Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue Antivirus and Browser redirect, maybe more?


  • This topic is locked This topic is locked
9 replies to this topic

#1 gravityquest

gravityquest

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 08 February 2010 - 09:38 PM

This infection has gotten progressively worse. I have tried several programs and an online scan to catch and remove with no luck. I had to resort to using IE to browse as Firefox was not functioning and would not restart after closing without rebooting. Machine will shutdown after a minute sometimes. Things got worse after restoring. I am nearly to the point of reinstalling but would REALLY rather not do that if possible. Any help would be greatly appreciated. IE and Firefox have been reinstalled. Malwarebytes is fresh. Superantispyware will not install. Thanks in advance.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Michael at 18:16:14.79 on Mon 02/08/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uCustomizeSearch = hxxp://ie.search.msn.com
uSearchAssistant = hxxp://ie.search.msn.com
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://ie.search.msn.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AcctMgr] c:\program files\norton password manager\AcctMgr.exe /startup
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\michael\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Semagic - c:\program files\semagic\link.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\zazaiyou.default\
FF - prefs.js: browser.startup.homepage - hxxp://gravity.livejournal.com/friends/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-02-08 23:15:12 0 ----a-w- c:\documents and settings\michael\defogger_reenable
2010-02-08 18:57:16 0 d-----w- c:\program files\Karen's Power Tools
2010-02-08 18:57:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Karen's Power Tools
2010-02-05 20:29:39 0 d-----w- c:\program files\ESET
2010-02-05 19:43:39 0 d-----w- c:\program files\Trend Micro
2010-02-05 00:01:29 36 ----a-w- c:\program files\skynet.dat
2010-02-05 00:01:29 1530 ----a-w- C:\Your PC Protector.lnk
2010-02-04 06:35:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 06:35:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 06:15:32 0 d-----w- c:\windows\system32\NtmsData
2010-02-04 05:02:22 0 ----a-w- c:\windows\system32\drivers\TCPIP_{CD41BCE2-B9D8-4B8F-9088-035BEAE81419}.sys
2010-02-04 05:01:07 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-04 04:02:01 0 d-----w- c:\documents and settings\michael\PrivacIE
2010-02-04 04:00:26 0 d-----w- c:\documents and settings\michael\IETldCache
2010-02-04 03:57:29 0 d-----w- c:\windows\ie8updates
2010-02-04 03:54:35 0 dc----w- c:\windows\ie8
2010-01-24 23:46:43 0 d-----w- c:\program files\TrendMicro
2010-01-23 04:09:11 0 d-----w- c:\docume~1\michael\applic~1\Malwarebytes
2010-01-23 04:09:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-23 04:09:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-13 03:15:41 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-02-08 23:07:07 776 ----a-w- c:\program files\explore2fs debug log.txt
2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\wininet(4).dll
2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\wininet(3).dll
2009-12-22 05:21:03 627712 ----a-w- c:\windows\system32\urlmon(4).dll
2009-12-22 05:21:03 627712 ----a-w- c:\windows\system32\urlmon(3).dll
2009-12-22 05:20:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 19:14:02 11070464 ----a-w- c:\windows\system32\ieframe(2).dll
2006-09-30 14:22:16 990208 ----a-w- c:\program files\explore2fs-1.08beta9.exe
2006-03-09 07:10:45 17873964 ----a-w- c:\program files\NPM2004tb15.exe
2006-03-09 06:38:49 63488 ----a-w- c:\program files\setup(2).exe
2006-02-28 05:20:07 133120 ----a-w- c:\program files\utorrent.exe
2006-02-05 07:23:11 647129088 ----a-w- c:\program files\ubuntu-5.10-install-i386.iso
2006-02-05 07:23:04 657975296 ----a-w- c:\program files\ubuntu-5.10-live-i386.iso
2005-12-28 03:17:14 336514727 ----a-w- c:\program files\Photoshop CS2 v9.0
1999-07-19 01:05:04 15716 ----a-w- c:\windows\inf\i386\Pmxscan.sys
2006-01-02 21:28:43 0 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 18:18:10.65 ===============



Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 09 February 2010 - 10:22 AM

Please download TDSSKiller.zip and unzip it to your Desktop

Run the TDSSKiller and wait until it finishes (should be just a few seconds or below a minute).. Then find the log at your %systemdrive% (drive that contains Windows)

The log shall be named something like this one..

(TDSSKiller.version_date_time_log) for example.. (TDSSKiller.2.1.1_22.12.2009_19.33.44_log)





Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:






It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 gravityquest

gravityquest
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 09 February 2010 - 09:46 PM

Thanks! Working on this now. I also noted today that I get the following pop-up twice when starting Windows:

Data Execution Prevention - Microsoft Windows

To help protect your computer, Windows has closed this program.

Name: Generic Host Process for Win32 Services

Publisher: Microsoft Corporation


The Error Signature is:

Event Type: BEX P1:svchost.exe P2: 5.1.2600.5512 P3: 48025bc0 P4: Unknown P5: 0.0.0.0 P6: 00000000 P7: 02c3f7a0 P8: c0000005 P9: 000000008




#4 gravityquest

gravityquest
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 09 February 2010 - 11:05 PM

Okay, I finished doing as you instructed. I have attached the results of TDSSKiller and Combo-Fix. Do I need to do anything else? Either way, thank you so much for your help and time. smile.gif

Attached Files



#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 10 February 2010 - 06:05 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
KillAll::

Driver::
966R9Q

Collect::
c:\windows\system32\drivers\966R9Q.sys
c:\program files\skynet.dat


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe/KittyFix.exe as depicted in the animation below. This will start ComboFix/KittyFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


**Note**

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • Simply follow the instructions to copy/paste/send the requested file.

Note::
If Combofix fails to upload the file, please find C:\Qoobox\Quarantined Files\Submit(Time and date here).zip and upload it at this site

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 gravityquest

gravityquest
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 10 February 2010 - 11:49 PM

That all went fine. The results are attached.

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 February 2010 - 07:26 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

How's the computer now? smile.gif

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 gravityquest

gravityquest
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 11 February 2010 - 10:22 PM

Looks like it found 2 more things and cleaned them. I can tell you that even prior to running this scan things were running MUCH better already. I cannot thank you enough for your help. Here is the log text.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=42c08187d344f14e9d73129a5c1dd1ac
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-08 06:23:12
# local_time=2010-02-08 01:23:12 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2817 16777215 100 100 6826790 8285219 0 0
# compatibility_mode=8192 67108863 100 0 164614 164614 0 0
# scanned=102760
# found=1
# cleaned=1
# scan_time=4209
C:\Documents and Settings\Michael\desktop\SmitfraudFix\SmitfraudFix.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=42c08187d344f14e9d73129a5c1dd1ac
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-11 07:03:36
# local_time=2010-02-11 02:03:36 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2817 16777215 100 100 7084443 8542872 0 0
# compatibility_mode=8192 67108863 100 0 422267 422267 0 0
# scanned=210788
# found=2
# cleaned=2
# scan_time=8173
C:\System Volume Information\_restore{A70B83BF-A8B4-45BC-B959-BAA285064520}\RP11\A0002335.exe Win32/Adware.WinAntiVirus application (deleted - quarantined) 00000000000000000000000000000000 C
L:\gravity\downloads\videosaccess1049.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 12 February 2010 - 05:16 AM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread smile.gif



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 gravityquest

gravityquest
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 12 February 2010 - 04:12 PM

Everything seems to be running well. Excellent work! I will read everything you gave me links to and I will sing praises of you and bleepingcomputer.com from the rooftops. Thank you most sincerely. smile.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users