spybot search & destroy doesn't run,various infections detected at an online scan

Here it is Shaba ,



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:42 μμ, on 12/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Επιφάνεια εργασίας\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mech.ntua.gr/gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PartMetBackup.lnk.disabled
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} (BiosAgentPlus ActiveX Control) - http://biosagentplus.com/files/biosagentplus.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63D0C496-2805-4133-96DE-A217E53D116A}: NameServer = 194.219.227.2,193.92.150.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5769 bytes
 
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :bigthumb:
 
Hi Shaba ,

Things are better as spybot search & destroy can finally run and scan the system :). Yesterday knight it performed a scan and found some tracking cookies plus these :

Need2Find: [SBI $9EA9B2FF] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find

Need2Find: [SBI $C55EA721] Browser helper object (Registry key, fixed)
HKEY_USERS\S-1-5-21-746137067-1326574676-682003330-1004\SOFTWARE\Need2Find

MalwareCore: [SBI $006A9C3D] Program directory (Directory, fixed)
C:\Program Files\\Lang\

I scaned again this morning and one cookie was again precent DoubleClick: Tracking cookie (Firefox: admin (default)) (Cookie, fixed) , allthough spybot search & destroy fixed it yesterday.

I tried the panda security online scanner once again an found some items. These where precent at panda's first scan with the exception of Rootkit/Booto.C , I haven't been surfing much since we started here , don't know where that came from. Might them be false alarms? I enclude the log panda's scan produced. Some items are precent at C:\System Volume Information\_restore so perhaps disabling and reenabling the system restore as you adviced me in your previous reply will fix these.

Sorry, I just want to be sure before proceeding with the instructions you gave me.




;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-13 12:36:57
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1335 [VPS 090812-0] 4.8.1335 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75}
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@atdmt[2].txt
00141436 Application/P2PNetworking HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP812\A1013535.cpl
00151738 W32/Lovgate.BU.worm Virus/Worm No 0 Yes No C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0804\Mafia Trainer!!!.exe
00527204 Application/PRScheduler HackTools Yes 0 Yes No C:\Documents and Settings\admin\Start Menu\Προγράμματα\Εκκίνηση\PowerReg Scheduler V3.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP809\A1011333.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location @
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description @
;===================================================================================================================================================================================
;===================================================================================================================================================================================
 
"Some items are precent at C:\System Volume Information\_restore so perhaps disabling and reenabling the system restore as you adviced me in your previous reply will fix these."

Yes it will. These look like false positives to me:

C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0804\Mafia Trainer!!!.exe
C:\Documents and Settings\admin\Start Menu\Προγράμματα\Εκκίνηση\PowerReg Scheduler V3.exe

Please disable&re-enable system restore and tell me what Panda and Spybot find after that.
 
The disable and re-enable of system restore seems to have fixed two items :thanks:

Spybot found the same cookie DoubleClick: Tracking cookie (Firefox: admin (default)) (Cookie, fixed) again allthough it fixed it at the end of the previous scan.

Perhaps these information have some value:

a) PowerReg Scheduler V3.exe is 220KB , was created 4/10/2004 , is located at C:\Documents and Settings\admin\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

b) Mafia Trainer!!!.exe is 104KB , created 8/9/2004 , modified 26/3/2003

Is Programs\Startup a good place for PowerReg Scheduler V3.exe? Should I just delete it?






fresh panda scan log:


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-13 15:23:35
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1335 [VPS 090812-0] 4.8.1335 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75}
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@atdmt[2].txt
00151738 W32/Lovgate.BU.worm Virus/Worm No 0 Yes No C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0804\Mafia Trainer!!!.exe
00527204 Application/PRScheduler HackTools Yes 0 Yes No C:\Documents and Settings\admin\Start Menu\Προγράμματα\Εκκίνηση\PowerReg Scheduler V3.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location 1
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 1
;===================================================================================================================================================================================
;===================================================================================================================================================================================
 
This will help for tracking cookies.

"Is Programs\Startup a good place for PowerReg Scheduler V3.exe? Should I just delete it?"

It is fine.

  • Please use the following link to download ERUNT
  • Use the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERDNT.exe

Open Notepad and copy the contents of the following box to a new file.

Code: 
Windows Registry Editor Version 5.00

[-hkey_local_machine\software\classes\appid\altnet signing module.exe]

[-hkey_local_machine\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}]

[-hkey_classes_root\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}]

[-HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}

[-HKEY_CLASSES_ROOT\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75}]

[-HKEY_CLASSES_ROOT\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}]

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this ->
reg.gif


Go to Desktop, double-click fix.reg and merge the infomation with the registry.

Reboot.

Rerun panda and post back findings, please.
 
Goodmorning ,

I followed your instructions , here is a fresh panda scan log:



;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-14 09:38:11
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1335 [VPS 090813-0] 4.8.1335 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@atdmt[2].txt
00151738 W32/Lovgate.BU.worm Virus/Worm No 0 Yes No C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0804\Mafia Trainer!!!.exe
00151738 W32/Lovgate.BU.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP814\A1020695.exe
00527204 Application/PRScheduler HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP814\A1020694.exe
00527204 Application/PRScheduler HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP814\A1021695.exe
00527204 Application/PRScheduler HackTools Yes 0 Yes No C:\Documents and Settings\admin\Start Menu\Προγράμματα\Εκκίνηση\PowerReg Scheduler V3.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location h
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description h
;===================================================================================================================================================================================
;===================================================================================================================================================================================
 
OK, one error from my side.

Please run this fix2.reg

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}]

Reboot, rerun panda and post back fresh panda log, please.
 
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-14 13:22:45
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1335 [VPS 090813-0] 4.8.1335 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@atdmt[2].txt
00151738 W32/Lovgate.BU.worm Virus/Worm No 0 Yes No C:\fsc.tmp\driver\chipset\sis_chipset_ide_v2_04a_w2k_wxp\setupdir\0804\Mafia Trainer!!!.exe
00151738 W32/Lovgate.BU.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP814\A1020695.exe
00527204 Application/PRScheduler HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP814\A1020694.exe
00527204 Application/PRScheduler HackTools No 0 Yes No C:\System Volume Information\_restore{6A7D3704-4820-4689-BD42-CB6D54847B88}\RP814\A1021695.exe
00527204 Application/PRScheduler HackTools Yes 0 Yes No C:\Documents and Settings\admin\Start Menu\Προγράμματα\Εκκίνηση\PowerReg Scheduler V3.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location {
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description {
;===================================================================================================================================================================================
;===================================================================================================================================================================================
 
Hi Shaba ,

Well everything seems to be O.K. Spybot can scan the system everytime I run it :) Before following your instructions , the system would freeze or crash everytime.

Mozilla and webpages are loading instantly ... everything looks normal :)

Panda scan shows some items in C:\System Volume Information\ , should I disable&re-enable system restore in order to get rid of them?

This is not a malware issue but i would appreciate one last advise. Since I will be using mozilla from now one and since Iexplorer isn't functioning (this happened after a system restore performed before the beggining of this thread) I would like to remove IE from my system but when clicking on it in the Add/Remove Programs list , the delete option does not show up. I can't find an uninstall option in its folder. Do I simply delete its folder? What is the proper way to remove it from the system?
 
Removing IE isn't recommended. What I recommend to do is that you will install IE8 to see if it helps.
 
Hi Shaba,

I downloaded IE8. At the end of installation it asked me to reboot which I did. I tried to run IE8 but the pc would crash. It would reboot and crash over and over again without me trying to run something :confused:. It could only boot in safe mode. I tried again this afternoon and it will boot in normal mode , but it is running like a turtle , perhaps a little slower. These where happening before some days when I downloaded IE8 again. The system restore function , which I am talking about in this thread , was able to "cure" the system. I am of course using mozilla now. Don't know what to do next.
 
We can do that you post first here and after you have got reply there, I will give you final instructions here :)
 
I followed the link you gave me , running mozilla with a neptune plug-in , when a page opened with IE8. It looks like some add-on caused the first crash this morning. I was redirected to a microsoft link with this message:

This add-on can cause Internet Explorer to stop responding or crash

Internet Explorer 8 is not compatible with your version of the "Drive Letter Access" Internet Explorer add-on.

So I selected to allways open without this add-on and IE8 is running O.K. since. Perhaps some hardware component malfunction caused the other crashes :scratch:

One thing ia a little strange. Everytime I run IE , i see 2 iexplorer.exe in the Task Manager. Is this normal?
 
You must log in or register to reply here.
Back
Top