Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Miuref.A, Variant.Kazy.320120, Trojan.Win32.Inject.gzuj - more to clean?


  • This topic is locked This topic is locked
9 replies to this topic

#1 ohiggins

ohiggins

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 16 February 2014 - 06:02 PM

Hello,

My wife noticed on Friday that MS Security Essentials popped up a warning on her system running Windows XP.   As I started to look things over, I tried to go to the Malwarebytes web site to download the lastest copy of the Anti-malware tool.  Althought I was getting proper Google search results, clicking on the links for Malwarebytes took me to a sketchy looking page.  Hitting the back button, however, took me to the correct Malwarebytes page.  I then shut the computer down and ran stand alone boot disks I had handy for Bitdefender and Kaspersky anti-virus scanners,  a restart into Windows XP, followed by MSSE removal of what it noted, then a run of Malwarebytes Anti-Malware and the Malwarebytes beta Anit-Rootkit.

Because of the multiple different findings by each tool, I'm wondering if I still have things to check for and clean up?

*** Bitdefender noted the following:

====================================================
= Logging started on Fri 14 Feb 2014 09:27:10 PM UTC
====================================================

List of objects to be scanned:
   - /media/IBM_PRELOAD

Object '/media/IBM_PRELOAD/Documents and Settings/Patty/Local Settings/Application Data/Ocwzics/diCommsperf8.dll' is infected with 'Gen:Variant.Kazy.320120'

==================================================
= Applying actions
==================================================
Object '/media/IBM_PRELOAD/Documents and Settings/Patty/Local Settings/Application Data/Ocwzics/diCommsperf8.dll' has been deleted


*** Kaspersky noted the following:

Objects Scan: completed 2 hours ago   (events: 6, objects: 440245, time: 04:10:00)    
2/15/14 4:57 AM    Task completed            
2/15/14 4:57 AM    Deleted: Trojan.Win32.Inject.gzuj    C:/Documents and Settings/Patty/Local Settings/Temp/cuentos-de-ninos-para-imprimir-gratis.zip        
2/15/14 2:49 AM    Detected: Trojan.Win32.Inject.gzuj    C:/Documents and Settings/Patty/Local Settings/Temp/cuentos-de-ninos-para-imprimir-gratis.zip/cuentos-de-ninos-para-imprimir-gratis.zip/cuentos-de-ninos-para-imprimir-gratis.exe/vbswoxpq.exe        
2/15/14 1:17 AM    Untreated: Trojan.Win32.Inject.gzuj    C:/Documents and Settings/Patty/Local Settings/Temp/cuentos-de-ninos-para-imprimir-gratis.zip/cuentos-de-ninos-para-imprimir-gratis.zip/cuentos-de-ninos-para-imprimir-gratis.exe/vbswoxpq.exe    Postponed    
2/15/14 1:17 AM    Detected: Trojan.Win32.Inject.gzuj    C:/Documents and Settings/Patty/Local Settings/Temp/cuentos-de-ninos-para-imprimir-gratis.zip/cuentos-de-ninos-para-imprimir-gratis.zip/cuentos-de-ninos-para-imprimir-gratis.exe/vbswoxpq.exe        
2/15/14 12:47 AM    Task started            
Objects Scan: completed <1 minute ago   (events: 2, objects: 440235, time: 02:04:03)    
2/15/14 7:02 AM    Task completed            
2/15/14 4:58 AM    Task started            


*** Upon restart of the system, I updated MS Security Essentials and ran a scan.  It noted the following:

2/15/14 - Trojan:JS/Miuref.A file:C:\Documents and Settings\Patty\Local Settings\Application Data\Mozilla\Firefox\Profiles\odm3gwwj.default\extensions\{634D11D9-EBC5-471E-05BB-40D1C82BC404}\components\PqiDefaultPlugin.js
2/14/14 Trojan:Win32/Miuref  file::\Documents and Settings\Patty\Local Settings\temp\ubswoxpq.exe
2/14/14 Trojan:Win32/Miuref  file::\Documents and Settings\Patty\Local Settings\temp\cuentos-de-ninow-para-iprimir-gratis.exe

which I removed via the MSSE.

and looking through its older logs:

2014-01-24T15:49:50.618Z DETECTION Trojan:JS/Miuref.A file:C:\Documents and Settings\Patty\Local Settings\Application Data\Google\Chrome\User Data\Default\njbbengdmfolboehaflleanbmiclmeae\6.0.0\background.js

*** Installed and updated Malwarebytes Anti-Malware, which noted the following:

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Patty :: PASR40 [administrator]

2/15/2014 11:53:44 AM
MBAM-log-2014-02-15 (16-34-45).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 340416
Time elapsed: 2 hour(s), 8 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\RECYCLER\S-1-5-21-1327770070-1630603108-266701607-1005\Dc207.exe (PUP.Optional.InstallMonetizer) -> No action taken.

(end)


*** Installed and ran Malwarebytes beta Anti-Rootkit tool, which noted:

-------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.398000 GHz
Memory total: 1609482240, free: 1033412608

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.398000 GHz
Memory total: 1609482240, free: 1067024384

Downloaded database version: v2014.02.15.08
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     02/15/2014 17:06:30
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ggdygun.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\System32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
drvmcdb.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
snapman.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
Mup.sys
agp440.sys
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\w29n51.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\SynTP.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\nscirda.sys
\SystemRoot\System32\DRIVERS\irenum.sys
\SystemRoot\System32\DRIVERS\CmBatt.sys
\SystemRoot\System32\DRIVERS\ibmpmdrv.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\System32\DRIVERS\AGRSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\BackupReader.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasirda.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\sxuptp.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\drivers\TSMAPIP.SYS
\SystemRoot\System32\drivers\Tppwr.sys
\SystemRoot\System32\Drivers\TPHKDRV.SYS
\SystemRoot\System32\drivers\TDSMAPI.SYS
\SystemRoot\System32\drivers\Smapint.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati3d1ag.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\System32\DRIVERS\irda.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Udfs.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a562ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a4f9940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a562ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a5dd288, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a5dd020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a562ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a5389e8, DeviceName: \Device\00000082\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a4f9940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 27B41E32

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 312575697
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\colbact.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\comuid.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\es.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\ole32.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828741$\txflog.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\callcont.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\h323.tsp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\msgina.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\mst120.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\schannel.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB837001$\dao360.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB824141$\user32.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB824141$\win32k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll" is compressed (flags = 1)
Scan finished
=======================================

*** DDS.txt output

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Patty at 16:58:36 on 2014-02-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1535.680 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\System32\ibmpmsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Home Server\LightsOutClientService.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RunDll32.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Home Server\LightsOutClientGUI.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///C:/Documents%20and%20Settings/Patty/My%20Documents/Download/home.htm
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - c:\program files\windows home server\WHSDeskBands.dll
TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - c:\program files\windows home server\WHSDeskBands.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\patty\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [S3TRAY2] S3Tray2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TPTRAY] c:\progra~1\thinkpad\utilit~1\TP98TRAY.EXE
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\patty\startm~1\programs\startup\autoru~1\openof~1.lnk - c:\program files\openoffice.org1.1.3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lights~1.lnk - c:\program files\windows home server\LightsOutClientGUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\thinkpad\pkgmgr\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://d:\content\include\XPPatchInstaller.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360895958773
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38178.3727893519
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
TCP: NameServer = 192.168.123.1
TCP: Interfaces\{9800AA48-17F5-456F-9AA4-46A695A8C80D} : DHCPNameServer = 192.168.123.1
Filter: AutorunsDisabled - <Clsid value has no data>
Notify: NavLogon - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 192.168.123.247 MYCROFT #Windows Home Server#
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\patty\application data\mozilla\firefox\profiles\odm3gwwj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dvorak.org/home.htm
FF - plugin: c:\documents and settings\patty\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\patty\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: !HIDDEN! 1970-05-29 14:31; {634D11D9-EBC5-471E-05BB-40D1C82BC404}; -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296]
R1 MpKsle9413561;MpKsle9413561;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c230120-a3e5-4079-8a12-1a11d438d144}\MpKsle9413561.sys [2014-2-16 40392]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2004-7-9 12288]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 HTCMonitorService;HTCMonitorService;c:\program files\htc\htc sync manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 LoClntService;LightsOut Client Service;c:\program files\windows home server\LightsOutClientService.exe [2010-11-15 49152]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2013-5-2 167424]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-10-7 44784]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2007-9-27 79232]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2013-5-2 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 21248]
S4 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
S4 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys --> c:\windows\system32\drivers\rcvpn.sys [?]
S4 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
.
=============== Created Last 30 ================
.
2014-02-16 21:48:53    647280    ----a-w-    c:\program files\mozilla firefox\libGLESv2.dll
2014-02-16 21:48:53    53360    ----a-w-    c:\program files\mozilla firefox\libEGL.dll
2014-02-16 21:48:53    118896    ----a-w-    c:\program files\mozilla firefox\maintenanceservice.exe
2014-02-16 21:48:52    3494512    ----a-w-    c:\program files\mozilla firefox\gkmedias.dll
2014-02-16 21:48:52    307824    ----a-w-    c:\program files\mozilla firefox\freebl3.dll
2014-02-16 21:48:52    275568    ----a-w-    c:\program files\mozilla firefox\firefox.exe
2014-02-16 21:48:50    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-02-16 21:48:50    117360    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2014-02-16 21:48:49    272496    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-02-16 21:48:48    75376    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2014-02-16 21:48:48    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-02-16 21:44:06    62576    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c230120-a3e5-4079-8a12-1a11d438d144}\offreg.dll
2014-02-16 21:44:06    40392    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c230120-a3e5-4079-8a12-1a11d438d144}\MpKsle9413561.sys
2014-02-16 21:35:28    7760024    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c230120-a3e5-4079-8a12-1a11d438d144}\mpengine.dll
2014-02-15 22:43:30    --------    d-----w-    c:\documents and settings\patty\application data\SUPERAntiSpyware.com
2014-02-15 22:42:53    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-02-15 22:42:53    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2014-02-15 22:06:31    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-02-15 22:06:30    107224    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-15 22:05:59    52312    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-15 16:59:41    7760024    ------w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2014-01-19 07:32:23    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-27 20:21:06    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
.
============= FINISH: 16:59:48.41 ===============


 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 AM

Posted 17 February 2014 - 09:40 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Let´s see:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 ohiggins

ohiggins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 17 February 2014 - 01:09 PM

Hello Marius!

 

Thank you for your assistance!  I went to run the ESET online scanner with IE.  The url www.eset.com/us/online-scaner-popup/ came up with the "ESET Online Scanner" banner across the top, but nothing to click on in the body of the page - not sure if that is significant.

 

Used Firefox instead and installed the ESET Smart Installer, then ran the scan.  Here are the results:

 

C:\Documents and Settings\Patty\My Documents\Download\Net2Phone\SOLOCommCenter.exe    probably a variant of Win32/Adware.BargainBuddy.C application
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 AM

Posted 18 February 2014 - 04:10 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 ohiggins

ohiggins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 18 February 2014 - 10:44 AM

Here are the results from AdwCleaner:

 

# AdwCleaner v3.019 - Report created 18/02/2014 at 10:28:31
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Patty - PASR40
# Running from : C:\Documents and Settings\Patty\My Documents\Download\Firefox downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Patty\Local Settings\Application Data\PackageAware

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Patty\Application Data\Mozilla\Firefox\Profiles\odm3gwwj.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Patty\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1380 octets] - [18/02/2014 10:25:40]
AdwCleaner[S0].txt - [1315 octets] - [18/02/2014 10:28:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1375 octets] ##########
 

 

Here are the results from SecurityCheck:

 

 Results of screen317's Security Check version 0.99.79  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 SUPERAntiSpyware     
 Windows Defender Signatures   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 8  
 Adobe Reader XI  
 Mozilla Firefox (27.0.1)
 Mozilla Thunderbird (24.3.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 AM

Posted 19 February 2014 - 06:52 AM

Your system is clean now! :)

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 ohiggins

ohiggins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 19 February 2014 - 11:34 AM

Marius - thanks very much for your help!!!  :bounce:



#8 ohiggins

ohiggins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 19 February 2014 - 11:38 AM

P.S. - added a small donation as well  :tophat:



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 AM

Posted 20 February 2014 - 07:37 AM

Thank you very much! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 AM

Posted 20 February 2014 - 07:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users