Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan JNV4_MIB.sys, possibly other malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 interplanetjanet

interplanetjanet

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 06 January 2009 - 04:44 PM

Thanks in advance for your help... I think this 'puter is close to being "clean."


DDS (Version 1.1.0) - NTFSx86
Run by Brennan McCabe at 13:14:49.11 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.90 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\BacsTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Brennan McCabe\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.dell4me.com/myway
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-us\msntb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DellTransferAgent] "c:\documents and settings\all users\application data\dell\transferagent\TransferAgent.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [bacstray] BacsTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [<NO NAME>]
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brenna~1\applic~1\mozilla\firefox\profiles\211u7we4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-5 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-5 324872]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-5 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-5 107272]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-5 298264]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\brenna~1\locals~1\temp\jnv4_mib.sys --> c:\docume~1\brenna~1\locals~1\temp\jnv4_mib.sys [?]

=============== Created Last 30 ================


==================== Find3M ====================

2009-01-06 02:05 11,712 a------- c:\windows\system32\nvModes.dat
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-17 02:08 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-16 15:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 15:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 15:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 15:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 15:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 15:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 15:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 05:37 1,023,488 -------- c:\windows\system32\dllcache\browseui.dll
2008-10-16 05:37 1,494,528 a------- c:\windows\system32\dllcache\shdocvw.dll
2008-10-16 05:37 474,112 a------- c:\windows\system32\dllcache\shlwapi.dll
2008-10-16 05:37 1,054,208 -------- c:\windows\system32\dllcache\danim.dll
2008-10-16 05:37 151,040 -------- c:\windows\system32\dllcache\cdfview.dll
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2004-08-04 06:00 94,784 ---sh--- c:\windows\TWAIN.DLL
2004-08-04 06:00 50,688 ---sh--- c:\windows\TWAIN_32.DLL
2004-08-04 06:00 1,028,096 ---sh--- c:\windows\system32\MFC42.DLL
2004-08-04 06:00 54,784 ---sh--- c:\windows\system32\MSVCIRT.DLL
2004-08-04 06:00 413,696 ---sh--- c:\windows\system32\MSVCP60.DLL
2004-08-04 06:00 343,040 ---sh--- c:\windows\system32\MSVCRT.DLL
2004-08-04 06:00 11,776 ---sh--- c:\windows\system32\REGSVR32.EXE

============= FINISH: 13:15:26.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 BHowett

BHowett

    Malware Hunter


  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:05 PM

Posted 14 January 2009 - 09:50 AM

:thumbsup:

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.

Sorry for the delay, please do the following...

ComboFix

Please ownload ComboFix from Here or Here

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt, and a fresh Hijackthis log in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.

Posted Image

Please do not PM me asking for support. Post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!
Search the Forums | Forum Help
Posted Image
My help is always free, but if you feel I have helped you and would like to make a small donation, please click ---> Posted Image


#3 interplanetjanet

interplanetjanet
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 14 January 2009 - 03:54 PM

Hi BHowett. Thanks for getting back to me!

Below, please find the combofix and hijack this logs. I am hoping to clear up any malware issues on this 'puter because I am fixing it for my friend's 15 yo son (and I want it totally clean when he gets it back... so he'll keep it that way). I noticed in the log report that musicmatch is a trusted zone. How can I remove that site from the trusted zones so that nothing can come in? Thanks for your help; I will await further instructions.

IPJ

ComboFix Log:

ComboFix 09-01-13.04 - Brennan McCabe 2009-01-14 15:36:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.282 [GMT -5:00]
Running from: c:\documents and settings\Brennan McCabe\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fad.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZESOFT
-------\Service_AVG


((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-13 12:06 . 2007-07-09 08:09 584,192 --------- c:\windows\SYSTEM32\DLLCACHE\rpcrt4.dll
2009-01-13 12:04 . 2007-04-25 09:21 144,896 --------- c:\windows\SYSTEM32\DLLCACHE\schannel.dll
2009-01-06 12:59 . 2008-10-16 15:38 6,066,176 --------- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2009-01-06 12:59 . 2007-04-17 04:32 2,455,488 --------- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
2009-01-06 12:59 . 2007-03-08 00:10 991,232 --------- c:\windows\SYSTEM32\DLLCACHE\ieframe.dll.mui
2009-01-06 12:59 . 2008-10-16 15:38 459,264 --------- c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2009-01-06 12:59 . 2008-10-16 15:38 383,488 --------- c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2009-01-06 12:59 . 2008-10-16 15:38 267,776 --------- c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2009-01-06 12:59 . 2008-10-16 15:38 63,488 --------- c:\windows\SYSTEM32\DLLCACHE\icardie.dll
2009-01-06 12:59 . 2008-10-16 15:38 52,224 --------- c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
2009-01-06 12:59 . 2008-10-16 08:11 13,824 --------- c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2009-01-06 01:41 . 2009-01-06 01:41 552 --a------ c:\windows\SYSTEM32\d3d8caps.dat
2009-01-05 19:06 . 2009-01-05 20:22 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-05 19:06 . 2009-01-05 19:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 16:17 . 2009-01-05 16:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 16:17 . 2009-01-05 16:17 <DIR> d-------- c:\documents and settings\Brennan McCabe\Application Data\Malwarebytes
2009-01-05 16:17 . 2009-01-05 16:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 16:17 . 2009-01-04 18:39 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-05 16:17 . 2009-01-04 18:39 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-05 14:40 . 2009-01-14 12:04 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-05 14:33 . 2009-01-14 15:39 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2009-01-05 14:33 . 2009-01-05 14:33 <DIR> d-------- c:\program files\AVG
2009-01-05 14:33 . 2009-01-05 14:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-05 14:33 . 2009-01-05 14:33 324,872 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2009-01-05 14:33 . 2009-01-05 14:33 107,272 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2009-01-05 14:33 . 2009-01-05 14:33 12,552 --a------ c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys
2009-01-05 14:33 . 2009-01-05 14:33 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2009-01-04 19:24 . 2009-01-04 19:50 <DIR> d-------- c:\windows\SYSTEM32\CatRoot_bak
2009-01-04 19:22 . 2008-06-13 08:10 272,128 --------- c:\windows\SYSTEM32\DRIVERS\bthport.sys
2009-01-04 19:22 . 2008-06-13 08:10 272,128 --------- c:\windows\SYSTEM32\DLLCACHE\bthport.sys
2009-01-04 19:22 . 2008-08-14 04:51 138,368 --------- c:\windows\SYSTEM32\DLLCACHE\afd.sys
2009-01-04 19:19 . 2008-08-14 05:00 2,180,352 --------- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-01-04 19:19 . 2008-08-14 04:58 2,136,064 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-01-04 19:19 . 2008-08-14 04:22 2,057,728 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-01-04 19:19 . 2008-08-14 04:22 2,015,744 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-01-04 19:19 . 2008-09-15 06:57 1,846,016 --------- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-04 19:18 . 2008-05-01 09:30 331,776 --------- c:\windows\SYSTEM32\DLLCACHE\msadce.dll
2009-01-04 19:14 . 2008-10-16 15:09 31,768 --a------ c:\windows\SYSTEM32\wucltui.dll.mui
2009-01-04 19:14 . 2008-10-16 15:07 23,576 --a------ c:\windows\SYSTEM32\wuaucpl.cpl.mui
2009-01-04 19:14 . 2008-10-16 15:07 23,576 --a------ c:\windows\SYSTEM32\wuapi.dll.mui
2009-01-04 19:14 . 2008-10-16 15:07 18,456 --a------ c:\windows\SYSTEM32\wuaueng.dll.mui
2009-01-04 19:05 . 2009-01-04 19:05 <DIR> d-------- c:\documents and settings\Brennan McCabe\Application Data\MSNInstaller
2009-01-04 19:04 . 2009-01-04 19:04 <DIR> d-------- c:\program files\Common Files\Oberon Media
2009-01-04 18:11 . 2009-01-04 19:03 <DIR> d-------- c:\windows\LastGood(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 17:45 --------- d-----w c:\program files\McAfee.com
2009-01-06 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2009-01-05 18:36 --------- d-----w c:\program files\Ionefq
2009-01-05 00:23 --------- d--h--w c:\documents and settings\Brennan McCabe\Application Data\GTek
2009-01-05 00:20 --------- d-----w c:\program files\DellSupport
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-09-07 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-05 1601304]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-21 155648]
"nwiz"="nwiz.exe" [2004-10-26 c:\windows\SYSTEM32\nwiz.exe]
"bacstray"="BacsTray.exe" [2003-05-14 c:\windows\SYSTEM32\BacsTray.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-05 14:33 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SFP"=c:\program files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask"=c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
"Motive SmartBridge"=c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [2009-01-05 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-01-05 324872]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2009-01-05 107272]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-05 298264]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\BRENNA~1\LOCALS~1\Temp\jnv4_mib.sys --> c:\docume~1\BRENNA~1\LOCALS~1\Temp\jnv4_mib.sys [?]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.musicmatch.com
Trusted Zone: *.musicmatch.com

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Brennan McCabe\Application Data\Mozilla\Firefox\Profiles\211u7we4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 15:40:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Apoint\ApntEx.exe
.
**************************************************************************
.
Completion time: 2009-01-14 15:43:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-14 20:43:16

Pre-Run: 65,164,587,008 bytes free
Post-Run: 65,081,372,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

192 --- E O F --- 2009-01-13 21:05:05

HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:08 PM, on 1/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\BacsTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Brennan McCabe\Desktop\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7539 bytes

#4 BHowett

BHowett

    Malware Hunter


  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:05 PM

Posted 15 January 2009 - 01:01 PM

Hi interplanetjanet,

Below, please find the combofix and hijack this logs. I am hoping to clear up any malware issues on this 'puter because I am fixing it for my friend's 15 yo son (and I want it totally clean when he gets it back... so he'll keep it that way). I noticed in the log report that musicmatch is a trusted zone. How can I remove that site from the trusted zones so that nothing can come in?


Everything looks fine in your logs, musicmatch is fine, but if you want to take it out of the trusted zone just do the following.

re-open HiJackThis and scan. Check the boxes next to all the entries listed below.


O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)


Now close all windows other than HiJackThis, then click Fix Checked.

====================================================================

Now lets knock out an online scan just to make sure we are not missing anything….

Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")
====================================================================

After that post the Kaspersky log and let me know if you are having any other problems, and also how things are running. :thumbsup:

Posted Image

Please do not PM me asking for support. Post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!
Search the Forums | Forum Help
Posted Image
My help is always free, but if you feel I have helped you and would like to make a small donation, please click ---> Posted Image


#5 interplanetjanet

interplanetjanet
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 January 2009 - 05:38 PM

Kaspersky found no malware! Computer is running fine... cleaning up the startup helped speed up the initial boot. Thank you so much for your help; I can't wait to give my friend's son his 'puter back... he's been asking for it like every day!

Any tips on how to keep the 'puter free of the bad stuff? I am going to suggest AVG scans daily and keeping spybot teatimer on; anything else I should tell him? I want to give the boy some advice so he can keep his machine runnin' like new :thumbsup:

Thanks again BHowett... you rock!!!

-IPJ

#6 BHowett

BHowett

    Malware Hunter


  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:05 PM

Posted 16 January 2009 - 12:10 AM

Hi interplanetjanet,

Well done, everything looks good :thumbsup:

Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.
    Posted Image
===============================================

Click Here to download OTCleanIt
Double-click OTCleanIt.exe to run it.
Click the Clean up button
Click Yes to the reboot.

Now delete any logs that you have left over on your desktop.

===============================================

For some useful tips on staying clean, along with links to some freeware to help, have a look at this page.

To find out more information about how you got infected in the first place, you can read this article.

===============================================

Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!

Posted Image

Please do not PM me asking for support. Post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!
Search the Forums | Forum Help
Posted Image
My help is always free, but if you feel I have helped you and would like to make a small donation, please click ---> Posted Image


#7 interplanetjanet

interplanetjanet
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 January 2009 - 08:25 AM

I cannot thank you enough for all of your help, BHowett! I will be delivering the CLEAN 'puter to a very excited boy today.

-IPJ

#8 BHowett

BHowett

    Malware Hunter


  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:05 PM

Posted 16 January 2009 - 10:25 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :thumbsup:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Posted Image

Please do not PM me asking for support. Post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!
Search the Forums | Forum Help
Posted Image
My help is always free, but if you feel I have helped you and would like to make a small donation, please click ---> Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users