Jump to content

Recommended Posts

Greetings. My son used my computer without telling me when I was out of town. Yesterday, I turned on my computer and walked away while it booted up. When I returned, I started Firefox and got the XP Anti-Virus or Anti-Spyware 2011 warnings. I noticed that MBAM was missing from my tray. I tried running Avast, but it wouldn't begin scanning. I'm not currently getting the warnings, but I can't open any programs (I get the Open with dialogue box). I need help. Thanks.

Link to post
Share on other sites

Hi theliteratesims and Welcome to Malwarebytes!

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are two different versions. If one of them won't run then download and try to run the other one.

Vista and Windows 7 users need to right-click and choose Run as Administrator

You only need to get one of them to run, not both of them.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are two different versions. If one of them won't run then download and try to run the other one.

Vista and Windows 7 users need to right-click and choose Run as Administrator

You only need to get one of them to run, not both of them.

  1. eXplorer.exe -
  2. WiNlOgOn.exe

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Once you've gotten one of them to run then try to immediately run the following:

Please download exeHelper from one of the two links.

Link 1

Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Next

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Kenny94, I'm stuck on the first step:

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are two different versions. If one of them won't run then download and try to run the other one.

Vista and Windows 7 users need to right-click and choose Run as Administrator

You only need to get one of them to run, not both of them.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are two different versions. If one of them won't run then download and try to run the other one.

Vista and Windows 7 users need to right-click and choose Run as Administrator

You only need to get one of them to run, not both of them.

* eXplorer.exe -

* WiNlOgOn.exe

I have Windows XP. When I double-click on either tool and click Run, I get the Open With dialogue box.

Link to post
Share on other sites

Sorry for the delay. Here's the log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6601

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/17/2011 5:40:54 PM

mbam-log-2011-05-17 (17-40-54).txt

Scan type: Full scan (C:\|K:\|)

Objects scanned: 296256

Time elapsed: 1 hour(s), 3 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Owner\application data\Sun\Java\deployment\cache\6.0\17\518abd11-50931157 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{15a77141-6d40-4068-b155-00fd1d2f9134}\rp744\a0139989.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Let's make sure all is gone.

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

Here it is:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Owner at 16:13:29.28 on Wed 05/18/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2170 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TechSmith\Jing\Jing.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Logitech\LWS\LU\LULnchr.exe

C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Jing] c:\program files\techsmith\jing\Jing.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\acrobat reader 9\reader\Reader_sl.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-17 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-13 307928]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-13 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-13 42184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-4 363344]

R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-11-9 20704]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-4 20952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

.

============= FINISH: 16:14:15.95 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/9/2009 6:36:33 AM

System Uptime: 5/18/2011 5:55:58 AM (11 hours ago)

.

Motherboard: EVGA | | nForce 750i SLI

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Socket 775 | 2399/267mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 215.347 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

K: is FIXED (FAT32) - 466 GiB total, 454.429 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP604: 2/17/2011 5:44:16 PM - System Checkpoint

RP605: 2/18/2011 6:26:05 PM - System Checkpoint

RP606: 2/19/2011 7:23:06 PM - System Checkpoint

RP607: 2/21/2011 10:42:42 AM - System Checkpoint

RP608: 2/22/2011 3:03:16 PM - System Checkpoint

RP609: 2/23/2011 5:29:16 PM - System Checkpoint

RP610: 2/24/2011 5:44:35 PM - System Checkpoint

RP611: 2/25/2011 6:18:23 PM - System Checkpoint

RP612: 2/26/2011 6:33:32 PM - System Checkpoint

RP613: 2/28/2011 8:05:16 AM - System Checkpoint

RP614: 3/1/2011 3:20:15 PM - System Checkpoint

RP615: 3/2/2011 5:09:10 PM - System Checkpoint

RP616: 3/3/2011 6:09:31 PM - System Checkpoint

RP617: 3/4/2011 6:50:47 PM - System Checkpoint

RP618: 3/5/2011 6:51:30 PM - System Checkpoint

RP619: 3/6/2011 6:58:52 PM - System Checkpoint

RP620: 3/7/2011 7:12:26 PM - System Checkpoint

RP621: 3/8/2011 8:03:23 PM - System Checkpoint

RP622: 3/8/2011 8:24:09 PM - Software Distribution Service 3.0

RP623: 3/9/2011 9:05:59 AM - Software Distribution Service 3.0

RP624: 3/9/2011 8:13:48 PM - Software Distribution Service 3.0

RP625: 3/10/2011 3:16:24 PM - Software Distribution Service 3.0

RP626: 3/10/2011 6:47:21 PM - Software Distribution Service 3.0

RP627: 3/11/2011 6:23:00 AM - Software Distribution Service 3.0

RP628: 3/11/2011 9:51:39 PM - Software Distribution Service 3.0

RP629: 3/12/2011 9:18:25 PM - Software Distribution Service 3.0

RP630: 3/13/2011 8:10:36 PM - Software Distribution Service 3.0

RP631: 3/14/2011 8:35:16 PM - System Checkpoint

RP632: 3/14/2011 10:05:18 PM - Software Distribution Service 3.0

RP633: 3/15/2011 6:46:56 AM - Software Distribution Service 3.0

RP634: 3/15/2011 8:40:59 PM - Software Distribution Service 3.0

RP635: 3/16/2011 11:27:42 AM - Software Distribution Service 3.0

RP636: 3/16/2011 9:18:32 PM - Software Distribution Service 3.0

RP637: 3/17/2011 6:48:05 AM - Software Distribution Service 3.0

RP638: 3/17/2011 8:33:10 AM - Software Distribution Service 3.0

RP639: 3/17/2011 8:13:50 PM - Software Distribution Service 3.0

RP640: 3/18/2011 6:50:51 AM - Software Distribution Service 3.0

RP641: 3/18/2011 7:48:04 AM - Software Distribution Service 3.0

RP642: 3/18/2011 9:15:05 PM - Software Distribution Service 3.0

RP643: 3/19/2011 6:48:24 AM - Software Distribution Service 3.0

RP644: 3/19/2011 6:48:36 AM - Installed Windows XP WgaNotify.

RP645: 3/19/2011 7:40:03 PM - Software Distribution Service 3.0

RP646: 3/20/2011 6:39:34 AM - Software Distribution Service 3.0

RP647: 3/20/2011 9:02:08 AM - Installed Jing

RP648: 3/20/2011 8:28:03 PM - Software Distribution Service 3.0

RP649: 3/21/2011 7:01:45 AM - Software Distribution Service 3.0

RP650: 3/21/2011 8:29:18 PM - Software Distribution Service 3.0

RP651: 3/23/2011 8:50:50 AM - Software Distribution Service 3.0

RP652: 3/23/2011 4:38:48 PM - Installed The Sims Medieval

RP653: 3/23/2011 5:14:41 PM - Installed The Sims Medieval

RP654: 3/23/2011 10:08:44 PM - Software Distribution Service 3.0

RP655: 3/24/2011 5:16:21 PM - Installed The Sims 3

RP656: 3/24/2011 5:19:07 PM - Installed The Sims 3 Outdoor Living Stuff

RP657: 3/24/2011 8:13:21 PM - Software Distribution Service 3.0

RP658: 3/25/2011 9:55:01 PM - Software Distribution Service 3.0

RP659: 3/26/2011 8:19:09 AM - Software Distribution Service 3.0

RP660: 3/26/2011 10:16:35 PM - Software Distribution Service 3.0

RP661: 3/27/2011 8:56:43 AM - Software Distribution Service 3.0

RP662: 3/27/2011 8:16:56 PM - Software Distribution Service 3.0

RP663: 3/28/2011 10:01:07 PM - Software Distribution Service 3.0

RP664: 3/29/2011 10:12:58 PM - Software Distribution Service 3.0

RP665: 3/30/2011 9:12:18 PM - Software Distribution Service 3.0

RP666: 3/31/2011 3:19:54 PM - Software Distribution Service 3.0

RP667: 3/31/2011 9:31:07 PM - Software Distribution Service 3.0

RP668: 4/1/2011 8:31:29 AM - Software Distribution Service 3.0

RP669: 4/1/2011 8:44:47 PM - Software Distribution Service 3.0

RP670: 4/2/2011 8:00:19 AM - Software Distribution Service 3.0

RP671: 4/2/2011 10:00:35 PM - Software Distribution Service 3.0

RP672: 4/3/2011 7:18:10 AM - Software Distribution Service 3.0

RP673: 4/3/2011 10:14:46 PM - Software Distribution Service 3.0

RP674: 4/4/2011 8:53:53 AM - Software Distribution Service 3.0

RP675: 4/4/2011 10:33:21 PM - Software Distribution Service 3.0

RP676: 4/5/2011 6:36:07 AM - Software Distribution Service 3.0

RP677: 4/5/2011 7:53:43 AM - Software Distribution Service 3.0

RP678: 4/5/2011 9:04:49 PM - Software Distribution Service 3.0

RP679: 4/6/2011 8:19:10 AM - Software Distribution Service 3.0

RP680: 4/6/2011 9:50:34 PM - Software Distribution Service 3.0

RP681: 4/7/2011 6:36:51 AM - Software Distribution Service 3.0

RP682: 4/7/2011 8:23:16 PM - Software Distribution Service 3.0

RP683: 4/8/2011 6:16:45 AM - Software Distribution Service 3.0

RP684: 4/8/2011 10:08:21 PM - Software Distribution Service 3.0

RP685: 4/9/2011 6:12:43 AM - Software Distribution Service 3.0

RP686: 4/9/2011 10:14:31 PM - Software Distribution Service 3.0

RP687: 4/10/2011 10:12:15 PM - Software Distribution Service 3.0

RP688: 4/11/2011 6:16:10 AM - Software Distribution Service 3.0

RP689: 4/11/2011 9:56:38 PM - Software Distribution Service 3.0

RP690: 4/12/2011 6:12:02 AM - Software Distribution Service 3.0

RP691: 4/12/2011 7:14:51 AM - Software Distribution Service 3.0

RP692: 4/13/2011 8:00:10 AM - System Checkpoint

RP693: 4/14/2011 1:53:37 PM - System Checkpoint

RP694: 4/14/2011 8:32:01 PM - Software Distribution Service 3.0

RP695: 4/15/2011 8:10:58 PM - Software Distribution Service 3.0

RP696: 4/16/2011 7:02:07 PM - Software Distribution Service 3.0

RP697: 4/17/2011 7:26:00 PM - System Checkpoint

RP698: 4/17/2011 8:35:22 PM - Software Distribution Service 3.0

RP699: 4/18/2011 7:29:44 PM - Software Distribution Service 3.0

RP700: 4/19/2011 7:55:07 AM - Software Distribution Service 3.0

RP701: 4/19/2011 9:09:22 PM - Software Distribution Service 3.0

RP702: 4/20/2011 10:53:39 AM - Software Distribution Service 3.0

RP703: 4/20/2011 9:43:38 PM - Software Distribution Service 3.0

RP704: 4/21/2011 7:34:15 AM - Software Distribution Service 3.0

RP705: 4/21/2011 9:31:44 PM - Software Distribution Service 3.0

RP706: 4/22/2011 6:13:44 AM - Software Distribution Service 3.0

RP707: 4/22/2011 8:20:30 PM - Software Distribution Service 3.0

RP708: 4/23/2011 7:53:09 AM - Software Distribution Service 3.0

RP709: 4/23/2011 1:38:09 PM - Software Distribution Service 3.0

RP710: 4/24/2011 1:58:35 PM - System Checkpoint

RP711: 4/24/2011 8:16:15 PM - Software Distribution Service 3.0

RP712: 4/25/2011 9:09:07 PM - System Checkpoint

RP713: 4/25/2011 9:58:33 PM - Software Distribution Service 3.0

RP714: 4/26/2011 7:40:19 AM - Software Distribution Service 3.0

RP715: 4/27/2011 10:01:00 AM - System Checkpoint

RP716: 4/27/2011 8:27:45 PM - Software Distribution Service 3.0

RP717: 4/28/2011 7:18:17 AM - Software Distribution Service 3.0

RP718: 4/28/2011 7:31:11 AM - Software Distribution Service 3.0

RP719: 4/28/2011 9:15:43 PM - Software Distribution Service 3.0

RP720: 4/29/2011 8:19:56 PM - Software Distribution Service 3.0

RP721: 4/30/2011 8:58:49 PM - Software Distribution Service 3.0

RP722: 5/1/2011 9:27:58 PM - Software Distribution Service 3.0

RP723: 5/2/2011 10:17:44 PM - System Checkpoint

RP724: 5/3/2011 3:00:14 AM - Software Distribution Service 3.0

RP725: 5/3/2011 7:58:02 AM - Software Distribution Service 3.0

RP726: 5/3/2011 8:16:56 PM - Software Distribution Service 3.0

RP727: 5/4/2011 10:05:47 AM - Software Distribution Service 3.0

RP728: 5/4/2011 9:34:11 PM - Software Distribution Service 3.0

RP729: 5/5/2011 7:52:35 AM - Software Distribution Service 3.0

RP730: 5/5/2011 9:49:03 PM - Software Distribution Service 3.0

RP731: 5/6/2011 8:24:08 PM - Software Distribution Service 3.0

RP732: 5/7/2011 5:54:48 AM - Software Distribution Service 3.0

RP733: 5/7/2011 5:50:00 PM - Software Distribution Service 3.0

RP734: 5/8/2011 6:37:25 PM - System Checkpoint

RP735: 5/8/2011 8:36:23 PM - Software Distribution Service 3.0

RP736: 5/9/2011 8:34:59 AM - Software Distribution Service 3.0

RP737: 5/9/2011 9:25:53 PM - Software Distribution Service 3.0

RP738: 5/10/2011 5:54:36 AM - Software Distribution Service 3.0

RP739: 5/10/2011 8:04:49 AM - Software Distribution Service 3.0

RP740: 5/11/2011 9:37:36 AM - System Checkpoint

RP741: 5/11/2011 9:55:22 PM - Software Distribution Service 3.0

RP742: 5/12/2011 8:26:16 AM - Software Distribution Service 3.0

RP743: 5/12/2011 9:07:06 PM - Software Distribution Service 3.0

RP744: 5/13/2011 10:10:18 AM - Software Distribution Service 3.0

RP745: 5/16/2011 8:04:51 PM - System Checkpoint

RP746: 5/18/2011 7:07:59 AM - System Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1

AiO_Scan

avast! Free Antivirus

CameraHelperMsi

CCleaner

CDBurnerXP

Compatibility Pack for the 2007 Office system

EA Download Manager

erLT

Google Chrome

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HotPotatoes v 6.3.0.4

HP Image Zone 4.2

HP PSC & OfficeJet 4.2

iTunes

Jasc Paint Shop Pro 9

Java 6 Update 12

Jing

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Macromedia Dreamweaver MX

Macromedia Extension Manager

Malwarebytes' Anti-Malware

Markin v 3.1.3.1

MicroGrade

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Small Business Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Move Media Player

Mozilla Firefox (3.0.11)

MSXML 4.0 SP2 (KB973688)

NVIDIA Drivers

NVIDIA PhysX

OpenOffice.org 3.1

Picasa 3

QFolder

QuickTime

Realtek High Definition Audio Driver

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype Toolbars

Skype

Link to post
Share on other sites

There are some older versions of Java and Adobe Acrobat Reader on your computer. These can be a source of the infection/infections.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel

Adobe Reader 9.1

Java

Link to post
Share on other sites

Here's the ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17096 (vista_gdr.110211-1830)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=72f828d52fb97b40be70bf7a3f9d51ca

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-05-19 03:02:27

# local_time=2011-05-19 08:02:27 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=770 16774141 100 100 0 81601334 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=149500

# found=1

# cleaned=0

# scan_time=4286

C:\Documents and Settings\Owner\Application Data\Thinstall\02-01-2007 03.42\10000004900002h\winhlp32.exe probably a variant of Win32/Agent.BDIHJRC trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Your Computer is Clean

mr-clean.gif

Some final items:

It's a good idea to Flush your System Restore after removing malware and create a new restore point.

Remove all but the most recent Restore Point on Windows XP

You should
to prevent possible reinfection from an old one.

Some of the malware you picked up could have been saved in System Restore.

Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.

Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to
"roll-back"
to a clean working state.

The easiest and safest way to do this is
:
  • Go to
    Start
    >
    Programs
    >
    Accessories
    >
    System Tools
    and click "
    System Restore
    ".

  • If the shortcut is missing you can also click on
    START
    >
    RUN
    > and type in
    %SystemRoot%\system32\restore\rstrui.exe
    and click OK

  • Choose the radio button marked "
    Create a Restore Point
    " on the first screen then click "
    Next
    ".

  • Give the new Restore Point a name, then click "
    Create
    ".

  • The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

  • Then use the
    Disk Cleanup
    to remove all but the most recently created Restore Point.

  • Go to
    Start
    >
    Run
    and type:
    Cleanmgr.exe

  • Select the drive where Windows is installed and click "
    Ok
    ". Disk Cleanup will scan your files for several minutes, then open.

  • Click the "
    More Options
    " tab, then click the "
    Clean up
    " button under System Restore.

  • Click Ok. You will be prompted with "
    Are you sure you want to delete all but the most recent restore point?
    "

  • Click
    Yes
    , then click Ok.

  • Click
    Yes
    again when prompted with "
    Are you sure you want to perform these actions?
    "

  • Disk Cleanup will remove the files and close automatically.

  • On the
    Disk Cleanup
    tab, if the
    System Restore: Obsolete Data Stores
    entry is available remove them also.

  • These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them.

selectdrivecleanup.pngselectdrivecleanup1.png

Additional information

Microsoft KB article: How to turn off and turn on System Restore in Windows XP

Bert Kinney's site: All about Windows System Restore

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Secunia software inspector & update checker

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer.

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Link to post
Share on other sites

OK, let me revise that statement. I can read .pdfs, but only if I save the files first. The reader doesn't open automatically to read .pdfs. When I click on the links to .pdfs on my class site, they simply open new Web pages that are blank untitled pages. I don't always want or need to save the files--I just need to view them on the fly. Is there some trick to the new reader that I'm missing?

Link to post
Share on other sites

Since I last posted, I did manage to get pdfs open after doing some research regarding Firefox and Adobe Reader. I think I changed the setting as you suggested above, but in any case, things are working at the moment. I still intend to finish the above procedures you suggested tomorrow. Thanks for the help above and beyond the malware.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.