Jump to content

Antivirus Plus keeps coming back


candy

Recommended Posts

Hello,

I've run Malwarebytes Anti-malware a few times on Quick Scan, and it reports that Antivirus Plus is removed. Unfortunately, it keeps coming back on reboot. Attempts to run Anti-malware on Full Scan causes the computer to lock up after 17-18 minutes and require a hard reboot.

Any help would be very much appreciated, mbam and hjt log files pasted below. Thanks!

*********************************

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 2

11/14/2009 2:06:39 PM

mbam-log-2009-11-14 (14-06-39).txt

Scan type: Quick Scan

Objects scanned: 89541

Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

C:\Documents and Settings\candy\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

C:\Documents and Settings\candy\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

C:\Documents and Settings\candy\Start Menu\Programs\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

C:\Documents and Settings\candy\Desktop\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

C:\Documents and Settings\candy\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

C:\Documents and Settings\candy\Start Menu\Programs\Startup\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

*********************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:07:03 PM, on 11/14/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Documents and Settings\candy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\candy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Documents and Settings\candy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\candy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Antivirus Plus BHO - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - C:\Documents and Settings\candy\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX4800"

O4 - HKLM\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\candy\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll", start 70367200

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\candy\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll", start 70367200

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} (TSWebCtl.UCTSWeb) - http://remote.lw.com/TSWebCtl.CAB

O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - http://remote.lw.com/v3rdpchk.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL aibsmp.dll ysstpd.dll c:\windows\system32\jezaweze.dll rawijeku.dll c:\windows\system32\kosilalo.dll c:\windows\system32\ c:\windows\system32\ c:\windows\system32\gipunowe.dll

O21 - SSODL: SysNet - {1AD0B360-4604-4F0F-A6E8-DB2AAD8C601C} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll (file missing)

O21 - SSODL: davelovuj - {aca1c60d-6547-42af-b644-da43159ba1ae} - c:\windows\system32\jezaweze.dll (file missing)

O21 - SSODL: jokupewul - {4f967da0-6753-482d-a8c2-b45555cce0bb} - c:\windows\system32\kosilalo.dll (file missing)

O21 - SSODL: zirezobaz - {17abdb9a-50b7-4278-9fe7-9d59005d87ff} - c:\windows\system32\dasofupu.dll (file missing)

O21 - SSODL: yimihonad - {5e3557ca-2cad-4785-9082-a40966c6bc6d} - c:\windows\system32\gipunowe.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {aca1c60d-6547-42af-b644-da43159ba1ae} - c:\windows\system32\jezaweze.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {4f967da0-6753-482d-a8c2-b45555cce0bb} - c:\windows\system32\kosilalo.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {17abdb9a-50b7-4278-9fe7-9d59005d87ff} - c:\windows\system32\dasofupu.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {5e3557ca-2cad-4785-9082-a40966c6bc6d} - c:\windows\system32\gipunowe.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--

End of file - 10469 bytes

Link to post
Share on other sites

Hi,

open HijackThis, click do a scan only and place a check next to the following entries:

O2 - BHO: Antivirus Plus BHO - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - C:\Documents and Settings\candy\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll

O4 - HKLM\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\candy\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll", start 70367200

O4 - HKCU\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\candy\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll", start 70367200

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL aibsmp.dll ysstpd.dll c:\windows\system32\jezaweze.dll rawijeku.dll c:\windows\system32\kosilalo.dll c:\windows\system32\ c:\windows\system32\ c:\windows\system32\gipunowe.dll

O21 - SSODL: SysNet - {1AD0B360-4604-4F0F-A6E8-DB2AAD8C601C} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll (file missing)

O21 - SSODL: davelovuj - {aca1c60d-6547-42af-b644-da43159ba1ae} - c:\windows\system32\jezaweze.dll (file missing)

O21 - SSODL: jokupewul - {4f967da0-6753-482d-a8c2-b45555cce0bb} - c:\windows\system32\kosilalo.dll (file missing)

O21 - SSODL: zirezobaz - {17abdb9a-50b7-4278-9fe7-9d59005d87ff} - c:\windows\system32\dasofupu.dll (file missing)

O21 - SSODL: yimihonad - {5e3557ca-2cad-4785-9082-a40966c6bc6d} - c:\windows\system32\gipunowe.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {aca1c60d-6547-42af-b644-da43159ba1ae} - c:\windows\system32\jezaweze.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {4f967da0-6753-482d-a8c2-b45555cce0bb} - c:\windows\system32\kosilalo.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {17abdb9a-50b7-4278-9fe7-9d59005d87ff} - c:\windows\system32\dasofupu.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {5e3557ca-2cad-4785-9082-a40966c6bc6d} - c:\windows\system32\gipunowe.dll (file missing)

Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that and a new log from HijackThis.

Link to post
Share on other sites

Thanks! Logs below.

*****************************************************

ComboFix 09-11-16.03 - candy 11/15/2009 16:48..2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1445 [GMT -8:00]

Running from: c:\documents and settings\candy\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Microsoft AData

c:\documents and settings\All Users\Microsoft AData\t.sid

c:\documents and settings\candy\Desktop\Security Tool.lnk

c:\documents and settings\candy\Local Settings\Application Data\{C1562B18-8A28-4302-8A66-9355942DDD80}

c:\documents and settings\candy\Local Settings\Application Data\{C1562B18-8A28-4302-8A66-9355942DDD80}\chrome.manifest

c:\documents and settings\candy\Local Settings\Application Data\{C1562B18-8A28-4302-8A66-9355942DDD80}\chrome\content\_cfg.js

c:\documents and settings\candy\Local Settings\Application Data\{C1562B18-8A28-4302-8A66-9355942DDD80}\chrome\content\c.js

c:\documents and settings\candy\Local Settings\Application Data\{C1562B18-8A28-4302-8A66-9355942DDD80}\chrome\content\overlay.xul

c:\documents and settings\candy\Local Settings\Application Data\{C1562B18-8A28-4302-8A66-9355942DDD80}\install.rdf

c:\documents and settings\candy\Start Menu\Programs\Security Tool.lnk

c:\windows\microsoftdef.dll

c:\windows\securits.com

c:\windows\system32\seruyone.dll

c:\windows\system32\tubevare.dll

c:\windows\system32\wegahuwe.dll

c:\windows\system32\zetoyago.exe

c:\windows\system32\zeyevavi.dll

c:\windows\system32\zusivuvo.dll

.

((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))

.

2009-11-15 02:11 . 2009-11-15 02:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2009-11-14 22:04 . 2009-11-14 22:04 -------- d-----w- c:\program files\Trend Micro

2009-11-12 03:53 . 2009-11-16 00:39 -------- d-----w- c:\documents and settings\candy\Application Data\AntiVirus Plus

2009-11-12 01:11 . 2009-11-12 01:11 -------- d-----w- c:\program files\Meerkat

2009-11-12 01:07 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-12 01:07 . 2009-11-12 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-12 01:07 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-10 04:41 . 2009-11-11 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-10 04:41 . 2009-11-10 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-04 05:10 . 2009-11-04 05:10 -------- d-----w- c:\documents and settings\candy\Application Data\AVG9

2009-11-04 04:56 . 2009-11-04 04:56 -------- d-----w- C:\$AVG

2009-11-04 04:56 . 2009-11-04 04:56 -------- d-----w- c:\program files\AVG

2009-11-04 04:56 . 2009-11-05 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-10-24 04:40 . 2009-10-24 04:40 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-24 04:40 . 2009-10-24 04:40 152576 ----a-w- c:\documents and settings\candy\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-16 00:54 . 2007-07-10 06:06 -------- d-----w- c:\documents and settings\candy\Application Data\WTablet

2009-11-15 02:11 . 2006-12-08 07:03 -------- d-----w- c:\program files\Picasa2

2009-11-15 02:11 . 2006-12-08 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-11-14 21:57 . 2009-01-02 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-11-12 17:03 . 2007-07-17 01:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

2009-11-10 07:45 . 2006-12-13 06:05 -------- d-----w- c:\documents and settings\candy\Application Data\Azureus

2009-10-24 04:40 . 2006-12-08 04:22 -------- d-----w- c:\program files\Java

2008-08-06 08:53 . 2007-06-12 07:19 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-08-12 03:52 . 2009-08-12 03:52 1212987 --sha-w- c:\windows\system32\fenoyoyu.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-11-12 1312080]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk

backup=c:\windows\pss\AntiVirus Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^candy^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\candy\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^candy^Start Menu^Programs^Startup^AntiVirus Plus.lnk]

path=c:\documents and settings\candy\Start Menu\Programs\Startup\AntiVirus Plus.lnk

backup=c:\windows\pss\AntiVirus Plus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Documents and Settings\\candy\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

"c:\\WINDOWS\\system32\\Tablet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

"6888:TCP"= 6888:TCP:Azureus - TCP

"6888:UDP"= 6888:UDP:Azureus - UDP

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/11/2007 11:19 PM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

2009-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-16 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-22 11:25]

2009-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2111687655-839522115-1003Core.job

- c:\documents and settings\candy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-05 08:29]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2111687655-839522115-1003UA.job

- c:\documents and settings\candy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-05 08:29]

2009-11-14 c:\windows\Tasks\Norton AntiVirus - Scan my computer - candy.job

- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 20:20]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} - hxxp://remote.lw.com/TSWebCtl.CAB

FF - ProfilePath - c:\documents and settings\candy\Application Data\Mozilla\Firefox\Profiles\4osynjt8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - component: c:\documents and settings\candy\Application Data\Mozilla\Firefox\Profiles\4osynjt8.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\documents and settings\candy\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-EPSON Stylus CX4800 Series (Copy 1) - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE

SafeBoot-aawservice

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-15 16:55

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\wuapi.dll.wusetup.126984.bak 561688 bytes executable

c:\windows\system32\wuauclt.exe.wusetup.127375.bak 51224 bytes executable

c:\windows\system32\wuaueng.dll.wusetup.128734.bak 1809944 bytes executable

scan completed successfully

hidden files: 3

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1816)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\Tablet.exe

c:\windows\system32\Tablet.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2009-11-15 17:02 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-16 01:01

Pre-Run: 9,800,572,928 bytes free

Post-Run: 9,774,366,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

- - End Of File - - 23DBD970B456F3FCC52DCA38E3857361

*******************************************************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:08:18 PM, on 11/15/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\candy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\candy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\candy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\candy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\candy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\candy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} (TSWebCtl.UCTSWeb) - http://remote.lw.com/TSWebCtl.CAB

O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - http://remote.lw.com/v3rdpchk.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--

End of file - 8831 bytes

Link to post
Share on other sites

Your computer now seems to be clean.

The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files.

  • Go to Start
  • Click on Run
  • Type ComboFix /uninstall (Note: This command is case sensitive.)
    CFuninstall.png

  1. Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.

    1. Double-click ATF-Cleaner.exe to run the program.
    2. Under Main choose: Select All. Then remove the check mark for cookies
    3. Click the Empty Selected button.

If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • Remove the check mark for Cookies
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .

If you use Opera browser

  • Click Opera at the top and
  • choose: Select All.
  • Remove the check mark for Cookies
  • Click the Empty Selected button.

It is a good idea to do this every few weeks as a lot of junk collects there over time.

[*]Create a new, clean System Restore point which you can use in case of future system problems:

Press Start->All Programs->Accessories->System Tools->System Restore

Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:

Next click Start->Run and type cleanmgr in the box and press OK

Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.

Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt

Press OK and Yes to confirm

[*]Set correct settings for files that should be hidden in Windows XP

  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK

[*]Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

[*]Download and install the free version of Malwarebytes' Anti-Malware to your desktop. Check for the latest updates and perform a full system scan. This is an on-demand scanner and runs very well with Winpatrol.

[*]If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm

[*]Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.

[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.

Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.

[*]Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.

[*]Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.

[*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

[*]Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miekiem...prevention.html that will give you more information on some of the points above.

[*]Please check out Tony Klein's article "How did I get infected in the first place?"

Follow this list and your potential for being infected again will reduce dramatically. (preventionspeech by Elrond)

Regards,

Rosty.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.