Serious Problems! Please Help!

[amateur]

Hi,

Looking good. I see Antivir installed now, well done. We are getting there.

Quote:

I did the DSS scan twice, but both times it only produced the main text with no extra text? I remember that it produced the two texts the first time I ran it--but today--nope.

That's normal. The extra log is only produced the first time it's run.

====================================

Quote:

MBAM log is from the quick scan. I would like to have the report from a full scan.

Can you please update and run a full scan with MBAM and post the log.

====================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
• Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

======================================

I really would like to have an online scan result too. Since you're having problem scanning with Kaspersky, let's try another one.

Please download Dr.Web CureIt to the desktop.


Disconnect this PC from the internet and close all open programs.

It's crucial that you follow this next step exactly as instructed: Do not multi-task while the scan is running...only DrWeb can be active

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.

======================================

Please post the MBAM log (full scan, not quick scan) and the Dr.Web.csv. How is the computer running now?

[tezrh]

About to run through new instructions--just did the DAFT scan and All Associations OK. I'm running the full MBAM scan now, when its finished I'll post the report--I'm about 15mins in to it, so that should give you an idea of how long it might have to go. After the MBAM is done, I'll do the DrWeb
The computer is running much better now! I'm going through it today to remove old stuff which might be slowing it down. But overall--GOOD!

[amateur]

Quote:

The computer is running much better now! I'm going through it today to remove old stuff which might be slowing it down. But overall--GOOD!

Once the cleaning process is completed, I'll be giving you some links to help with that. But, a major part of the sluggishness may be due to the insufficient RAM.

Quote:

Total Physical Memory: 254 MiB (512 MiB recommended).

Will be waiting for the MBAM and the DrWebCurit logs.

[tezrh]

Here is the MBAM scan. I'm just doing the DrWeb scan now

-----------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.12
Database version: 734

Scan type: Full Scan (C:\|D:\|J:\|)
Objects scanned: 147496
Time elapsed: 1 hour(s), 37 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir (Trojan.Insider) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Spcron\Spcron.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\b156.exe.vir (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP701\A0211572.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP701\A0211612.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP703\A0212021.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP703\A0212023.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP704\snapshot\MFEX-1.DAT (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP705\snapshot\MFEX-1.DAT (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP706\snapshot\MFEX-1.DAT (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP707\snapshot\MFEX-1.DAT (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP708\snapshot\MFEX-1.DAT (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP709\snapshot\MFEX-1.DAT (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP710\snapshot\MFEX-1.DAT (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP711\snapshot\MFEX-1.DAT (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP712\A0212974.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP712\A0212981.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP712\snapshot\MFEX-1.DAT (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

[tezrh]

The DrFix just finished and I'm doing a new Hijackthis log now

Process.exe;C:\Documents and Settings\Owner\Desktop\antivirus and malware installers and programs\SDFix\apps;Tool.Prockill;Incurable.Deleted.;
Process.exe;C:\Documents and Settings\Owner\Desktop\Misc\smitRem;Tool.Prockill;Incurable.Deleted.;
pv.exe;C:\Documents and Settings\Owner\Desktop\Misc\smitRem;Program.PrcView.3741;Incurable.Deleted.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Deleted.;
Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Deleted.;
EN_AU-ie.reg;C:\hp\REGION;Trojan.StartPage.1505;Deleted.;
EN_HK-ie.reg;C:\hp\REGION;Trojan.StartPage.1505;Deleted.;
LineSpeedMeter.exe;C:\Program Files\tcpIQ\Line Speed Meter\desktop;Probably BACKDOOR.Trojan;Incurable.Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Deleted.;
A0211497.bat;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP700;Probably BATCH.Virus;Incurable.Deleted.;
A0211503.bat;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP700;Probably SCRIPT.Virus;Incurable.Deleted.;
A0211525.bat;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP700;Probably BATCH.Virus;Incurable.Deleted.;
A0211532.bat;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP700;Probably SCRIPT.Virus;Incurable.Deleted.;
A0211634.EXE;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP701;Program.PsExec.170;Incurable.Deleted.;
A0211636.bat;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP701;Probably BATCH.Virus;Incurable.Deleted.;
A0211643.bat;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP701;Probably SCRIPT.Virus;Incurable.Deleted.;
A0212936.bat;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP711;Probably BATCH.Virus;Incurable.Deleted.;
A0212943.bat;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP711;Probably SCRIPT.Virus;Incurable.Deleted.;
A0212994.EXE;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP712;Program.PsExec.170;Incurable.Deleted.;
A0212996.bat;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP712;Probably BATCH.Virus;Incurable.Deleted.;
A0213003.bat;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP712;Probably SCRIPT.Virus;Incurable.Deleted.;
A0213089.exe;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP712;Tool.Prockill;Incurable.Deleted.;
A0213370.exe;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP716;Trojan.KillApp.30208;Deleted.;
A0213371.reg;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP716;Trojan.StartPage.1505;Deleted.;
A0213372.reg;C:\System Volume Information\_restore{F4D1D160-0C7B-4962-8889-5D1A1E92F4CE}\RP716;Trojan.StartPage.1505;Deleted.;
AutoplayDVD.js;D:\hp\patches\24AP2WMP;Probably SCRIPT.Virus;Incurable.Deleted.;
AutoplayCD.js;D:\hp\patches\24AP2WMP;Probably SCRIPT.Virus;Incurable.Deleted.;


---------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:43 PM, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scannercamera\scannerfb.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?56cbd137139e477790c549b395890a9e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?56cbd137139e477790c549b395890a9e
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10291 bytes


Sorry for the delay. I put the scan on and went to do some shopping not realizing that the scan stops when ever it detects a virus--which is must have done as soon as I turned my back on the computer!!! Antway, here it is for whenever you have some time to have a look. I'm looking forward to hearing whatever advice you've got for me regarding maintaining the system itself. Cheers
T.

[tezrh]

Damn!! I just figured out that I deleted the unknown stuff when the DrFixit finished. Sorry--damn! I hope it isn't a huge problem.

[amateur]

Hi,

Quote:

Originally Posted by tezrh

Damn!! I just figured out that I deleted the unknown stuff when the DrFixit finished. Sorry--damn! I hope it isn't a huge problem.

No problem. Nothing serious deleted.

Quote:

Total Physical Memory: 254 MiB (512 MiB recommended).
System Drive C: has 2.22 GiB (less than 15%) free.

Not enough memory and not enough disk space. Check this out and see if any of the suggestions there would help:

Slow Computer

====================================

Scan with HijackThis and put a checkmark against the following entries. These don't need to load at startup.


O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

Close all browsers and click on "fix checked".

====================================

Restart the computer for the changes to take effect.

====================================

If you have no further issues, you're all set to go. The logs are clean.

• Click Start then Run
• Now type Combofix /u in the runbox and click OK. Notice the space between the Combofix and the /
  
  
  
  This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

Here are some steps to make your surfing more secure in future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site http://windowsupdate.microsoft.com/ to get the critical updates.

If you are running Microsoft, or any portion thereof, go to the Microsoft's Office Update site http://office.microsoft.com/officeup....aspx?lc=en-us and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster A tutorial on installing & using this product can be found here: http://www.bleepingcomputer.com/forums/tutorial49.html
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet. A tutorial on Firewalls and a listing of some available ones can be found here:
http://forum.malwareremoval.com/viewtopic.php?p=56#56
http://www.bleepingcomputer.com/forums/tutorial60.html

Test your firewall here to make sure that it's working properly

ATF Cleaner by Atribune is a useful utility to clean your temp files and java cache.

But above all, keep all your software UP-TO-DATE at all time!!

A colleague of ours has excellent information and tips on the prevention of malware here .

If you want to fight back the Malware Writers, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing!

[tezrh]

Thanks so much for all your help!

[tezrh]

Hi, just two more questions before I go. The first is about whether to delete or quarantine whatever the antivirus finds. And the second relates to IE. When I click on my IE tab, the web page for my adsl provider, BigPond comes up with all sorts of general news and specific info about their services. I haven't used IE for a fair few years, so I don't know if its changed, but it used to be just a search page like the front page of Firefox. I downloaded IE7 the other day, so it is updated.

[amateur]

Hi,

Quote:

Hi, just two more questions before I go. The first is about whether to delete or quarantine whatever the antivirus finds.

Having them quarantined is, in my opinion, better than having them deleted. It would give you the option to restore later, if a critical file is identified as false positive (legitimate file detected as infected), even though the chances are very slim.

Quote:

And the second relates to IE. When I click on my IE tab, the web page for my adsl provider, BigPond comes up with all sorts of general news and specific info about their services.

I have no idea how BigPond web page is should look like. When I click on the link, I get a similar page to your description. If you want to change it, in Internet Explorer, go to Tools>Internet Options>General tab, and under "Home Page", set the main page to whatever you want.

[tezrh]

Many thanks!

[amateur]

You're welcome. Glad we could help you. Take care and stay safe!