Clare

Borislav all done, Thank you so much for the help! I feel more comfortable about using my laptop normally now, secure sites etc... Really appreciate it Take care, Clare

Crikey, all the way back on the 6th page! I'm back Borislav! Everything seems to be working fine. The only thing I've noticed, which I don't think is related and is just a Vista quirk, is that the recycle bin icon is showing as full when it isn't, but that's happened before so nothing to do with the computer been infected. What do I do now to be declared free of infestation? Do I run Malwarebytes to check again? Then can I install Adobe and delete the virus scan tools? Thanks! Clare

No, that's fine. I can wait to re-install it Thanks. Clare

Your file is different to the one I just got from the website: http://free.avg.com/ww-en/download.prd-afg Thanks, I'll install it again and come back on the 10th to let you know how things are going I know I'm being a pest, but should I be doing all of this on my desktop computer as well? Malwarebytes caught a Trojan trying to download a while ago but things seem okay. Can I re-install the latest versions of Java and Adobe Reader? Clare

What about virus protection? I'm a bit wary of leaving AVG off even if it didn't catch the problem, I don't have any active protection except for windows defender and the firewall and neither of those were any help. Clare

Seems fine, though I haven't done much, bit of surfing, tried a dvd, played an avi file. What should I be looking out for? Does that mean it's safe now? Clare

Hello again I found out why the log file for JavaRa didn't pop up, I had to right click the icon and 'run as administrator', there wasn't any lists of java in the log file so it looks like it ran fine before but just didn't produce the log. Okay, I found this bit scary I turned of my windows firewall, and windows defender before running combofix. I had to uninstall AVG Anti-virus Free as I couldn't get it to shut down completely. I followed the instructions for AVG 9, but Combofix still saw it as active as there's a couple of things you can't disable - can I re-install it now? Combofix appears to have deleted some files connected to my Acer Crystal webcam, why? I got that with the laptop and have no way to re-install those files if needed. Not that I use the it, but still it's a worry. Thanks again for the help and here's the log file. Clare Log: ComboFix 10-05-05.0D - Clare 07/05/2010 2:02.1.2 - x86 Microsoft

Hello Borislav, Thank you for answering my post I followed your instructions as best I could. Step 1: Adobe Reader 8.2.2 has been uninstalled. Step 2: Uninstalled Java in Control Panel > Add/Remove programs. JavaRa said it would open a log file, but it didn't pop up, so I don't know if there is a log file or where it is, but I did run it. DELETED - C:\Program Files\Java DELETED - C:\Program Files\Common Files\Java DELETED - C:\Windows\Sun This was a hidden file: DELETED - C:\Documents and Settings\All Users\Application Data\Sun\Java I can't find these anywhere: C:\Documents and Settings\All Users\Application Data\Java C:\Documents and Settings\username\Application Data\Java C:\Documents and Settings\username\Application Data\Sun\Java I ran the Malwarebytes quick scan anyway and the log is at the end of the post. Thanks again for your help. Clare Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4073 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 07/05/2010 00:23:16 mbam-log-2010-05-07 (00-23-16).txt Scan type: Quick scan Objects scanned: 118238 Time elapsed: 7 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Hello, I need some help please to see if my laptop is clean/secure. I think it is but... Recently I was infected with a fake anti-virus program, Antivirus Soft I think, the one that stops you using pretty much any other program. I found an article online, ran the computer in safe mode, did the IE's tools>Internet Options>Connections>Lan Settings check and took the tick out of the box and then ran Malwarebytes [full scan]. It found 4 problems and sorted it out for me. Here's the log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4063 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18904 04/05/2010 11:33:43 mbam-log-2010-05-04 (11-33-43).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 259466 Time elapsed: 1 hour(s), 54 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bklmlhap (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Clare\AppData\Local\fpgisduqc\cvkmqostssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. Everything seemed to be working fine, I had 2 clean full scans, 1 in safe mode, but then the next scan after that picked up another problem, [NB: Drive F is an external hard drive I use for storage, I inlcuded it in this scan just in case]: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4068 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 05/05/2010 13:18:15 mbam-log-2010-05-05 (13-18-15).txt Scan type: Full scan (C:\|D:\|F:\|) Objects scanned: 207034 Time elapsed: 2 hour(s), 5 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Clare\AppData\Local\Temp\SBvL.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. Since then I've had several clean scans, but I'm worried that there's still something lurking on the computer as I don't understand why the 2nd infection didn't show up in the first scan as I'm pretty sure it must have happened at the same time as the orginal problem. I've followed the instructions in the pinned post 'I'm infected - What do I do now?' post and have attached the logs. I'll paste in the 'DDS.txt' at the end. I'm not sure I needed to use Defrogger, it seemed to work but didn't ask me to reboot: defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:50 on 06/05/2010 (Clare) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Did I not do it properly? I'd appreciate the help, I'd really like to be able to use the laptop properly again and have no idea what the logs mean, at the moment I daren't risk logging into Ebay etc. until I talk to someone who knows what they're doing I have AVG Anti-Virus Free installed as well but it didn't pick up on any of this Oh, my computer is using Vista Home Premium, Service Pack 2, 32-bit Operating System if that's any use. Thanks for your time. Clare DDS Log: DDS (Ver_10-03-17.01) - NTFSx86 Run by Clare at 18:55:11.97 on 06/05/2010 Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18 Microsoft ark_and_Attach_logs.zip