Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Red Shield with White x in middle!

This is a discussion on Red Shield with White x in middle! within the Resolved HJT Threads forums, part of the Tech Support Forum category. Please help, I have a fraud virus/malware in my toolbar next to my clock. It says that I need to


 
 
Thread Tools Search this Thread
Old 06-11-2011, 06:18 AM   #1
Registered Member
 
Join Date: Jun 2011
Posts: 8
OS: Windows XP



Please help, I have a fraud virus/malware in my toolbar next to my clock. It says that I need to 'update' my security options and if clicked will launch a fake virus program that litters my computer with false-positives and hijacks my programs. At first I couldn't log in to any programs or sites but I was able to re-start my computer in safe mode with networking and run spybot search and destroy to get rid of some of them. However, my AVG free no longer runs and I can't remove it to re-download it from the site. I have also tried a few other programs such as Malwarebytes Anti-malware and SUPERantispyware and although they found a few more virus and malwares they are unable to remove the red shield with the white x. I tried a system restore to an earlier time this week and it didn't work. I tried smitfraudfix but that didn't work either - am willing to do anything! Please look over my log and help me make my computer secure - I pay most my bills and keep connected through my computer!!!!

Here's the DDS as well as the two other attachments - thanks!

Caleb

.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Zustiak at 0:10:55 on 2011-06-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1233 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AgentMonitor] c:\vtech\downloadmanager\system\AgentMonitor.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\zustiak\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A062E00-C630-414B-B8E2-0693C0739E84} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\byXRlICR
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\zustiak\application data\mozilla\firefox\profiles\d1jxb8nw.default\
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=112&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\zustiak\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\zustiak\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\zustiak\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\zustiak\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-5-22 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 243152]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-10-7 532224]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 gupdate1c9e8a22ee12da8;Google Update Service (gupdate1c9e8a22ee12da8);c:\program files\google\update\GoogleUpdate.exe [2009-6-8 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-8 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
.
=============== Created Last 30 ================
.
2011-06-11 05:00:34 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-06-11 03:21:47 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-11 01:12:26 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-10 18:34:00 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-08 15:19:55 -------- d-----w- c:\program files\iPod
2011-06-02 03:26:02 -------- d-----w- c:\documents and settings\zustiak\application data\Malwarebytes
2011-06-02 03:25:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2011-06-11 02:14:59 4196 ----a-w- c:\windows\system32\tmp.reg
2011-05-06 20:08:47 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 07:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 0:11:53.25 ===============
Attached Files
File Type: zip ark.zip (1.8 KB, 6 views)
File Type: zip attach.zip (6.2 KB, 6 views)

__________________
MusicMrZ is offline  
Old 06-12-2011, 08:59 AM   #2
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,892
OS: XP Pro, Windows 7, Fedora



Hello and welcome to TSF

First we are going to remove AVG since it sounds like the install is corrupt.

Download AVG Remover from here and save it to your Desktop.
  • Close all open programs
  • Double click on avgremover.exe (if running Vista or Windows 7, right click on it and choose to run as an Administrator)
  • Follow the prompts to run the tool
  • If after running the tool it prompts you to reboot the computer, please allow it to do so. If you are not prompted, please manually reboot the computer.

---------------------------

Next we are going to use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See this link for instructions on how to do this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


----------------------------------


We now need to reinstall an antivirus program on to your computer. Here are a few very good free Antivirus products which are available:Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan with the Anti-Virus of your choice.

--------------------------


Please include the C:\ComboFix.txt in your next reply for further review.



Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

__________________
Proud Member of UNITE

“Of all the things I've lost, I miss my mind the most” - Mark Twain
Clark76 is offline  
Old 06-13-2011, 08:50 AM   #3
Registered Member
 
Join Date: Jun 2011
Posts: 8
OS: Windows XP



Thank you so much for your help but I just had a friend come and re-install from a boot disk since my OS was starting to run with leaks and too many programs seemed corrupted. Even the Red Shield with White X was a false positive that didn't change after adjustments to My Tools. Thank you for your willingness to help, though - I was very worried!
__________________
MusicMrZ is offline  
Old 06-13-2011, 05:22 PM   #4
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,892
OS: XP Pro, Windows 7, Fedora



Sometimes it is just easier to do a complete OS reload. Now that your system is clean I would like to give you some suggestions on how to keep it that way.
  • Microsoft Windows Update - Microsoft Windows Update
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.

Scan here OSI - Consumer - Products for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.
  • Mozilla Firefox Web Browser | Free Download - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • java.com: Java + You - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Proud Member of UNITE

“Of all the things I've lost, I miss my mind the most” - Mark Twain
Clark76 is offline  
Old 06-14-2011, 07:52 AM   #5
Registered Member
 
Join Date: Jun 2011
Posts: 8
OS: Windows XP



Thank you so much - I will definitely check out these programs as well as the articles on safe browsing. As soon as I received a reboot of my system I uploaded AVG Free, Spybot search and destroy, ZoneAlarm firewall, and did all of the microsoft security updates. I also use Mozilla for my browsing. Would the suggested programs conflict with these or should I switch some of them? Thanks!
__________________
MusicMrZ is offline  
Old 06-14-2011, 09:46 AM   #6
Registered Member
 
Join Date: Jun 2011
Posts: 8
OS: Windows XP



Okay, I'm an idiot. Loaded in my office 97 (I know, its a classic, but it's what I have) and when I went to find the uploads I was redirected to the wrong site and had a virus back onto my computer!!!!!!! This one is a startnow toolbar!!!! Spybot didn't find it, what should I do!!!
__________________
MusicMrZ is offline  
Old 06-14-2011, 10:42 AM   #7
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,892
OS: XP Pro, Windows 7, Fedora



Lets see a fresh set of logs as directed here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
__________________
Proud Member of UNITE

“Of all the things I've lost, I miss my mind the most” - Mark Twain
Clark76 is offline  
Old 06-14-2011, 04:49 PM   #8
Registered Member
 
Join Date: Jun 2011
Posts: 8
OS: Windows XP



Okay, here we go again! Hopefully there's no real issue!

DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Zustiak at 14:37:53 on 2011-06-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1066 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110614&user_guid=739E7F1697C94511B4C66847A911EA6A&machine_id=ce252f604ab545510c07a0829eacd42b&browser=IE&os=win&os_version=5.1-x86-SP3
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = Dell Start Page
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BCCA8DB9-E6DB-447A-9A5E-6FF457C3B3AD} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\zustiak\application data\mozilla\firefox\profiles\e3u8hvvo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110614&user_guid=739E7F1697C94511B4C66847A911EA6A&machine_id=ce252f604ab545510c07a0829eacd42b&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-6-12 532224]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Toolbar Updater Service;Toolbar Updater Service;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-3-24 199904]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
.
=============== Created Last 30 ================
.
2011-06-14 17:04:02 -------- d-----w- c:\documents and settings\zustiak\application data\Malwarebytes
2011-06-14 17:03:54 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-14 17:03:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-14 17:03:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-14 17:03:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-14 15:51:26 -------- d-----w- c:\documents and settings\zustiak\local settings\application data\Help
2011-06-14 15:47:27 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-06-14 15:31:12 -------- d-----w- c:\documents and settings\zustiak\local settings\application data\Adobe
2011-06-14 15:27:36 -------- d-----w- c:\program files\StartNow Toolbar
2011-06-14 15:27:31 -------- d-----w- c:\documents and settings\zustiak\application data\Superfish
2011-06-14 15:27:23 -------- d-----w- c:\program files\Superfish
2011-06-14 15:27:21 -------- d-----w- c:\documents and settings\all users\Application DataMozilla
2011-06-14 15:25:07 -------- d-----w- c:\windows\SendTo
2011-06-14 15:24:07 -------- d-----w- c:\windows\forms
2011-06-14 15:24:07 -------- d-----w- c:\program files\Windows Messaging
2011-06-12 21:50:35 -------- d-----w- c:\documents and settings\zustiak\local settings\application data\eMusic
2011-06-12 21:50:35 -------- d-----w- c:\documents and settings\zustiak\application data\eMusic
2011-06-12 21:50:23 -------- d-----w- c:\program files\eMusic Download Manager
2011-06-12 21:21:16 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-06-12 21:14:42 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-12 21:14:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-12 21:13:56 -------- d-----w- c:\program files\iPod
2011-06-12 21:13:53 -------- d-----w- c:\program files\iTunes
2011-06-12 21:13:53 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-12 21:13:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-06-12 21:13:11 -------- d-----w- c:\documents and settings\zustiak\local settings\application data\Apple
2011-06-12 21:13:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-06-12 21:13:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-06-12 21:12:54 -------- d-----w- c:\program files\Bonjour
2011-06-12 21:11:43 -------- d-----w- c:\documents and settings\zustiak\local settings\application data\Apple Computer
2011-06-12 21:08:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-12 20:54:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-12 20:54:14 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-12 20:39:35 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-06-12 20:39:35 -------- d-----w- c:\windows\system32\ZoneLabs
2011-06-12 20:39:33 -------- d-----w- c:\program files\Zone Labs
2011-06-12 20:38:34 -------- d-----w- c:\windows\Internet Logs
2011-06-12 20:34:28 -------- d-----w- c:\documents and settings\zustiak\application data\AVG10
2011-06-12 20:33:34 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-06-12 20:32:53 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-12 20:32:53 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-06-12 20:32:33 -------- d-----w- c:\program files\AVG
2011-06-12 20:26:36 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-06-12 20:07:32 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-06-12 20:07:31 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-06-12 20:07:31 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-12 20:07:25 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-06-12 20:07:01 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-12 20:07:00 -------- d-----w- c:\documents and settings\zustiak\application data\ElevatedDiagnostics
2011-06-12 20:05:28 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-06-12 19:45:18 -------- d-----w- c:\windows\system32\scripting
2011-06-12 19:45:17 -------- d-----w- c:\windows\system32\en
2011-06-12 19:45:17 -------- d-----w- c:\windows\system32\bits
2011-06-12 19:45:17 -------- d-----w- c:\windows\l2schemas
2011-06-12 19:43:51 -------- d-----w- c:\windows\network diagnostic
2011-06-12 19:42:53 -------- d-----w- c:\windows\EHome
2011-06-12 19:40:47 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2011-06-12 19:28:27 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-12 19:27:37 455936 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-12 19:27:35 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-06-12 19:27:24 357888 ------w- c:\windows\system32\dllcache\srv.sys
2011-06-12 19:26:54 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-06-12 19:26:54 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-06-12 19:26:50 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-06-12 19:25:54 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-06-12 19:25:40 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-06-12 19:23:58 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-06-12 19:23:14 -------- d-----w- c:\windows\system32\PreInstall
2011-06-12 19:22:17 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2011-06-12 19:22:14 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-06-12 19:22:14 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-06-12 19:21:35 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2011-06-12 19:21:34 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2011-06-12 19:21:18 -------- d-sh--w- c:\documents and settings\zustiak\PrivacIE
2011-06-12 19:20:13 -------- d-sh--w- c:\documents and settings\zustiak\IETldCache
2011-06-12 19:18:49 -------- d-----w- c:\windows\ie8updates
2011-06-12 19:18:24 -------- dc-h--w- c:\windows\ie8
2011-06-12 19:12:18 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-12 19:12:18 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-12 19:12:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-06-12 19:12:17 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-12 19:12:17 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-12 19:12:17 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-06-12 19:12:15 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-06-12 19:11:21 1435648 ------w- c:\windows\system32\dllcache\query.dll
2011-06-12 18:59:10 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-06-12 18:57:53 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-06-12 18:57:53 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-06-12 18:57:50 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-06-12 18:57:50 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-06-12 18:57:40 63208 ----a-w- c:\windows\system32\drivers\dc21x4.sys
.
==================== Find3M ====================
.
2011-04-15 02:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 05:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 21:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 14:38:30.23 ===============
Attached Files
File Type: zip ark.zip (1.5 KB, 3 views)
File Type: zip attach.zip (2.6 KB, 7 views)
__________________
MusicMrZ is offline  
Old 06-14-2011, 11:39 PM   #9
Registered Member
 
Join Date: Jun 2011
Posts: 8
OS: Windows XP



Okay, I restored to factory settings and am applying virus and firewalls you suggested above!
__________________
MusicMrZ is offline  
Old 06-15-2011, 04:54 PM   #10
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,892
OS: XP Pro, Windows 7, Fedora



Quote:
Originally Posted by MusicMrZ View Post
Okay, I restored to factory settings and am applying virus and firewalls you suggested above!
I am a little confused. Did you do a complete factory restore to remove the virus or did you simply restore to an earlier restore point?

Do you still require assistance?
__________________
Proud Member of UNITE

“Of all the things I've lost, I miss my mind the most” - Mark Twain
Clark76 is offline  
Old 06-16-2011, 09:03 AM   #11
Registered Member
 
Join Date: Jun 2011
Posts: 8
OS: Windows XP



Yes, I did a complete factory restore as opposed to a restore point from an earlier time. This virus was particularly evil as it turned off all of my .exe files from spyware, malware, and virus protection programs as well as infecting many of my other processes. I now have installed the Avira, SpywareBlaster, Winpatrol, ZoneAlarm, and MVPS HOST file program. Am in the process of putting on the ERUNT and Sun Java as well.

I was going to use Mozilla again but have been reading that it is particularly succeptible to the virus I had - should I use IE and just check for updates every time or still us Mozilla - this was a very trying experience!

Also, thanks so much for the help, hopefully this will immunize me for the future and I can pass the word!
__________________
MusicMrZ is offline  
Old 06-17-2011, 03:35 AM   #12
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,892
OS: XP Pro, Windows 7, Fedora



When checking for updates it is best to use IE since Microsoft's update tools only work with that. Always make sure you only get your updates from Microsoft's site.

Any other questions?
__________________
Proud Member of UNITE

“Of all the things I've lost, I miss my mind the most” - Mark Twain
Clark76 is offline  
Old 06-18-2011, 07:16 AM   #13
Registered Member
 
Join Date: Jun 2011
Posts: 8
OS: Windows XP



Nope, I think that does it. Thank you so much for your help!
__________________
MusicMrZ is offline  
Old 06-18-2011, 07:21 PM   #14
Security Team
Analyst
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 2,892
OS: XP Pro, Windows 7, Fedora



Safe and happy computing


Since this issue appears to be resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

__________________
Proud Member of UNITE

“Of all the things I've lost, I miss my mind the most” - Mark Twain
Clark76 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Small Red Line on Monitor screen.
My computer monitor is displaying a small short vertical red line. The red line is at the base of the screen. I notice that the red line appears whenever I turn on my monitor. My computer does not have to be on in order for the red line to appear. Thus I currently believe that the red line is...
knarled_cords89 Other Hardware Support 1 01-09-2011 11:14 AM
2011 Toyota 4Runner wiring for alarm/rs
I might be doing an install on one of these for a buddy. Lee/Jagger, do either of you guys have this info? I think it should be the same as 2010 which was the start of the current generation. I can't find it anywhere.
Raylo Car Audio and Alarms 2 01-07-2011 05:26 PM
How to disable your security applications
Note: Those which do not have the instructions for re-enabling are usually re-enabled by a reboot. Once the scans are completed, be sure to Turn On "Real-Time Scanning". Adaware 10 Free/Pro Antivirus Open Ad-aware 10 Click on "Real-time Protection" in the left panel, and toggle it...
amateur Virus/Trojan/Spyware Help 0 06-14-2010 01:12 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:58 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts