Can't run scan for spybot or hijack this

wrs81 · Jul 31, 2009

Everytime I run the spybot scan, the program just shuts down when the scan starts; the same happened with hijack this. When I try to re-open the program I get the error "Windows can not access the specified device, path, or file. You may not have permission to access the item." I've tried to unistall and reinstall the program, but it hasn't fixed the problem.

Also, when I do a search on Google and click on a results link, I am redirected to a different site.

Please help!

pskelley · Aug 1, 2009

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You must have read and followed the "Before you Post" instructions.

Sounds like you have a rootkit infection that is blocking the tools we need to use. Let's start with combofix and see if you can run it. Read and follow all directions carefully.

If this is Vista, make sure you are signed in as administrator and you will NOT install Recovery Console with Vista.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
http://www.bleepingcomputer.com/forums/topic114351.html
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

When the tool is finished, it will produce a report for you. Post that report and a new HJT log

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Thanks

wrs81 · Aug 2, 2009

Combofix Log

Here is my log from the combofix...thanks for your help!

ComboFix 09-07-31.04 - Waylon 08/01/2009 8:12.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.98 [GMT -7:00]
Running from: c:\documents and settings\Waylon.WAY\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\alurm.exe
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Ssk.log
c:\documents and settings\Waylon.WAY\Local Settings\Temporary Internet Files\ahiqoqamod.ban
c:\documents and settings\Waylon.WAY\Local Settings\Temporary Internet Files\bowatiny.lib
c:\documents and settings\Waylon.WAY\Local Settings\Temporary Internet Files\jyxafuz._dl
c:\documents and settings\Waylon\Application Data\Sskcwrd.dll
c:\documents and settings\Waylon\Application Data\Sskknwrd.dll
c:\documents and settings\Waylon\Local Settings\Temporary Internet Files\Ssk.log
c:\documents and settings\Waylon\Local Settings\Temporary Internet Files\Tvm.log
C:\lswmv.ini
c:\program files\AWS\WEATHE~1\MINIBU~1.DLL
c:\program files\Common Files\inetget
c:\program files\Common Files\inetget\mc-58-12-0000106.exe
c:\program files\Common Files\inetget2
c:\program files\Common Files\inetget2\mc-58-12-0000106.exe
c:\program files\Common Files\mc-58-12-0000106.exe
c:\program files\Common Files\services.exe
c:\program files\Common Files\system32.dll
c:\program files\Common Files\uninstall information
c:\program files\Common Files\windows
c:\program files\Common Files\windows\AutoIt3.exe
c:\program files\Common Files\windows\mc-58-12-0000106.exe
c:\program files\Common Files\windows\psapi.dll
c:\program files\Common Files\windows\services32.exe
c:\program files\CSBB
c:\program files\CSBB\CSV7P28.exe
c:\program files\dns
c:\program files\dns\affid.dat
c:\program files\dns\Catcher.dll
c:\program files\dns\cwebpage.dll
c:\program files\dns\gui.exe
c:\program files\dns\regexp.dat
c:\program files\dns\regexpDate.dat
c:\program files\dns\uid.dat
c:\program files\dns\urls.dat
c:\program files\dns\version.txt
c:\program files\dns\x.bmp
c:\program files\e2g
c:\program files\e2g\data19
c:\program files\e2g\IeBHOs.dll
c:\program files\MyWay
c:\program files\quick links
c:\program files\quick links\uninst.exe
c:\program files\SurfAccuracy
c:\program files\SurfAccuracy\SAcc.cfg
c:\program files\SurfAccuracy\SAcc.exe
c:\program files\SurfAccuracy\SAccU.exe
c:\recycler\S-1-5-21-4024994690-1321446302-4065617495-1006
c:\recycler\S-1-5-21-4024994690-1321446302-4065617495-500
c:\windows\system32\_scui.cpl
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\xwreg32.dll

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{460CC4EB-9EEE-4AE4-81F3-BC4CF43187BA}\RP913\A0034778.sys

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{460CC4EB-9EEE-4AE4-81F3-BC4CF43187BA}\RP913\A0034780.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-08-01 15:28 . 2004-08-04 07:56 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-01 15:28 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-01 15:24 . 2001-08-23 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-01 15:24 . 2001-08-23 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-07-31 05:26 . 2009-07-31 05:26 -------- d-----w- c:\program files\Trend Micro
2009-07-30 05:05 . 2009-07-30 05:09 -------- d-----w- c:\program files\Spybot - Search & Destroy4
2009-07-30 03:58 . 2009-07-30 05:03 -------- d-----w- c:\program files\Spybot - Search & Destroy3
2009-07-30 03:08 . 2009-07-30 03:31 -------- d-----w- c:\program files\Spybot - Search & Destroy2
2009-07-28 02:33 . 2008-10-16 21:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-28 02:33 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-26 18:31 . 2007-03-29 12:56 8192 -c----w- c:\windows\system32\dllcache\bitsprx2.dll
2009-07-26 18:31 . 2007-03-29 12:56 7168 -c----w- c:\windows\system32\dllcache\bitsprx4.dll
2009-07-26 18:31 . 2007-03-29 12:56 7168 -c----w- c:\windows\system32\dllcache\bitsprx3.dll
2009-07-26 18:31 . 2007-03-29 12:56 7168 ------w- c:\windows\system32\bitsprx4.dll
2009-07-26 18:31 . 2007-03-29 12:56 18944 -c----w- c:\windows\system32\dllcache\qmgrprxy.dll
2009-07-26 18:31 . 2007-03-29 12:56 409600 -c----w- c:\windows\system32\dllcache\qmgr.dll
2009-07-25 20:47 . 2009-07-25 20:47 16888 ----a-w- c:\documents and settings\Waylon.WAY\Local Settings\Application Data\ivypinuf.dll
2009-07-25 20:47 . 2009-07-25 20:47 12539 ----a-w- c:\documents and settings\Waylon.WAY\Local Settings\Application Data\otiz.exe
2009-07-25 20:47 . 2009-07-25 20:47 17557 ----a-w- c:\windows\system32\mimy.pif
2009-07-25 20:47 . 2009-07-25 20:47 16338 ----a-w- c:\documents and settings\Waylon.WAY\Local Settings\Application Data\awom.dat
2009-07-25 20:47 . 2009-07-25 20:47 16114 ----a-w- c:\windows\dyvo.com
2009-07-25 20:47 . 2009-07-25 20:47 13805 ----a-w- c:\documents and settings\Waylon.WAY\Application Data\uhugicy.pif
2009-07-25 20:47 . 2009-07-25 20:47 12878 ----a-w- c:\program files\Common Files\wiruk.bin
2009-07-25 20:47 . 2009-07-25 20:47 12711 ----a-w- c:\windows\system32\finowikec.vbs
2009-07-25 20:47 . 2009-07-25 20:47 10654 ----a-w- c:\documents and settings\Waylon.WAY\Application Data\eqafu.bat
2009-07-25 20:42 . 2009-07-25 20:42 43008 ----a-w- C:\ynee.exe
2009-07-25 20:42 . 2009-07-25 20:42 21504 ----a-w- C:\srgaupnr.exe
2009-07-25 20:42 . 2009-07-25 20:42 22016 ----a-w- C:\dfncp.exe
2009-07-25 09:02 . 2009-07-25 12:17 -------- d-----w- c:\program files\Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 15:27 . 2001-08-23 12:00 407040 ----a-w- c:\windows\system32\netlogon.dll
2009-07-30 05:12 . 2005-11-08 03:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-07-30 00:25 . 2007-01-28 01:43 -------- d-----w- c:\program files\MySpace
2009-07-30 00:21 . 2005-05-10 01:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-25 20:47 . 2009-07-25 20:47 11700 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\pitodime.dat
2009-07-25 20:41 . 2006-12-01 01:30 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-29 02:03 . 2009-01-10 02:09 1915520 ----a-w- c:\documents and settings\Waylon.WAY\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2001-08-23 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:44 . 2001-08-23 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2003-10-02 21:28 . 2003-10-02 21:28 54272 --sha-w- c:\program files\Thumbs.db
2002-04-28 22:59 . 2002-04-28 22:59 150288 ----a-w- c:\program files\kmd.exe
2002-04-28 22:58 . 2002-04-28 22:58 27741 ----a-w- c:\program files\m2k.zip
2002-04-19 07:12 . 2002-04-19 07:12 2817176 ----a-w- c:\program files\ppview97.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
Contents of the 'Scheduled Tasks' folder

2009-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-08-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-07-26 22:31]

2009-08-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: cbs.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 09:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-01 10:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-01 17:09

Pre-Run: 9,210,544,128 bytes free
Post-Run: 14,101,520,384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

198 --- E O F --- 2009-07-30 00:27

pskelley · Aug 2, 2009

Thanks a good start:bigthumb: and should have given you some relief. Let's see if we can get a HijackThis log now and a uninstall list.

1) If you have HJT from earlier, delete it.

2) Read and follow these directions exactly:

Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks...Phil

wrs81 · Aug 2, 2009

Hijack Log

Yes! it worked...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:08 PM, on 8/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy4\SDHelper.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy4\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy4\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 4530 bytes

wrs81 · Aug 2, 2009

Uninstall list

...and here is the uninstall list. thanks again for your help...i really appreciate it!

Adobe Reader 8
Apple Mobile Device Support
Apple Software Update
Bonjour
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Connections Drivers
iPod for Windows 2005-09-23
iTunes
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 13
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
MSXML 4.0 SP2 (KB954430)
PC Inspector smart recovery
QuickTime
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Spybot - Search & Destroy
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

pskelley · Aug 2, 2009

There is no antivirus program running on this computer? What are your plans, do you need links to a good freeware program. If you are not going to secure the computer, it is a waste of your time and mine to clean it.

Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Reader 8 <<< out of date and unsafe:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.adobe.com/products/reader/
(if you want a smaller program, look at this one)
Foxit Reader 3.0 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

J2SE Runtime Environment 5.0 Update 9 <<< out of date and unsafe
Java(TM) 6 Update 13 <<< JRE 6 Update 14 released
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Spybot - Search & Destroy <<< Please be sure Spybot S&D is up to date and fully immunized.
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/faq/index.html
http://www.safer-networking.org/en/tutorial/index.html

Follow these directions carefully:

Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://thespykiller.co.uk/index.php/topic,5946.0.html

How is the computer running now?

Thanks

wrs81 · Aug 3, 2009

MBAM Log

Thanks Phil, everything seems to be clean now...and yes, some suggestions on antivirus software would be appreciated!

Malwarebytes' Anti-Malware 1.39
Database version: 2548
Windows 5.1.2600 Service Pack 2

8/2/2009 10:40:42 PM
mbam-log-2009-08-02 (22-40-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 144052
Time elapsed: 44 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\ynee.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\dfncp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\alurm.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\common files\mc-58-12-0000106.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\common files\services.exe.vir (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\common files\InetGet\mc-58-12-0000106.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\common files\InetGet2\mc-58-12-0000106.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\common files\Windows\mc-58-12-0000106.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\netlogon.dll.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\_scui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\beep.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP913\A0034783.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP913\A0035848.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP918\A0036521.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036896.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036949.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036954.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036955.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036956.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036957.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036960.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036972.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036974.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036976.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0036977.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0037003.exe (Adware.Zango) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0037005.exe (Adware.Zango) -> Quarantined and deleted successfully.
c:\system volume information\_restore{460cc4eb-9eee-4ae4-81f3-bc4cf43187ba}\RP920\A0038888.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP1\A0000002.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP1\A0000062.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP1\A0000079.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP1\A0000105.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP18\A0003541.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP18\A0003558.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP18\A0003562.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP18\A0003578.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP18\A0004013.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP18\A0004370.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP18\A0004386.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP19\A0005387.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP19\A0005426.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP19\A0005447.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP19\A0006444.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP19\A0006462.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP19\A0006481.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP2\A0000135.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP2\A0000192.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP2\A0000243.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP2\A0000281.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP2\A0000289.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP2\A0000290.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP2\A0000291.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP2\A0000361.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP2\A0000380.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP21\A0007517.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP21\A0008511.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP21\A0008583.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4aa3800-982d-449f-8849-be5d3c5736d7}\RP21\A0009278.exe (Adware.Maxifiles) -> Quarantined and deleted successfully.

pskelley · Aug 3, 2009

and yes, some suggestions on antivirus software would be appreciated!

Look here for freeware antivirus programs, if you have any questions, please post them: http://users.telenet.be/bluepatchy/miekiemoes/Links.html

I will continue with wraping up for you, once you install an antivirus program, scan the system and let me know about any issues it can not handle. I will include that in the wrap up.

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, keep it updated and run it once a month or so)

Update the antivirus and scan the system, to be sure it is running right and scanning clean.

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

How hard are your passwords to crack?
http://www.microsoft.com/protect/yourself/password/checker.mspx

http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx

Can't run scan for spybot or hijack this

wrs81

New member

pskelley

In Memoriam -Always in our heart

wrs81

New member

pskelley

In Memoriam -Always in our heart

wrs81

New member

wrs81

New member

pskelley

In Memoriam -Always in our heart

wrs81

New member

pskelley

In Memoriam -Always in our heart