need to continue helping me on it. Thank you for taking your time to fix the issues with this computer but unfortunately I cannot proceed any further.
saladfork
Regular Member
 
Posts: 32
Joined: November 27th, 2007, 10:20 pm

Re: malware and virus problems

Unread postby melboy » September 13th, 2009, 3:54 pm

Hi saladfork

I can appreciate you are running out of time, however I would have preferred one more run of RSIT before I could say for sure you are clean even if you aren't experiencing any other issues you think may be malware related. Your previous RSIT scan did look okay though.

So although I can't officially declare you all clean, please follow the advice below:

In addition to my previous advice on freeing up some Hard Drive space, please have a read of the following article.

http://www.malwareremoval.com/tutorials ... slowly.php


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Clear Infected System Restore Points
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
      Restart your computer

      • Turn System Restore on
      • On the Desktop, right click on the My Computer icon.
      • Click Properties.
      • Click the System Restore tab.
      • Uncheck Turn off System Restore on all drives.
      • Click Apply
      • Click each drive in turn where system restore is not required and click Settings
        Note: System restore is only needed on drives with an operating system installed
      • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.
      Note: only do this once, and not on a regular basis

    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
      Uninstall Tools for Major Antivirus Products

    • Install and use a firewall with outbound protection
      The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
      Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
      Suggestions:

      [Please note that trial pay is not needed to get any product for free.]

    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    • Make Internet Explorer More Secure
      Internet Explorer 8 <<< Recommended Version
      For older versions please read and follow the recommendations at this site
      Internet Explorer7
      Internet Explorer6


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • Malwarebytes' Anti-Malware
      As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
      You can find a tutorial HERE.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: malware and virus problems

Unread postby saladfork » September 16th, 2009, 4:27 pm

Sorry for the late reply but I have read everything and I will do the tasks once i get back. Once again thanks for taking your time to help.
saladfork
Regular Member
 
Posts: 32
Joined: November 27th, 2007, 10:20 pm

Re: malware and virus problems

Unread postby Carolyn » September 17th, 2009, 7:57 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 151 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware