dbcox Posted June 11, 2010 ID:265764 Share Posted June 11, 2010 Attach.zipHi,I contracted the re-direct virus recently and ran malwarebytes as well as superantimalware prior to finding this forum. It seemed to remove the virus, but I am still have IE and Outlook stability issues. I am not sure if I have a problem with my system, or if a recent automatic upgrade is causing the instability. I have posted my logs below. Any help will be greatly appreciated.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4189Windows 6.1.7600Internet Explorer 8.0.7600.163856/11/2010 10:22:36 AMmbam-log-2010-06-11 (10-22-36).txtScan type: Quick scanObjects scanned: 145599Time elapsed: 4 minute(s), 55 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS (Ver_10-03-17.01) - NTFSX64 Run by David Cox at 10:31:05.79 on Fri 06/11/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.1049 [GMT -5:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtc:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files (x86)\McAfee\MPF\MPFSrv.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exeC:\PROGRA~2\McAfee\MSC\mcmscsvc.exec:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exeC:\Windows\system32\svchost.exe -k WindowsMobileC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Users\David Cox\AppData\Local\Starfield\starfieldupdate.exeC:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\Program Files (x86)\McAfee.com\Agent\mcagent.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Windows\OEM03Mon.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\taskhost.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Skype\Plugin Manager\skypePM.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\SysWOW64\notepad.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\David Cox\Desktop\dds.comC:\Windows\system32\conhost.exeC:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe============== Pseudo HJT Report ===============uSearch Bar = PreserveuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\syswow64\blank.htmBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files (x86)\flashget\jccatch.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dllBHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dllBHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files (x86)\flashget\getflash.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimizeduRun: [AdobeBridge] uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [starfield Updater] "c:\users\david cox\appdata\local\starfield\starfieldupdate.exe"uRun: [sUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exemRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbyloginmRun: [Adobe_ID0ENQBO] c:\progra~2\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXEmRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkeymRun: [intuit SyncManager] c:\program files (x86)\common files\intuit\sync\IntuitSyncManager.exe startupmRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exemRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exemRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exemRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files (x86)\common files\intuit\quickbooks\qbupdate\qbupdate.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: &Download All with FlashGet - c:\program files (x86)\flashget\jc_all.htmIE: &Download with FlashGet - c:\program files (x86)\flashget\jc_link.htmIE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.htmlIE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files (x86)\flashget\FlashGet.exeIE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dllIE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dllTrusted Zone: kuaiche.com\softwareDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files (x86)\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLLNotify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLLBHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dllBHO-X64: scriptproxy - No FileBHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dllBHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dllTB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dllEB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No FilemRun-x64: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe============= SERVICES / DRIVERS ===============R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-19 308296]R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-19 359952]R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-19 155456]R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-1-19 606736]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-19 102472]R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-19 49480]R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [2007-6-8 212864]R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2007-3-5 12288]R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2007-4-25 266944]R3 VST64_DPV;VST64_DPV;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\drivers\VSTBS26.SYS [2009-7-13 411136]S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-2-17 12872]S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-5-6 68168]S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-19 135664]S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-1-19 1038088]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-19 40904]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1255736]============== File Associations ===============.scr=AutoCADScriptFile=============== Created Last 30 ================2010-06-07 20:07:08 0 d-----w- c:\programdata\PDF reDirect2010-06-07 20:06:38 0 d-----w- c:\program files (x86)\PDF reDirect2010-06-06 14:20:34 65344 ----a-w- c:\windows\system32\PDFreDirectMon64.dll2010-05-31 15:40:30 0 ----a-w- c:\users\david cox\defogger_reenable2010-05-26 14:45:17 2048 ----a-w- c:\windows\syswow64\tzres.dll2010-05-26 14:45:17 2048 ----a-w- c:\windows\system32\tzres.dll2010-05-22 21:08:43 0 d-----w- c:\programdata\SUPERAntiSpyware.com2010-05-22 21:08:28 0 d-----w- c:\users\davidc~1\appdata\roaming\SUPERAntiSpyware.com2010-05-22 21:08:28 0 d-----w- c:\program files (x86)\SUPERAntiSpyware2010-05-22 21:08:02 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard2010-05-21 01:21:54 0 d-----w- c:\windows\system32\appmgmt2010-05-14 01:00:07 976896 ----a-w- c:\windows\system32\inetcomm.dll2010-05-14 01:00:07 740864 ----a-w- c:\windows\syswow64\inetcomm.dll==================== Find3M ====================2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll2010-05-12 16:21:16 270208 ------w- c:\windows\system32\MpSigStub.exe2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys2010-04-29 20:39:28 24664 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-15 01:38:18 23145 ----a-w- c:\windows\hpqins15.dat2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat2010-02-08 00:51:09 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat2010-01-24 03:05:57 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat2010-01-24 03:05:57 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat2010-01-24 03:05:57 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat2010-01-24 03:05:57 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat2010-01-23 16:20:27 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe============= FINISH: 10:31:26.73 =============== Link to post Share on other sites More sharing options...
Kenny94 Posted June 12, 2010 ID:266146 Share Posted June 12, 2010 Hi dbcox And Welcome to Malwarebytes!Looking over your log it seems you don't have any evidence of an anti-virus software.Anti-virus software are programs that detect cleans and erase harmful virus files on a computerWeb server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. We'll install a free one that I use after we do a few scans..... Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.--------------------------------------------------------------------------------------------- Download ComboFix from below:Combofix download* IMPORTANT !!! Place combofix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:The Recovery Console was successfully installed.Click on Yes, to continue scanning for malware.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.--------------------------------------------------------------------------------------------- Link to post Share on other sites More sharing options...
dbcox Posted June 12, 2010 Author ID:266404 Share Posted June 12, 2010 Kenny 94,Thank you for helping me out!I am not sure why my anti virus software is not showing. I am running McAfee Security Center. It is a "special edition" for AOL, but I was under the impression it was the same as the one you get directly from McAfee. Any ideas?On to a bigger problem though. I tried to install ComboFix and was told that it would work only on XP and 2000 machines. I am running Windows 7 64 bit. The only option I have is to click "OK" which then ends the installation. Is there another version I need to download?Thanks! Link to post Share on other sites More sharing options...
dbcox Posted June 16, 2010 Author ID:268772 Share Posted June 16, 2010 Kenny 94,Thank you for helping me out!I am not sure why my anti virus software is not showing. I am running McAfee Security Center. It is a "special edition" for AOL, but I was under the impression it was the same as the one you get directly from McAfee. Any ideas?On to a bigger problem though. I tried to install ComboFix and was told that it would work only on XP and 2000 machines. I am running Windows 7 64 bit. The only option I have is to click "OK" which then ends the installation. Is there another version I need to download?Thanks!Keyy94,I am just following up on this.Thanks! Link to post Share on other sites More sharing options...
Kenny94 Posted June 17, 2010 ID:268779 Share Posted June 17, 2010 Sorry I missed your previous reply. Please run this online scan Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online ScannerClick Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.**Note**To optimize scanning time and produce a more sensible report for review:Close any open programs.Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. Link to post Share on other sites More sharing options...
dbcox Posted June 26, 2010 Author ID:274581 Share Posted June 26, 2010 Report.htmlKenny94,I appologize for not getting back to you. Apparently we are not recieving email updates, so I did not check the board. I will check it at least once a day until we get this fixed to make sure there are not replies. I ran the scan and attached the HTML file (I could not find an option for a text file).Since it has been so long since I ran all of the initial scans, do I need to re-run and re-post those?Thanks! Link to post Share on other sites More sharing options...
Kenny94 Posted June 26, 2010 ID:274592 Share Posted June 26, 2010 Hi dbcoxKaspersky Online Scanner is showing eight of these. These should be removed. C:\Users\David Cox\Documents\ArchivedEmail\AchievedExchange.pstUsing Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these Folders/Files (if present):C:\Users\David Cox\Documents\ArchivedEmailNextPlease download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.Click Exit on the Main menu to close the program. NextUpdate Run MalwarebytesLaunch Malwarebytes' Anti-MalwareIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Link to post Share on other sites More sharing options...
dbcox Posted June 26, 2010 Author ID:274838 Share Posted June 26, 2010 Kenny94,Thank you for replying so soon. Is there a scanner that could locate the actual emails in the archived folder that is infected? That archived file is several gigs of emails, calendar appointments, etc that I cannot loose. I can access all emails in it through Outlook and delete the 8 emails that contain the virus, but I cannot loose all of them.I wanted to check on that before peforming the other steps. Thanks again for your help! Link to post Share on other sites More sharing options...
Kenny94 Posted June 26, 2010 ID:274841 Share Posted June 26, 2010 That is the reason I did not want to use a removal tool. To remove them. Let me study this one. How is your PC running as of now? Link to post Share on other sites More sharing options...
dbcox Posted June 26, 2010 Author ID:274846 Share Posted June 26, 2010 Everything is running good with the exception of IE8. I keep getting random IE shutdowns. It usually recovers the page I am on, but it is very annoying. It may not be an issue with a virus. It could just be an issue with IE instability.Thanks! Link to post Share on other sites More sharing options...
Kenny94 Posted June 26, 2010 ID:274849 Share Posted June 26, 2010 Lets use this fix for IE. While I'm checking into the emails.Please visit the links HERE and HERE first to read about this new Microsoft tool!Then you can download and use: Microsoft Fix it Center Online Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist! It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you. Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones. Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support. Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report. Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.Let me know after you had run all the troubleshooters on your pc if it corrected your problem. Link to post Share on other sites More sharing options...
dbcox Posted June 26, 2010 Author ID:274863 Share Posted June 26, 2010 Kenny94,I ran the diagnostic tool and found the following:Aero:No problems detectedConnection to a Workplace Using Direct Access:I do not have Direct Access setupDiagnose and repair Windows File and Folder Problems:Fixed issue with icons randomly change to different icons (I haven't noticed this)Recyle Bin was corrupted (I didn't realize this, but it fixed it)It fixed "View settings or customizations for a folder are lost or incorrect" issue (I haven't noticed any problems)Display Quality:It "adjusted my settings for better performance"Hardware and Devices:It scanned for new devicesIt inabled my HP printer that I thought was enabled (It has been working fine)HomeGroupIt said that no network locations were set to "Home" My network has been running fine for a year or so now, so I did not enable this recommended fix to try to prevent a network nightmareInternet Perforance and Safety Scan:Disabled the Flashget add-on (This is a download accellerator that I use occassionally, but not as a plug in, so it's OK)Disabled Data Execurtion Prevention (I am not sure what this does)Disabled Smartscreen Filter (I don't know what this is)Incoming ConnectionsI have not been having any trouble with the options it asked to check, so I did not run this checkInternet Connection - No problemsIE PerformanceNo issues detectedIE SafetyNo issues detectedNetwork AdapterNo issues detectedPerformanceI disabled a couple of startup programs that I no longer useIt suggested that I change the visual effects back from the "Display Quality" scan. I left it at "Adjust for best performance" for nowSystem MaintenanceNo issuesVideo Freeze or crashes in IENo issuesIE Freezes or CrashesI found a lot of toolbars that I thought I had gotten rid of a long time ago because there are not longer in my "Manage add-ons" However, it did not find any issues with the toolbarsThere were some other scans that I did not run because I don't use them often (like windows DVD, Slideshow, etc). My guess is that the "Internet performance and safety scan fixed it" However, I will have to run the computer for a day or two to see if I get any IE crashes before I will know for sure. I will keep you updated. Thanks! Link to post Share on other sites More sharing options...
Kenny94 Posted June 26, 2010 ID:274869 Share Posted June 26, 2010 As for Outlook can you delete the 8 emails? Then ArchivedEmail any with Attachments remove them. All you need is the texts right?Go head and run and Update Run Malwarebytes. And post this log please. Link to post Share on other sites More sharing options...
dbcox Posted June 26, 2010 Author ID:274874 Share Posted June 26, 2010 Kenny94,Yes, you are right, I can easily delete the emails. I don't really want to get rid of all attachments, but I am sure that the 8 with a problem are not necessary anyway. I can delete them, I just need to know which 8 out of the 1000s in that archive file are the ones that need to go. Unless I missed it, the log didn't tell us which 8 emails were the problem. Do you know a way to find out?Also, my log is below:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4244Windows 6.1.7600Internet Explorer 8.0.7600.163856/26/2010 12:03:34 PMmbam-log-2010-06-26 (12-03-34).txtScan type: Quick scanObjects scanned: 150535Time elapsed: 6 minute(s), 40 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)As an update, so far IE has been fine since running the fix. It hasn't been long though, so I will continue to watch it. Thanks again! Link to post Share on other sites More sharing options...
Kenny94 Posted June 26, 2010 ID:274880 Share Posted June 26, 2010 Just don't click any of the links in those emails or download the attachments in these. You'll be OK..... I can not be specific on what emails. Link to post Share on other sites More sharing options...
Kenny94 Posted June 26, 2010 ID:274882 Share Posted June 26, 2010 Some final items for now dbcox Here are some additional links for you to check out to help you with your computer security. BrowsersJust because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options.Click once on the Security tabClick once on the Internet icon so it becomes highlighted.Click once on the Custom Level button.Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop items to PromptChange the Launching programs and files in an IFRAME to PromptChange the Navigate sub-frames across different domains to PromptWhen all these settings have been made, click on the OK buttonIf it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet Properties page.Additional Security MeasuresVisit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.Secunia software inspector & update checker My Blog Malware And Spyware TipsAlso, see here for system improvement: Help! My computer is slow! Link to post Share on other sites More sharing options...
dbcox Posted June 26, 2010 Author ID:274889 Share Posted June 26, 2010 Thank you again for all of your help!Is there a package that you would recommend (does not have to be free) to monitor virus, spyware, etc on my machine. I almost purchased the spyware blaster pro version, but wanted to see if there was a suite that you would recommend rather than downloading it, a virus program and others all separately. Purchasing them separately is fine as well, I just want to make sure I am getting the best protection posible.Thanks! Link to post Share on other sites More sharing options...
Kenny94 Posted June 26, 2010 ID:274903 Share Posted June 26, 2010 You really can beat full version of Malwarebytes' Anti-Malware for protection. By no means, I work for Malwarebytes other than help users with malware on their forum. I use the full version of Malwarebytes on my PC. And for virus protection. I use Avira free. Avira Premium Security Suite is great to. Link to post Share on other sites More sharing options...
Recommended Posts