its a trial version for 30 days which is due to expire very soon
its a trial version for 30 days which is due to expire very soon
Since its a trial version and is going to expire soon, let's replace AVG's AV and Firewall with a free AV and Firewall. That way don't have to worry about obtaining license keys.
Here are two free AntiViruses to choose from:
1)Antivir PersonalEdition Classic
2)avast! Home Edition
Download and install only one!
Once you've downloaded the setup file for your new AV, unplug your computer from the Internet. Next uninstall AVG via Add/Remove Programs. Once that's done, reboot your computer. When your computer has booted back up, install your new AntiVirus. Finally, reconnect your computer back to the Internet and update your new AV.
Here are some free Firewalls to replace AVG's firewall:
Please download and install only one!
Repeat the same steps as before (disconnect from 'Net, uninstall AVG Firewall, reboot computer, install new Firewall, reconnect to Net, update firewall (if you can))
Also, do the following:
Once the new firewall is installed, check to see that the Windows Firewall is disabled. To do so follow these steps:
1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, check to see if Off (not recommended) is checkmarked/ticked, if it is not, then checkmark/tick the box and click OK
Let me know once you've done everything and we'll continue.
003294? How are things coming along?
going to begin with above now, will keep you posted
All done, decided to install jetico firwall and avira anti virus, I have updated, what is the next stage now?
Registry Cleaners + "Tweak" Tools
Re. Registry Mechanic 9.0
I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools
They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.
Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !
To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.
discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/...eaking_13.html
Step # 1 Update Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6u20.
- Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Remove the following old versions of Java:
- Java(TM) 6 Update 2
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- From your desktop double-click on the download to install the newest version.
Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Step # 3 Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
In your next post/reply, I need to see the following:
1. MalwareBytes' Log
2. A fresh DDS Log
Java has been updated & I've used the cleaner program above. As for the firewall's I've had no choice but to get rid of jetico firewall and avira anti virus as this caused way too many problems in me trying to connect to the net, The moment I close both firewall and anit virus programs my net works fine.
I've gone to AVG 8.5 free edition for now and have updated. 1 infection found with malwarebites (adware.ezlife), DDS log below, I think this bug is almost gone as I'm no longer getting the random pop ups
MALWAREBITES
Time elapsed: 4 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 22:58:33.51 on 24/05/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1225 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AHEAD\NEROPH~2\DATA\XTRAS\MSSYSMGR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trigold\Update\TRUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpmup091.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Admin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://bbc.co.uk/news
uURLSearchHooks: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe0.dll
uURLSearchHooks: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
BHO: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe0.dll
{02478d38-c3f9-4efb-9b51-7695eca05670}
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: thechatterbox.cc Toolbar: {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - c:\program files\thechatterbox.cc\tbthe0.dll
TB: W1zardm0ds.co.uk Toolbar: {813cf69b-bebf-423d-9936-eb451ffab26f} - c:\program files\w1zardm0ds.co.uk\tbW1z0.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~2\data\xtras\MSSYSMGR.EXE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: threesixtytraining.co.uk\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3EDBA9C8-BB88-4DB6-9EB4-CA2BDAEF10FC} - hxxp://downloads.privatepost.com/files/ppZDHelper/ppZDHelper.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.landlorddirect.com/js/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://btc.webex.com/client/T25LSP41EP13-LOCKDOWN/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {B5475F04-47B0-4D4E-BFE7-E842F18F1492} = 4.2.2.2,4.2.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-23 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-23 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-23 242896]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-23 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-23 125160]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-23 308064]
R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-5-8 632792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-23 779496]
R2 TRUService;TrigoldCrystal Update Service;c:\program files\trigold\update\TRUService.exe [2009-10-31 135816]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-10 136176]
=============== Created Last 30 ================
2010-05-24 21:51:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-24 21:51:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-23 23:14:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-23 23:14:25 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 22:44:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-23 22:43:59 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-23 22:43:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-23 22:43:47 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-19 19:38:57 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-19 19:38:49 40960 ----a-w- c:\windows\system32\F5D7051.dll
2010-05-19 19:38:49 29184 ----a-w- c:\windows\system32\drivers\RNDISMPK.sys
2010-05-19 19:38:49 13824 ----a-w- c:\windows\system32\drivers\usb8023k.sys
2010-05-19 19:38:47 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-05-19 19:38:47 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2010-05-19 19:38:47 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-05-19 19:38:46 1396831 ----a-w- c:\windows\system32\AegisE5.dll
2010-05-19 19:38:46 0 d-----w- c:\program files\Belkin
2010-05-14 23:23:27 0 d-sha-r- C:\cmdcons
2010-05-14 23:22:33 98816 ----a-w- c:\windows\sed.exe
2010-05-14 23:06:33 77312 ----a-w- c:\windows\MBR.exe
2010-05-14 23:06:33 256512 ----a-w- c:\windows\PEV.exe
2010-05-14 23:06:33 161792 ----a-w- c:\windows\SWREG.exe
2010-05-09 20:45:57 0 d-----w- c:\program files\CleanMyPC Popup Blocker
2010-05-08 14:02:30 0 d-----w- c:\docume~1\admin\applic~1\Registry Mechanic
2010-05-08 13:47:32 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-05-08 13:47:32 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-05-08 13:47:32 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-05-08 13:47:31 0 d-----w- c:\program files\common files\PC Tools
2010-05-07 19:10:34 0 d-----w- c:\windows\SxsCaPendDel
2010-05-06 17:43:34 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-06 17:41:27 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~0
2010-05-06 17:41:09 0 d-----w- c:\program files\Lavasoft
2010-04-28 18:00:54 0 d-----w- c:\docume~1\admin\applic~1\Sammsoft
2010-04-28 16:52:20 0 d-----w- c:\docume~1\admin\applic~1\Trusteer
2010-04-28 16:52:15 0 d-----w- c:\program files\Trusteer
2010-04-28 16:51:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Trusteer
2010-04-26 18:29:51 0 d-----w- c:\windows\ServicePackFiles
2010-04-26 17:35:39 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-04-26 17:35:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-26 17:35:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
==================== Find3M ====================
2010-05-14 12:00:54 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-04-20 10:05:36 4212 ---h--w- c:\windows\system32\zllictbl.dat
============= FINISH: 22:59:11.89 ===============
Your DDS Log looks good.
It looks like the top part of the MalwareBytes' Log you posted got cut off. Please post everything above the Time elapsed: 4 minute(s), 49 second(s) line in your next post/reply.
Step # 1: Run Kaspersky Online Scan
Please go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
- Please post this log in your next reply.
In your next post/reply, I need to see the following:
1. The top part of the MBAM Log
2. Kaspersky Log
3. How is your computer doing, any problems?
Top Part of MBAM Log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4140
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
24/05/2010 22:57:55
mbam-log-2010-05-24 (22-57-55).txt
Scan type: Quick scan
Objects scanned: 127304
Time elapsed: 4 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
Kasperski Log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 25, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 25, 2010 06:57:50
Records in database: 4171379
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Objects scanned: 63148
Threats found: 4
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 01:37:16
File name / Threat / Threats count
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\61\757db4fd-36fff2bd Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-10aad6fd Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\5473416c-1e10dde3 Infected: Exploit.Java.Agent.f 1
C:\Program Files\SolarWinds\Free Tools\~GLH0031.TMP Infected: not-a-virus:Server-FTP.Win32.Tftp.500 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelppm.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{6ADE42A1-A5D1-4E5E-8204-E809371069BE}\RP291\A0031740.exe Infected: not-a-virus:Server-FTP.Win32.Tftp.500 1
C:\System Volume Information\_restore{6ADE42A1-A5D1-4E5E-8204-E809371069BE}\RP307\A0038640.exe Infected: Trojan.Win32.FraudPack.avii 1
Selected area has been scanned.
I did run another scan with MBAM this morning no bugs found.
Overall the computer is performing alot better since the combo fix, the pop-ups have completely gone, I am able to search things via google and click on websites without another totally different website coming. However the amount of infections found via kasperski is a concern. I'll let you be the judge based on logs. However I am yet to run a spybot search, not sure if this is necassary?
Don't really see the need to run a scan with Spybot. Maybe if MalwareBytes' found something when you ran it, but it didn't.However I am yet to run a spybot search, not sure if this is necassary?
Kaspersky found a file in the Qoobox folder which is where ComboFix keeps its quarantined files. I'll show you how to remove ComboFix (and its quarantined files) in an upcoming post. Kaspersky also found some infected System Restore points. They are harmless where they are. I'll show you how to remove them and set a new, clean one in an upcoming post.
Step # 1 Clear Java's Cache
Click Start > Control Panel
- Double-click the Java icon in the control panel. (coffeecup icon)
- Click Settings under Temporary Internet Files.
-The Temporary Files Settings dialog box appears.
- Click Delete Files.
-The Delete Temporary Files dialog box appears.
-There are two options on this window to clear the cache.
- Applications and Applets
- Trace and Log Files
Make sure both are checked.
Click OK on Delete Temporary Files window.
-Note: This deletes all the Downloaded Applications and Applets from the cache.
Click OK on Temporary Files Settings window.
Close the Java Control Panel
Posting Permissions
