Highjackthis log, virtumonde?

Status
Not open for further replies.
1. Please open Notepad
  • Click Start, then Run
  • Type "notepad.exe" in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code: 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMdffdf25a"=-
3. Then in the text file go to FILE => SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply

----------------

Delete these entries with HJT:

O4 - HKLM\..\Run: [BMdffdf25a] Rundll32.exe "C:\WINDOWS\system32\jtssnlrx.dll",s
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf.com/fun/installer/Install.cab
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

----------------

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Logs Required In Next Post
------------------------------

ComboFix Log
ActiveScan Log
New HJT Log
 
ComboFix 08-05-21.2 - Leland Fecher 2008-05-23 16:39:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.656 [GMT -4:00]
Running from: C:\Documents and Settings\Leland Fecher\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Leland Fecher\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Leland Fecher\err.log

.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-23 13:14 . 2008-05-23 13:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 12:51 . 2008-05-23 12:51 <DIR> d-------- C:\Program Files\backups
2008-05-21 14:03 . 2008-05-21 14:03 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-21 13:49 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-21 13:49 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-21 13:49 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-21 13:49 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-21 13:49 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-21 13:49 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-21 13:49 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-21 13:49 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-21 13:49 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-21 13:26 . 2005-08-25 19:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-05-21 13:26 . 2005-08-25 19:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-05-21 13:26 . 2005-08-25 19:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-21 13:26 . 2008-05-21 13:26 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-21 13:21 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-21 13:21 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-21 13:21 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-21 13:21 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-21 13:21 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-21 13:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-21 13:21 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-21 13:21 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-21 12:45 . 2008-05-21 12:45 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-05-20 23:25 . 2008-05-23 13:15 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-20 23:25 . 2008-05-20 23:25 <DIR> d-------- C:\Documents and Settings\Leland Fecher\Application Data\Simply Super Software
2008-05-20 23:25 . 2008-05-20 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-20 23:25 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-20 23:25 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-20 23:25 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-20 23:25 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-20 23:25 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-20 22:42 . 2008-05-20 22:42 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-20 22:18 . 2008-05-20 22:18 <DIR> d-------- C:\Program Files\CCleaner
2008-05-20 17:27 . 2008-05-20 17:27 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-05-20 16:59 . 2008-05-20 19:16 <DIR> d-------- C:\VundoFix Backups
2008-05-20 14:32 . 2008-05-20 23:15 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-20 14:26 . 2008-05-20 14:26 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-20 14:26 . 2008-05-20 14:26 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-20 14:25 . 2008-05-20 14:53 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-20 14:25 . 2008-05-20 14:25 <DIR> d-------- C:\Program Files\AVG
2008-05-20 14:25 . 2008-05-20 14:55 <DIR> d-------- C:\Documents and Settings\Leland Fecher\Application Data\AVGTOOLBAR
2008-05-20 14:25 . 2008-05-20 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-05 22:36 . 2008-05-23 16:34 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-04 22:02 . 2008-05-04 22:02 <DIR> d-------- C:\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 17:47 --------- d-----w C:\Program Files\Sportsbook Poker
2008-07-05 17:43 --------- d-----w C:\Program Files\Steam
2008-05-23 16:48 4,971 ----a-w C:\Program Files\hijackthis.log
2008-05-22 19:21 --------- d-----w C:\Program Files\PokerStars
2008-05-21 17:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-21 04:46 401,720 ----a-w C:\Program Files\HijackThis.exe
2008-05-20 21:28 --------- d-----w C:\Program Files\PowerISO
2008-05-14 00:41 --------- d-----w C:\Program Files\Full Tilt Poker
2008-05-13 16:13 --------- d-----w C:\Program Files\World of Warcraft
2008-05-06 02:42 --------- d-----w C:\Program Files\iTunes
2008-04-16 20:41 --------- d-----w C:\Documents and Settings\Leland Fecher\Application Data\BitTorrent
2008-04-13 22:27 --------- d-----w C:\Documents and Settings\Leland Fecher\Application Data\U3
2008-04-10 21:15 --------- d-----w C:\Documents and Settings\Leland Fecher\Application Data\Wizards of the Coast
2008-04-10 18:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 18:38 --------- d-----w C:\Program Files\Wizards of the Coast
2008-04-01 18:53 --------- d-----w C:\Program Files\Java
2008-03-30 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\CCP
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-01-05 01:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-02-14 22:20 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-21_23.53.40.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 03:47:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 20:30:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 20:31:00 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_410.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-20 14:25 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-20 14:25 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-05-20 14:25 1177368 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1147121880\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1147121880\\ee\\aim6.exe"=
"C:\\Program Files\\Sierra On-Line\\sigspat.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-20 14:26]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-20 14:25]
R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys [2004-05-21 20:18]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-05 16:54:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 16:43:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-23 16:45:10
ComboFix-quarantined-files.txt 2008-05-23 20:44:23
ComboFix2.txt 2008-05-23 16:45:55
ComboFix3.txt 2008-05-22 03:53:59

Pre-Run: 4,455,710,720 bytes free
Post-Run: 4,438,085,632 bytes free

177 --- E O F --- 2008-05-21 17:53:05
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:13 PM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 4651 bytes
 
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-23 23:42:11
PROTECTIONS: 1
MALWARE: 51
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00046490 adware/azesearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d7bf3304-138b-4dd5-86ee-491bb6a2286c}
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Leland Fecher\Desktop\VirtumundoBeGone.exe[²ƒÇ]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Leland Fecher\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP366\A0463322.exe
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[servedby.advertising.com/]
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.as-eu.falkag.net/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9yttxjfz.default\cookies.txt[.entrepreneur.com/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9yttxjfz.default\cookies.txt[.entrepreneur.com/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9yttxjfz.default\cookies.txt[.entrepreneur.com/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.entrepreneur.com/]
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.entrepreneur.com/]
00149002 Cookie/Peel TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.peel.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.maxserving.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.com.com/]
00167657 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.ehg-ubisoft.hitbox.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.z1.adserver.com/]
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.z1.adserver.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[counter.hitslink.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[counter.hitslink.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[counter.hitslink.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[counter.hitslink.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.apmebf.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[www.burstbeacon.com/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.as-us.falkag.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies.txt[server.iad.liveperson.net/hc/43682891]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[server.iad.liveperson.net/hc/75190831]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ads.pointroll.com/]
 
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.cs.sexcounter.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.bravenet.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.bravenet.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.bravenet.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.adultfriendfinder.com/]
00234869 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9yttxjfz.default\cookies.txt[media.fastclick.net/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.atwola.com/]
00262633 Application/Winfixer2005 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0462667.dll
00266219 adware/yazzle Adware No 0 Yes No c:\windows\downloaded program files\yazzleactivex.inf
00269445 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460561.exe
00269456 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460507.dll
00269457 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460563.exe
00269463 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460562.exe
00269465 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460556.exe
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[.ehg-dig.hitbox.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-1.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Leland Fecher\Application Data\Mozilla\Firefox\Profiles\x2bxe3rd.default\cookies-3.txt[citi.bridgetrack.com/]
00505593 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460515.exe
00505595 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460557.exe
00508729 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460514.dll
00510374 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460540.DLL
00515489 Adware/WinAntivirus2006 Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0459504.exe
00515778 Application/ErrorProtector Spyware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460517.exe
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Leland Fecher\Desktop\VirtumundoBeGone.exe
00962631 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460490.sys
00962631 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460554.sys
00962631 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0459506.sys
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Leland Fecher\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0463401.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0463543.EXE
01269203 Application/WinAntiVirus2007 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460503.dll
02137872 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460641.dll
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Leland Fecher\Desktop\SmitfraudFix\Reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP366\A0463323.exe
02656820 Dialer.KTG Dialers No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460642.dll
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP367\A0463392.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0463531.sys
02905337 Application/BarreraIntegral HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460531.dll
02905342 Application/BarreraIntegral HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460532.DLL
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460640.exe
02983957 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0459477.dll
02983959 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP368\A0463524.dll
02983959 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\jtssnlrx.dll.vir
02985989 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0460513.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
 
Step1

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step2

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Then your clean :)

Kind Regards,
Techpro5238
 
Ok, just so we're clear, I'm good to use my computer for doing all my banking and gaming and stuff? I'm totally clean of terrible viruses?
Just wanted to make sure we're on the same page.
Thank you so much!! These forums are now on my number one site to visit, you guys are all so nice and have really helped me out a ton. Thanks again, I'll talk to you later (hopefully not about viruses again).

Also: Can i continue to use AVG to keep me safe?
 
Do you use AVG8? If not then go here:

http://www.grisoft.cz/filedir/inst/avg_free_stf_en_8_100a1295.exe

Download that file, and uninstall your current AVG installation. Then use the installation file to install the new AVG.

----------

Also go to Start => Run and type the text in the quotes into the run box:

"combofix /u"

Then you will be completely updated and clean.

----------------

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs.
 
alright, uninstalled combofix, i've been running AVG 8.0 so i'm good there.
I'll get the programs you've suggested later today (I have a wedding to go to in 15 minutes). Thank you so much! And I can bank again now right?
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
3K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom