Jump to content

Trojan Removal

Matetsi

By Matetsi
in Resolved Malware Removal Logs

 Share

Recommended Posts

Matetsi

Matetsi

Posted
Posted

I could not find my post, it was moved because I posted it in the wrong forum... :)

Welcome to the forum.

Please download OTL from the link below:

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the "Scan All Users" checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here:

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

OTL Extras logfile created on: 29/10/2010 14:28:07 - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Steve\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 325.33 Gb Total Space | 268.78 Gb Free Space | 82.62% Space Free | Partition Type: NTFS

Drive D: | 10.02 Gb Total Space | 1.39 Gb Free Space | 13.84% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3050771261-1287843731-569478081-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Value error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AAW2007] -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe /scanfolder "%1" File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3050771261-1287843731-569478081-1000]

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C28D9F4-8748-44D0-9C78-3CC1A4470334}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{2B1F098F-F91B-4902-B216-4DF45790E6CB}" = rport=139 | protocol=6 | dir=out | app=system |

"{33941544-FF93-40BC-B7F3-02D572F743A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{77B0F93B-9517-4D14-9DEB-D095EC9D64E4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{793C5A6F-AD79-4635-A8E3-0FC1D654DC55}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{8956BCC5-6DC3-4372-A421-9A86352B6BE1}" = lport=139 | protocol=6 | dir=in | app=system |

"{9401495B-112C-411C-AC2D-086E849CE541}" = rport=137 | protocol=17 | dir=out | app=system |

"{95C8A1D0-2E2E-454C-895D-DF94D8EB2DF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9D00407E-6263-46DD-9204-68942A060B57}" = lport=137 | protocol=17 | dir=in | app=system |

"{9FADBE0D-898B-4827-B919-C7011C4DE4D9}" = lport=445 | protocol=6 | dir=in | app=system |

"{A6E72147-A825-4599-95B4-3F542958ACF7}" = rport=445 | protocol=6 | dir=out | app=system |

"{B9DBEC9F-7035-44CD-9A66-87008D20CCF6}" = lport=138 | protocol=17 | dir=in | app=system |

"{C3829BE4-14F4-4FEF-B30B-9AFF7698650A}" = rport=138 | protocol=17 | dir=out | app=system |

"{D1F2AF27-4309-46D3-AFE4-4F4E6D953CB8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0FAECD60-7B5F-45BD-9368-1C76CD2697D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{169470CF-0A92-43D5-90D6-8F695A753B23}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{16B37AFE-540A-41C1-B411-5F9CE81B89EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{1DF1A99E-10B7-43C5-AB4B-F925BDC04D2C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2E8C11C0-F4A0-4CA9-960B-DA0673CB0489}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\ypager.exe |

"{3DEAD010-FDC2-42F7-877B-0A0E82342087}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\ypager.exe |

"{41C55BF2-E002-4724-8194-3E0504585649}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4CD5B60D-E3A3-481D-8FE5-2730B55C6DC8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{5736EF0B-40A2-4FA6-8650-854456E539F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{5DD706CE-358C-4B3E-8D42-CB7B2BDFDEE1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{60394AB6-BD8F-4507-AB10-3D4155092B42}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

"{668D8049-562F-4B91-A8B8-7960CB1DDEB0}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{77ABE5F2-7169-4704-9DB4-2F22CC5A2CC2}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{AC2EACE2-8CDD-4A91-9BF0-B875E172DE20}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{B1F11F0C-7213-4456-A8C6-08882D5C1623}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{D268BE7B-2A42-4338-B24E-6A15C7B6061B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{E601665F-A1DC-48B2-BED7-AEC5DBA12594}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{FBD4C02A-8948-493F-93A2-FBE26DDC317E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"TCP Query User{0E3F2B95-091D-470E-8FF7-04C54BD30418}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{46FC7FEF-D151-4910-9295-25F58A0A6719}C:\program files\yahoo!\browser\ybrowser.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\browser\ybrowser.exe |

"TCP Query User{63709F1B-6939-470A-8531-03F504806043}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{86BE3C43-27B7-4CAC-BCEA-5C35AE11CBED}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |

"TCP Query User{BEBFC2FE-3172-4318-9DCC-7438B72DC59B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{7C3FA161-B655-440F-B831-18393A4B32B8}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |

"UDP Query User{7E7FC3D8-9B12-4657-AF19-4D6ED51149F5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{B39CF7A2-D145-4436-8915-151C7221FB7F}C:\program files\yahoo!\browser\ybrowser.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\browser\ybrowser.exe |

"UDP Query User{E4F262EE-7D18-4151-A4B9-9D66405A556E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{F3104662-63FD-49F1-8005-77CBCA179DC1}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02095E3B-C22E-4A1A-88C6-4443E5112E67}" = Trust WB-1400T Webcam

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1D2E8198-25CE-4901-B8EB-8587185C5776}" = BT Voyager USB Driver

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 21

"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Hello Matetsi

Welcome to Malwarebytes.

=====================

Please explain the current issues with the system.

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites
Matetsi

Matetsi

Posted
  • Author
Posted

Have finished the RKU scan, but cannot seem to be able to copy and paste it?

Will try again...

The reason I asked for assistance was, Ifound evidence of a Trojan after completeing an Mbam scan. The Trjoan was quarantined, posted in a previous thread that was locked because of no response on my part. I will re post original thread. There is no Edit button on here??? So I could copy and paste it.

Link to post
Share on other sites
Matetsi

Matetsi

Posted
  • Author
Posted
Have finished the RKU scan, but cannot seem to be able to copy and paste it?

Will try again...

The reason I asked for assistance was, Ifound evidence of a Trojan after completeing an Mbam scan. The Trjoan was quarantined, posted in a previous thread that was locked because of no response on my part. I will re post original thread. There is no Edit button on here??? So I could copy and paste it.

Here is the Mbam log in which I found a Trojan...

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4875

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

20/10/2010 14:14:31

mbam-log-2010-10-20 (14-14-31).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 295338

Time elapsed: 1 hour(s), 20 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\bcbmcxat (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
Matetsi

Matetsi

Posted
  • Author
Posted
Ok are you having any problems right now with the system?

Yes I am, haveing problems. A window pops up informing me that my pc is under possible attack. I quickly crash close the pc and detach it from the main power supply.

Here is the latest report. I hope this is what you require. It looks incomplete to to my amature eye...

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>Processes

==============================================

0x862FE0F0 [432] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)

0x86810988 [456] C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent, mcci+McciCMService)

0x863027D0 [500] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x86874748 [540] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x86408D18 [544] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)

0x85C355D0 [556] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x864C2878 [588] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)

0x864B27D0 [604] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)

0x868872D0 [608] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)

0x864B4020 [612] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)

0x8650BD90 [656] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)

0x865F5978 [804] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x86602D90 [864] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x868CA628 [900] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)

0x868F0020 [976] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp., Microsoft

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Ok the log is complete I would like to run another scanner.

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

You are welcome :)

Please uninstall the following program > Adobe Reader 8.1.4

You can then download the newest version from here > http://get.adobe.com/reader/

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
    IE - HKU\S-1-5-21-3050771261-1287843731-569478081-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-3050771261-1287843731-569478081-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:29775
    O3 - HKU\S-1-5-21-3050771261-1287843731-569478081-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.