Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I need help please.


  • Please log in to reply
17 replies to this topic

#1 8bobcat8

8bobcat8

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Cow Hampshire, USA
  • Local time:12:18 PM

Posted 31 January 2009 - 02:11 AM

Looks like I have problems. This deal popped up on IE after I clicked a website on a Google search. McAffe Security Center gave no warnings as far as I know (I could have blindly clicked through a warning but that’s not likely). I’ve searched Google and the Bleep’ but have found no info. I am running Vista and McAffe.

I clicked around a few times (on cancels and X-outs) in order to close the app but things end up going in circles. I have not clicked any “remove” or “remove all” buttons.

I’m not sure what to do next… it is getting late. But I am reluctant to close down IE and or the computer as I don’t want to cause a deeper problem. Please help.
Regards, BobCat

Posted Image

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 31 January 2009 - 04:55 AM

Hi,

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 8bobcat8

8bobcat8
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Cow Hampshire, USA

Posted 31 January 2009 - 09:54 AM

Thank you for responding.

Here is the Malwarebytes log file.
---------------------------------------------------
Malwarebytes' Anti-Malware 1.33
Database version: 1712
Windows 6.0.6001 Service Pack 1

1/31/2009 9:47:29 AM
mbam-log-2009-01-31 (09-47-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 243984
Time elapsed: 1 hour(s), 58 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3084a75f-5350-4d8b-bc5f-6b378035c133} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cfe15135-c591-4000-a55e-a50e5f9f82bc} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 31 January 2009 - 10:07 AM

Hi,

Please do a new full scan and post the logfile in your next reply. :thumbsup:

#5 8bobcat8

8bobcat8
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Cow Hampshire, USA
  • Local time:12:18 PM

Posted 31 January 2009 - 01:00 PM

Here are the latest full scan results.

It may be premature to ask this but why does McAffee miss these malwares? Is there no single app that can "do it all"? Other then waiting for an issue to happen (and also being diligent) is there an added app that will help but not hinder (slow down etc) McAffe or Norton etc?
-----------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.33
Database version: 1712
Windows 6.0.6001 Service Pack 1

1/31/2009 12:51:03 PM
mbam-log-2009-01-31 (12-51-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 239476
Time elapsed: 1 hour(s), 58 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 31 January 2009 - 01:02 PM

Hi,

I will give you some prevention tips at the end (when your computer is clean).
But no, no single program can prevent you 100% against malware. There are always leaks, and not every program sees the same as others.

But now, do this:

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#7 8bobcat8

8bobcat8
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Cow Hampshire, USA

Posted 31 January 2009 - 10:04 PM

Here are Kaspersky scan result.

I'm not sure which is which so here are two results(?).

--------------------------------------------------
9:59 PM 1/31/2009SmitFraudFix v2.309

Scan done at 9:49:12.03, Thu 04/03/2008
Run from C:\Users\Robert\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\BUFFALO\HDBackup\HDBackup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Robert


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Robert\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\users\robert\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video Add-on Setup\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: dsaip32b.dll
BHO: Media Player Codec - {3084A75F-5350-4D8B-BC5F-6B378035C133}
CLSID: {3084A75F-5350-4D8B-BC5F-6B378035C133}
AppID: {3084A75F-5350-4D8B-BC5F-6B378035C133}
AppID: dsaip32b.dll
Classes: dsaip32b.Video
TypeLib: {74D46BBA-5638-473A-83B6-97E7804A7411}
Interface: {48D78BE5-CFB9-4B66-9AC4-96D4CF21DE06}


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{31382EF5-B116-42BC-B8E2-228B9CC7091F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDD4520-7D20-4DB4-BA29-F124FC18C624}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{31382EF5-B116-42BC-B8E2-228B9CC7091F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDD4520-7D20-4DB4-BA29-F124FC18C624}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{31382EF5-B116-42BC-B8E2-228B9CC7091F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3EDD4520-7D20-4DB4-BA29-F124FC18C624}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

----------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 04, 2008 1:49:23 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/04/2008
Kaspersky Anti-Virus database records: 680381
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 92120
Number of viruses found: 1
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:37:08

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MPF\data\log.edb Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{0C46C394-1458-4621-A9CB-2D1FBA2FA01D}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{4A6413DC-91DB-4B39-8432-55F162B91123}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFR2C8B.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c80110bbe694ec26f8b9092d767ed33f_e501d33d-e14f-4f1e-b02c-4f7ec47c777c Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_e501d33d-e14f-4f1e-b02c-4f7ec47c777c Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog00.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog01.sqm Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\BobCat.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Bobs.dell.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Bobwthomas.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Charlotte (DSL).dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Charlotte.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Jonathan.dat Object is locked skipped
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\dbc2e.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\dbdam Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\dbdao Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\dbeam Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\dbeao Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\dbm Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\dbu2d.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\dbvm.cf1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\dbvmh.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\fii.cf1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\fiih.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\hp Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\hpt2i.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\rpm.cf1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\rpm1m.cf1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\rpm1mh.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\rpmh.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Users\Robert\AppData\Local\Google\Google Desktop\52a2c63fb17d\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FY8814X4\SmitfraudFix[1].exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FY8814X4\SmitfraudFix[1].exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FY8814X4\SmitfraudFix[1].exe RarSFX: infected - 2 skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\UsrClass.dat{c9b7ad4a-5714-11dc-b229-001c26f4db15}.TM.blf Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\UsrClass.dat{c9b7ad4a-5714-11dc-b229-001c26f4db15}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows\UsrClass.dat{c9b7ad4a-5714-11dc-b229-001c26f4db15}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows Mail\edb.log Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows Mail\tmp.edb Object is locked skipped
C:\Users\Robert\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore Object is locked skipped
C:\Users\Robert\AppData\Local\SupportSoft\DellSupportCenter\Robert\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Robert\AppData\Local\Temp\Low\~DFF868.tmp Object is locked skipped
C:\Users\Robert\AppData\Local\Temp\Low\~DFFA78.tmp Object is locked skipped
C:\Users\Robert\AppData\Local\Temp\~DF34.tmp Object is locked skipped
C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Robert\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Users\Robert\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Users\Robert\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Users\Robert\AppData\Roaming\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Users\Robert\AppData\Roaming\Verizon\VSP\client_gateway.log Object is locked skipped
C:\Users\Robert\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Users\Robert\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Users\Robert\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Users\Robert\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Users\Robert\NTUSER.DAT Object is locked skipped
C:\Users\Robert\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Robert\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Robert\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Robert\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Robert\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Robert\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\IN0804.log Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped

Scan process completed.

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 01 February 2009 - 06:22 AM

Hi,

* Delete this folder:
C:\Program Files\Video Add-on Setup

* Go to Start > Control Panel > Software. Remove this program: IEDefender

* Double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter"; a text file will appear.
Please copy/paste the content of that report into your next reply.

#9 8bobcat8

8bobcat8
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Cow Hampshire, USA
  • Local time:12:18 PM

Posted 01 February 2009 - 09:57 AM

Superbird:
Sorry, this is where my naiveté starts.

1) I don't seem to find the "Video Add-on Setup" folder. What is the procedure for that?
2) Also, I can't locate IE Defender. (can't find you are calling">Software"). Do you mean "Windows Defender"?

Regards,
BobCat

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 01 February 2009 - 10:16 AM

Hi,

1: Let that be, SmitFraudFix will clean it anyway.
2: Go to Menu Start > Control Panel. Then doubleclick "Add or Remove Programs". Here, remove IEDefender

And also do the instructions about ComboFix that I gave you in my previous post. :thumbsup:

#11 8bobcat8

8bobcat8
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Cow Hampshire, USA

Posted 01 February 2009 - 10:49 AM

Hi,

1: Let that be, SmitFraudFix will clean it anyway.
2: Go to Menu Start > Control Panel. Then doubleclick "Add or Remove Programs". Here, remove IEDefender

And also do the instructions about ComboFix that I gave you in my previous post. :thumbsup:


2) IEDefender is no where to be found on the "Add or Remove Programs" list. I'm not sure I ever installed it or I may have already removed it. How do I check?

3) I think you have not referred to ComboFix yet. It is not mentioned above.

Regards,
BobCat

#12 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 01 February 2009 - 10:51 AM

Hi,

Sorry I mentioned SmitFraudFix :thumbsup:

#13 8bobcat8

8bobcat8
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Cow Hampshire, USA
  • Local time:12:18 PM

Posted 01 February 2009 - 01:15 PM

OK, after blundering through the nuances of all this, here is the SmitFraudFix log.

----------------------------------------------------------------------------------------------------------------

SmitFraudFix v2.392

Scan done at 13:02:42.32, Sun 02/01/2009
Run from C:\Users\Robert\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{31382EF5-B116-42BC-B8E2-228B9CC7091F}: DhcpNameServer=192.168.17.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDD4520-7D20-4DB4-BA29-F124FC18C624}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{31382EF5-B116-42BC-B8E2-228B9CC7091F}: DhcpNameServer=192.168.17.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDD4520-7D20-4DB4-BA29-F124FC18C624}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{31382EF5-B116-42BC-B8E2-228B9CC7091F}: DhcpNameServer=192.168.17.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3EDD4520-7D20-4DB4-BA29-F124FC18C624}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Edited by 8bobcat8, 01 February 2009 - 01:16 PM.


#14 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 01 February 2009 - 01:19 PM

Hi,

Now do a new full scan with MBAM, and post the logfile in your next reply.
Do you still have problems? :thumbsup:

#15 8bobcat8

8bobcat8
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Cow Hampshire, USA

Posted 01 February 2009 - 04:09 PM

Here is the most recent full scan log file. At this point, the computer seems to run fine.

BTW, I did find that "Video Add-on Setup" folder. It did not show up until 3-4 hours ago. It was under a "setup??ZV??" name or something ( I don''t recall the actual name).

Anyway, I think we are approaching the end. Also, for obvious reasons, I am extremely interested in what your prevention suggestions will be.

I certainly appreciate getting this help,
BobCat

-------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.33
Database version: 1713
Windows 6.0.6001 Service Pack 1

2/1/2009 15:49:55
mbam-log-2009-02-01 (15-49-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 239586
Time elapsed: 2 hour(s), 8 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by 8bobcat8, 01 February 2009 - 04:10 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users