Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Computer with Spyware


  • This topic is locked This topic is locked
15 replies to this topic

#1 Link30

Link30

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 24 May 2010 - 05:25 PM

I bought a used computer that seems to have a lot of spyware/virus issues. I dl'ed HiJackThis and am hoping that you could help me with my problem. Thanks.

Edited by Orange Blossom, 24 May 2010 - 05:26 PM.
Move to AII as no logs posted. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 24 May 2010 - 09:34 PM

Hello and welcome, What antivirus and forewall is installed??
Please run these next. If you have Spybot installed temporarily disable it.

Next run ATF:
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Next run MBAM (MalwareBytes):
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


How is it now??

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Now a Safe Mode SAS scan:

Edited by boopme, 24 May 2010 - 09:36 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Link30

Link30
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 25 May 2010 - 06:17 PM

Im still working through some of it but here is my SAS log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/25/2010 at 05:58 PM

Application Version : 4.37.1000

Core Rules Database Version : 4900
Trace Rules Database Version: 2712

Scan type : Complete Scan
Total Scan Time : 01:15:23

Memory items scanned : 264
Memory threats detected : 2
Registry items scanned : 4586
Registry threats detected : 119
File items scanned : 71344
File threats detected : 78

Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\BBXVYJ.DLL
C:\WINDOWS\SYSTEM32\BBXVYJ.DLL
HKLM\Software\Classes\CLSID\{1702984E-7F76-458B-A33A-A7B32A0DCC72}
HKCR\CLSID\{1702984E-7F76-458B-A33A-A7B32A0DCC72}
HKCR\CLSID\{1702984E-7F76-458B-A33A-A7B32A0DCC72}\InprocServer32
HKCR\CLSID\{1702984E-7F76-458B-A33A-A7B32A0DCC72}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\MLJAQOPH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1702984E-7F76-458B-A33A-A7B32A0DCC72}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{1702984E-7F76-458B-A33A-A7B32A0DCC72}
HKU\S-1-5-21-2890927929-2367991485-1942540301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1702984E-7F76-458B-A33A-A7B32A0DCC72}
HKU\S-1-5-21-2890927929-2367991485-1942540301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E61DC80-3533-406C-A47F-2A23943EE8B6}
HKCR\CLSID\{1702984E-7F76-458B-A33A-A7B32A0DCC72}
C:\WINDOWS\SYSTEM32\AEPDPHSF.DLL
C:\WINDOWS\SYSTEM32\BLCJYMLM.DLL
C:\WINDOWS\SYSTEM32\BNMYBRLN.DLL
C:\WINDOWS\SYSTEM32\BSYAQTJI.DLL
C:\WINDOWS\SYSTEM32\EFVYEDWU.DLL
C:\WINDOWS\SYSTEM32\FCBHMUYR.DLL
C:\WINDOWS\SYSTEM32\FDBCQMVI.DLL
C:\WINDOWS\SYSTEM32\FUVYSGFG.DLL
C:\WINDOWS\SYSTEM32\ICIARPAJ.DLL
C:\WINDOWS\SYSTEM32\IFAUVEWY.DLL
C:\WINDOWS\SYSTEM32\KLYUBMXR.DLL
C:\WINDOWS\SYSTEM32\LVXRYCCB.DLL
C:\WINDOWS\SYSTEM32\PFPYMCDN.DLL
C:\WINDOWS\SYSTEM32\QRQIPXNV.DLL
C:\WINDOWS\SYSTEM32\SEDMDLOT.DLL
C:\WINDOWS\SYSTEM32\TITEUQAQ.DLL
C:\WINDOWS\SYSTEM32\TVBQQBSU.DLL
C:\WINDOWS\SYSTEM32\UBYIPFSY.DLL
C:\WINDOWS\SYSTEM32\UMODEDSU.DLL
C:\WINDOWS\SYSTEM32\VTJHSKHN.DLL
C:\WINDOWS\SYSTEM32\XAAAMQVL.DLL
C:\WINDOWS\SYSTEM32\XHIUKULU.DLL
C:\WINDOWS\SYSTEM32\XJWDHXII.DLL
C:\WINDOWS\SYSTEM32\XRNHCGMX.DLL

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\SSQPJJJA.DLL
C:\WINDOWS\SYSTEM32\SSQPJJJA.DLL

Trojan.Vundo-Variant/NextGen-Six
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e61dc80-3533-406c-a47f-2a23943ee8b6}
HKCR\CLSID\{5E61DC80-3533-406C-A47F-2A23943EE8B6}
HKCR\CLSID\{5E61DC80-3533-406C-A47F-2A23943EE8B6}\InprocServer32
HKCR\CLSID\{5E61DC80-3533-406C-A47F-2A23943EE8B6}\InprocServer32#ThreadingModel

Trojan.Vundo-Variant/Small
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E950DE81-E8D2-411E-A799-AE1E7D7EB9A5}
HKCR\CLSID\{E950DE81-E8D2-411E-A799-AE1E7D7EB9A5}
HKCR\CLSID\{E950DE81-E8D2-411E-A799-AE1E7D7EB9A5}\InprocServer32
HKCR\CLSID\{E950DE81-E8D2-411E-A799-AE1E7D7EB9A5}\InprocServer32#ThreadingModel

Adware.Vundo Variant
HKU\S-1-5-21-2890927929-2367991485-1942540301-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}
C:\WINDOWS\SYSTEM32\BHGQFDBM.DLL
C:\WINDOWS\SYSTEM32\FOYKCUVA.DLL
C:\WINDOWS\SYSTEM32\JTDNMYGK.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Apollo\Cookies\apollo@doubleclick[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@advertise[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@atdmt[1].txt

Trojan.Agent/Gen
HKLM\Software\xpre
HKLM\Software\xpre#execount

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url
C:\Documents and Settings\All Users\Desktop\Online Security Guide.url

Browser Hijacker.Internet Explorer Settings Hijack
HKLM\Software\Microsoft\Internet Explorer\Main#Search Page [ http://internetsearchservice.com ]
HKLM\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ http://internetsearchservice.com ]
HKLM\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://internetsearchservice.com/ie6.html ]

Trojan.Media-Codec
C:\Documents and Settings\Apollo\Favorites\Online Security Test.url

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon
C:\Program Files\Outerinfo\FF\chrome.manifest
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\Outerinfo\FF\components
C:\Program Files\Outerinfo\FF\install.rdf
C:\Program Files\Outerinfo\FF
C:\Program Files\Outerinfo\Terms.rtf
C:\Program Files\Outerinfo
C:\Documents and Settings\Apollo\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Apollo\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Apollo\Start Menu\Programs\Outerinfo

Trojan.Media-Codec/V4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\NetProject\scit.exe ]

Rogue.VirusHeat
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\AuxUserType
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\AuxUserType\2
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\AuxUserType\3
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Conversion
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Conversion\Readable
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Conversion\Readable\Main
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Conversion\Readwritable
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Conversion\Readwritable\Main
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\0
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\1
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\2
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\3
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DataFormats\GetSet\4
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\DefaultIcon
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\ILAl
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocHandler32
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Insertable
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\krxwt
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\LocalServer32
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\MiscStatus
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\MiscStatus\16
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\ProgID
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\pskmJfa
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\tynonsj
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\uehxmbrm
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\verb
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\verb\0
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\WcxDrD

Adware.WinTouch/XInside
C:\Program Files\InetGet2

Trojan.Media-Codec/V5
C:\Program Files\NetProject\myd.ico
C:\Program Files\NetProject\mym.ico
C:\Program Files\NetProject\myp.ico
C:\Program Files\NetProject\myv.ico
C:\Program Files\NetProject
HKU\S-1-5-21-2890927929-2367991485-1942540301-1006\Software\NetProject

Trojan.Unknown Origin
C:\Documents and Settings\Apollo\Local Settings\Temporary Internet Files\bestwiner.stt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKLM\SOFTWARE\Microsoft\MS Juan
HKLM\SOFTWARE\Microsoft\MS Juan#RID
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hijackthis
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hijackthis#LU
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hijackthis#CT
HKLM\SOFTWARE\Microsoft\MS Juan\JKWL\hijackthis#LT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#LBL
HKLM\SOFTWARE\Microsoft\MS Juan\metajuan#MN
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\meta_mg#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\profiling4#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\superjuan#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\MS Track System
HKLM\SOFTWARE\Microsoft\MS Track System#Uid
HKLM\SOFTWARE\Microsoft\MS Track System#Shows
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N
C:\WINDOWS\SYSTEM32\MCRH.TMP

Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{791CE900-B4A0-4A21-BD7F-0D4136655D2B}#NAMESERVER
HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{791CE900-B4A0-4A21-BD7F-0D4136655D2B}#NAMESERVER

Browser Hijacker.MJCore
C:\Program Files\Mjcore

Browser Hijacker.WebTools
C:\Program Files\Webtools

Trojan.Fake-Alert
C:\Documents and Settings\Apollo\Application Data\Gool
C:\Documents and Settings\Apollo\Application Data\gadcom

Rogue.Component/Trace
HKLM\Software\Microsoft\3C701236
HKLM\Software\Microsoft\3C701236#3c701236
HKLM\Software\Microsoft\3C701236#3c70bfb6
HKLM\Software\Microsoft\3C701236#3c70d653
HKLM\Software\Microsoft\3C701236#Version
HKU\S-1-5-21-2890927929-2367991485-1942540301-1006\Software\Microsoft\FIAS4018

Trojan.Fake-Alert/Trace
C:\Documents and Settings\Apollo\Local Settings\Temporary Internet Files\fbk.sts

Adware.Prun
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#prunnet [ "C:\DOCUME~1\Apollo\LOCALS~1\Temp\prun.exe" ]
HKU\S-1-5-21-2890927929-2367991485-1942540301-1006\Software\Microsoft\Windows\CurrentVersion\Run#prunnet [ "C:\DOCUME~1\Apollo\LOCALS~1\Temp\prun.exe" ]

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Adware.Vundo/Variant-Trace
C:\WINDOWS\SYSTEM32\BYWHXIBS.INI
C:\WINDOWS\SYSTEM32\MBDFQGHB.INI
C:\WINDOWS\SYSTEM32\XMGCHNRX.INI

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\RQRHXYAT.DLL

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFZ33.SYS

Trojan.Dropper/AdRotator
C:\WINDOWS\SYSTEM32\{FE765F90-8046-57D4-BB4D-CD2E50BD69B1}.DLL

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 25 May 2010 - 08:03 PM

Excellent will await the rest. Becareful where you download and what you are installing.. As that is where alot of what you just found came from.

You are heavily infected and after MBAM I still want you to do this.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs. From within Add/Remove Programs highlight any of the following programs (if listed) and select "Remove".

ClickSpring
Cowabanga by OIN
ipwindows / ipwins
MediaTickets
MediaTickets by OIN
OIN
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX By OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Sudoku by OIN
Yazzle Snowballwars by OIN
Yazzle Kobe Balls! by OIN
Zolero Translator
or anything similar with OIN, Outer Info or Yazzle in them.
Important! Reboot when done.

Open My Computer or Windows Explorer, navigate to C:\Program Files and delete any of the named program folders listed above that you find (if they still exist).

If you do not see any icon for "OIN" or "(program) by OIN" in Add/Remove Programs, then download and run the Purity Scan uninstaller..
Save the Uninstaller to your desktop.
Double click on the OiUninstaller.exe icon on your desktop.
Click on "Run".
Enter the four digit code that is displayed and click on "Uninstall".
Click on "Ok" and reboot your computer.
Click here for Instructions with screenshots if needed.

Note: OiUninstaller uses UPX (ultimate packer for executables), an advanced file compressor and a method for compressing executable files to reduce their size to save space on a disk and download time. Some anti-virus programs such as Avast and Kaspersky may detect it as malware when attempting to download or unpack the compressed file.

Edited by boopme, 25 May 2010 - 08:04 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Link30

Link30
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 25 May 2010 - 08:26 PM

Here is my MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4143

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

5/25/2010 8:22:22 PM
mbam-log-2010-05-25 (20-22-22).txt

Scan type: Quick scan
Objects scanned: 121532
Time elapsed: 1 hour(s), 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 15
Registry Values Infected: 11
Registry Data Items Infected: 9
Folders Infected: 2
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\bbxvyj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssqPjjJA.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91b795d7-93c2-434d-bb5e-e32da0a395b4} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{91b795d7-93c2-434d-bb5e-e32da0a395b4} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b5cfd66-1f55-4fc2-b5af-36b66e7cfe6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{91b795d7-93c2-434d-bb5e-e32da0a395b4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a616b67d-5009-cddc-d11d-f566d2f34a13} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a616b67d-5009-cddc-d11d-f566d2f34a13} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yytrrmwrbybartc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.30 85.255.112.152 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2810eb22-763d-4d0c-9450-64bbd1758685}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.30,85.255.112.152 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{791ce900-b4a0-4a21-bd7f-0d4136655d2b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.30,85.255.112.152 -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\247880 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\824223 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ssqPjjJA.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\bbxvyj.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Apollo\Local Settings\Temporary Internet Files\Content.IE5\O9QQHIWB\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Apollo\Local Settings\Temporary Internet Files\Content.IE5\O9QQHIWB\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Apollo\Local Settings\Temporary Internet Files\Content.IE5\HE5DHI79\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Apollo\Local Settings\Temporary Internet Files\Content.IE5\LXHIQ016\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Apollo\Desktop\Internet Security Suite.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Apollo\Desktop\Real Music Ringtones.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Apollo\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Apollo\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Apollo\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Apollo\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{fe765f90-8046-57d4-bb4d-cd2e50bd69b1}.dll-uninst.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{fe765f90-8046-57d4-bb4d-cd2e50bd69b1}.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRHxyAt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM3f433324.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM3f433324.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 25 May 2010 - 08:42 PM

Ok, you neede to reboot there..
Did you notice my post #4

How is it running now.. ??

We are going to still need to scan again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Link30

Link30
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 25 May 2010 - 09:19 PM

I did not find any of those items under the add/remove programs or under program files but I did run the purity scan uninstaller. Computer is running better but I do think there may be a couple problems left. Did you want me to run both the SAS and MBAM? I will run those and post new logs for you.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 26 May 2010 - 02:09 PM

Yes those and an ESET scan and I think we will be good.
ESET Online:
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Link30

Link30
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 27 May 2010 - 01:04 PM

New SAS Log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/26/2010 at 01:30 PM

Application Version : 4.38.1004

Core Rules Database Version : 4900
Trace Rules Database Version: 2712

Scan type : Complete Scan
Total Scan Time : 01:33:42

Memory items scanned : 525
Memory threats detected : 0
Registry items scanned : 4554
Registry threats detected : 0
File items scanned : 74280
File threats detected : 19

Adware.Tracking Cookie
C:\Documents and Settings\Apollo\Cookies\apollo@interclick[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@bs.serving-sys[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@2o7[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\Apollo\Cookies\apollo@serving-sys[2].txt
C:\Documents and Settings\Apollo\Cookies\apollo@cdn4.specificclick[2].txt
C:\Documents and Settings\Apollo\Cookies\apollo@specificclick[2].txt
C:\Documents and Settings\Apollo\Cookies\apollo@doubleclick[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@ads.pointroll[2].txt
C:\Documents and Settings\Apollo\Cookies\apollo@apmebf[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@atdmt[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@pointroll[2].txt
C:\Documents and Settings\Apollo\Cookies\apollo@advertising[2].txt
C:\Documents and Settings\Apollo\Cookies\apollo@specificmedia[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@mediaplex[2].txt
C:\Documents and Settings\Apollo\Cookies\apollo@casalemedia[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@msnportal.112.2o7[1].txt
C:\Documents and Settings\Apollo\Cookies\apollo@ad.wsod[2].txt

Adware.OuterInfo-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP721\A0042813.EXE

#10 Link30

Link30
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 27 May 2010 - 01:23 PM

New MBAM Log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4143

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

5/27/2010 1:19:49 PM
mbam-log-2010-05-27 (13-19-49).txt

Scan type: Quick scan
Objects scanned: 125683
Time elapsed: 18 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 27 May 2010 - 02:04 PM

Ok, looks good.. Now to get that last one in system restore and be done.


Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Link30

Link30
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 27 May 2010 - 07:41 PM

I ran ESET. For some reason I cant get access to the log but it did say no threats found.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 27 May 2010 - 07:49 PM

That happens sometimes when there is nothing found. No explanation but I've seen it a hundred times.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Link30

Link30
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 31 May 2010 - 10:25 PM

Thanks for your help. Computer seems to be running much better. I still can find a couple of issues every time I run these programs but they are getting fewer every time.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 01 June 2010 - 10:49 AM

Perhaps there is still something hidden and we can get it with a deeper look if you like.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users