Jump to content

PUM.WLoad - Help!

Waz4liverpool
 Share

Recommended Posts

Waz4liverpool

Waz4liverpool

Posted
Posted

Hello,

I recently cleaned my infected pc my downloading and mbam v1.75 but it seems that all threats except the pum.wload were removed. I kept scanning and cleaning but after restarting, the virus is still there! However, after looking pum.wload on the net, which apparantly infect the computer in several places, it seems the one I have only infects a certain registry key - ( ...>currentversion>window-->load - usWMV.exe) so should I just use regassasin to delete this key?

Anyway here's the Hijackthis log:

hijackthis.log

Thank you for your time!

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Documents and Settings\currys\usWMV.exe) -> FOUND

[sHELL][sUSP PATH] HKUS\S-1-5-21-2241422195-4274685190-4283754273-1005[...]\Windows : load (C:\Documents and Settings\currys\usWMV.exe) -> FOUND

Now click Delete on the right hand column under Options

Then........

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
Waz4liverpool

Waz4liverpool

Posted
  • Author
Posted

<p>Ran Roguekiller and did as you asked but after clicking "Delete", it only found and deleted the first entry. The second entry seemed to dissappear:</p>

<p> </p>

<p>Here's the scan log:</p>

<p> </p>

<div>RogueKiller V8.5.4 [Mar 18 2013] by Tigzy</div>

<div>mail : tigzyRK<at>gmail<dot>com</div>

<div>Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>

<div>Website : http://tigzy.geekstogo.com/roguekiller.php</div>

<div>Blog : http://tigzyrk.blogspot.com/</div>

<div> </div>

<div>Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version</div>

<div>Started in : Normal mode</div>

<div>User : currys [Admin rights]</div>

<div>Mode : Scan -- Date : 04/13/2013 14:22:11</div>

<div>| ARK || FAK || MBR |</div>

<div> </div>

<div>¤¤¤ Bad processes : 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Registry Entries : 4 ¤¤¤</div>

<div>[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Documents and Settings\currys\usWMV.exe) -> FOUND</div>

<div>[sHELL][sUSP PATH] HKUS\S-1-5-21-2241422195-4274685190-4283754273-1005[...]\Windows : load (C:\Documents and Settings\currys\usWMV.exe) -> FOUND</div>

<div>[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</div>

<div> </div>

<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>

<div> </div>

<div>¤¤¤ Driver : [LOADED] ¤¤¤</div>

<div> </div>

<div>¤¤¤ HOSTS File: ¤¤¤</div>

<div>--> C:\WINDOWS\system32\drivers\etc\hosts</div>

<div> </div>

<div>127.0.0.1       localhost</div>

<div> </div>

<div> </div>

<div>¤¤¤ MBR Check: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++</div>

<div>--- User ---</div>

<div>[MBR] f56aa1a8533d57fee71139d4fc532028</div>

<div>[bSP] 0424eaa93bcb1c91268b34b8e378cded : KIWI Image system MBR Code</div>

<div>Partition table:</div>

<div>0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 6149 Mo</div>

<div>1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12594960 | Size: 72749 Mo</div>

<div>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161585152 | Size: 73727 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>Finished : << RKreport[1]_S_04132013_02d1422.txt >></div>

<div>RKreport[1]_S_04132013_02d1422.txt</div>

<div> </div>

<div> </div>

<div>And here's the delete log:</div>

<div>

<div>RogueKiller V8.5.4 [Mar 18 2013] by Tigzy</div>

<div>mail : tigzyRK<at>gmail<dot>com</div>

<div>Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>

<div>Website : http://tigzy.geekstogo.com/roguekiller.php</div>

<div>Blog : http://tigzyrk.blogspot.com/</div>

<div> </div>

<div>Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version</div>

<div>Started in : Normal mode</div>

<div>User : currys [Admin rights]</div>

<div>Mode : Remove -- Date : 04/13/2013 14:23:25</div>

<div>| ARK || FAK || MBR |</div>

<div> </div>

<div>¤¤¤ Bad processes : 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Registry Entries : 3 ¤¤¤</div>

<div>[sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Documents and Settings\currys\usWMV.exe) -> DELETED</div>

<div>[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NOT SELECTED</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED</div>

<div> </div>

<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>

<div> </div>

<div>¤¤¤ Driver : [LOADED] ¤¤¤</div>

<div> </div>

<div>¤¤¤ HOSTS File: ¤¤¤</div>

<div>--> C:\WINDOWS\system32\drivers\etc\hosts</div>

<div> </div>

<div>127.0.0.1       localhost</div>

<div> </div>

<div> </div>

<div>¤¤¤ MBR Check: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++</div>

<div>--- User ---</div>

<div>[MBR] f56aa1a8533d57fee71139d4fc532028</div>

<div>[bSP] 0424eaa93bcb1c91268b34b8e378cded : KIWI Image system MBR Code</div>

<div>Partition table:</div>

<div>0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 6149 Mo</div>

<div>1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12594960 | Size: 72749 Mo</div>

<div>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161585152 | Size: 73727 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>Finished : << RKreport[2]_D_04132013_02d1423.txt >></div>

<div>RKreport[1]_S_04132013_02d1422.txt ; RKreport[2]_D_04132013_02d1423.txt</div>

<div> </div>

<div> </div>

<div>And subsequent scan log:</div>

<div>

<div>RogueKiller V8.5.4 [Mar 18 2013] by Tigzy</div>

<div>mail : tigzyRK<at>gmail<dot>com</div>

<div>Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>

<div>Website : http://tigzy.geekstogo.com/roguekiller.php</div>

<div>Blog : http://tigzyrk.blogspot.com/</div>

<div> </div>

<div>Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version</div>

<div>Started in : Normal mode</div>

<div>User : currys [Admin rights]</div>

<div>Mode : Scan -- Date : 04/13/2013 14:24:24</div>

<div>| ARK || FAK || MBR |</div>

<div> </div>

<div>¤¤¤ Bad processes : 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Registry Entries : 2 ¤¤¤</div>

<div>[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</div>

<div> </div>

<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>

<div> </div>

<div>¤¤¤ Driver : [LOADED] ¤¤¤</div>

<div> </div>

<div>¤¤¤ HOSTS File: ¤¤¤</div>

<div>--> C:\WINDOWS\system32\drivers\etc\hosts</div>

<div> </div>

<div>127.0.0.1       localhost</div>

<div> </div>

<div> </div>

<div>¤¤¤ MBR Check: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++</div>

<div>--- User ---</div>

<div>[MBR] f56aa1a8533d57fee71139d4fc532028</div>

<div>[bSP] 0424eaa93bcb1c91268b34b8e378cded : KIWI Image system MBR Code</div>

<div>Partition table:</div>

<div>0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 6149 Mo</div>

<div>1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12594960 | Size: 72749 Mo</div>

<div>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161585152 | Size: 73727 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>Finished : << RKreport[3]_S_04132013_02d1424.txt >></div>

<div>RKreport[1]_S_04132013_02d1422.txt ; RKreport[2]_D_04132013_02d1423.txt ; RKreport[3]_S_04132013_02d1424.txt</div>

<div> </div>

<div>Is that normal? Anyway, updating MBAM now and will post back with scan report soon.</div>

<div> </div>

<div>Thanks again.</div>

<div> </div>

</div>

<div> </div>

</div>

<div> </div>

Link to post
Share on other sites
Waz4liverpool

Waz4liverpool

Posted
  • Author
Posted

Ran MBAM and here's the report:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.13.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

currys :: YOUR-70ACE488F7 [administrator]

Protection: Enabled

13/04/2013 20:15:19

mbam-log-2013-04-13 (20-15-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 248047

Time elapsed: 24 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

The computer looks to be ok now.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Good, while you're here lets check for any adware:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

I can't pick and choose what's detected by AdwCleaner, here's some links about your concerns with those programs:

http://www.systemloo...sIE_64_dll.html

http://www.systemloo...tbHot3_dll.html

http://www.systemloo...rch=Conduit+&s=

http://malwaretips.c...search-removal/

Is this something that can be easily re-installed?

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites
Waz4liverpool

Waz4liverpool

Posted
  • Author
Posted

Here is the log of adwcleaner:

# AdwCleaner v2.200 - Logfile created 04/15/2013 at 19:16:32

# Updated 02/04/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : currys - YOUR-70ACE488F7

# Boot Mode : Normal

# Running from : C:\Documents and Settings\currys\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\Hotspot Shield

Deleted on reboot : C:\Program Files\Hotspot Shield

File Deleted : C:\END

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Speedbit

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Hotspot Shield

Folder Deleted : C:\Documents and Settings\currys\Application Data\Hotspot Shield

Folder Deleted : C:\Documents and Settings\currys\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\currys\Application Data\Toolbar4

Folder Deleted : C:\Documents and Settings\currys\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\currys\Local Settings\Application Data\Hotspot_Shield

Folder Deleted : C:\Documents and Settings\currys\Local Settings\Application Data\OpenCandy

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Hotspot_Shield

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Hotspot_Shield

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SBConvert

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SpeedBit

Key Deleted : HKCU\Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Hotspot_Shield

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24166B1B-917C-400B-8028-B02C6242A3F3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3941415-CA5C-4F79-8BC0-311E652D643F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Hotspot_Shield Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar

Key Deleted : HKLM\Software\SpeedBit

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v18.0.1025.142

File : C:\Documents and Settings\currys\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [5762 octets] - [15/04/2013 19:16:32]

########## EOF - C:\AdwCleaner[s1].txt - [5822 octets] ##########

Will post back with the security check soon.

Thanks.

Link to post
Share on other sites
Waz4liverpool

Waz4liverpool

Posted
  • Author
Posted

And here is the Security Check log:

Results of screen317's Security Check version 0.99.62

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

`````````Anti-malware/Other Utilities Check:`````````

Windows Defender

Malwarebytes Anti-Malware version 1.75.0.1300

CCleaner

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.1.53.64 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Thanks again.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

Java™ 6 Update 31 <--uninstall from your add/remove programs

Java version out of Date! <-------Download and install the latest version from Here

Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

Adobe Flash Player 10 Flash Player out of Date! <---uninstall from add/remove programs

Adobe Flash Player 10.1.53.64 Flash Player out of Date! <----check for an update if available (located in your control panel)

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe.

--------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept