Jump to content

I REALLY BADLY NEED HELP


Recommended Posts

Hi sorry for not posting ang logs as i dont know how to do this yet.

well ill get to my problem so basically i have malwarbytes installed and it keeps on saying mallious ip blocked nearly every 2minnutes and sometimes my internet switches of and this didnt happen to like 2 weeks ago after i download a program for my capture card. but my computer is also running slow plus i just run a full scan and it ended in 2 mins which was weird. i really apperiaciate if you caqn help me.

Jay

Link to post
Share on other sites

Hello and welcome to MalwareBytes.

My sympathies to you. But we very much need reports before proceeding to diagnose your system.

We need some minimal reports, that you need to get for us, and then Copy & Paste back here.

See, read, digest, follow this article ---> http://forums.malwarebytes.org/index.php?showtopic=9573

Do as much of it as you can. Then post the logs/reports back here.

For my benefit and for others on the forum as well, please use some white space in between your sentences.

Makes it easier to communicate.

Link to post
Share on other sites

It is not at all surprising that this system is slow. It is shock full of running programs & utilities !!

You have how many Peer-to-peer file-sharing programs ?? De-install all of them before we go further.

And confirm having done so.

De-install BitTorrent & Limewire

nuke.gif Such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Link to post
Share on other sites

If you cannot use Internet Explorer, then, use Firefox to download the tools we need. Make SURE to SAVE the files to the Desktop first. Do NOT run the programs straight from your browser.

If not able to download on this system, use a clean system and download and burn to CD/DVD or save on a unused new USB flash drive, and transport and copy (put) the tools on the DESKTOP.

Step 1

Download and Save to the DESKTOP Win32kDiag from any of the following locations and save it to your Desktop.

Click on Start button. Select Run, and copy-paste the following command (the bolded text) into the "Open" textbox, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Step 2

(With much thanks to Tetonbob at TSF, whose methods & verbiage I'm using here).

Download This tool save it directly to your desktop - not a folder on the desktop - the commands are tailored for the desktop location.

Click Start>Run and

Copy then Paste the following bolded text into the Run box and click OK:

"%userprofile%\desktop\Inherit.exe" "c:\Program Files\Internet Explorer\iexplore.exe"

Repeat for these files, or simply find the files, and drag.drop them onto inherit.exe. Any other files you get an access denied message, you can do the same

"%userprofile%\desktop\Inherit.exe" "C:\Program Files\Mozilla Firefox\firefox.exe"

Step 3

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 4

Download OTL by OldTimer to your desktop: >> from here <<

  • Please RIGHT-click OTL.com otlDesktopIcon.png and select "Run As Administrator" to start it.
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    :Commands
    [purity]
    [emptytemp]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 5

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy of contents of the OTL MovedFiles log

and the latest MBAM scan log

Link to post
Share on other sites

here the logs

OTL.txt log

All processes killed

Error: Unable to interpret <[emptytemp]> in the current context!

Error: Unable to interpret <[RESETHOSTS]> in the current context!

Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!

OTL by OldTimer - Version 3.2.5.0 log created on 05222010_222557

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\mcafee_hqUSgJFgc87nLXD not found!

File\Folder C:\Windows\temp\mcmsc_tix4sHkGLAdMXVk not found!

Registry entries deleted on Reboot...

MBAM log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18904

23/05/2010 01:04:20

mbam-log-2010-05-23 (01-04-20).txt

Scan type: Full scan (C:\|)

Objects scanned: 269797

Time elapsed: 2 hour(s), 28 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Win32kDiag.txt

Edited by Maurice Naggar
placed logs In-line
Link to post
Share on other sites

First, always Copy and Paste ( into the main body of the reply ) the logs/reports I ask for.

Do -not- attach them.

Second, you appear to not have copied properly the OTL Fix that I had outlined.

Make sure you copy all blank lines & the other lines (including the ones that start with

:

  • Please RIGHT-click OTL.com otlDesktopIcon.png and select "Run As Administrator" to start it.
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    :Commands
    [purity]
    [emptytemp]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Your MBAM is quite seriously behind in definitions. It must be updated, and a new scan done.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy of the OTL MovedFiles log

and the MBAM scan log.

Link to post
Share on other sites

All processes killed

========== PROCESSES ==========

========== FILES ==========

File\Folder C:\recycler not found.

File\Folder D:\recycler not found.

File\Folder e:\recycler not found.

File\Folder f:\recycler not found.

File\Folder g:\recycler not found.

File\Folder h:\recycler not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: User

->Temp folder emptied: 299836517 bytes

->Temporary Internet Files folder emptied: 1986114 bytes

->Java cache emptied: 10680297 bytes

->FireFox cache emptied: 67287636 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 4358 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 632 bytes

RecycleBin emptied: 40882853 bytes

Total Files Cleaned = 401.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.0 log created on 05232010_175043

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\mcmsc_CPlH4klgMhut4jM not found!

File\Folder C:\Windows\temp\mcmsc_tXpthhgaAQ32REW not found!

Registry entries deleted on Reboot...

________________________________________________________________________________

________________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1 (Safe Mode)

Internet Explorer 8.0.6001.18904

05/05/2010 13:05:31

mbam-log-2010-05-05 (13-05-31).txt

Scan type: Flash scan

Objects scanned: 94649

Time elapsed: 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\010112010146116101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\Windows\0101120101465248.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\Windows\rdr_1259273518.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Windows\rdr_1259273519.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\Windows\010112010146101105.rx (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

I am not sure whether you have done the MBAM Update properly, or, if you just got hold of an older MBAM log.

The current MBAM database is # 4133.

Your log shows database # 4052 and the report generation date as May 5 th ?? !!

Please recheck and advise as to what has happened.

Next:

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.

Next:

Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:

1) Download and SAVE the zip file to a temporary folder

2) Unzip (extract the contents) in the same folder

3) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides typically,

C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

_________________________________________________
Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4132

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18904

23/05/2010 17:13:58

mbam-log-2010-05-23 (17-13-58).txt

Scan type: Full scan (C:\|)

Objects scanned: 274975

Time elapsed: 2 hour(s), 2 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

All processes killed

========== PROCESSES ==========

========== FILES ==========

File\Folder C:\recycler not found.

File\Folder D:\recycler not found.

File\Folder e:\recycler not found.

File\Folder f:\recycler not found.

File\Folder g:\recycler not found.

File\Folder h:\recycler not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: User

->Temp folder emptied: 345865 bytes

->Temporary Internet Files folder emptied: 26890579 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1154 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.0 log created on 05232010_192859

Files\Folders moved on Reboot...

File\Folder C:\Users\User\AppData\Local\Temp\~DF6F4.tmp not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\23133_798085488_5935_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\23599_103813999662298_100001010963234_29025_8103330_t[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27347_1317692171_7199_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27349_100000729873732_2691_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27350_1597452533_7222_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27352_1105264855_8771_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27354_1247861057_1786_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27389_528602252_9855_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27411_1210668234_9888_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27423_763255726_9103_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27490_1413614693_5100_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27494_628741257_8158_q[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\27840_1380321638550_1547202683_941048_4174988_t[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\2pwpaji5[1].js not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\30010522A8k[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\30020524DZC[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\3002053CiNJ[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\300f052zlfy[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\300g052E_yX[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\300L052Q94L[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\300x250_v2[1].swf not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\30190002TX9[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\301h0004zhO[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\350355757819[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\370382865210[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\4Yc9KBRhh[1].js not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\5003054m9Iz[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\5007001fcFm[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\6329_1191871162860_1410835759_30581672_5115548_t[1].jpg not found!

File\Folder C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0J8MWQS3\6ebji6dw[1].gif not found!

File\Folder C:\Windows\temp\mcmsc_0ml5RcGDHFmI7UR not found!

File\Folder C:\Windows\temp\mcmsc_Er233GXmZQ8KHfd not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Comments:

You've managed to run & find the right MBAM, and that is good.

I'm a bit confused as to why there was that last OTL fix log. Question only: did you in fact re-do that last OTL ?

Now then, please read my prior reply, and make sure to do those items. IF you have questions, please STOP and Ask me.

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

NXYUXHLS

PVUWIMJWXZM

QMPJOFKFQ

RLEPMEIXAB

File::

c:\users\User\AppData\Local\Temp\NXYUXHLS.exe

c:\users\User\AppData\Local\Temp\PVUWIMJWXZM.exe

c:\users\User\AppData\Local\Temp\QMPJOFKFQ.exe

c:\users\User\AppData\Local\Temp\RLEPMEIXAB.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Step 3

Download RootRepeal:

http://rootrepeal.googlepages.com/RootRepeal.zip

  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.

Step 4

Reply with the latest C:\Combofix.txt

copy of the Eset scan log

and the RootRepeal log

and tell me, How is your system now ?

Link to post
Share on other sites

This system has traces of Norton Internet Security leftover. They should be cleaned up.

Download, save, and then run the Norton/Symantec Removal Tool

http://service1.symantec.com/Support/tsgen...005033108162039

Then logoff and restart the system fresh.

NEXT:

javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Windows 7/XP/Vista/2000/2003/2008 Offline and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-s.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

If you want to also un-check the "Check for updates automatically" you may:

Click the Update tab. un-check the line if it is checked.

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 20 from Sun Microsystems Inc.

Next:

Confirm you have done these. Then tell me, where is the ESET scan log? Copy & Paste the contents into a reply.

Link to post
Share on other sites

  • Download and SAVE HijackThis
    Save the HJT to your desktop or the folder of your choice, then navigate to that folder and double-click Hijackthis.exe to start it.
    Do a "Scan and Save log".
  • Next, see about the Eset log which should be on the system.
    Use NOTEPAD to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste the ESET log.txt as a reply to this topic
    and also, copy of the HijackThis log
    and also, let me know, how things are now ?

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=774ac45a018f5545be5e8ea4f5220728

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-05-25 12:11:37

# local_time=2010-05-25 01:11:37 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 381705 381705 0 0

# compatibility_mode=5121 16776573 100 96 4711558 27693924 0 0

# compatibility_mode=5892 16776574 100 100 34254074 112278372 0 0

# compatibility_mode=8192 67108863 100 0 263 263 0 0

# scanned=1404

# found=0

# cleaned=0

# scan_time=697

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=774ac45a018f5545be5e8ea4f5220728

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-05-25 03:50:23

# local_time=2010-05-25 04:50:23 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 382439 382439 0 0

# compatibility_mode=5121 16776573 100 96 4712292 27694658 0 0

# compatibility_mode=5892 16776574 100 100 34254808 112279106 0 0

# compatibility_mode=8192 67108863 100 0 997 997 0 0

# scanned=147088

# found=2

# cleaned=2

# scan_time=13089

C:\Program Files\Datel\MAX Memory for Xbox 360\X360_MCM.exe probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\volsnap.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:21:59, on 30/05/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe

C:\Program Files\CyberLink\PlayMovie\PMVService.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Users\User\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b...m=easynote_mh36

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 164.38.33.5:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [uSBToolTip] C:\PROGRA~1\COMMON~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [smpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: emMon.lnk = C:\Program Files\USB_video_device\Driver\Driver32\emmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Users\User\Desktop\WH GBP Casino.lnk (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Users\User\Desktop\WH GBP Casino.lnk (file missing) (HKCU)

O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.8.05.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-31-0.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...NPUplden-gb.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1ca76e219dc60c0) (gupdate1ca76e219dc60c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe

--

End of file - 13486 bytes

Link to post
Share on other sites

You need to tell me in your words, How is the system now?

You also need to tell me, if you have on your own, set settings to use a Proxy server service?

I'm of the view, as of now, that this system is clear of malware and we can likely proceed to cleanup on the next step.

Link to post
Share on other sites

yh my it looks better and i wanted to know why does malwarebytes block some of the websites i go on is there a way to stop this thank you.

Do read this section about the IP blocking of MBAM :

http://forums.malwarebytes.org/index.php?s...mp;#entry162100

Be very careful and selective as to what sites you go to, and what games you play online.

You are good to go after the following.

If you have a problem with these steps, or something does not quite work here, do let me know.

Start button > in Start menu -- Control Panel > Uninstall a Program (listed under Programs).

{In Classic view, double click Program and features}.

De-install also ESET Online

Exit Control Panel.

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combofix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the RUN box that opens, type or copy/paste
    combofix /uninstall
    and then click OK.

  • Please Right-click OTL.com otlDesktopIcon.png and select Run as Administrator to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

We are finished here. Best regards. :D

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.