oldjhawk
Members-
Posts
7 -
Joined
-
Last visited
Reputation
0 Neutral-
Thanks for all your help! Terry
-
Okay. Downloaded the NAV Removal tool and ran it. Removed the old Java. Upgraded Adobe. Disabled AVG and ran Kapsperky online scanner. Attached is the file it produced. Thanks! ksp.txt ksp.txt
-
Yes. My friend finally had a chance to perform the steps and the Kaspersky is going now while she's here at work. I'll let you know tonight or tomorrow. Thanks for the patience.
-
Okay. First off, thanks for the help! I completed your directions and after doing combofix with the script provided, windows update automatically started up in the tray. I finished the stages you suggested and came up with these logs. Let me know how it's looking. Again, thanks! ComboFix.txt mbam_log_2009_07_01.txt Attach.txt DDS.txt ComboFix.txt mbam_log_2009_07_01.txt Attach.txt DDS.txt
-
I cleaned some trojans off a friend's Windows XP machine but I still couldn't get a Windows Update to load. I can get to the update page, but after clicking "express", the page comes back unable to load. The history: I couldn't get Malwarebytes to run, so I renamed the executable file as well as the program itself. It would run but then shut itself down. So, I ran it again and I would stop MWB along the way and delete viruses, little by little. Finally, the reports showed clear. She uses free AVG and those reports now show clear. However, I still can't do WU. Also, when trying to boot into safe mode, the blue screen of death appears, if that helps anyone with my problem. I ran ccleaner and deleted all it found. I ran combo fix and I'm attaching that log. I also ran rootrepeal and am posting those results. There were red flagged entries, but was afraid to wipe then until someone says to. Actually, I'm posting two RR logs, both showing "hooked" files. Thanks for any help. log.txt rrlogfiles.txt rrolg.txt log.txt rrlogfiles.txt rrolg.txt
-
Search Engine Result Displays Web Page in Wingdings
oldjhawk replied to oldjhawk's topic in Resolved Malware Removal Logs
I'll reply to my own post. I updated Malwarebytes (after changing the program to xxxx.exe so it would run) and then did a scan in safe mode. malwarebytes found trojan.agent and I deleted it. The PC restarted and our corporate Symantec Antivirus popped up stating it caught w32.tidserv and deleted it. I searched the symantec site and found registry keys to delete. So far so good. Hope this helps others out there. -
A co-worker clicked on one the web pages that looked like her computer was infected. I've used Malwarebytes to clear her PC, but when she types in a search item (using google or Yahoo) and clicks on a result, the page displays in wingdings and not text. You can then type this page in the address bar and the page displays normal. Norton scans show clean. Malwarebytes scan shows clean. I'm attaching a hijackthis log with hopes someone will know an answer. In case I didn't explain very well, after a search engine gives results, by clicking a result page takes you to that page, but the page is displayed in wingdings. If you type that page in the address line, it works fine. Thanks in advance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:10:52 AM, on 04/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Comodo\CBOClean\BOC427.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221840371750 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\EI40_\msxml4.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/software/express...tall/isetup.cab O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe