PC Infected
- Thread starter Bill Moz
- Start date
This is the uninstaller I found
http://forums.avg.com/us-en/avg-free-forum?sec=thread&act=show&id=110317
I cllick on combofix.exe icon on the desktop and get no response.
http://forums.avg.com/us-en/avg-free-forum?sec=thread&act=show&id=110317
I cllick on combofix.exe icon on the desktop and get no response.
Downloaded a fresh copy of Combofix to c:, deleted previous download, still no reaction when trying to start combofix. When I click on the icon a box comes up with run or cancel option, I click run and nothing happens. If I click on your first download link, LINK 1, and choose run instead of save, the program will get to the user agreement box, I click yes and the program produces this error.
You cannot rename Combofix as Combofix[1]
Please use another name, preferably one made up of alphnumeric characters.
So if I click on link1 it seems the program does start to load but then stops.
You cannot rename Combofix as Combofix[1]
Please use another name, preferably one made up of alphnumeric characters.
So if I click on link1 it seems the program does start to load but then stops.
Combofix scan complete.
ComboFix 10-11-07.A2 - Bill 11/08/2010 20:11:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1725 [GMT -6:00]
Running from: c:\documents and settings\Bill\Desktop\BMCF.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\AutoRun.ini
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.
2010-11-08 01:01 . 2010-11-08 01:01 -------- d-----w- C:\AVGTemp
2010-11-06 03:38 . 2010-11-06 03:38 -------- d-----w- C:\USBNoRisk
2010-11-05 03:37 . 2010-11-05 03:47 -------- d-----w- c:\program files\Bill
2010-11-04 00:36 . 2010-11-04 00:36 -------- d-----w- c:\program files\ESET
2010-11-03 23:38 . 2010-11-03 23:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-03 23:36 . 2010-11-03 23:36 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-02 00:46 . 2010-11-02 00:46 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes
2010-10-31 15:42 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 15:42 . 2010-10-31 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-31 15:42 . 2010-11-02 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 15:42 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-23 13:33 . 2010-10-23 13:33 -------- d-----w- c:\program files\ERUNT
2010-10-23 13:14 . 2010-10-23 13:14 388096 ----a-r- c:\documents and settings\Bill\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-23 13:14 . 2010-10-23 13:14 -------- d-----w- c:\program files\Trend Micro
2010-10-22 04:11 . 2010-10-22 04:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-10-13 01:16 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 01:16 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 01:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2003-03-31 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2003-03-31 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50 . 2010-05-25 03:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29 . 2009-03-22 23:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2003-03-31 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2003-03-31 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2003-03-31 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2003-03-31 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 23:26 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2003-03-31 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-01 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"Google Update"="c:\documents and settings\Bill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-10 133104]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"SpybotSD TeaTimer"="c:\program files\Bill\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"Launch PC Probe II"="c:\program files\ASUS\PC Probe II\Probe2.exe" [2006-01-05 1915392]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
c:\documents and settings\Bill\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2008-11-2 194775]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NinjaTrader 6.5\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Bill\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
"4764:UDP"= 4764:UDP:Windows Media Format SDK (iexplore.exe)
"4765:UDP"= 4765:UDP:Windows Media Format SDK (iexplore.exe)
"4780:UDP"= 4780:UDP:Windows Media Format SDK (iexplore.exe)
"4781:UDP"= 4781:UDP:Windows Media Format SDK (iexplore.exe)
"4783:UDP"= 4783:UDP:Windows Media Format SDK (iexplore.exe)
"4785:UDP"= 4785:UDP:Windows Media Format SDK (iexplore.exe)
"4782:UDP"= 4782:UDP:Windows Media Format SDK (iexplore.exe)
"4784:UDP"= 4784:UDP:Windows Media Format SDK (iexplore.exe)
"4791:UDP"= 4791:UDP:Windows Media Format SDK (iexplore.exe)
"4790:UDP"= 4790:UDP:Windows Media Format SDK (iexplore.exe)
"4795:UDP"= 4795:UDP:Windows Media Format SDK (iexplore.exe)
"4797:UDP"= 4797:UDP:Windows Media Format SDK (iexplore.exe)
"4794:UDP"= 4794:UDP:Windows Media Format SDK (iexplore.exe)
"4796:UDP"= 4796:UDP:Windows Media Format SDK (iexplore.exe)
"4801:UDP"= 4801:UDP:Windows Media Format SDK (iexplore.exe)
"4803:UDP"= 4803:UDP:Windows Media Format SDK (iexplore.exe)
"4800:UDP"= 4800:UDP:Windows Media Format SDK (iexplore.exe)
"4802:UDP"= 4802:UDP:Windows Media Format SDK (iexplore.exe)
"4807:UDP"= 4807:UDP:Windows Media Format SDK (iexplore.exe)
"4806:UDP"= 4806:UDP:Windows Media Format SDK (iexplore.exe)
"4811:UDP"= 4811:UDP:Windows Media Format SDK (iexplore.exe)
"4810:UDP"= 4810:UDP:Windows Media Format SDK (iexplore.exe)
"4812:UDP"= 4812:UDP:Windows Media Format SDK (iexplore.exe)
"4813:UDP"= 4813:UDP:Windows Media Format SDK (iexplore.exe)
"4816:UDP"= 4816:UDP:Windows Media Format SDK (iexplore.exe)
"4819:UDP"= 4819:UDP:Windows Media Format SDK (iexplore.exe)
"4817:UDP"= 4817:UDP:Windows Media Format SDK (iexplore.exe)
"4818:UDP"= 4818:UDP:Windows Media Format SDK (iexplore.exe)
R2 WLSVC;WLSVC;c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [10/31/2008 11:42 PM 41025]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 9:44 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 03:44]
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 03:44]
2010-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1177238915-839522115-1003Core.job
- c:\documents and settings\Bill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 15:52]
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1177238915-839522115-1003UA.job
- c:\documents and settings\Bill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 15:52]
2010-11-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
Notify-avgrsstarter - avgrsstx.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-08 20:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-08 20:22:38
ComboFix-quarantined-files.txt 2010-11-09 02:22
Pre-Run: 3,121,127,424 bytes free
Post-Run: 3,239,862,272 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
- - End Of File - - 3BB1E14DA06DC2189C37EAEC51F5F274
ComboFix 10-11-07.A2 - Bill 11/08/2010 20:11:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1725 [GMT -6:00]
Running from: c:\documents and settings\Bill\Desktop\BMCF.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\AutoRun.ini
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.
2010-11-08 01:01 . 2010-11-08 01:01 -------- d-----w- C:\AVGTemp
2010-11-06 03:38 . 2010-11-06 03:38 -------- d-----w- C:\USBNoRisk
2010-11-05 03:37 . 2010-11-05 03:47 -------- d-----w- c:\program files\Bill
2010-11-04 00:36 . 2010-11-04 00:36 -------- d-----w- c:\program files\ESET
2010-11-03 23:38 . 2010-11-03 23:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-03 23:36 . 2010-11-03 23:36 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-02 00:46 . 2010-11-02 00:46 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes
2010-10-31 15:42 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 15:42 . 2010-10-31 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-31 15:42 . 2010-11-02 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 15:42 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-23 13:33 . 2010-10-23 13:33 -------- d-----w- c:\program files\ERUNT
2010-10-23 13:14 . 2010-10-23 13:14 388096 ----a-r- c:\documents and settings\Bill\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-23 13:14 . 2010-10-23 13:14 -------- d-----w- c:\program files\Trend Micro
2010-10-22 04:11 . 2010-10-22 04:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-10-13 01:16 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 01:16 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 01:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2003-03-31 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2003-03-31 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50 . 2010-05-25 03:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29 . 2009-03-22 23:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2003-03-31 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2003-03-31 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2003-03-31 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2003-03-31 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 23:26 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2003-03-31 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-01 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"Google Update"="c:\documents and settings\Bill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-10 133104]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"SpybotSD TeaTimer"="c:\program files\Bill\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"Launch PC Probe II"="c:\program files\ASUS\PC Probe II\Probe2.exe" [2006-01-05 1915392]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
c:\documents and settings\Bill\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2008-11-2 194775]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NinjaTrader 6.5\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Bill\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009"4764:UDP"= 4764:UDP:Windows Media Format SDK (iexplore.exe)
"4765:UDP"= 4765:UDP:Windows Media Format SDK (iexplore.exe)
"4780:UDP"= 4780:UDP:Windows Media Format SDK (iexplore.exe)
"4781:UDP"= 4781:UDP:Windows Media Format SDK (iexplore.exe)
"4783:UDP"= 4783:UDP:Windows Media Format SDK (iexplore.exe)
"4785:UDP"= 4785:UDP:Windows Media Format SDK (iexplore.exe)
"4782:UDP"= 4782:UDP:Windows Media Format SDK (iexplore.exe)
"4784:UDP"= 4784:UDP:Windows Media Format SDK (iexplore.exe)
"4791:UDP"= 4791:UDP:Windows Media Format SDK (iexplore.exe)
"4790:UDP"= 4790:UDP:Windows Media Format SDK (iexplore.exe)
"4795:UDP"= 4795:UDP:Windows Media Format SDK (iexplore.exe)
"4797:UDP"= 4797:UDP:Windows Media Format SDK (iexplore.exe)
"4794:UDP"= 4794:UDP:Windows Media Format SDK (iexplore.exe)
"4796:UDP"= 4796:UDP:Windows Media Format SDK (iexplore.exe)
"4801:UDP"= 4801:UDP:Windows Media Format SDK (iexplore.exe)
"4803:UDP"= 4803:UDP:Windows Media Format SDK (iexplore.exe)
"4800:UDP"= 4800:UDP:Windows Media Format SDK (iexplore.exe)
"4802:UDP"= 4802:UDP:Windows Media Format SDK (iexplore.exe)
"4807:UDP"= 4807:UDP:Windows Media Format SDK (iexplore.exe)
"4806:UDP"= 4806:UDP:Windows Media Format SDK (iexplore.exe)
"4811:UDP"= 4811:UDP:Windows Media Format SDK (iexplore.exe)
"4810:UDP"= 4810:UDP:Windows Media Format SDK (iexplore.exe)
"4812:UDP"= 4812:UDP:Windows Media Format SDK (iexplore.exe)
"4813:UDP"= 4813:UDP:Windows Media Format SDK (iexplore.exe)
"4816:UDP"= 4816:UDP:Windows Media Format SDK (iexplore.exe)
"4819:UDP"= 4819:UDP:Windows Media Format SDK (iexplore.exe)
"4817:UDP"= 4817:UDP:Windows Media Format SDK (iexplore.exe)
"4818:UDP"= 4818:UDP:Windows Media Format SDK (iexplore.exe)
R2 WLSVC;WLSVC;c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [10/31/2008 11:42 PM 41025]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 9:44 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 03:44]
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 03:44]
2010-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1177238915-839522115-1003Core.job
- c:\documents and settings\Bill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 15:52]
2010-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1177238915-839522115-1003UA.job
- c:\documents and settings\Bill\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-10 15:52]
2010-11-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
Notify-avgrsstarter - avgrsstx.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-08 20:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-08 20:22:38
ComboFix-quarantined-files.txt 2010-11-09 02:22
Pre-Run: 3,121,127,424 bytes free
Post-Run: 3,239,862,272 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
- - End Of File - - 3BB1E14DA06DC2189C37EAEC51F5F274
Hello Bill Moz 
,
For Antivirus, these are some that I prefer. You should choose one of them.
Avast
Avira
Microsoft Security Essentials
Please keep only one AV installed.
I will wait for the ESET scan result before giving you the All Clear and some recommendations.
,For Antivirus, these are some that I prefer. You should choose one of them.
Avast
Avira
Microsoft Security Essentials
Please keep only one AV installed.
I will wait for the ESET scan result before giving you the All Clear and some recommendations.
I had eset scan set to not remove infected files as per instructions on page 2.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d5a2f0374c2b4a499625a5c7b83d482b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-04 02:33:30
# local_time=2010-11-03 09:33:30 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 70251 70251 0 0
# compatibility_mode=1024 16777191 100 0 20309473 20309473 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=102201
# found=9
# cleaned=0
# scan_time=6506
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-2e1090b7 Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1626c168 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-5f8d8945 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\39\3f57e627-1ad38c1f a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\45\7c599ead-497b82a1 a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-69b7982a Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\58\1f62c23a-2f1a0ce8 Java/TrojanDownloader.Agent.NBM trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\61\6459dbfd-2538be44 a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\9\24ea7dc9-59e1eeea a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d5a2f0374c2b4a499625a5c7b83d482b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-09 05:46:06
# local_time=2010-11-08 11:46:06 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 514120 514120 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=104303
# found=7
# cleaned=0
# scan_time=6192
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-2e1090b7 Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1626c168 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-5f8d8945 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-69b7982a Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\58\1f62c23a-2f1a0ce8 Java/TrojanDownloader.Agent.NBM trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{AB656524-4E00-42EC-ACF7-BD8F40C1A4AC}\RP941\A0054186.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d5a2f0374c2b4a499625a5c7b83d482b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-04 02:33:30
# local_time=2010-11-03 09:33:30 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 70251 70251 0 0
# compatibility_mode=1024 16777191 100 0 20309473 20309473 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=102201
# found=9
# cleaned=0
# scan_time=6506
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-2e1090b7 Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1626c168 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-5f8d8945 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\39\3f57e627-1ad38c1f a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\45\7c599ead-497b82a1 a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-69b7982a Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\58\1f62c23a-2f1a0ce8 Java/TrojanDownloader.Agent.NBM trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\61\6459dbfd-2538be44 a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\9\24ea7dc9-59e1eeea a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d5a2f0374c2b4a499625a5c7b83d482b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-09 05:46:06
# local_time=2010-11-08 11:46:06 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 514120 514120 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=104303
# found=7
# cleaned=0
# scan_time=6192
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-2e1090b7 Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1626c168 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-5f8d8945 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-69b7982a Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\58\1f62c23a-2f1a0ce8 Java/TrojanDownloader.Agent.NBM trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{AB656524-4E00-42EC-ACF7-BD8F40C1A4AC}\RP941\A0054186.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
Hello Bill Moz ,
You did not clear off the Java cache. Please do so.
You can clear them off using ATF Cleaner's Java Cache option, or go to Start > Control Panel. Double click on Java and the Java Control Panel will open. At the General tab, click on the Settings... below the Temporary Internet Files title. Press the Delete Files... button and OK your way out.
The remainder of the online scan's findings include backups that were created during the course of this fix, and items located in C:\System Volume Information\ where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore.
Nevertheless, we shall be taking care of both in a while.
--------------------
If you have no more issues, we can close the case.
Congratulations, you are All Clear to go. Glad to hear everything is good and running. If you have any more problems, please let me know.
Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
Some tips to help you stay clean and safe:
1. Keep your Windows up to date. Enable Automatic Updates for Windows XP, Windows Vista or Windows 7 to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.
2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows XP System Restore Guide for some detail explanations.
3. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials, Avast and Avira are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 and Kaspersky are some good options. Please keep only one AV installed.
4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.
5. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.
6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.
7. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.
8. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.
9. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.
10. Install a third party firewall if you do not have one for additional defense against internet dangers. Built-in Windows firewall can only keep nasties from breaking in, but unable to protect against any malwares from sending information out. Some recommended firewalls are Online Armor, Outpost and PC Tools. More information on firewalls. Please keep only one FW installed.
11. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
12. Also look up How to prevent malware: By miekiemoes and So how did I get infected in the first place? By Tony Klein.
Stay safe.
,You did not clear off the Java cache. Please do so.
You can clear them off using ATF Cleaner's Java Cache option, or go to Start > Control Panel. Double click on Java and the Java Control Panel will open. At the General tab, click on the Settings... below the Temporary Internet Files title. Press the Delete Files... button and OK your way out.
The remainder of the online scan's findings include backups that were created during the course of this fix, and items located in C:\System Volume Information\ where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore.
Nevertheless, we shall be taking care of both in a while.
--------------------
If you have no more issues, we can close the case.
Congratulations, you are All Clear to go. Glad to hear everything is good and running
. If you have any more problems, please let me know.Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
- Go to Start > Run.... Copy and paste the following text into the white box:
ComboFix /uninstall
Click OK. - Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
- Delete the GMER file (1gx17ml2.exe), SystemLook, USBNoRisk, MBRCheck and Rookit Unhooker files on your desktop .
- Delete any logs on the desktop.
Some tips to help you stay clean and safe:
1. Keep your Windows up to date. Enable Automatic Updates for Windows XP, Windows Vista or Windows 7 to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.
2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows XP System Restore Guide for some detail explanations.
3. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials, Avast and Avira are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 and Kaspersky are some good options. Please keep only one AV installed.
4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.
5. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.
6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.
7. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.
8. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.
9. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.
10. Install a third party firewall if you do not have one for additional defense against internet dangers. Built-in Windows firewall can only keep nasties from breaking in, but unable to protect against any malwares from sending information out. Some recommended firewalls are Online Armor, Outpost and PC Tools. More information on firewalls. Please keep only one FW installed.
11. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
12. Also look up How to prevent malware: By miekiemoes and So how did I get infected in the first place? By Tony Klein.
Stay safe.
As your problems appear to have been resolved, this topic is now closed.
We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D!
We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D!